Privacy Notice

SB+CO Consulting Limited (“SB+CO”, “we”, “our” or “us”) is committed to keeping your personal data safe and meeting our responsibilities under privacy law. It really matters to us that you feel we’re looking after your personal data properly. This Privacy Notice tells you what personal data we collect, how we use it, how we keep it secure and how you can let us know if you would like us to change how we manage it. 

We’ll revise this policy from time to time, and we’ll let you know if we make any material changes. We last updated this policy in April 2025. 

Where you use our services, or your personal data is processed in connection with such services and we control the purpose for which such personal data is processed, SB+CO Consulting Limited will be the data controller of such information. 

This Privacy Notice applies: 

  • to your emails submitted via the contact form on our website or sent directly to our staff; 

  • to your personal details submitted to register for our services and events (either on your own behalf or on behalf of the organisation you work for), download content from our website, and access other offerings online; 

  • to your use of our services 

  • where you apply to us for a job or work placement; 

  • your supply of services to us where this involves any personal data (such as your contact details); and/or 

  • to any personal data that we collect from third parties where we are the controller of such information. 

This Privacy Notice additionally applies to our website www.sbandco.com  and any other website, mobile app or other online service created or hosted by us from time to time on which this Privacy Notice appears (together, our “online services“) through which we may collect certain details if, for example, you want to subscribe to any publications or newsletters that we may periodically issue. 

1. Who We Are  

SB+CO is a sustainability consultancy that advises companies on strategy, sustainability activation and integration, ESG, stakeholder engagement and communications – and frequently a combination of all these. SB+CO is a UK registered company (with company number 11446996).  

If you have any questions regarding your personal data, please contact us using the details set out in the ‘Contact’ section below.  

2. What Personal Data We May Process About You 

“Personal data” is any information that can be used to identify you or that we can link to you. It does not include information where the identity of the individual has been fully and effectively removed (anonymous data).  

We may collect the following personal data about you:  

  • Identification information, such as your name;  

  • Contact information, such as your email address, telephone number and/or postal address;  

  • Professional information, such as your role, details of your employer or the organisation with which you are affiliated 

  • Details of any contact and/or communications we have had with, or receive from you, including via email, social media or phone – as well as the contents of these communications, we may also collect ‘tracking information’, which will tell us whether or not you have opened the email, as well as other information about how you’ve engaged with it 

  • Details of your participation in our services, including live chats and message boards, as well as your interactions with our social media posts. 

  • Where you apply for a role with us, we may also process the following personal data:  

  • Details about your education, current and/or previous employment, and state of health;  

  • Information revealed as part of screening checks (including background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks) and/or references.  

If you contact us, for example to provide your feedback or to make a complaint, we may keep a record of that feedback, complaint and correspondence with you, as well as your name and contact details.  

When you access our websites, we also collect information about your computer, including, where available, your IP address, operating system, and browser type. We do this for system administration purposes, including to analyse trends and gather broad demographic information for aggregate use so that we can improve the site and deliver customised, personalised content.  

Sensitive personal data  

Under data protection legislation, certain personal data is considered more ‘sensitive’ (e.g., information relating to race, religion, political affiliation and health). This is also known as ‘special category data’. We may collect some special category data as part of our recruitment process or in the context of our events (for example to manage any allergies or similar needs).  

3. Where We Obtain Your Personal Data 

We collect and retain your personal data from you directly, for example where you:  

  • Request or use our services;  

  • Use our website; 

  • Communicate with us (via email, in person, post or social media);  

  • Sign up to receive newsletters, alerts or other materials/offerings;  

  • Sign up for and/or attend one of our webinars or events;  

  • Respond to our communications or requests for information;  

  • Apply for a role with us. 

We may also collect personal data about you from third parties, including:  

  • Where you have told a third party that you are happy for them to share your data with us;  

  • From publicly available and privately subscribed sources (including as part of our recruitment process). This may include obtaining information from individuals working on our behalf, other organisations, and public sources such an internet search engines and social media;  

  • Where you apply for a role with us, from academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, recruitment analytics providers, referees and your current and previous employers.  

 4. Legal Basis For Usage Of Personal Data 

Where we intend to use your personal data, we will only do so where the law allows us to (i.e. where we have a ‘lawful basis’).  

Most commonly, we will rely on the following lawful bases:  

  • Performance of a contract: We may need to collect and use your personal data to enter into a contract with you or to perform a contract that you have with us, and where we respond to your requests and provide you with services in accordance with our terms and conditions (which are available on request) or other applicable terms of business agreed with you or with your employing organisation. 

  • Legitimate interests: Where we consider use of your information necessary or our own (or a third party’s) legitimate purpose, we may use your personal data provided that such interests are not overridden by your own rights and interests. We may use your personal data in reliance on legitimate interests in the following circumstances: 

  • for our own direct business-to-business marketing or continued communication; 

  • the prevention of fraud; 

  • our own internal administrative purposes; 

  • provision and/or personalisation of the service(s) we provide to you or your organisation; 

  • ensuring network and information security, including preventing unauthorised access to electronic communications networks and stopping damage to computer and electronic communication systems;  

  • to review applications for roles within our organisation and make decisions about recruitment; and/or 

  • reporting possible criminal acts or threats to public security to a competent authority. 

  • Compliance with a legal obligation: We may be required to process your information due to legal requirements, including employment laws, tax laws and other regulatory provisions applicable to SB+CO as a communications and political consultancy. 

  • Consent: You may be asked to provide your consent in connection with certain services that we offer, for example in respect of any processing of your personal data for our marketing purposes where we send marketing to you as an individual (and not in your professional capacity) , or in respect of certain special categories of personal data such as your health or racial background. Where we are reliant upon your consent, you may withdraw this at any time by contacting us in accordance with the section titled “Contact” below, however please note that, in some cases, we may no longer be able to provide you with the products or services that rely on having your consent. 

5. How We Use Your Personal Data 

We may use your information for the following purposes:  

  • To provide you with SB+CO’s services (as noted above) that you or your employing organisation request. 

  • To facilitate your attendance at webinars, seminars or other events that you sign up to or wish to attend. 

  • To respond to your enquiries. 

  • To carry out our obligations arising from any contracts entered into between you and us. 

  • To facilitate our internal business operations, including to fulfil our legal or regulatory requirements. 

  • To maintain and develop our relationship with you. 

  • For our business purposes, including data analysis, submitting invoices, detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement. 

  • To maintain and update our records including our database of contacts. 

  • To provide you on an ongoing basis with information and services, including relevant marketing communications related to SB+CO, and other information or materials, that you request from us or which we feel may interest you. 

  • To evaluate, recruit, and hire personnel. 

  • To measure the popularity and effectiveness of services such as emails, newsletters and seminar invitations, in order to improve what we offer to you and other recipients. 

  • To allow you to use or access interactive features or secure areas of our online services, when you choose to do so. 

  • For research, planning, service development, security or risk management. 

  • Learn from your experience and feedback to develop our work. 

  • As we believe reasonably necessary or appropriate to: comply with our legal obligations; respond to legal process or requests for information issued by government authorities or other third parties; or protect your, our, or others’ rights. 

  • We may not be able to do some or all of these things without your personal data. 

If at any time we intend to change the purpose for which we hold your personal data, for example to offer you with a complimentary service that we may provide in the future, we will give you prior information of that new purpose so you are aware of this. 

6. Disclosure Of Your Information 

We may share your personal data with third parties, including the following: 

  • with contractors, suppliers, or other third parties that provide services on our behalf (such as mailing vendors, website host providers); 

  • with academic institutions, referees and/or screening check providers as part of our recruitment process;  

  • as part of a sale, merger or acquisition, or other transfer of all or part of our assets including as part of a bankruptcy proceeding; 

  • pursuant to a subpoena, court order, or other legal process or as otherwise required or requested by law, regulation, or government authority programs, or to protect our rights or the rights or safety of third parties;  

  • with our professional advisors, lawyers, accountants and auditors; or 

  • with your consent or as otherwise disclosed at the time of data collection or sharing. 

Any third parties that we may share your personal data with are obliged to keep your details securely, and to use them only to fulfil the service they provide. When such third parties no longer need your personal data to fulfil this service, they will dispose of such details in line with SB+CO’s procedures unless they are themselves under a legal obligation to retain information (provided that this will be in accordance with applicable data privacy laws).  

We do not sell, rent, or otherwise share information that identifies you or your organisation with unaffiliated entities for their independent use except as expressly described in this Privacy Notice or with your express prior permission. 

We may share information that does not identify you or your organisation (i.e. anonymised data) as permitted by applicable law.

7. Retention Of Your Data 

We will not keep personal data for longer than necessary, and the appropriate retention period will vary according to the intended purpose for which we collected the personal data.  

The criteria we use to determine the retention period of personal data are: (i) the respective statutory retention period; (ii) our contractual and/or business relationships with you; (iii) (potential) disputes; and (iv) any guidelines issued by relevant regulators. After expiration of that period, the relevant data is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract, the initiation of a contract or to protect or defend our position or that of a third party.  

8. How We Keep Your Personal Data Safe  

To protect your privacy we will make sure your personal data is kept securely and disclosed only to relevant organisations or representatives who need to access it to perform their roles. While we seek to use appropriate organisational, technical and administrative measures to protect personal data within our organisation, unfortunately no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the ‘Contact’ section below.

9. Your Rights 

Under certain privacy laws, you have rights relating to your personal data. In particular, you have a right to the following: 

  • to request access to the personal data we hold about you; 

  • to request that we rectify or erase your personal data; 

  • to request that we restrict the processing of your personal data; 

  • to object to our processing of your personal data in certain circumstances; 

  • under certain circumstances, to ask us to port personal data about you that you have provided to us to you or to a third party; and 

  • where we previously obtained your consent, to withdraw consent to processing your personal data. 

To exercise these rights, contact us via the “Contact us” section below. Please be aware that we may be unable to provide these rights to you under certain circumstances, for example if we are legally prevented from doing so or can rely on exemptions. 

You may also submit a complaint to the Information Commissioners Office, details of which can be found at https://ico.org.uk/global/contact-us. 

If you make a privacy complaint to us, we will respond to let you know how your complaint will be handled. We may ask you for further details, consult with other parties and keep records regarding your complaint. 

10. Other Websites  

Our websites and/or other resources may contain links to other websites. Please note that when you click on one of these links, you are entering another website for which we have no responsibility. We encourage you to read the privacy notices on all such websites.  

11. Updates  

This Notice may change from time to time – for example, to take into account changes at SB+CO or to reflect changes in regulation or legislation. It was last updated in April 2025. 

Updates to this Notice will be posted on this page – please check back from time to time. We will also use reasonable efforts to inform you of any significant changes by email where appropriate. 

12. Further Information 

To find out more about SB+CO please visit www.sbandco.com. 

13. Contact 

If you have any questions, concerns or comments about this Privacy Notice, or want to submit a written complaint about how we handle your personal data, please contact us via any of the following means: 

Mail: c/o Buzzacott Llp, 130 Wood Street, London, United Kingdom, EC2V 6DL 

Email: info@sbandco.com