Last Updated : 27 February 2026
1. INTRODUCTION AND GENERAL TERMS
This Privacy Policy describes how [B2BDrum Ltd legal entity name], trading as B2BDrum, a company incorporated under the laws of [jurisdiction], with a registered office at Lily Hill House, Lily Hill Road, Bracknell, England, RG12 2SJ, under company number 16176933. (“B2BDrum”, “we”, “us”, or “our”), collects, uses, stores, shares, and otherwise processes personal data in the course of providing its services.
B2BDrum operates a business-to-business (“B2B”) sales intelligence, marketing, and data enrichment platform delivered on a software-as-a-service (SaaS) basis. Our services are intended solely for professional and commercial use and are not designed for personal, household, or consumer use.
This Privacy Policy applies to personal data processed in connection with:
the B2BDrum website;
the B2BDrum online platform;
applications, browser extensions, and integrations (where applicable);
marketing, analytics, and sales intelligence services;
communications with prospects, clients, and partners.
B2BDrum is committed to protecting and respecting privacy and ensuring transparency regarding how personal data is processed.
Data Controller and Data Processor Roles
Depending on the context of processing:
B2BDrum acts as a data controller where it determines the purposes and means of processing personal data, including the operation of its website, marketing activities, maintenance of its proprietary database, and internal analytics.
B2BDrum acts as a data processor where it processes personal data strictly on behalf of its clients and in accordance with their documented instructions.
Where B2BDrum acts as a processor, the relevant client is the data controller and is responsible for:
providing appropriate privacy notices to data subjects;
establishing a lawful basis for processing;
responding to data subject rights requests.
Processing in such cases is governed by the applicable client agreement and/or data processing agreement, and this Privacy Policy does not apply to client-controlled processing.
B2BDrum complies with all applicable data protection laws, including:
the UK General Data Protection Regulation (“UK GDPR”);
the EU General Data Protection Regulation (“EU GDPR”);
the UK Data Protection Act 2018; and
applicable regulatory guidance and supervisory authority requirements.
2. WHAT PERSONAL DATA DOES B2BDRUM COLLECT?
B2BDrum collects and processes personal data that is relevant, necessary, and proportionate to its business-to-business services.
2.1 Website and Communications
When you visit the B2BDrum website, request a demonstration, submit an enquiry, or otherwise communicate with us by email, telephone, or similar channels, we may collect and process personal data that you voluntarily provide. This typically includes your full name, business email address, company name, job title or department, and the content of your enquiry or correspondence. We also retain records of communications exchanged with you in order to respond to your request, provide support, maintain business records, and improve the quality of our services. Such processing is limited to what is relevant and proportionate for legitimate business purposes.
2.2 Client Platform Access
To provide authorised individuals with access to the B2BDrum platform, we collect and process personal data necessary for account creation, authentication, and security. This includes the individual’s name, business email address, login credentials, assigned user role and permissions, as well as login activity and usage logs. This information is required to verify user identity, manage access rights, maintain platform integrity, detect unauthorised or suspicious activity, and provide technical support. Without this data, secure and reliable access to the platform would not be possible.
2.3 Cookies, Analytics, and Technical Data
B2BDrum uses cookies and similar tracking technologies to collect technical and analytical information about how users interact with our website and platform. This data may include IP addresses, browser type and version, operating system, device identifiers, pages visited, navigation paths, time spent on pages, scrolling and click behaviour, referral URLs, page response times, and error or crash reports. We use this information to monitor system performance, ensure platform security, identify misuse or malicious activity, analyse usage trends, improve user experience, and assess the effectiveness of our marketing activities. Where required by law, cookies are deployed subject to user consent.
2.4 B2BDrum Business Contact Database
B2BDrum maintains a proprietary business contact and sales intelligence database containing professional information relating to individuals acting in a business capacity. Personal data within this database may include an individual’s name, employer company name and associated company metadata, job title, seniority and functional role, business email address, business telephone number, work location at city and country level, and publicly available professional social profiles such as LinkedIn. In addition, we process employer-level information such as company size, industry classification, website URLs, corporate structure, and social media presence. Where individuals change roles or employers, we may retain historical employment information to preserve data accuracy, continuity, and professional context.
2.5 Generated and Hashed Identifiers
To support data quality, deduplication, and matching:
B2BDrum may generate inferred business email formats where unavailable, based on known corporate structures.
We may retain hashed personal email identifiers, which are one-way encrypted values used solely for matching purposes.
Hashed identifiers are never reversed, and personal email addresses are not used for direct contact unless lawfully obtained.
2.6 Data Sources
Personal data processed by B2BDrum is obtained from a range of lawful sources, including publicly available professional information, company websites, press releases, business-orientated social networks, recruiters, affiliates, premium data providers, direct correspondence with individuals, and clients acting as independent data controllers. B2BDrum does not intentionally collect personal consumer data, home addresses, personal telephone numbers, dates of birth, special category personal data, or data relating to criminal convictions or offences.
3. LAWFUL BASES FOR PROCESSING
B2BDrum processes personal data only where a lawful basis exists.
3.1 Legitimate Interests
The primary lawful basis relied upon by B2BDrum is legitimate interest. This includes maintaining and improving a professional B2B contact database, enabling clients to identify relevant business decision-makers, supporting lawful B2B marketing and sales outreach, ensuring data accuracy and enrichment, and producing aggregated statistical insights. A Legitimate Interests Assessment has been conducted to ensure that such processing is expected within a professional context, does not override the rights and freedoms of individuals, and is subject to appropriate safeguards, including transparency and opt-out mechanisms.
3.2 Consent
Where required by law, B2BDrum processes personal data based on consent. Individuals have the right to withdraw their consent at any time, and where consent is withdrawn, B2BDrum will cease the relevant processing unless another lawful basis applies.
3.3 Contractual Necessity
Personal data may be processed where it is necessary to perform a contract or to take steps at the request of an individual before entering into a contract. This includes contracts with clients, authorised platform users, or business partners.
3.4 Legal Obligations
B2BDrum may process personal data where necessary to comply with applicable legal or regulatory obligations, including obligations relating to fraud prevention, crime detection, and cooperation with law enforcement or regulatory authorities.
4. DATA SHARING AND DISCLOSURE
B2BDrum may share personal data with third parties in accordance with this Privacy Policy and applicable law.
4.1 Group Companies and Affiliates
Personal data may be shared within the B2BDrum group or with affiliated entities where there is a legitimate business need. Access is restricted to authorised personnel and subject to confidentiality and data protection obligations.
4.2 Clients and Resellers
As part of the B2BDrum services, personal data may be made available to clients or reseller clients. In such cases, clients act as independent data controllers and may use business contact data for lawful B2B marketing, data enrichment, or analytics purposes. Clients are responsible for ensuring their own compliance with data protection laws and for providing appropriate privacy notices to individuals.
4.3 Service Providers and Sub-Processors
B2BDrum engages third-party service providers and sub-processors, including hosting and cloud providers, IT and security vendors, analytics providers, and professional advisers such as legal, accounting, and audit firms. All such parties are subject to contractual obligations requiring them to process personal data only on B2BDrum’s instructions, maintain confidentiality, and implement appropriate security measures.
4.4 Authorities and Legal Parties
Personal data may be disclosed where required by law or where necessary to establish, exercise, or defend legal claims, or to prevent fraud or other unlawful activity.
4.5 Corporate Transactions
In the event of a merger, acquisition, reorganisation, or sale of assets, personal data may be disclosed to prospective buyers or advisers, subject to appropriate safeguards and confidentiality obligations.
5. USE OF PERSONAL DATA
B2BDrum uses personal data to operate, secure, and maintain its website and platform; provide services to clients; respond to enquiries and support requests; conduct B2B marketing and advertising; enrich CRM and sales intelligence tools; produce aggregated reports and analytics; and comply with legal and regulatory obligations. Certain processing activities may involve profiling, such as categorising individuals by role, seniority, or industry; however, such profiling does not involve automated decision-making that produces legal or similarly significant effects.
6. MARKETING AND OPT-OUT RIGHTS
Individuals have the right to object at any time to the use of their personal data for direct marketing purposes or inclusion in the B2BDrum database. Opt-out requests may be submitted via unsubscribe links included in marketing communications or by contacting B2BDrum directly. Once an opt-out request has been processed, the relevant personal data will be suppressed from further marketing use unless retention is required by law.
7. DATA SUBJECT RIGHTS
Individuals have the right to access their personal data, request rectification of inaccurate information, request erasure, restrict or object to processing, request data portability, withdraw consent where applicable, and lodge a complaint with a supervisory authority. Requests are handled without undue delay, free of charge, and subject to reasonable identity verification measures.
8. DATA RETENTION
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, taking into account legal and regulatory requirements, data accuracy obligations, and opt-out status. Once no longer required, data is securely deleted or anonymised.
9. CHILDREN
B2BDrum services are not directed at children, and we do not knowingly process personal data relating to individuals under the age of 13 in the UK or under the age of 16 in the EU. .
10. SECURITY
B2BDrum implements appropriate technical and organisational security measures, including encryption, hashing, access controls, internal security policies, and monitoring and incident response procedures. While we take reasonable steps to protect personal data, no system can be guaranteed to be completely secure.
11. INTERNATIONAL DATA TRANSFERS
Where personal data is transferred outside the UK or the European Economic Area, B2BDrum ensures that appropriate safeguards are in place, including the use of UK International Data Transfer Agreements, EU Standard Contractual Clauses, or other legally recognised transfer mechanisms.
12. CALIFORNIA RESIDENTS (CCPA / CPRA)
Requests may be made directly or via authorised agents. California residents have rights to know what personal information is collected, access and delete their information, opt out of the sale or sharing of personal information, and not be discriminated against for exercising these rights. Requests may be submitted directly or through an authorised agent.
13. CHANGES TO THIS POLICY
B2BDrum may update this Privacy Policy from time to time. Where changes are material, we will notify users through our website or by other appropriate means.
