Privacy Policy
How Brandex collects, uses, and protects the information you share with us — whether you are a founder submitting a mandate, a buyer requesting access, or a visitor to this site.
§ 01Who we are
Brandex Global Ltd ("Brandex", "we", "us") is the data controller for personal information collected through this website and our client-facing mandate process. Our registered office is 12b Sun Street, Waltham Abbey, Essex, EN9 1EE, United Kingdom.
For data protection matters, contact privacy@brandexbrokers.com.
§ 02What we collect
We collect only what we need to assess fit, execute mandates, and meet our legal obligations.
Information you provide
- Identity and contact details (name, email, phone, company)
- Business information submitted during intake — revenue, profit, platform, category, growth stage
- Financial records shared during diligence — P&L, bank statements, ad-spend reports
- Identity-verification documents for AML compliance (buyers and sellers)
- Any correspondence between you and Brandex
Information collected automatically
- IP address, browser type, device information
- Pages visited, referral source, session duration
- Anonymised analytics via cookies — see our Cookie Policy
§ 03Why we process it
Each category of data has a defined lawful basis under UK GDPR.
| Purpose | Lawful basis |
|---|---|
| Valuation & mandate assessment | Legitimate interests · pre-contract |
| Executing a signed mandate | Contract performance |
| AML / KYC verification | Legal obligation |
| Marketing communications | Consent (opt-in only) |
| Website analytics | Legitimate interests · consent for non-essential cookies |
§ 04Who we share with
We do not sell your data. We only share it with:
- Verified buyers — under staged NDA, and only after you have approved the buyer in writing
- Professional advisers — lawyers, accountants, escrow agents engaged for your transaction
- Infrastructure providers — hosting, email, e-signature, analytics (all UK / EEA / adequacy-covered)
- Regulators — where legally required (e.g. AML reporting to HMRC)
§ 05How long we keep it
Active mandate data is retained for the duration of our engagement plus six years from the last contact, matching HMRC record-keeping requirements. Prospect data from unsuccessful intakes is deleted after twenty-four months. AML verification records are held for five years post-transaction, as required by the Money Laundering Regulations 2017.
§ 06Your rights
Under UK GDPR you have the right to:
- Access a copy of the personal data we hold about you
- Rectify inaccurate data
- Request deletion (subject to our legal retention duties)
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
- Complain to the Information Commissioner’s Office (ico.org.uk)
To exercise any right, email privacy@brandexbrokers.com. We respond within thirty days.
§ 07Security
We protect data in transit with TLS, at rest with AES-256 encryption, and limit internal access on a need-to-know basis. Sensitive financial documents are shared through encrypted dealrooms, never by unsecured email. We never store payment card data; all transactions route through PCI-DSS compliant processors.
§ 08International transfers
Most of our processing occurs in the UK and EEA. Where data is transferred elsewhere (e.g. a US-based analytics provider), we rely on UK International Data Transfer Agreements or adequacy decisions to ensure equivalent protection.
§ 09Changes to this policy
We post updates to this page with a revised effective date. Material changes are notified by email to active clients.