Last updated: 1 January 2025 · Effective from: 1 January 2025
Your privacy matters to us. This Privacy Policy explains how The SaaS Partnership collects, uses, shares and protects your personal data. We are committed to handling your information responsibly and in compliance with applicable data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy applies to personal data collected through our website at www.thesaaspartnership.com (the "Website") and in the course of providing our services to clients, prospective clients, and business contacts.
Please read this policy carefully. By using our Website or engaging our services, you acknowledge that your personal data will be processed as described in this policy. If you do not agree, please do not use our Website or provide us with your personal data.
The SaaS Partnership is the data controller responsible for your personal data collected through this Website and in connection with our services. As data controller, we determine the purposes and means of processing your personal data.
Data Controller: The SaaS Partnership
Email: privacy@thesaaspartnership.com
Website: www.thesaaspartnership.com
We are based in the United Kingdom and are subject to UK data protection law. Where we process data of individuals in the European Economic Area (EEA), we are also subject to the EU GDPR.
We collect personal data that you voluntarily provide to us, including when you:
When you visit our Website, we may automatically collect certain technical data, including:
We may receive information about you from third-party sources, including:
We use your personal data for the following purposes:
Under UK GDPR, we rely on the following lawful bases for processing your personal data:
| Processing Activity | Lawful Basis |
|---|---|
| Responding to contact form enquiries | Legitimate interests — to respond to business enquiries; or Contract — where the enquiry relates to an existing engagement |
| Delivering services to clients | Contract — necessary for the performance of a contract with the client |
| Sending marketing emails to existing clients | Legitimate interests — to communicate relevant service updates and insights to existing client contacts |
| Sending marketing emails to prospective clients | Legitimate interests — B2B outreach where we have a reasonable basis to believe our services are relevant; or Consent — where obtained |
| Website analytics | Legitimate interests — to improve our Website; or Consent — where required for cookies |
| Compliance with legal obligations | Legal obligation — e.g. tax records, responding to regulatory requests |
Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 9).
We do not sell your personal data. We may share your data with:
We engage trusted third-party service providers who process data on our behalf, including:
These providers are contractually required to handle your data securely and only for the purposes we specify.
We may share data with our lawyers, accountants, insurers, and other professional advisers where necessary.
We may disclose your data if required to do so by law, court order, or to protect our legal rights, or where we believe in good faith that disclosure is necessary to prevent harm or illegal activity.
In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the acquiring entity as part of that transaction. We will notify you of any such transfer where required by law.
We are based in the United Kingdom. Some of our service providers may process data outside the UK and the European Economic Area (EEA), including in the United States.
Where personal data is transferred to countries outside the UK that do not provide an equivalent level of data protection, we ensure appropriate safeguards are in place, which may include:
You can request further information about international transfer safeguards by contacting us at privacy@thesaaspartnership.com.
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. Our general retention guidelines are:
| Data Type | Retention Period |
|---|---|
| Contact and enquiry data (non-clients) | 2 years from last contact, or until you request deletion |
| Client contact and contract data | 7 years from end of the client relationship (for accounting and legal purposes) |
| Marketing opt-in records | Until consent is withdrawn, then deleted within 30 days |
| Website analytics data | Up to 26 months (anonymised after 14 months where possible) |
| Financial and invoicing records | 7 years from the relevant financial year end (UK legal requirement) |
When data is no longer needed, we securely delete or anonymise it.
Under UK GDPR, you have the following rights in relation to your personal data:
| Right | What This Means |
|---|---|
| Right of access | You can request a copy of the personal data we hold about you (a "Subject Access Request") |
| Right to rectification | You can ask us to correct inaccurate or incomplete personal data |
| Right to erasure | You can ask us to delete your personal data in certain circumstances ("right to be forgotten") |
| Right to restrict processing | You can ask us to pause processing of your data in certain circumstances |
| Right to data portability | You can ask us to provide your data in a structured, machine-readable format |
| Right to object | You can object to processing based on legitimate interests or for direct marketing purposes |
| Right to withdraw consent | Where we process data based on consent, you can withdraw it at any time |
| Rights related to automated decisions | You have the right not to be subject to solely automated decisions with significant legal effects |
To exercise any of these rights, please contact us at privacy@thesaaspartnership.com. We will respond within one calendar month. We may need to verify your identity before fulfilling a request.
These rights may be subject to certain exemptions or limitations under applicable law. We will explain any applicable exemptions when responding to your request.
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work efficiently and to provide information to the website owner.
We may use the following types of cookies on our Website:
You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect Website functionality.
For more information about cookies and how to manage them, visit www.aboutcookies.org or www.allaboutcookies.org.
We use Google Analytics to analyse Website usage. Google Analytics collects information anonymously and generates reports. Google may transfer this information to third parties where required by law, or where third parties process information on Google's behalf. Google will not associate your IP address with any other data held by Google. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Our Website and services are directed at business professionals and are not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, or damage. These include:
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) as required by law.
Our Website may contain links to third-party websites. This Privacy Policy applies only to our Website. We are not responsible for the privacy practices of third-party websites and encourage you to read the privacy policies of any linked sites you visit.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will update the "Last updated" date at the top of this page when we make changes.
We encourage you to review this policy periodically. Where changes are material, we will take reasonable steps to notify affected individuals, such as by placing a notice on our Website or by direct communication.
If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact our privacy team:
Privacy enquiries: privacy@thesaaspartnership.com
General enquiries: hello@thesaaspartnership.com
Website: www.thesaaspartnership.com
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the relevant supervisory authority:
In the UK:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
In the EU:
You may complain to your local EU data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.
We would appreciate the opportunity to address your concerns before you contact a supervisory authority, so please contact us in the first instance.