Privacy policy

Privacy Policy

February 2020

This policy explains why and how your personal data is collected and processed by Enterprise Orchard whether you’re simply visiting this website, or you use any of our services or attend any of our events or programmes.

As we respect you, we also respect your personal data. Our only business is to help first-time entrepreneurs to build and grow sustainable start-ups and, as such, we don’t make money from selling or sharing your personal data.

We may need to make changes to this policy now and again, so you should keep an eye on this page to take note of any changes. However, if we make any changes that will seriously affect you, we’ll let you know beforehand.

If you’ve got any questions about this policy, please email us as

  1. Who we are

Enterprise Orchard is the name for the business consultancy carried on by The Enterprise Orchard Limited.

We’re a limited company registered in England and Wales under number 11186684, with our registered office at (23 Westfield Park, Redland, Bristol BS6 6LT).

We’re also registered as a ‘controller’ with the Information Commissioner’s Office (ICO) under number ZA694536 in relation to the personal data we hold as a business.

  1. Our obligations

We’re required to handle personal data in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA) and certain other regulations. In general terms, we must ensure that the personal data we hold are:

  • Used lawfully, fairly and in a transparent way

  • Collected only for valid purposes that we’ve clearly told you about and not used for any purposes that aren’t compatible with those purposes

  • Relevant and limited to what’s necessary for the purposes we’ve told you about

  • Accurate and kept up to date

  • Kept only as long as necessary for the purposes we’ve told you about

  • Kept secure

  1. What personal data we collect

The following section explains what personal data we collect, why we collect it and what are lawful basis is for collecting it (you can read more about what this means on the ICO website).

When you visit our website

  • Newsletter subscription: We ask for your name and email address when you subscribe to our newsletter. We’ll use these details to tell you about what we’re up to, the services we offer and provide you with start-up tips and tools. Sometimes these emails will include details about our partners and offers from them, but we don’t share your details with them.

Our lawful basis for using this data is your consent, which you can withdraw at any time by clicking the ‘Unsubscribe’ link in our emails.

  • Entrepreneur personality test: If you take our test, you’ll be asked various questions about your entrepreneurial intent and your answers will then be fed into an algorithm to work out your entrepreneurial personality type which will be emailed to you (it’s all very scientific). We may aggregate the results of all tests undertaken with our tool to help us spot trends and produce content, but we won’t identify you if we do. We use Google Forms to collect the data and the results are stored on our Google Drive account (to find out more about how Google handles personal data, check out their Privacy Policy).

Our lawful basis for using this data is your consent, which you can withdraw at any time by emailing: If you do, then you can also ask us to delete this data.

  • Booking a call with us: Our website gives you the option to book a call with us using a tool called (to find our more about how handles personal data, check out their Privacy Policy). As you’d expect, we’ll use this data to give you a call at the agreed time, to find our whether we can help you. However, we’ll keep details of all enquiries we receive to help us understand the needs of potential clients and for business planning purposes.

As we’d hope that our discussion leads to us working together, our lawful basis for using this data is take steps to enter into a contract with you. When it comes to business planning, we’ll rely on our legitimate interests in doing so.

  • Cookies (yum!): Our website uses cookies which are small text files that are read by our servers and those of third parties, and something called localStorage which can only be read by your browser (you can read more about this stuff at AllAboutCookies). Except for cookies which are strictly necessary to provide access to our website and any features used by you, we need your consent to store these files on your device. You can withdraw your consent at any time by deleting them or changing your browser settings.

Most of the cookies stored by our website are served up by our website provider, Wix. They’ve helpfully listed all of these and explained what they do and how long they’re stored on your device for on their website. We also use Google Analytics to help us to understand where traffic to our website comes from and how visitors use our website, so we can make it better. To opt out of being tracked by Google Analytics across all websites, you can download the Google Opt-out Browser Add-on.

When you sign up for one of our services 

  • Contact information: We’ll likely ask you to give us your contact details so that we can keep in touch when we’re providing services to you. These details may be stored in the contact book on our phones or on our CRM system. Our lawful basis for using this information will be to perform our contract with you.

  • Biographical information: In particular where we’re providing mentorship or you’re participating in a programme with others, we’ll likely get to know a lot about you and your individual circumstances. Most of time we’ll get this information directly from you, but we may also get it from LinkedIn or from the things you’ve shared on social media. We’ll only ever use this information to support you and provide our services to you. Our lawful basis for using this information will be to perform our contract with you.

  • Payment information: If you subscribe to any of our services on a recurring basis, we may need to ask you for payment details (including your account number and sort code) to set up a direct debit. Our lawful basis for using this information will be to perform the contract with you.

  • Transactional information: We’ll keep copies of invoices and receipts for the services that your purchased from us. Our lawful basis for using this information will be to comply with our legal obligations.

  • Communications with you: We’re likely to exchange a fair number of emails and messages during the course of our relationship. We’ll communicate with you to arrange meetings and events and to provide our services. Our lawful basis for using this information will be to perform our contract with you.

  • Audio or video recordings: We may make audio or video recordings of any one-to-one sessions, so we can reflect upon and make notes of what we discussed. In the case of group sessions, we may make such recordings to share with those who couldn’t attend, provided everyone present is happy for us to do so. Our lawful basis for using these recordings will be for our legitimate interests and, where applicable, those of other participants.

  • We may ask you to provide testimonials about your experience of working with us. Our lawful basis for using testimonials will be your consent.

When you come to an event that we’re (co-)hosting

  • Contact information: We’ll likely ask you to give us your contact details so that we can keep in touch with you about an event. Our lawful basis for using this information will be our legitimate interests in planning and coordinating events.

  • Audio or video recordings: We may audio or video recordings to share with those who couldn’t attend. We’ll generally focus on the speakers in such recordings, however, if you don’t want to be featured, please let us know and we’ll ensure that such recordings are edited to exclude you if you can be heard or seen. Our lawful basis for using these recordings will be for our legitimate interests and, where applicable, those of other attendees.

  1. Where we store personal data

We’ll of course store personal data on our mobile devices and laptops. However, like most businesses, most of the tools we use are cloud-hosted. Where we’ve been able to configure these services to only host personal data on servers in the UK or EU, we’ve done so. However, it’s likely that this won’t be possible for a number of the tools we use, such as email, email marketing and CRM platforms. In this case, we’ll make sure that the providers of those services are either:

  • based in a country which is subject to an ‘adequacy decision’ by the European Commission

  • subject to the EU-US Privacy Shield Framework, where they’re based in the USA

  • subject to a set of standard contractual clauses that have been approved by the European Commission as ensuring an adequate level of protection for personal data

And, of course, if you or we are on holiday outside the UK/EU, this will involve personal data being transferred outside the UK/EU too.


  1. How we keep personal data secure

We take the security of your personal data very seriously and have implemented a number of measures to keep your personal data secure; from how we’ve configured the security settings of the devices and tools that we use to making sure we don’t have sensitive phone calls in public places.

We’ll generally send all emails unencrypted. However, if you’ve got particular concerns about this, we can send encrypted emails instead or use communications apps that are encrypted end-to-end (such as Signal or WhatsApp).

  1. Who we share personal data with

Generally, we won’t share your personal data with anyone outside our organisation – including anyone employed by us or engaged as a consultant by us – unless we’re required to by law or this is necessary to provide our services to you, for example, someone we’re co-hosting an event with or any venue where we’re holding an event.

  1. How long we keep personal data for

Data protection law requires us to keep personal data only for as long as we absolutely need to, either to comply with a legal obligation or for other justifiable purposes.

Generally speaking, we’ll keep your personal data for as long as we continue to have a relationship and for 2 years afterwards (in case you come back to us for further support). However, there are a few specific retention periods worth noting:

  • Newsletter subscription: Until you unsubscribe and for 12 months after (to make sure we don’t send you emails when you’ve asked us not to).

  • Payment information: Until we no longer need such information to take payments from you.

  • Transactional information: For a period of 6 years from the date of each invoice.

  • Audio or video recordings: Up to 5 years after the time they were recorded (though if these have been shared on social media, they may be around for a lot longer!)

  1. Your rights

You’ve got several important rights in relation to the personal data we hold about you (you can read more about them on the ICO website). The most relevant are:

  • You’ve the right to request access to and be provided with a copy of the personal data held about you together with certain information about the processing of such personal data to check that we’re holding it lawfully and processing it fairly.

  • You’ve the right to ask us to correct any inaccurate or incomplete personal data held about you.

  • You’ve the right to ask us to delete or remove any personal data held about you where there’s no good reason for us to continue holding it or where you’ve exercised your right to object.

  • You’ve the right to ask us to restrict how we hold your personal data, for example, to confirm its accuracy or our reasons for holding it.

  • You’ve the right to object to our holding of any personal data about you which is based on our legitimate interests or those of a third party based on your circumstances. You also have the right to object to our holding your personal data for direct marketing purposes.

Some of the above rights only apply in certain circumstances and may be subject to certain exemptions.

You’ll not have to pay any fee to exercise any of the above rights, though we may charge a reasonable fee or refuse to comply with your request where permitted to do so by law. Where this is the case, we’ll let you know. To protect the confidentiality of your personal data we may ask you to verify your identity before fulfilling any request in relation to your personal data.

You also have the right to complain to the Information Commissioner’s Office if you’ve got any concerns about how we’ve handled your personal data.



Enterprise Orchard_Mark_WHITE_RGB.png

Come and say hi, we're based at Simpleweb,                  

86 Bedminster Parade, Bristol, BS3 4HL                            

Enterprise Orchard_Mark_WHITE_RGB.png

Our registered office is:              

23 Westfield Park, Redland, Bristol, BS6 6LT                  

Call us 0117 298 0986