Chequered Flag Land Limited – Privacy Policy (BNG Units Marketing & Sales)

Effective date: 10 November 2025

This Privacy Policy explains how Chequered Flag Land Limited (“Chequered Flag Land”, “we”, “us”, “our”) collects and uses personal data when we market and sell Biodiversity Net Gain (BNG) Units and communicate with prospective and existing customers, partners, and stakeholders. It also describes your privacy rights and how the law protects you.

This policy applies to:

  • Our email marketing and outreach related to BNG Units (including via Saleshandy),
  • Our sales activities (including proposals, due diligence, contracting),
  • Our website and landing pages used to capture leads (if applicable),
  • Any related events, webinars, or direct communications.

We comply with the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) for electronic marketing to UK recipients.

1. Who we are (Controller)

Controller: Chequered Flag Land Limited
Company number: 10625457
Registered address: 1st floor, 11 Bryant Avenue, Romford, RM3 0AP, United Kingdom
Contact for privacy matters: privacy@chequeredflag.land / telephone 0208 167 6420
Data Protection Officer (if appointed): No DPO appointed.

2. What data we collect

Depending on our interactions with you, we collect and process:

  • Identity & contact data: name, job title, organisation, work email, business phone, postal address.
  • Professional/firmographics: sector, project role (e.g., developer, consultant, land promoter), project locations, interests in BNG Units.
  • Communications data: email threads, call notes, meeting notes, webinar registrations and attendance, event interactions.
  • Marketing preferences: opt-ins/opt-outs, consent records, unsubscribe status, topics of interest.
  • Technical & interaction data (where relevant): email engagement metrics (opens, clicks, replies), device/browser info, IP address, website analytics and cookies (see Section 10).
  • Transaction & due diligence data (if you proceed to purchase): contract details, billing contacts, purchase history, KYC/AML checks where legally required.

We generally do not collect special category data. Please do not include sensitive personal data in your responses.

3. How we collect your data

  • Directly from you: when you request information, sign up to updates, attend meetings or events, or correspond with us.
  • From your organisation/colleagues: referrals or introductions.
  • From public sources: company websites, professional directories (e.g., LinkedIn), planning portals, industry publications.
  • From our processors: engagement analytics (e.g., open/click data) from Saleshandy and website analytics tools.

4. Purposes and lawful bases

We process your personal data for the purposes below. For UK GDPR, our lawful bases are:

Purpose

Examples

Lawful basis

BNG Unit marketing & outreach

Emailing relevant updates, availability, pricing ranges, events/webinars

Consent (Art. 6(1)(a)) where required for PECR; Legitimate interests (Art. 6(1)(f)) for B2B “soft opt‑in” or business contacts where permitted by PECR

Sales engagement

Responding to enquiries, qualifying opportunities, proposals, calls

Legitimate interests (Art. 6(1)(f)); Contract (Art. 6(1)(b)) if requested to take steps prior to entering into a contract

Contracting & fulfilment

Negotiation, execution, and performance of BNG Unit sale contracts

Contract (Art. 6(1)(b)); Legal obligation (Art. 6(1)(c)) for tax/record-keeping

Compliance & risk

KYC/AML checks (where applicable), fraud prevention, responding to regulators

Legal obligation (Art. 6(1)(c)); Legitimate interests (Art. 6(1)(f))

Analytics & service improvement

Measuring campaign performance, improving content and targeting

Legitimate interests (Art. 6(1)(f)); where cookies are non-essential, consent via cookie banner

Managing preferences

Recording opt-ins/opt-outs, suppression lists

Legal obligation (PECR compliance) and Legitimate interests (Art. 6(1)(f))

PECR and marketing by email/text

  • We follow PECR rules for electronic marketing to UK recipients. Where consent is required, we will only send marketing if you’ve opted in, and you can withdraw consent at any time.
  • Where consent is not required (e.g., business-to-business marketing to corporate subscribers or “soft opt-in” for similar products/services), we rely on legitimate interests and always provide a clear unsubscribe

5. Do you have to provide data?

If we require data to respond to your enquiry or to enter into a contract, we will tell you. If you choose not to provide it, we may be unable to proceed with your request.

6. Sharing your data (recipients)

We share personal data only as necessary:

  • Service providers / processors (bound by contracts):
    • Saleshandy (email engagement & sequencing platform) – used for outreach and engagement analytics.
    • Email and productivity providers (e.g., Microsoft 365), CRM systems, cloud hosting, analytics, webinar tools, e-signature tools, accountants.
  • Professional advisers: legal, financial, compliance.
  • Corporate transactions: if we undergo a merger, acquisition, or asset sale.
  • Authorities: where required by law or to protect legal rights.

We require processors to implement appropriate security measures and process personal data only according to our instructions.

7. International transfers

Some providers (including Saleshandy and cloud services) may store or access data outside the UK. Where we transfer personal data internationally, we implement appropriate safeguards, such as:

  • The UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs; and
  • Transfer risk assessments (TRAs); and
  • Where applicable, reliance on an adequacy decision (e.g., UK-US Data Bridge) for certified US recipients.

You can contact us for details of the specific safeguards relevant to your data.

8. Retention

We keep personal data only for as long as necessary for the purposes described above:

  • Marketing contacts: 36 months from last meaningful interaction, unless you unsubscribe earlier (we keep minimal data on a suppression list to honour opt-outs).
  • Sales records & contracts: 7 years after the end of the contract for tax, accounting, and legal purposes.
  • Event/webinar records: 36 months from the event date.

When retention expires, we delete or anonymise data unless a longer retention is required by law or to establish, exercise, or defend legal claims.

9. Your rights

Under the UK GDPR you can:

  • Access your data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data (where applicable).
  • Restrict processing (temporarily limit our use).
  • Object to processing based on legitimate interests or to direct marketing at any time (we will stop marketing).
  • Data portability (where processing is based on consent or contract and carried out by automated means).
  • Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us at privacy@chequeredflag.land. We will respond within one month (extendable by two months for complex requests). You also have the right to make a complaint with the Information Commissioner’s Office (ICO): ico.org.uk / Tel: 0303 123 1113.

10. Cookies, tracking & analytics

We use cookies and similar technologies to operate our website/landing pages and to measure marketing performance. Non-essential cookies (e.g., analytics/advertising) are used only with your consent collected via our cookie banner. Email campaigns may include standard tracking (opens, clicks) provided by Saleshandy to gauge engagement and improve relevance. You can:

  • Manage cookie preferences via our banner or your browser settings.
  • Disable images or use privacy features in your email client to limit open-tracking pixels.
  • Unsubscribe from marketing to stop further email tracking.

See our Cookie Notice for details of cookie types, purposes, and retention (if separate).

11. Security

We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit (and at rest where supported), least-privilege access, staff training, and vendor security due diligence. While we work to protect your data, no method of transmission or storage is entirely risk-free.

12. Children

Our services are intended for business professionals. We do not knowingly collect data relating to children.

13. Changes to this Policy

We may update this Policy to reflect changes in law, guidance, or our processing activities. We will post updates with a new “Effective date” and, where appropriate, notify you by email.

14. How to contact us

Questions or requests about this Policy or your data:
Email: privacy@chequeredflag.land
Post: 1st floor, 11 Bryant Avenue, Romford, RM3 0AP, United Kingdom
Telephone: 0208 167 6420

Annex A – Key processor: Saleshandy (summary)

  • Role: Email outreach, sequencing, and engagement analytics (opens, clicks, replies).
  • Data processed: Business contact details, campaign membership, engagement metrics, unsubscribe/opt-out status.
  • Instructions: Process only for Chequered Flag Land’s campaigns; honour suppression lists; apply appropriate security; assist with data subject rights where applicable; delete/return data at end of contract.
  • International transfers: If data is stored/processed outside the UK, we implement UK-approved safeguards (see Section 7).
  • Sub-processors: Saleshandy may use sub-processors for infrastructure and delivery; we require appropriate flow-down terms and notice/substitution rights.