Privacy Policy

Effective Date: 14 May 2024
Last Updated: 13 April 2026

Privacy Policy

1. Introduction

This Privacy Policy explains how HBP Monpellier Limited (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you use:

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR), where applicable.

We act as the data controller for personal data processed through our services.

2. Data Controller Details

HBP Monpellier Limited
Email: info@monpellier.co.uk
Phone: 0191 500 8150
Address: Evolve Business Centre, Rainton Bridge Business Park, Sunderland, DH4 5QY

3. How We Collect Personal Data

We collect personal data when you:

  • Submit a contact form or enquiry
  • Download gated content
  • Request support or services
  • Interact with our marketing communications
  • Browse our website (subject to cookie consent where required)

All form submissions are received by our internal team via email and processed internally before being entered into our CRM system (Microsoft Dynamics 365).

We do not purchase third-party marketing lists.

4. Types of Personal Data We Collect

4.1 Information you provide directly

  • Name
  • Email address
  • Telephone number
  • Company name
  • Job title
  • Address and postcode
  • Any information submitted via forms, downloads, or support requests

4.2 Usage Data

  • IP address
  • Browser type and version
  • Device information
  • Pages visited
  • Time spent on pages
  • Referral sources

5. How We Use Personal Data

We use personal data for:

  • Responding to enquiries and providing customer support
  • Delivering services and managing customer relationships
  • Managing support tickets
  • Sending service communications
  • Sending marketing communications (where permitted under PECR or consented to)
  • CRM segmentation and customer engagement management
  • Providing tailored updates including services, pricing changes, and partner or seasonal offers
  • Improving website performance and user experience
  • Analysing marketing effectiveness and website usage

6. Profiling and CRM Segmentation

We use Microsoft Dynamics 365 and ClickDimensions to segment customers and manage communications.

This includes:

  • grouping customers based on engagement and interaction history
  • tracking email engagement (opens and clicks)
  • triggering automated marketing campaigns
  • tailoring communications and offers based on customer segmentation

In some cases, CRM segmentation may be used to support the communication of targeted commercial information, including pricing updates, discounts, or partner-led or seasonal offers.

These activities are used for business-to-business marketing and relationship management only.

These profiling activities do not result in automated decisions that produce legal effects or similarly significant impacts on individuals without human involvement.

7. Lawful Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Consent – for marketing communications and non-essential cookies
  • Contractual necessity – to respond to enquiries and provide services
  • Legitimate interests – for customer relationship management, service improvement, and limited business development activities, including segmented communications and targeted commercial updates, where conducted in accordance with PECR
  • Legal obligation – for tax, accounting, and regulatory compliance

8. Cookies and Analytics

We use CookieYes to manage cookie consent.

Google Analytics 4 (GA4)

We use GA4 to analyse website performance and user behaviour. GA4 is only activated after consent is provided via CookieYes.

We also use Google Ads tags for marketing purposes, which are currently paused but may be activated in future campaigns.

We do not currently use additional behavioural tracking tools such as heatmaps or session recording software.

9. Marketing Communications (PECR Compliance)

We use ClickDimensions and Microsoft Dynamics Marketing to manage marketing communications, including:

  • newsletters
  • automated email campaigns
  • behaviour-based marketing journeys
  • engagement tracking (opens and clicks)
  • audience segmentation

We only send marketing communications where:

  • you have provided consent, or
  • we are permitted to contact you under PECR soft opt-in rules for existing business relationships

All marketing communications include:

  • unsubscribe functionality
  • preference management options
  • clear identification of the sender

10. How We Process and Store Your Data

When you submit a form via our website:

  1. Your data is received by our internal team via email
  2. It is reviewed and routed internally to the relevant department
  3. It is then manually entered into Microsoft Dynamics 365 (d365.monpellier.co.uk)

Our CRM system is used to manage:

  • customer relationships
  • sales opportunities
  • support tickets
  • quotes, pricing, invoices, and interaction history

We may export CRM data to secure internal formats (such as Excel) for reporting and analysis purposes.

11. Data Sharing

We only share personal data where necessary for the purposes described in this policy.

Recipients include:

  • Microsoft (Dynamics 365 and cloud services)
  • Google (Analytics and advertising services)
  • ClickDimensions (marketing automation)
  • CookieYes (cookie consent management)
  • IT hosting and infrastructure providers
  • Professional advisers (legal, accounting, regulatory)

These providers act as data processors or independent controllers depending on the service.

We do not sell personal data.

12. International Data Transfers

Some of our service providers may process personal data outside the United Kingdom.

Where this occurs, we ensure appropriate safeguards are in place, including:

  • UK adequacy regulations
  • Standard Contractual Clauses (SCCs) approved under UK GDPR
  • security and compliance frameworks provided by Microsoft and Google

Microsoft Dynamics 365 is hosted within a UK-based tenant; however, some support and infrastructure services may involve processing outside the United Kingdom. Where this occurs, appropriate safeguards are applied.

13. Data Retention

We retain personal data only for as long as necessary:

  • Enquiry data: up to 24 months
  • CRM/customer data: up to 6 years after last interaction
  • Marketing data: until consent is withdrawn or inactivity thresholds are reached
  • Financial records: typically 6 years as required by law

Retention periods are reviewed regularly and enforced in accordance with internal data management processes.

14. Your Rights Under UK GDPR

You have the right to:

  • access your personal data
  • correct inaccurate data
  • request deletion of your data
  • restrict processing
  • object to processing, including marketing
  • data portability
  • withdraw consent at any time

You also have the right to object to direct marketing at any time.

To exercise your rights, contact: info@monpellier.co.uk

15. Data Security

We implement appropriate technical and organisational measures to protect personal data against:

  • unauthorised access
  • loss
  • alteration
  • disclosure

While we take reasonable precautions, no system can be guaranteed to be completely secure.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be published on this page with a revised “Last Updated” date.

Where significant changes occur, we may notify users via email or website notice.

17. Contact Us

HBP Monpellier Limited
Email: info@monpellier.co.uk
Phone: 0191 500 8150
Address: Evolve Business Centre, Rainton Bridge Business Park, Sunderland, DH4 5QY