%20(1).png)
Bazema Limited
Privacy Policy
Effective date: 25 February 2026
Last updated: 25 February 2026
1. Who We Are
This privacy policy explains how Bazema Limited (“Bazema”, “we”, “us”, “our”) collects, uses, stores, and protects personal data when you use our websites, tools, and services.This policy applies to:
- bazema.com (our public website), and
- bazemaos.com (the Bazema OS platform).
Both are operated by the same legal entity.
Data Controller:
Bazema Limited
Company number: 17054726
Registered office: 41 The Rowans, Poulton-le-Fylde, England, FY6 7UW
ICO Registration Number: [INSERT ICO NUMBER]
Data protection contact: elliot.bazley@bazema.com
Bazema Limited is the data controller for personal data collected through our own websites, tools, and communications.
When we deliver implementation, stewardship, or growth partnership services to estate agency clients, we act as a data processor on behalf of those clients. This distinction is explained in Sections 3.3 and 6.
2. What We Do
Bazema provides systems and services to UK estate agencies:
2.1 Bazema OS (Free)
Bazema OS is a free strategic toolkit hosted at bazemaos.com. It includes frameworks, audits, planning tools, and educational resources designed to help estate agencies think more clearly about operations, content, and growth.
The OS is educational and strategic in nature. It does not constitute professional advice and makes no performance guarantees.
2.2 Implementation Services (Paid)
Bazema offers a paid implementation service where we install and configure automation systems within an estate agency’s existing tools (e.g. CRM, email, telephony, calendars, forms).
Implementation typically takes 48 hours and requires temporary access to the client’s systems. During this period, we process personal data solely on the client’s instructions.
2.3 Stewardship & Growth Partnership (Paid, Ongoing)
Following implementation, some clients engage Bazema on an ongoing basis to maintain, monitor, and evolve the systems installed.
This may include troubleshooting, adjustments, optimisation, and strategic guidance. Continued access to client systems and continued processing of personal data may be required.
The scope and duration of these services are defined contractually.
3. What Personal Data We Collect
3.1 Data You Provide Directly
We may collect:
- Name and business email address
- Agency name, role, team size, and operational details
- Information submitted via forms, audits, or emails
- Information shared during setup calls or correspondence
- Billing and payment information (processed by third-party providers; we do not store card details)
3.2 Data Collected Automatically
When you visit our websites, we may collect:
- IP address (used to derive approximate location)
- Browser, device, operating system, and screen resolution
- Pages visited, time on page, and interaction data
- Cookie identifiers (see Section 11)
3.3 Data We Process on Behalf of Clients (Processor Data)
When delivering implementation or stewardship services, we access and process personal data held within a client’s own systems.
This data belongs to the client. The client is the data controller. Bazema acts as a data processor.
Examples of data we may access:
- Contact and lead records
- Property and pipeline data
- Appointment and viewing records
- Communication logs (email, call, SMS metadata)
- Staff user accounts and permissions
We process this data only to deliver agreed services, under a Data Processing Addendum (DPA). We do not reuse, aggregate, sell, or repurpose client data.
3.4 Data We Do Not Intentionally Collect
We do not intentionally collect special category data (e.g. health, ethnicity, religion). If such data exists within client systems, we do not extract or process it beyond what is strictly necessary.
4. Lawful Bases for Processing
We rely on the following lawful bases under UK GDPR:
4.1 Legitimate Interests (Article 6(1)(f))
Used for:
- Delivering audit results and related follow-ups
- Sending setup-call reminders and a limited number of nudge emails
- Website analytics and service improvement
- Security, fraud prevention, and internal administration
We conduct legitimate interests assessments where required. Copies are available on request.
4.2 Contract Performance (Article 6(1)(b))
Used for:
- Delivering implementation and stewardship services
- Communicating with clients during service delivery
- Invoicing and payments
4.3 Legal Obligation (Article 6(1)(c))
Used for:
- Tax, accounting, and regulatory compliance
- Responding to lawful requests from authorities
4.4 Consent (Article 6(1)(a))
Used for:
- Non-essential cookies
- Optional marketing communications
Consent can be withdrawn at any time.
5. The Implementation Readiness Audit
5.1 What the Audit Collects
The audit collects:
- Name and email address
- Agency details
- Responses to structured questions
Responses are used to generate an outcome category.
5.2 How Audit Data Flows
Audit submissions are processed via:
- Make (Celonis SE, EU) — automation and logic
- Google Sheets (Google LLC, US) — secure logging
- Email provider (Google Workspace) — results delivery
- Calendly (US) — scheduling (if applicable)
5.3 Automated Processing
The audit uses automated logic to generate outcomes. These outcomes:
- Are informational only
- Do not create legal effects
- Do not restrict your ability to contact us
You may request human review at any time.
5.4 Audit Follow-Ups
You will receive:
- One results email
- At most one additional reminder (if applicable)
You may opt out at any time.
6. Who We Share Data With
We do not sell or rent personal data.
6.1 Subprocessors
We use trusted service providers, including:
- Webflow Inc. — website hosting
- Google LLC — email, analytics, documents
- Celonis SE (Make) — automation
- Calendly LLC — scheduling
A current list is available on request.
6.2 Client Systems
When accessing client-owned tools, we act as a processor. The client remains controller. Each tool has its own privacy practices.
6.3 Legal Disclosure
We may disclose data where legally required.
7. International Transfers
Some subprocessors are located outside the UK.
Where required, we rely on appropriate safeguards such as:
- UK International Data Transfer Addendum
- EU Standard Contractual Clauses
- UK extension to recognised adequacy frameworks (where applicable)
8. Data Retention
We retain data only as long as necessary:
- Audit data: up to 24 months
- Setup call notes: up to 24 months
- Client access: revoked within 30 days of service end
- Legal and financial records: typically 6 years
9. Your Rights
You have rights including:
- Access
- Rectification
- Erasure
- Restriction
- Portability
- Objection
- Withdrawal of consent
Requests can be made to elliot.bazley@bazema.com.
You may complain to the ICO if dissatisfied.
10. Prospecting & Outreach
We may contact estate agencies using business contact details obtained from:
- Public company websites
- LinkedIn
- Public directories
This is done under legitimate interests. You may object or opt out at any time.
11. Cookies
We use:
- Strictly necessary cookies (site operation)
- Analytics cookies (with consent)
No advertising or retargeting cookies are used.
See our separate Cookie Policy for details.
12. Data Security
We apply appropriate technical and organisational measures including:
- HTTPS encryption
- Least-privilege access
- Credential management via secure tools
- Two-factor authentication where available
- Prompt access revocation on service completion
13. Data Breaches
We maintain a breach response process and register.
Where required:
- ICO notified within 72 hours
- Individuals or clients notified without undue delay
14. Call Recording & Meetings
Calls may be recorded or summarised for internal use, training, or service delivery. Where recording occurs, participants will be informed. Recordings are retained only as necessary.
15. Children
Our services are for professionals aged 18+. We do not knowingly collect children’s data.
16. Third-Party Links
We are not responsible for third-party privacy practices.
17. Changes to This Policy
We may update this policy. Material changes will be signposted.
18. Governing Law
This policy is governed by the laws of England and Wales.
19. Contact
📧 elliot.bazley@bazema.com
📮 Bazema Limited, 41 The Rowans, Poulton-le-Fylde, FY6 7UW