Privacy Notice

Last updated: 24/11/25

1. Introduction

Stonebrook Ventures (“Stonebrook”, “we”, “us”, “our”) is committed to protecting your privacy and handling your personal data fairly, transparently and securely.

This privacy notice explains:

  • what personal data we collect
  • how and why we use it
  • how we keep it secure
  • who we share it with
  • your rights under UK data protection laws

This notice applies to:

  • visitors to our website
  • individuals who contact us about selling a company
  • business owners and shareholders involved in the sale process
  • potential buyers or investor contacts
  • professional advisers or intermediaries interacting with us

2. Who we are (Data Controller)

Stonebrook Ventures
Registered office: 32 Bluestone Court, Backworth, Newcastle Upon Tyne, United Kingdom, NE27 0GH
Company number: 16247849
Email: privacy@stonebrook.co.uk

Telephone: +44 7958 567773

Stonebrook Ventures is the Data Controller, meaning we determine how and why your personal data is processed.

3. Personal data we collect

We collect personal data in the course of providing services such as valuations, preparing marketing materials, confidential buyer outreach, negotiation support and general advisory work. This may include:

3.1 Identity and contact details

  • Name
  • Email address
  • Phone number
  • Business name
  • Business address
  • Role within the organisation

3.2 Business and transaction information

  • Company financials
  • Ownership structure
  • Operational details
  • Valuation information
  • Presentations, Information Memoranda, due-diligence documents

3.3 Communications and records

  • Emails, call notes and correspondence
  • Enquiry form submissions
  • Non-Disclosure Agreement (NDA) information

3.4 Website and technical data

  • IP address
  • Browser type and version
  • Device identifiers
  • Pages visited and interactions (via cookies or analytics tools)

3.5 Information from third parties

  • Professional advisers
  • Buyer networks and contacts
  • Publicly available company information
  • Referrals and introducers

4. How we use your personal data

We use your personal data for the following purposes:

4.1 Enquiries and initial consultations

  • Responding to enquiries
  • Assessing whether our services are suitable for you

4.2 Business sale, valuation and advisory services

  • Preparing valuations and financial assessments
  • Creating confidential business summaries / Information Memoranda
  • Conducting targeted and discreet buyer outreach
  • Screening and qualifying potential buyers
  • Facilitating negotiations, offers and due-diligence processes

4.3 Client and relationship management

  • Maintaining communication
  • Managing ongoing services
  • Coordinating information between parties

4.4 Legal, regulatory and security purposes

  • Anti-money-laundering and compliance checks
  • Record-keeping requirements
  • Protecting our business from fraud or misuse

4.5 Website operations and analytics

  • Monitoring website performance
  • Improving user experience
  • Managing cookie preferences

4.6 Marketing (optional)

We may send marketing communications only where permitted by law, such as where:

  • you have consented; or
  • we are communicating to a corporate email address under “soft opt-in” rules.

You may opt out at any time.

5. Legal bases for processing

We rely on the following lawful bases under the UK GDPR:

  • Contractual necessity — to provide our advisory, valuation or business sale services.
  • Legitimate interests — e.g. professional communications, business development, due diligence, improving our services, ensuring security.
  • Legal obligations — AML checks, regulatory reporting, record-keeping.
  • Consent — for specific optional activities (e.g. marketing) or where required.

We balance our legitimate interests against your rights and freedoms.

6. Who we share personal data with

We may share personal data with:

6.1 Prospective buyers / investors

Under NDA, and only where appropriate and relevant.

6.2 Professional advisers

  • Law firms
  • Accountants
  • Corporate finance advisers
  • Due-diligence professionals

6.3 Service providers

  • IT and hosting providers
  • Secure data room platforms
  • Email and communications systems
  • Analytics providers

6.4 Regulatory and statutory bodies

Where required by law.

6.5 Group or associated companies (if applicable)

For administrative or service-delivery purposes.

All third parties are required to protect personal data and use it only for the purpose shared.

7. International transfers

If personal data is transferred outside the UK (e.g., cloud hosting providers), we ensure appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses.

8. Data retention

We keep personal data only for as long as necessary for the purposes described in this notice, including:

  • ongoing service delivery
  • statutory record-keeping
  • handling potential disputes or claims

Typical retention periods:

  • Client matter files: 6–7 years after conclusion
  • Enquiries: 1–2 years
  • Website analytics: see Cookie Policy

We securely delete or anonymise data when no longer needed.

9. Your rights under UK GDPR

You have the following rights:

Right to be informed

Individuals have the right to be informed about the collection and use of their personal data.

Right of access

Individuals have the right to access and receive a copy of their personal data, and other supplementary information.

Right to rectification

Individuals have the right to have inaccurate personal data rectified or completed if it is incomplete.

Right to erasure

Individuals have the right to have personal data erased.

Right to restrict processing

Individuals have the right to request the restriction or suppression of their personal data.

Right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

Right to object

Individuals have the right to object to the processing of their personal data in certain circumstances.

Rights related to automated decision-making including profiling i.e.

  • automated individual decision-making (making a decision solely by automated means without any human involvement); and
  • profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.

The Right to complain

You can complain to an organisation about how it is handling yours or other people’s information; if it:

  • has not properly responded to your request for your personal information;
  • is not keeping information secure;
  • holds inaccurate information about you;
  • has disclosed information about you;
  • is keeping information about you for longer than is necessary;
  • has collected information for one reason and is using it for something else; or
  • has not upheld any of your data protection rights.

ICO website: ico.org.uk
ICO helpline: 0303 123 1113

10. Cookies and website usage

Our website uses cookies and similar technologies to:

  • operate the site
  • perform analytics
  • improve functionality

You can control or disable cookies via your browser.

A separate Cookie Policy provides more details.

11. Changes to this notice

We may update this privacy notice occasionally. The latest version will be published on our website with an updated “last revised” date.

12. Contact us

For questions about this privacy notice or data rights requests:

Data Protection Contact
Stonebrook Ventures
Email: privacy@stonebrook.co.uk
Address: 32 Bluestone Court, Backworth, Newcastle Upon Tyne, United Kingdom, NE27 0GH