Privacy Policy

Welcome to (the Website).

For the purposes of applicable data protection and privacy laws, UCL Business Ltd (“we”, "us", "our"), with its registered offices at University College London Gower Street London WC1E 6BT, is considered the “Controller” in respect of the Personal Data that it collects, uses and manages in accordance with this Privacy Policy (“Policy”).

Protecting your privacy is important to us. We are committed to protecting all Personal Data provided to us, whether by individuals with whom we do business, visitors to and users of our websites or otherwise.  Personal Data is information which relates to an identified or identifiable living individual. 

This Policy explains what Personal Data we collect, how we may use and manage it and the rights you have in relation to your Personal Data. Before you provide us with any Personal Data or browse our websites, you should read through this Policy in full and make sure that you are comfortable with our privacy practices.

Please note that our websites may contain links to other websites, operated by third parties. These third party sites are not subject to this Policy and we recommend that you check the privacy and security policies of each website that you visit. We are only responsible for the privacy and security of the Personal Data that we collect and have no control over the actions of any third parties in relation to your Personal Data.

Please refer to the Glossary below for an explanation of the defined terms in this Policy.

Whose Personal Data do we collect?

From time to time, we may collect Personal Data from a range of individuals in the context of its business activities, including:

  • representatives of our suppliers, customers and other business contacts;
  • consultants and contractors;
  • users of our websites; and
  • individuals who contact us by any means.

How we collect your Personal Data

We obtain Personal Data which you knowingly and voluntarily disclose to us, both in an online and offline context. We collect Personal Data when you:

  • visit our websites and / or complete one of our web forms;
  • communicate with us in any other way;
  • complete surveys issued by us;
  • visit our premises;
  • submit an order to us via XIP;
  • report issues with using XIP;

We may also collect information received by us from third party sources, for example relating to your use of other websites which we operate and from related third parties such as sub-contractors.

What Personal Data we collect

We may collect a range of Personal Data from you in a business context, such as your name, gender, job title, email address, home address and other contact details, details of your business and other interests, communications with you and financial and payment information.

When you use our websites, we collect certain standard information that is sent by your browser to our websites. This includes technical information, such as your IP address, browser type, operating system, language, time zone setting, access times and any referring website addresses.

The purposes for which we process your Personal Data

We process your Personal Data for the following purposes:

  • to provide you with information, products and services ordered by you (including via XIP);
  • to improve the products and services that we offer, and the events that we manage and host;
  • to administer our websites and help improve our products and services;
  • to carry out analytics in relation to the use of our websites;
  • to notify you about changes to our websites;
  • to comply with applicable laws and regulations; and
  • other business-related purposes, including negotiating, concluding and performing contracts including licence agreements, administering payments made to us, managing accounts and records, supporting corporate social responsibility activities, legal, regulatory and internal investigations and debt administration.

The legal basis for UCLB processing your Personal Data

In order to comply with applicable data privacy laws, we are required to set out the legal basis for the processing of your Personal Data. In accordance with the purposes for which we collect and use your Personal Data, as set out above, the legal basis for our processing your Personal Data will typically be one of the following:

  • your consent;
  • the performance of a contract that we have in place with you or other individuals;
  • ours or our third parties’ legitimate business interests; or
  • compliance with our legal obligations.

Who we share your Personal Data with

We may share your Personal Data with people within the company who have a “need to know” that data for business or legal reasons, for example, in order to carry out an administrative function such as processing an invoice, or to direct a query that you have submitted to the relevant department within UCLB.

We may disclose your Personal Data to third parties including the authorities, our advisors, suppliers of IT services and third parties engaged by us for the purpose of providing services requested by you; to protect any intellectual property rights in any materials displayed on or otherwise available from our websites; for the purposes of seeking legal or other professional advice; to respond to a legal request or comply with a legal obligation; and to enforce our Rules of Website Use.

We may disclose your Personal Data to third parties in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets.

We may share the Personal Data you submit to us with any entity within the UCL group. These entities are required to maintain the confidentiality of your data and are restricted from using it for any purpose other than the purposes set out in this Policy.

We may decide to allow users to share comments, posting, testimonials, or other information. If you choose to submit such information to us, the information that you submit may be available generally to the public. Information that you provide in these areas may be read, collected, and used by others who access them.

Finally, we may share non-Personal Data with other third parties that are not described above. When we do so we may aggregate or de-identify the information so that a third party would not be likely to link data to you, your computer, or your device. Aggregation means that we combine the non-Personal Data of numerous people together so that the data does not relate to any one person. De-identify means that we attempt to remove or change certain pieces of information that might be used to link data to a particular person.

Transfers of Personal Data

Please note that any person to whom we may disclose your Personal Data under this Policy may be situated in a country other than your own and that such country may provide a lower level of data protection requirements than your own country. By agreeing to this Policy, you consent to the transfer of your Personal Data to a country other than your own.

Whenever we transfer Personal Data across borders, we take legally required steps to ensure that adequate safeguards are in place to protect your Personal Data and to make sure it is treated in accordance with this Policy. If you are located in the EEA or the UK, you can request a copy of the safeguards which we have put in place to protect your Personal Data and privacy rights in these circumstances, using the contact details set out in the ‘Questions and complaints’ section below.


We take all reasonable technical and organisational security measures to protect Personal Data from accidental or unlawful destruction, accidental loss and unauthorised access, destruction, misuse, modification or disclosure. We do our best to protect your Personal Data but unfortunately the transmission of information over the internet is not completely secure. We cannot guarantee the security of your Personal Data and any transmission of your data to us is at your own risk.

If we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share this password with anyone. If you fail to keep your password confidential and this leads to a breach of security, we cannot be held accountable for the loss or other compromising of any Personal Data belonging to you.


Our websites use cookies to improve your user experience. For detailed information on the cookies we use and the purposes for which we use them please see our Cookie Policy.

Records retention

Your Personal Data is not kept for longer than is necessary for the purposes for which it is collected. This means that data and records (including Personal Data) are destroyed or erased from our systems when no longer required. The amount of time that records are kept for varies depending upon the type of Personal Data they contain.

Your rights

Applicable data privacy laws give rights to individuals in respect of Personal Data that organisations hold about them.  If you wish to:

  • request a copy of the Personal Data that we hold about you; or
  • request that we rectify, delete, or limit the processing of your Personal Data,

please submit your written request to our Data Protection Representative via We ask that you always inform us of changes to your Personal Data so that we can keep it up to date.

If you decide that you do not want to receive commercial communications from us, whether by email, telephone or post, you can “opt-out” from receiving such communications by clicking on the “unsubscribe” link provided at the bottom of each commercial email and updating your preferences, or by contacting us at

Questions and complaints

If you have a concern or complaint about this Policy or how we have used your Personal Data, as a first step, you should raise this in writing with us via:

Director of Legal Affairs
UCL Business Ltd
90 Tottenham Court Road

If you are not satisfied with the handling of your concern or complaint by us, you can escalate this to your national Data Protection Authority.

Changes to this Policy

We reserve the right to modify or amend this Policy at any time by posting the revised Policy on our websites. It is your responsibility to review the Policy every time you submit information to us or place an order through XIP.



A party that determines the purposes and means of data processing.

Data Protection Authority

The relevant supervisory authority with responsibility for privacy or data protection matters in the jurisdiction of UCLB and/or a UCLB Group Company;

European Economic Area (EEA)

The EEA includes all European Union member states and Iceland, Liechtenstein and Norway. 

Personal Data

Information which relates to an identified or identifiable individual (i.e. data about UCLB employees, contractors, applicants, employees of vendors and suppliers, contractors, customers and individuals who use our websites or service centres).  It includes names, addresses, email addresses, job applications, user account information, and correspondence. Personal Data can also include web browsing information (e.g. data associated with a particular cookie) and IP addresses, when such information can be linked to an individual. 


Doing anything with Personal Data; this includes collecting it, storing it, accessing it, combining it with other data, sharing it with a third party, or even deleting it.


Last updated on 23.05.2018


Thank you for visiting our Website. UCL Business Ltd is registered in England with registered number 02776963 and our registered office is located at University College London Gower Street London WC1E 6BT.