We use essential cookies to keep the site secure and functional. With your consent, we also run session recording and analytics (Microsoft Clarity and Google Analytics 4) and load fonts from Google. See our Cookie Policy for full details.
How we collect, use, store, and protect your personal data. Covers website visitors, platform users, assessment participants, and our benchmark dataset.
Last Updated: 24 April 2026Section 01
The BI Method Ltd ("BIP," "we," "us," "our"), is the Data Controller for personal data collected through our website and marketing activities.
For personal data collected through our platform on behalf of Client Organisations (employers using BIP to conduct team assessments), BIP acts as a Data Processor, not a Data Controller. In those cases, the Client Organisation is the Data Controller responsible for the lawful basis of processing their employees' data. See Section 5 for full details.
All data protection enquiries: privacy@behaviourintelligenceplatform.com
Section 02
This Privacy Policy applies to all personal data processed by BIP in connection with:
This policy does not cover the data practices of Client Organisations who use BIP to conduct assessments of their teams. Those organisations are Data Controllers for their employees' data and are bound by their own privacy obligations and the BIP Data Processing Agreement.
Section 03
| Category | Data Collected | Purpose |
|---|---|---|
| Website & Analytics | IP address, browser type, pages visited, device type | Website performance, UX improvement, security |
| Account Registration | Name, email, company name, country, role, password (hashed) | Account creation, authentication, billing, support |
| Payment & Billing | Billing name, address. Card details processed by Stripe — BIP does not store card details. | Processing subscription payments, invoicing |
| Assessment Responses | Responses to the BIP assessment, derived anti-pattern scores, severity classifications, timestamp | Generating team reports; building the anonymised Benchmark Dataset |
| Platform Usage Data | Login times, feature usage, report generation activity, session duration | Security monitoring, anomaly detection, product improvement |
| Geolocation (Currency Detection) | IP address sent to ipapi.co to determine country code | Pre-selecting the appropriate display currency for visitors. Only used when no currency preference has been saved; only the country code is retained — no individual profile is built. |
| Contact Forms | Name, email, company name, role, message content | Responding to enquiries, sales follow-up |
What We Do Not Collect
BIP does not collect or process: biometric data, health or medical data, racial or ethnic origin data, political opinions, religious beliefs, or trade union membership. BIP assessment responses relate to observable team behavioural patterns — they are not psychological or medical assessments.
Section 04
Under UK GDPR and EU GDPR, we are required to have a lawful basis for every processing activity:
Section 05
Key Distinction — Controller vs Processor
When Client Organisations use BIP to conduct team assessments, the employees completing those assessments are data subjects of the Client Organisation (the Data Controller), not of BIP. BIP processes this data only on documented instructions from the Client Organisation.
When processing Assessment Data on behalf of a Client Organisation, BIP acts as a Data Processor under Article 28 UK GDPR / EU GDPR. This means:
If you are an employee who has completed a BIP assessment and wish to exercise your data rights, contact your employer (the Data Controller) in the first instance. You may also contact BIP directly at privacy@behaviourintelligenceplatform.com — we will direct your request appropriately.
Section 06
Our Commitment — Anonymisation is Genuine and Irreversible
The BIP Benchmark Dataset is built exclusively from anonymised, aggregated data. The anonymisation process is technically irreversible. No individual's responses and no specific organisation's data can be identified within the Benchmark Dataset. This is true anonymisation, not pseudonymisation.
BIP's core value proposition depends on building a proprietary dataset of anonymised organisational behavioural patterns. This allows BIP to offer industry-level benchmark comparisons, sector-specific anti-pattern prevalence data, and evidence-based antidote effectiveness data.
If you submit a right to erasure request, BIP will delete all identifiable personal data we hold about you. Because the Benchmark Dataset contains no identifiable data, erasure requests do not extend to anonymised data already incorporated into it. This is consistent with Recital 26 of the GDPR, which confirms that anonymised information is not subject to data protection rules.
Section 07
We use cookies and similar tracking technologies on our website. You can control cookies through your browser settings and our cookie consent banner.
| Cookie Type | Purpose | Basis |
|---|---|---|
| Strictly Necessary | Authentication, security, session management | No consent required |
| Analytics & Performance | Understanding how visitors use the site to improve UX and content. We use Microsoft Clarity for session recordings, heatmaps, and interaction analytics, and Google Analytics 4 for page view and interaction tracking. Both are only activated after analytics consent is given. | Consent required |
| Marketing & Retargeting | Advertising effectiveness, conversion tracking, retargeting | Consent required |
| Functional | Remembering preferences and settings | Consent required |
Section 08
BIP does not sell personal data to third parties. We share data only in the following circumstances:
Section 09
BIP is incorporated in the UK and processes data primarily within the UK and European Economic Area (EEA). Where data is transferred outside the UK or EEA, we ensure appropriate safeguards through UK International Data Transfer Agreements (IDTAs), EU Standard Contractual Clauses (SCCs), or adequacy decisions.
Section 10
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data (active users) | Duration + 2 years after closure | Contractual obligations, legal disputes, financial records |
| Assessment Data (after subscription ends) | 90 days | Allows data export and potential reactivation. Permanently deleted after 90 days. |
| Benchmark Dataset | Indefinitely | Anonymised data — not personal data under GDPR. BIP's proprietary data asset. |
| Financial records & invoices | 7 years | UK tax and financial record obligations (Companies Act, HMRC) |
| Contact & marketing enquiries | 3 years from last interaction | CRM management, sales pipeline |
| Security logs | 12 months | Incident investigation and anomaly detection |
Section 11
You have the following rights under UK GDPR and/or EU GDPR. We will respond to all valid requests within one calendar month. To make a request, email privacy@behaviourintelligenceplatform.com with the subject "Data Rights Request."
You can request a copy of all personal data BIP holds about you, along with information on how it is used, who it is shared with, and how long it is retained.
If personal data BIP holds about you is inaccurate or incomplete, you can request we correct or complete it.
You can request deletion of your personal data where we no longer need it, you withdraw consent, or we have processed it unlawfully. Erasure does not extend to anonymised Benchmark Data or data we are legally required to retain.
In certain circumstances you can ask us to pause processing your data — for example, while you contest its accuracy.
Where we process your data by automated means on the basis of contract or consent, you can request your data in a structured, machine-readable format (e.g., JSON or CSV).
You can object to processing based on legitimate interests at any time. You can also object to direct marketing at any time — we will stop immediately.
BIP does not make solely automated decisions with legal or similarly significant effects about individuals. Assessment Reports are presented to human reviewers who make their own judgements.
Where processing is based on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Section 12
We implement appropriate technical and organisational measures to protect personal data. Our security measures include:
In the event of a personal data breach, we will notify the UK Information Commissioner's Office (ICO) within 72 hours and, where applicable, affected individuals without undue delay.
Section 13
We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email and/or a prominent notice on the Platform at least 30 days before the changes take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.
Section 14
If you are not satisfied with our response or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the relevant supervisory authority:
We always prefer to resolve complaints directly — please contact us first and we will make every effort to address your concerns promptly.