What documents do you review?

We review all governance documentation, including constitutions, trustee handbooks, policies, procedures, and any other governance-related materials.

How quickly do you provide reports?

Our rapid system typically delivers the initial comprehensive reports within two working days of receiving your documentation.

Do you work with all types of UK charities?

Yes, GovernWise is designed to work with all registered charities in England and Wales. We specialise in affordable services for micro and small charities.

What happens if you find compliance issues?

We don't just identify problems - we provide solutions. Our reports include detailed recommendations, and we can draft any missing policies or clauses needed for full compliance.

Legal Information

Terms and Conditions of Business and Policies

(please click or scroll down for Website Legal Information and Policies)

Terms of Engagement
CONFLICT OF INTEREST POLICY
COMPLAINTS HANDLING POLICY

Terms of Engagement

Thank you for considering GovernWise.UK* for your charity governance needs. We believe in transparency and clarity from the very beginning. These terms provide an overview of how we work with our clients.

Please note that this is a summary of our key engagement terms. Before any work commences, we will provide you with a formal consultancy agreement for review and signature. This agreement will detail our relationship and the specifics of your project.

Our Services & Professional Standards

GovernWise.UK, a trading name of Bexon Heaps Associates Ltd, provides specialist consultancy advice on governance to charities in England and Wales. We are committed to delivering our services with reasonable skill, care, and diligence, in line with professional best practice. GovernWise.UK do not provide legal advice.

How We Structure Our Agreement

Our legal relationship is structured for clarity and efficiency

Master Terms & Conditions: This is the main agreement covering our overall professional relationship, including core principles like client confidentiality. It is signed once at the start of our work together.
Statement of Work (SOW): For each specific project, such as an initial governance review or the drafting of new policies, we will agree on a separate SOW. This document outlines the exact scope, deliverables, timeline, and fees for that particular project.

This two-part structure means we don’t have to renegotiate foundational legal terms for every new piece of work, making the process straightforward and efficient.

What We Need From You (Client Obligations)

To ensure we can deliver our services effectively, we rely on our clients to provide timely access to the necessary information, documents, and key personnel. Your cooperation is essential for the success of the project.

Fees and Payment

All fees and payment schedules are clearly detailed on our website and in any project-specific Statement of Work. Payment is made via the GoCardless platform, and we will provide payment links for specific services, as well as direct debit payment links for ongoing delivery services. We issue invoices as agreed in the SOW, and our standard payment term is within 5 days from the date of the invoice.

Confidentiality

We understand the sensitive nature of governance work. All information you share with us will be treated as strictly confidential. We are bound by a duty of confidentiality not to disclose your sensitive information to any third party, except where required for the provision of the services or by law.

Intellectual Property & Ownership of Work

The final work products we create for you, such as reports and policy documents (“Deliverables”), are for your charity’s use. Upon full payment of the project fees, your charity will own the intellectual property rights to the Deliverables created during that project.

Our Status as an Independent Contractor

Our relationship with you is that of an independent contractor providing services to a client on a business-to-business basis. GovernWise.UK is not an employee of your charity, and we are responsible for our own tax and National Insurance contributions.

Limitation of Liability

We stand by the quality of our work. However, it is standard professional practice to manage and limit our financial liability to a reasonable level. Our liability for any single project is capped at 90% of the fees paid for that project. This does not apply to liabilities that cannot be legally limited, such as for death or personal injury caused by our negligence. The responsibility for considering and implementing any deliverable, including any subsequent legal or financial consequence, rests solely with the client.

Governing Law

Our agreements and services are governed by the laws of England and Wales.

Next Steps

We hope this summary is helpful. If you choose to proceed with our services, we will provide a full Master Services Agreement and a detailed Statement of Work for your review and signature. We look forward to the opportunity to work with you.

*GovernWise.UK is a trading name of Bexon Heaps Associates Ltd.

Registered in England Company No 10751905

Registered office: PO Box 8244, Castle Donington, DE74 2BY

CONFLICT OF INTEREST POLICY

1. Purpose and Scope

This policy sets out how GovernWise.UK (a trading name of Bexon Heaps Associates Ltd) identifies, manages, and mitigates actual, potential, or perceived conflicts of interest. Our commitment to providing objective and impartial advice is paramount to maintaining the trust of our clients and the integrity of our services. This policy applies to all directors, employees, and subcontractors of GovernWise.UK.

2. Definition of a Conflict of Interest

A conflict of interest arises in a situation where an individual’s personal interests, or their duties to another person or organisation, could influence, or be perceived to influence, their professional judgment or actions in the performance of their duties for GovernWise.UK and its clients.

Conflicts can be:

Actual: A direct conflict exists.
Potential: A conflict could arise in the future.
Perceived: A third party could reasonably form the view that a conflict exists.

Examples include, but are not limited to:

A financial interest (e.g., shareholding) in a client’s competitor or key supplier.
A close personal relationship (family or friend) with a trustee or senior employee of a client charity.
A previous or current role (paid or voluntary) with another organisation that may have competing interests with a client.
Providing consultancy services to two or more charities that are in direct competition for funding or resources.

3. Procedure for Declaration and Management

The effective management of conflicts of interest is a pre-emptive measure to protect both the consultancy and its clients. It demonstrates a commitment to transparency and ethical practice, which is essential when advising on governance. Trustees of a charity are required to manage their own conflicts, and they will expect their professional advisors to adhere to the same high standards. A formal, written policy provides a clear framework to manage these situations, building client confidence and providing a documented defence against any future accusations of bias.

Duty to Disclose: All personnel have an ongoing duty to identify and disclose any conflicts of interest to the Managing Director as soon as they become aware of them, using a formal Declaration Form. This includes disclosures made prior to accepting a new client engagement and during an ongoing project if circumstances change.
Recording: A central register of all declared interests will be maintained by the Managing Director.
Management and Mitigation: Upon disclosure, the Managing Director will assess the conflict and determine the appropriate course of action, which may include one or more of the following.

(a) Recording: Noting the conflict in the register but determining no further action is needed.
(b) Disclosure: Disclosing the conflict to the affected client(s) to ensure full transparency.
(c) Management Plan: Implementing specific arrangements, such as removing the conflicted individual from decision-making processes related to the matter.
(d) Recusal: Requiring the conflicted individual to be removed from the specific client engagement entirely.
(e) Refusal of Engagement: Declining to take on a new client or project if a significant and unmanageable conflict exists.
Client Communication: Where a conflict is deemed material, it will be communicated to the client in writing, along with the proposed steps to manage it.

4. Review

This policy will be reviewed annually to ensure it remains effective and fit for purpose.

COMPLAINTS HANDLING POLICY

1. Our Commitment

GovernWise.UK is committed to providing a high-quality, professional service to all our clients. We acknowledge that occasionally things may go wrong. If you have a complaint or concern about the service you have received from us, we need you to tell us about it. This will help us to improve our standards and resolve the issue promptly and fairly.

2. How to Make a Complaint

If you wish to make a complaint, please contact us in writing with the full details. You can do this by:

Email: governwise.uk@gmail.com
Post: The Complaints Manager, GovernWise.UK,

Please include your name, your charity’s name, a description of your complaint, and how you would like the matter to be resolved.

3. Our Complaints Process

Our process is designed to be clear, simple, and timely.36

Step 1: Acknowledgement
We will acknowledge receipt of your complaint in writing within three (3) working days of receiving it.
Step 2: Investigation
Your complaint will be investigated by a senior member of our team who was not directly involved in the matter. To investigate, we will review the relevant project file and speak with the consultant(s) involved. This investigation will be completed within ten (10) working days of our acknowledgement letter. If we require more time, we will inform you in writing with an explanation and a revised timescale.
Step 3: Response
Following our investigation, we will send you a detailed written response. This will include our findings, our conclusions, and any actions we have taken or propose to take to resolve your complaint. We aim to provide this response within fifteen (15) working days of acknowledging your complaint.

4. If You Are Not Satisfied

If you are not satisfied with our final response, you may wish to seek resolution through other means. As our services are provided on a business-to-business basis, they do not fall under the jurisdiction of an ombudsman service. However, we are committed to resolving disputes amicably and would be willing to consider independent mediation as outlined in our Master Terms and Conditions.

Website Legal Information

Data Protection and Management Policy
Cookie Policy
Website Usage Policy
Privacy Policy
Copyright

Data Protection and Management Policy

GovernWise.uk
Delivered by Bexon Heaps Associates Ltd

1. Introduction and Scope

1.1 Purpose

This Data Protection and Management Policy governs how GovernWise.uk, delivered by Bexon Heaps Associates Ltd, handles, processes, stores, and protects personal and organisational data provided by charity clients in England and Wales for governance assessment and assurance services.

1.2 Scope

This policy applies to all data collected, processed, and stored in connection with GovernWise.uk services, including:

Charity governance documentation
Contact information of charity personnel
Financial and operational information
Meeting minutes and board documentation
Any personal data contained within client materials

1.3 Legal Framework

This policy ensures compliance with:

UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
Charity Commission regulations for England and Wales
Google Workspace Terms of Service and Data Processing Agreement

2. Data Classification and Types

2.1 Personal Data

Names and contact details of trustees, staff, and volunteers
Financial information of individuals
Any identification information contained within governance documents

2.2 Organisational Data

Charity registration details
Governance policies and procedures
Board meeting minutes and resolutions
Financial statements and reports
Risk assessments and management plans

2.3 Sensitive Data

Information relating to vulnerable beneficiaries
Safeguarding policies and incident reports
HR matters and disciplinary procedures
Legal advice and privileged communications

3. Data Collection and Processing

3.1 Lawful Basis for Processing

Data processing is conducted under the following lawful bases:

Legitimate interests: For the delivery of governance assessment services
Contract: Where processing is necessary for service delivery
Consent: Where explicitly provided by the data subject

3.2 Data Minimisation

We only collect and process data that is:

Adequate and relevant for governance assessment purposes
Limited to what is necessary for service delivery
Accurate and kept up to date

3.3 Transparency

Clients are informed about:

What data we collect and why
How long we retain the data
Who has access to the data
Their rights regarding their data

4. Data Storage and Security

4.1 Storage Infrastructure

All client data is stored exclusively in:

Google Workspace Business/Enterprise accounts
UK-based or EU data centres, where possible
Encrypted storage systems with multi-factor authentication

4.2 Access Controls

Role-based access: Only authorised Bexon Heaps Associates Ltd personnel
Need-to-know basis: Access limited to staff directly involved in service delivery
Individual user accounts: No shared credentials
Regular access reviews: Quarterly assessment of user permissions

4.3 Technical Security Measures

End-to-end encryption for data in transit and at rest
Multi-factor authentication for all system access
Regular security updates and patches
Automated backup systems with encryption
Secure file sharing protocols within Google Workspace

4.4 Physical Security

Secure office premises with access controls
Locked storage for any physical documents
Clean desk policy for all staff
Secure disposal of physical materials

5. Data Retention and Disposal

5.1 Retention Period

Standard retention: 18 months from completion of service delivery
Service completion date: Defined as the date of final report delivery or contract termination
Automatic deletion: Scheduled deletion processes after the retention period expires

5.2 Retention Schedule

Data Type	Retention Period	Disposal Method
Client governance documents	18 months post-service	Secure deletion from Google Workspace
Contact information	18 months post-service	Permanent deletion from all systems
Project correspondence	18 months post-service	Secure deletion including email archives
Assessment reports (client copies)	18 months post-service	Secure deletion
Internal working notes	18 months post-service	Secure deletion

5.3 Secure Disposal

Digital data: Permanent deletion from Google Workspace with verification
Backup systems: Coordinated deletion from all backup locations
Physical documents: Confidential shredding using certified providers
Disposal certification: Records maintained of secure disposal activities

5.4 Legal Hold Exceptions

Data may be retained beyond the standard period where:

Legal proceedings are ongoing or anticipated
Regulatory investigations require data preservation
Client explicitly requests extended retention (documented consent required)

6. Data Sharing and Third Parties

6.1 Third Party Processors

Google Workspace: Primary data processor with appropriate Data Processing Agreement
No other third parties: Client data is not shared with any other external parties without explicit consent

6.2 Data Transfers

Data remains within Google Workspace UK/EU infrastructure
No international transfers outside adequate jurisdiction without appropriate safeguards
Client notification required for any changes to data location

6.3 Disclosure Requirements

Data may only be disclosed:

With explicit client consent
Under legal obligation (court orders, regulatory requirements)
For the prevention of crime where legally permitted
All disclosures are documented and clients notified where legally possible

7. Individual Rights

7.1 Rights Under UK GDPR

Individuals have the right to:

Access: Request copies of their personal data
Rectification: Correct inaccurate personal data
Erasure: Request deletion of personal data
Portability: Receive data in a structured format
Object: Object to processing based on legitimate interests
Restrict processing: Limit how their data is used

7.2 Response Timeframes

Standard requests: Response within one month
Complex requests: Up to three months with explanation
Urgent requests: Prioritised response where appropriate

7.3 Identity Verification

All requests require appropriate identity verification before processing to prevent unauthorised access to personal data.

8. Data Breach Management

8.1 Breach Detection

Continuous monitoring of Google Workspace security alerts
Regular review of access logs and user activity
Staff training on breach identification and reporting

8.2 Breach Response Procedure

Immediate containment: Secure affected systems and prevent further unauthorised access
Assessment: Evaluate the nature, scope, and likely consequences
Documentation: Record all details of the breach and response actions
Notification: Inform relevant parties within required timeframes
Remediation: Implement measures to prevent recurrence

8.3 Notification Requirements

ICO notification: Within 72 hours for high-risk breaches
Client notification: Without undue delay for breaches affecting their data
Individual notification: Where breach poses high risk to rights and freedoms

9. Staff Training and Responsibilities

9.1 Data Protection Training

All staff receive:

Initial data protection awareness training
Regular updates on policy changes
Specific training on Google Workspace security features
Annual refresher training and assessment

9.2 Responsibilities

Data Protection Officer: Overall policy compliance and breach management
Service Delivery Staff: Day-to-day data handling compliance
IT Administrator: Technical security and access management
Management: Policy oversight and resource allocation

10. Monitoring and Review

10.1 Regular Reviews

Annual policy review: Comprehensive assessment of policy effectiveness
Quarterly access reviews: Verification of user permissions and access rights
Monthly security monitoring: Review of system logs and security alerts
Continuous improvement: Implementation of enhanced security measures

10.2 Compliance Monitoring

Regular audits of data handling practices
Google Workspace security assessment
Client feedback on data protection measures
Documentation of compliance activities

11. Contact Information

11.1 Data Protection Enquiries

Bexon Heaps Associates Ltd
Data Protection Officer
PO Box 8244. Castle Donington, DE74 2BY
Email: governwise.uk@gmail.com
Phone: 01332811780

11.2 Complaints

If you are not satisfied with our handling of your data, you have the right to complain to: Information Commissioner’s Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113

12. Policy Governance

Policy Owner: Bexon Heaps Associates Ltd
Effective Date: 01/09/25
Review Date: 01/09/26
Version: 1.0
Approved By:N K Heaps MBE

Cookie Policy

Last updated: 17 September 2025

About This Policy

This Cookie Policy explains how Bexon Heaps Associates Ltd (“we”, “us”, or “our”) uses cookies and similar technologies on the GovernWise.uk website (“our website”). This policy should be read alongside our Privacy Policy.

What Are Cookies?

Cookies are small text files that are placed on your computer or mobile device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners.

Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and to deliver a better and more personalised service by enabling us to:

Estimate our audience size and usage patterns
Store information about your preferences
Speed up your searches
Recognise you when you return to our website

Types of Cookies We Use

Strictly Necessary Cookies

These cookies are essential for you to browse our website and use its features. Without these cookies, services you have asked for cannot be provided.

Examples include:

Session cookies that remember your login status
Security cookies that authenticate users and prevent fraudulent use
Load balancing cookies that ensure website functionality

Performance Cookies

These cookies collect information about how visitors use our website, such as which pages visitors go to most often and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor.

Examples include:

Google Analytics cookies that help us understand website usage
Cookies that measure website performance and loading times

Functionality Cookies

These cookies allow our website to remember choices you make and provide enhanced, more personal features.

Examples include:

Cookies that remember your language preference
Cookies that remember your location for local content
Cookies that remember accessibility settings

Targeting/Advertising Cookies

These cookies are used to deliver adverts more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns.

Examples include:

Third-party advertising network cookies
Social media cookies for targeted advertising
Remarketing cookies

Third-Party Cookies

We may use third-party services that place cookies on your device. These include:

Google Analytics

We use Google Analytics to understand how our website is used. Google Analytics generates statistical and other information about website usage by means of cookies stored on users’ computers. You can opt out of Google Analytics by visiting: https://tools.google.com/dlpage/gaoptout

Social Media Plugins

Our website may include social media features such as LinkedIn, Twitter, or Facebook buttons. These features may collect your IP address and page information and may set cookies to enable proper functionality.

Legal Basis for Using Cookies

Under UK data protection law, we need a legal basis to use cookies that process personal data:

Strictly Necessary Cookies: We use these based on our legitimate interest in providing essential website functionality
Performance and Functionality Cookies: We use these based on your consent
Targeting/Advertising Cookies: We use these based on your consent

Your Cookie Choices

Managing Cookie Preferences

When you first visit our website, you’ll see a cookie banner asking for your consent to use non-essential cookies. You can:

Accept all cookies
Reject all non-essential cookies
Customise your preferences by cookie type

You can change your cookie preferences at any time by clicking the “Cookie Settings” link in our website footer.

Browser Settings

You can also control cookies through your browser settings:

Chrome: Settings > Advanced > Privacy and security > Content settings > Cookies
Firefox: Options > Privacy & Security > Cookies and Site Data
Safari: Preferences > Privacy > Manage Website Data
Edge: Settings > Site permissions > Cookies and site data

Please note that if you disable cookies, some features of our website may not function properly.

Third-Party Opt-Outs

For third-party cookies, you can opt out directly:

Google Analytics: https://tools.google.com/dlpage/gaoptout
All advertising cookies: http://www.youronlinechoices.com/uk/

Cookie Retention

Different cookies have different lifespans:

Session cookies: Deleted when you close your browser
Persistent cookies: Remain for a set period (typically 1-24 months)
Third-party cookies: Controlled by the relevant third party

Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in technology, legislation, or our business practices. We will notify you of any material changes by posting the updated policy on our website with a new “last updated” date.

Contact Information

If you have any questions about our use of cookies or this Cookie Policy, please contact us:

Bexon Heaps Associates Ltd

Email:office@bhassociates.ltd
Address: PO Box 8244. Castle Donington DE74 2BY
Phone: 01332811780

For data protection queries, you can also contact our Data Protection Officer at: office@bhassociates.ltd

Your Rights

Under UK GDPR, you have various rights regarding your personal data, including data processed through cookies:

Right to access your data
Right to rectify inaccurate data
Right to erase your data
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent

If you wish to exercise any of these rights or have concerns about our data processing, please contact us using the details above.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at: https://ico.org.uk/make-a-complaint/

Website Usage Policy

Last updated: 18 September 2025

About This Policy

This Website Usage Policy (“Policy”) governs your use of the GovernWise.uk website (“our website”, “the website”) operated by Bexon Heaps Associates Ltd (“we”, “us”, “our”, “the Company”). By accessing or using our website, you agree to be bound by this Policy and our Terms of Service.

Acceptable Use

Permitted Uses

You may use our website for lawful purposes only, including:

Accessing information about our services and expertise
Contacting us through the provided communication channels
Downloading resources we make publicly available
Sharing our content in accordance with any specified permissions
Using interactive features as intended

Prohibited Uses

You must not use our website:

For any unlawful purpose or to solicit others to perform unlawful acts
To violate any international, federal, provincial, or local regulations, rules, laws, or ordinances
To transmit, or procure the sending of, any advertising or promotional material not solicited by us
To impersonate or attempt to impersonate the Company, our employees, another user, or any other person or entity
To engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of the website

User Conduct

General Standards

When using our website, you agree to:

Provide accurate and complete information when required
Respect the intellectual property rights of the Company and third parties
Not attempt to gain unauthorised access to any portion of the website
Not use the website in any way that could damage, disable, overburden, or impair our servers or networks
Not use automated systems (bots, spiders, scrapers) without our express written permission

Prohibited Content

You must not upload, post, email, transmit, or otherwise make available any content that:

Is unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, or invasive of privacy
Infringes any patent, trademark, trade secret, copyright, or other proprietary rights
Contains software viruses or any other computer code designed to interrupt, destroy, or limit functionality
Promotes discrimination, bigotry, racism, hatred, harassment, or harm against any individual or group
Is false, misleading, or deceptive
Violates any applicable laws or regulations

Intellectual Property Rights

Our Content

All content on this website, including but not limited to:

Text, graphics, logos, images, and audio clips
Software, design, and compilation of content
Trademarks, service marks, and trade names

is owned by or licensed to Bexon Heaps Associates Ltd and is protected by UK and international copyright, trademark, and other intellectual property laws.

Limited Licence

We grant you a limited, non-exclusive, non-transferable licence to access and use our website for personal or business purposes in accordance with this Policy. This licence does not include:

Resale or commercial use of our website or its contents
Collection and use of any product listings, descriptions, or prices
Making derivative use of our website and its contents
Use of any data mining, robots, or similar data-gathering tools

User-Generated Content

If you submit content to our website (such as through contact forms or comments), you grant us a worldwide, royalty-free, perpetual, irrevocable licence to use, modify, publicly perform, publicly display, reproduce, and distribute such content.

Privacy and Data Protection

Information Collection

Our collection and use of personal information is governed by our Privacy Policy, which forms part of this Policy. By using our website, you consent to such processing and you warrant that all data provided by you is accurate.

Cookies

We use cookies and similar tracking technologies as described in our Cookie Policy. Your continued use of the website constitutes acceptance of our cookie practices.

Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services (“Third-Party Services”). We do not control or endorse these Third-Party Services and are not responsible for:

Their content, privacy policies, or practices
Any damages or losses caused by your use of such services
The availability or functionality of linked resources

Your interactions with Third-Party Services are solely between you and the third party.

Website Availability and Maintenance

Service Availability

While we strive to ensure our website is available 24/7, we do not guarantee uninterrupted access. The website may be unavailable due to:

Scheduled maintenance
Technical difficulties
Circumstances beyond our control
Updates and improvements

Content Updates

We reserve the right to modify, suspend, or discontinue any aspect of our website at any time without notice. Content on our website may be out of date, and we are under no obligation to update it.

User Accounts and Security

Account Security

If you create an account on our website, you are responsible for:

Maintaining the confidentiality of your login credentials
All activities that occur under your account
Notifying us immediately of any unauthorised use
Ensuring your contact information remains current

Account Termination

We reserve the right to terminate or suspend accounts that violate this Policy or for any other reason at our sole discretion.

Monitoring and Enforcement

Right to Monitor

We reserve the right, but do not assume the obligation, to:

Monitor use of our website for compliance with this Policy
Remove or refuse to post any user content
Take appropriate legal action against users who violate this Policy
Cooperate with law enforcement authorities

Reporting Violations

If you become aware of misuse of our website, please contact us immediately at office@bhassociates.ltd.

Limitation of Liability

Disclaimer

Our website is provided on an “as is” and “as available” basis. To the fullest extent permitted by law, we disclaim all warranties, express or implied, including but not limited to implied warranties of merchantability and fitness for a particular purpose.

Limitation of Damages

In no event shall Bexon Heaps Associates Ltd, its directors, employees, partners, agents, suppliers, or affiliates be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the website.

Indemnification

You agree to indemnify, defend, and hold harmless Bexon Heaps Associates Ltd and its officers, directors, employees, agents, and third parties from any loss, damage, liability, claim, or demand arising from:

Your use of the website
Your breach of this Policy
Your violation of any law or third-party rights

Governing Law and Jurisdiction

This Policy is governed by and construed in accordance with the laws of England and Wales. Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Changes to This Policy

We reserve the right to modify this Policy at any time. Changes will be effective immediately upon posting on our website. Your continued use of the website after any changes constitutes acceptance of the new Policy.

We will indicate the date of the latest revision at the top of this page. We encourage you to review this Policy periodically.

Contact Information

If you have any questions about this Website Usage Policy, please contact us:

Bexon Heaps Associates Ltd

Email: office@bhassociates.ltd
Address: PO Box 8244, Castle Donington, DE74 2BY
Phone: 01332 811780

Enforcement and Violations

Violations of this Policy may result in:

Warning notices
Temporary or permanent suspension of access
Legal action where appropriate
Reporting to the relevant authorities

Severability

If any provision of this Policy is deemed invalid or unenforceable, the remaining provisions will remain in full force and effect.

Entire Agreement

This Policy, together with our Privacy Policy, Cookie Policy, and Terms of Service, constitutes the entire agreement between you and Bexon Heaps Associates Ltd regarding the use of our website.

Privacy Policy

Last updated: 17 September 2025

About This Policy

This Privacy Policy explains how Bexon Heaps Associates Ltd (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use the GovernWise.uk website (“our website”) and our services. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Data Controller: Bexon Heaps Associates Ltd
Address: PO Box 8244, Castle Donington, DE74 2BY
Email: office@bhassociates.ltd
Phone: 01332 811780

We are the data controller for the personal data we collect about you, which means we determine how and why your personal data is processed.

What Personal Data We Collect

We may collect and process the following categories of personal data:

Information You Provide Directly

Contact Information: Name, email address, phone number, postal address
Account Information: Username, password, profile information
Communication Data: Messages, enquiries, and feedback you send to us
Service Data: Information related to services you request or receive
Marketing Preferences: Your choices about marketing communications

Information We Collect Automatically

Technical Data: IP address, browser type, operating system, device information
Usage Data: Pages visited, time spent on site, click patterns, referral sources
Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy)
Location Data: General location based on IP address (not precise location)

Information From Third Parties

Social Media: If you interact with us via social media platforms
Business Partners: Information from trusted partners where you’ve consented
Public Sources: Publicly available information relevant to our business relationship

How We Collect Your Data

We collect personal data through:

Direct Interactions: When you contact us, create accounts, or use our services
Website Usage: Automatically through cookies and tracking technologies
Third Parties: From business partners, social media, and public sources
Communications: Phone calls, emails, and other correspondence

How We Use Your Personal Data

We process your personal data for the following purposes:

Service Delivery (Legal Basis: Contract Performance)

Providing requested services and products
Managing your account and relationship with us
Processing transactions and payments
Communicating about services and support

Legal Compliance (Legal Basis: Legal Obligation)

Complying with regulatory requirements
Responding to legal requests and court orders
Maintaining records as required by law
Anti-money laundering and fraud prevention

Business Operations (Legal Basis: Legitimate Interest)

Website administration and security
Improving our services and user experience
Business development and planning
Data analysis and research
Professional networking and relationship management

Marketing (Legal Basis: Consent or Legitimate Interest)

Sending marketing communications (with consent)
Providing relevant content and updates
Conducting market research
Analysing marketing effectiveness

Cookies and Analytics (See Cookie Policy)

Website functionality and performance
Understanding user behaviour
Personalising user experience

Legal Basis for Processing

Under UK GDPR, we must have a legal basis to process your personal data:

Consent: You have given clear consent for processing
Contract: Processing is necessary for a contract with you
Legal Obligation: We must process data to comply with the law
Legitimate Interest: Processing is in our legitimate business interests
Vital Interests: Processing protects someone’s life or safety
Public Task: Processing is for official functions or public interest

Who We Share Your Data With

We may share your personal data with:

Service Providers

IT and system administration services
Website hosting and maintenance
Payment processing services
Email and communication platforms
Analytics and marketing tools

Professional Advisors

Legal advisors and solicitors
Accountants and auditors
Business consultants
Insurance providers

Regulatory Bodies

Information Commissioner’s Office (ICO)
HM Revenue & Customs
Other regulatory authorities as required

Business Partners

Trusted partners for service delivery (with appropriate agreements)
Joint venture partners were relevant

Legal Requirements

Law enforcement agencies
Courts and tribunals
Other parties were legally required

We ensure all third parties:

We are contractually bound to protect your data
Only process data for specified purposes
Meet appropriate security standards
Comply with data protection laws

International Data Transfers

We primarily process data within the UK. If we transfer data internationally, we ensure:

Adequate protection through UK adequacy decisions
Appropriate safeguards (Standard Contractual Clauses)
Explicit consent was required
Regular monitoring of transfer arrangements

Data Security

We implement appropriate technical and organisational measures:

Technical Measures

Encryption of data in transit and at rest
Secure authentication and access controls
Regular security updates and patches
Network security and firewalls
Backup and recovery procedures

Organizational Measures

Staff training on data protection
Clear data handling procedures
Regular security risk assessments
Incident response procedures
Vendor security assessments

Data Retention

We retain personal data only as long as necessary:

Retention Periods

Account Data: Until account deletion plus 1 year
Communication Records: 7 years for business correspondence
Marketing Data: Until consent withdrawn plus 1 year
Legal Records: As required by applicable laws (typically 6-7 years)
Website Analytics: 26 months maximum

Deletion Process

Secure deletion when the retention period expires
Regular reviews of data holdings
Automated deletion where technically feasible

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access

Request copies of your personal data
Understand how we process your data
Usually provided free of charge

Right to Rectification

Correct inaccurate personal data
Complete incomplete data
Update outdated information

Right to Erasure (‘Right to be Forgotten’)

Delete personal data in certain circumstances
When data is no longer necessary for the original purpose
When consent is withdrawn

Right to Restrict Processing

Limit how we use your data
While accuracy is being verified
As an alternative to deletion

Right to Data Portability

Receive data in a structured, commonly used format
Transfer data to another organisation
Applies when processing based on consent or contract

Right to Object

Object to processing based on legitimate interest
Object to direct marketing (absolute right)
Object to automated decision-making

Right to Withdraw Consent

Withdraw consent at any time
Doesn’t affect processing before withdrawal
Easy withdrawal mechanisms are provided

How to Exercise Your Rights

To exercise your rights, contact us:

Email: office@bhassociates.ltd
Phone: 01332 811780
Post: PO Box 8244, Castle Donington, DE74 2BY

What We Need From You

Proof of identity (to prevent unauthorised access)
Clear description of your request
Specific data or processing you’re concerned about

Our Response

We’ll respond within 1 month (may extend to 3 months for complex requests)
Usually, there is no charge for requests
May charge a reasonable fee for excessive or repeated requests

Automated Decision-Making and Profiling

We may use automated processing for:

Website personalization
Service recommendations
Risk assessment
Marketing targeting

You have rights regarding automated decision-making:

Right to human intervention
Right to challenge decisions
Right to explanation of the logic used

Children’s Privacy

Our website and services are not intended for children under 18. We:

Don’t knowingly collect data from children under 18
Will delete such data if discovered
Encourage parents to monitor children’s online activities

If you believe we have data about a child under 18, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy to reflect:

Changes in law or regulation
New features or services
Feedback from users or regulators
Business changes

How We’ll Notify You

Email notification to registered users
Website notification banner
Updated “last modified” date
Significant changes will be prominently displayed

Complaints and Concerns

If you have concerns about our data processing:

Contact Us First

Email: office@bhassociates.ltd
Phone: 01332 811780
We aim to resolve concerns promptly and fairly

Information Commissioner’s Office (ICO)

If you’re not satisfied with our response, you can complain to the ICO:

Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Contact Us

For any questions about this Privacy Policy or our data practices:

Bexon Heaps Associates Ltd

Address: PO Box 8244, Castle Donington, DE74 2BY
Email: office@bhassociates.ltd
Phone: 01332 811780

For data protection-specific queries, please mark your communication “Data Protection Query” to ensure prompt handling.

Copyright Notice

Website Copyright

The content, design, layout, graphics, images, software, and all other materials on the GovernWise.uk website are protected by copyright, trademark, and other intellectual property laws. All rights are owned by or licensed to Bexon Heaps Associates Ltd.

Permitted Use

You may:

View and browse the website content for personal or business purposes
Print individual pages for personal reference
Share links to our content via social media or email
Quote brief excerpts for review, comment, or news reporting purposes with proper attribution

Prohibited Use

Without our express written permission, you may not:

Reproduce, copy, or distribute any content from this website
Modify, adapt, or create derivative works based on our content
Use our content for commercial purposes
Remove or alter any copyright notices or proprietary markings
Use automated systems to extract or harvest content
Frame or embed our content within another website

Trademark Notice

“GovernWise” and related logos are trademarks of Bexon Heaps Associates Ltd. Other trademarks mentioned on this website are the property of their respective owners.

Third-Party Content

Some content on this website may be owned by third parties. Such content is used with permission or under applicable fair use provisions. Third-party content remains subject to the copyright of its respective owners.

Copyright Infringement

If you believe any content on our website infringes your copyright, please contact us immediately:

Bexon Heaps Associates Ltd
PO Box 8244, Castle Donington, DE74 2BY
Email: office@bhassociates.ltd
Phone: 01332 811780

Please provide:

Your contact information
Description of the copyrighted work
Location of the allegedly infringing content
Statement of good faith belief that use is unauthorised
Statement that the information is accurate and you’re authorised to act

License Requests

For permission to use copyrighted content beyond permitted uses, please contact us at office@bhassociates.ltd with details of your intended use.

This copyright notice is governed by English law and is effective as of the date of publication.