Privacy Policy
Last updated: 2nd June, 2026
This privacy notice explains how EJCO Ltd t/a uspeh collects, uses, stores and shares personal information.
For the purposes of UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018, the controller is:
EJCO Ltd t/a uspeh
Company number: 07550849
Registered office: 37 Lombard Street, London, England, EC3V 9BQ
Email: ops@uspeh.co.uk
Website: uspeh.co.uk
EJCO Ltd is listed by Companies House as an active private limited company, company number 07550849, incorporated on 3 March 2011, with registered office at 37 Lombard Street, London, England, EC3V 9BQ.
You can contact us about this privacy notice or your personal information by emailing ops@uspeh.co.uk.
1. Who we are
EJCO Ltd trades as uspeh.
We provide HubSpot-related consultancy, implementation, optimisation, CRM, marketing operations, sales operations, automation, data, reporting and related business services.
Depending on the situation, we may act as:
- a controller for personal information we collect for our own business purposes; or
- a processor when we process personal information on behalf of a client as part of delivering services.
This notice mainly explains how we use personal information where we act as a controller. Where we act as a processor for a client, we process personal information in accordance with our agreement with that client.
2. Personal information we collect
We may collect and use the following types of personal information.
Contact and identity information
This may include:
- name;
- business email address;
- personal email address, where provided;
- phone number;
- job title;
- company name;
- LinkedIn profile or other business profile;
- postal address, where relevant.
Business and enquiry information
This may include:
- information submitted through website forms;
- information provided during calls, meetings or discovery sessions;
- details about your company, team, CRM, sales process, marketing process or operational setup;
- project requirements;
- proposal and contract information;
- notes from sales, support or client conversations.
Client service information
Where we provide services to you or your organisation, we may process:
- client contact details;
- project information;
- support requests;
- access information for systems we are asked to work in;
- CRM configuration information;
- HubSpot portal information;
- sales, marketing, service, reporting or automation data relevant to our work;
- documents, spreadsheets, exports or other materials shared with us.
Where this includes personal information about your customers, prospects, employees, suppliers or other individuals, we usually process that information on behalf of our client.
Website and technical information
When you use our website, we may collect:
- IP address;
- browser type and version;
- device type;
- operating system;
- pages visited;
- date and time of visit;
- referral source;
- cookie identifiers;
- form submission data;
- email engagement information, where applicable.
Marketing information
This may include:
- marketing preferences;
- newsletter subscriptions;
- campaign engagement;
- email opens and clicks;
- event registrations;
- webinar attendance;
- content downloads;
- unsubscribe records.
Financial and transaction information
Where relevant, we may process:
- billing contact details;
- invoice details;
- payment status;
- purchase order details;
- accounting records;
- tax information.
We do not intentionally collect special category personal information, such as health information, racial or ethnic origin, political opinions, religious beliefs, trade union membership, biometric data or sexual orientation, unless this is specifically required and agreed for a clear purpose.
3. How we collect personal information
We may collect personal information:
- directly from you when you contact us;
- when you submit a form on our website;
- when you book a meeting;
- when you subscribe to our content;
- when you become a client or supplier;
- when you communicate with us by email, phone, video call, LinkedIn or other channels;
- from your employer or colleagues;
- from clients who give us access to their systems or data;
- from publicly available sources, such as company websites, LinkedIn or Companies House;
- from third-party business tools we use to operate our business.
4. How we use personal information
We use personal information for the following purposes.
| Purpose | Examples of data used | Lawful basis |
|---|---|---|
| Responding to enquiries | Name, email address, company, message content | Legitimate interests |
| Managing sales conversations | Contact details, notes, call records, proposal details | Legitimate interests |
| Providing services | Client contact details, project data, system access information | Contract and/or legitimate interests |
| Managing client relationships | Contact details, communications, support requests | Contract and/or legitimate interests |
| Sending service communications | Email address, client status, project information | Contract and/or legitimate interests |
| Sending marketing communications | Name, business email, preferences, engagement data | Consent or legitimate interests, depending on context |
| Improving our website and services | Website analytics, enquiry trends, feedback | Legitimate interests and/or consent for non-essential cookies |
| Managing payments, invoices and accounts | Billing details, payment records, invoice data | Contract and legal obligation |
| Keeping records and protecting our business | Communications, contracts, audit trail, system logs | Legitimate interests and legal obligation |
| Complying with law | Relevant business and financial records | Legal obligation |
| Security and fraud prevention | IP address, device data, access logs, system activity | Legitimate interests |
5. Our legitimate interests
Where we rely on legitimate interests, those interests may include:
- running and developing our business;
- responding to enquiries;
- managing client relationships;
- providing and improving our services;
- understanding how people use our website;
- keeping business records;
- promoting our services to relevant business contacts;
- securing our systems;
- preventing fraud or misuse;
- resolving disputes;
- protecting our legal rights.
Where we rely on legitimate interests, we consider whether our interests are overridden by your rights, interests or freedoms.
6. Marketing
We may contact business contacts with relevant information about our services, content, events, resources or updates.
You can opt out of marketing communications at any time by:
- clicking the unsubscribe link in our marketing emails; or
- contacting us at ops@uspeh.co.uk.
We will still send non-marketing communications where needed, such as service, project, invoice, security or legal notices.
We do not sell personal information.
7. Cookies and similar technologies
Our website may use cookies and similar technologies.
Cookies are small files placed on your device. They help websites function, remember preferences, understand usage and, where applicable, support advertising or remarketing.
Types of cookies we may use
| Cookie type | Purpose | Consent required? |
|---|---|---|
| Strictly necessary cookies | Required for the website to work, security, forms, consent settings | Usually no |
| Preference cookies | Remember choices such as settings or form preferences | Usually yes, unless essential |
| Analytics cookies | Understand website traffic and behaviour | Usually yes |
| Marketing cookies | Advertising, retargeting, campaign measurement | Yes |
| Embedded content cookies | Video, maps, social media or third-party content | Usually yes |
Tools we may use
We may use some or all of the following tools.
- HubSpot tracking code;
- HubSpot forms;
- HubSpot meetings;
- HubSpot chat or chatbot;
- Google Analytics 4;
- Google Tag Manager;
- Google Ads;
- LinkedIn Insight Tag;
- Meta Pixel;
- Microsoft Clarity;
- Hotjar;
- YouTube or Vimeo embeds;
- Calendly or other meeting booking tools;
- cookie consent management tools.
You can manage cookies through our cookie banner or cookie settings tool, where available. You can also control cookies through your browser settings.
8. HubSpot and client portal work
As a HubSpot consultancy and service provider, we may access or process personal information contained in client HubSpot portals or related systems.
This may include information about our clients’ leads, contacts, customers, prospects, employees, suppliers or other individuals.
In most cases, where we access or process this information to provide services to a client, the client is the controller and we act as their processor. We process that information only as instructed by the client, under the relevant contract or data processing terms.
Examples of services that may involve client-controlled personal information include:
- HubSpot implementation;
- CRM migration;
- data cleansing;
- workflow setup;
- reporting and attribution;
- sales pipeline configuration;
- marketing automation;
- email setup;
- integration work;
- portal audits;
- troubleshooting;
- user training;
- support.
Clients are responsible for ensuring that they have the right to provide personal information to us for these purposes.
9. AI tools and automation tools
We use AI-assisted, automation and productivity tools to help operate our business and deliver services to clients.
These tools may support tasks such as:
- drafting, editing and summarising content;
- analysing business, CRM or marketing information;
- preparing reports, workflows, documentation or recommendations;
- transcribing or summarising meetings;
- improving internal processes and service delivery.
Where we use AI or automation tools, we aim to limit the personal information shared with them and only use them where we consider this appropriate for the relevant purpose.
We may use tools such as ChatGPT, Claude, Gemini, Microsoft Copilot, Fireflies, Fathom, Avoma or similar services. The specific tools we use may change from time to time.
Where client personal information is processed through AI or automation tools, we will do so only where permitted by our agreement with the client, where appropriate safeguards are in place, and where the use is relevant to the services we provide.
We do not intentionally use client confidential information or personal information in public AI tools in a way that allows it to be used to train public models, unless this has been specifically agreed with the client.
10. Who we share personal information with
We may share personal information with trusted third parties where necessary for the purposes described in this notice.
These may include:
| Category | Examples |
|---|---|
| CRM and marketing tools | HubSpot |
| Email and productivity tools | Google Workspace, Microsoft 365 or similar |
| Website and hosting providers | Hostinger |
| Analytics providers | Google Analytics, HubSpot analytics or similar |
| Advertising platforms | Google Ads, LinkedIn Ads, Meta or similar |
| Automation and integration tools | Zapier, Make, n8n or similar |
| Meeting and call tools | Google Meet, Zoom, Microsoft Teams, Calendly or similar |
| Project management tools | ClickUp, Asana, Notion, Trello or similar |
| Accounting and payment providers | Xero, QuickBooks, Stripe, GoCardless or similar |
| Professional advisers | Accountants, lawyers, insurers, consultants |
| Public authorities | HMRC, regulators, courts or law enforcement where required |
| AI, transcription and automation tools | ChatGPT, Claude, Gemini, Microsoft Copilot, Fireflies, Fathom, Avoma or similar tools |
We require service providers to protect personal information and only use it for agreed purposes.
11. HubSpot as a service provider
We use, or may use, HubSpot to manage contacts, enquiries, marketing activity, sales activity, client relationships, website forms, email communications, analytics and related business processes.
HubSpot publishes a Data Processing Agreement covering its processing of personal data, and HubSpot is listed on the Data Privacy Framework site in relation to the EU-U.S. Data Privacy Framework, UK Extension and Swiss-U.S. Data Privacy Framework.
12. International transfers
Some of our service providers may process personal information outside the UK.
Where personal information is transferred outside the UK, we take steps designed to ensure appropriate protection. These may include:
- adequacy regulations;
- the UK Extension to the EU-U.S. Data Privacy Framework;
- the UK International Data Transfer Agreement;
- the UK Addendum to the EU Standard Contractual Clauses;
- other appropriate contractual, organisational or technical safeguards.
We will assess international transfers based on the relevant provider, country, data type and service.
13. How long we keep personal information
We keep personal information only for as long as reasonably necessary for the purposes described in this notice, unless we are required to keep it for longer by law.
Our typical retention periods are:
| Data type | Typical retention period |
|---|---|
| Website enquiries | Up to 24 months after last meaningful interaction, unless converted into a client relationship |
| Sales and proposal records | Up to 6 years after the last interaction or contract end |
| Client records | Duration of the relationship plus up to 6 years |
| Project files | Duration of the project plus the agreed retention period or up to 6 years where needed |
| Accounting and tax records | Usually 6 years |
| Marketing contacts | Until unsubscribe, objection, deletion request, or inactivity review |
| Unsubscribe records | As long as needed to maintain suppression lists |
| Cookie consent records | As long as needed to evidence consent and preferences |
| Supplier records | Duration of relationship plus up to 6 years |
| Client system access records | Reviewed and removed when no longer needed |
We may keep some information longer where necessary to establish, exercise or defend legal claims.
14. Security
We use reasonable technical and organisational measures to protect personal information.
These may include:
- access controls;
- password management;
- multi-factor authentication where available;
- role-based permissions;
- secure cloud services;
- data minimisation;
- staff and contractor access restrictions;
- confidentiality obligations;
- system monitoring;
- regular review of access to client systems.
No method of transmission or storage is completely secure. If you believe personal information has been compromised, contact us at ops@uspeh.co.uk.
15. Your rights
Depending on the circumstances, you may have the right to:
- access your personal information;
- correct inaccurate or incomplete information;
- request deletion of your personal information;
- restrict how we use your personal information;
- object to our use of your personal information;
- request transfer of your personal information;
- withdraw consent where we rely on consent;
- complain to the Information Commissioner’s Office.
To exercise your rights, contact us at:
We may need to verify your identity before responding. We will usually respond within one month, although this may be extended where permitted by law.
16. Complaints
Please contact us first if you have concerns about how we use your personal information.
You also have the right to complain to the UK data protection regulator:
Information Commissioner’s Office
Website: ico.org.uk
Telephone: 0303 123 1113
17. Links to other websites
Our website may contain links to other websites, platforms or services.
We are not responsible for the privacy practices of third-party websites. You should read their privacy notices before providing personal information to them.
18. Children
Our services are intended for businesses and are not directed at children.
We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us.
19. Changes to this privacy notice
We may update this privacy notice from time to time.
The latest version will be published on our website with the updated date shown at the top.
Where changes are significant, we may take additional steps to notify affected individuals.