Privacy Notice

How we collect, use, and protect personal data · Last updated: April 2026

James Dixey Limited is committed to protecting and respecting your privacy. This notice explains what personal data we collect, how we use it, the legal basis on which we do so, who we share it with, and the rights you have in relation to it. It also describes our use of cookies.

For the purposes of the UK General Data Protection Regulation and the Data Protection Act 2018 (together, "UK data protection law"), the controller of your personal data is James Dixey Limited of Delendale House, 37 Old Dover Road, Canterbury, CT1 3JF, company number 08813209. If you have any questions about this notice or about how we handle your personal data, please contact us at team@jamesdixey.co.uk.

1. Who this notice applies to

This notice applies to you if you are:

•      a business owner or adviser enquiring about a possible sale, valuation, or other mandate;

•      a prospective buyer (including a fund, operator, family office, or individual) registering an interest in acquiring a business;

•      an introducer (for example an accountant, solicitor, wealth manager, consultant, or other adviser) referring clients or opportunities to us;

•      a contact of ours for general business development, market intelligence, or industry engagement;

•      a visitor to our website;

•      a supplier, contractor, or service provider to us; or

•      a candidate applying for a role or engagement with us.

2. The personal data we collect

Depending on your relationship with us, we may collect and process the following categories of personal data about you.

2.1 Identity and contact data

Name, job title, employer, business postal address, email address, telephone number, professional qualifications, LinkedIn profile, and similar public or business-card data.

2.2 Transaction data

Details of your involvement in any actual or potential transaction — including your role (buyer, seller, adviser, introducer), your sector interests, your indicative budget or deal-size range, any offer or letter of intent you submit, and any correspondence, meeting notes, and call summaries relating to the transaction.

2.3 Financial and KYC data

Where you are a prospective buyer or seller, we may collect information to enable us to carry out anti-money-laundering and know-your-customer checks, including proof of identity (such as a passport or driving licence), proof of address (such as a utility bill or bank statement), source of funds information, and corporate registers for any company you represent.

2.4 Marketing and communications data

Your preferences in relation to receiving marketing from us, your consent history, and your responses to our emails, events, and publications (including opens, clicks, and downloads).

2.5 Technical and usage data

When you use our website we collect technical data (including IP address, browser type and version, operating system, referring URL, and device information) and usage data (including the pages you view, the links you click, and the files you download).

2.6 Sensitive data (special category data)

We do not seek to collect special category data (for example, data about health, racial or ethnic origin, religious beliefs, or trade-union membership). In some deal contexts, limited information that could be regarded as special category data may incidentally be included in documents we handle — for example, a seller's reason for sale (such as ill health) or information about pupils or residents in a care or education business. Where that happens, we handle the information with appropriate care, share it only on a need-to-know basis under confidentiality agreements, and do not use it for any purpose other than the transaction.

3. How we collect your personal data

•      Directly from you — for example, when you submit an enquiry form on the website, sign an NDA or engagement letter, attend a meeting or call, correspond with us by email, or exchange a business card.

•      From your employer or organisation — for example, when a colleague introduces you to us, or when you are named as the contact in an engagement letter or NDA signed by your employer.

•      From introducers — for example, when an accountant, solicitor or other professional refers you to us.

•      From public sources — including Companies House, the Charity Commission, relevant regulators (Ofsted, CQC, ISI, SIA, BAFE and others), LinkedIn, corporate websites, trade press, and subscription databases used for sector research.

•      Automatically, when you visit our website — through cookies and similar technologies (see section 9).

4. Why we use your personal data, and our legal basis

We use your personal data for the purposes and on the legal bases set out in the table below. Under UK data protection law, we must have a valid legal basis for each purpose for which we process your personal data.

Purpose

Legal basis

Responding to enquiries and providing our services (for example, advising on a sale, introducing a buyer, or preparing marketing materials).

Performance of a contract with you, or taking steps at your request to enter into a contract. Where you are the individual contact for a client that is a company, our legitimate interests in operating our advisory business.

Managing our buyer, seller, and introducer databases and pipeline, including CRM records.

Legitimate interests — operating and developing our advisory business efficiently; maintaining accurate records; matching buyers to sellers.

Verifying identity, carrying out KYC and anti-money-laundering checks, and sanctions screening.

Legal obligation under applicable anti-money-laundering legislation; legitimate interests in preventing fraud and financial crime.

Sending transactional communications (for example, confidentiality agreements, information memoranda, completion correspondence).

Performance of a contract or pre-contract steps.

Sending marketing emails, market updates, event invitations, and 'The Dixey Briefing' newsletter.

Consent (where required) or legitimate interests in business-to-business direct marketing to existing and prospective clients and their advisers. You can opt out at any time.

Improving our website and services, including analytics.

Legitimate interests in understanding how our website is used and improving it.

Complying with legal and regulatory obligations (tax, accounting, record-keeping, responding to regulators or law-enforcement requests).

Legal obligation.

Defending or pursuing legal claims.

Legitimate interests in establishing, exercising, or defending legal claims.

5. Who we share your personal data with

We share personal data only where necessary and always on a confidential basis. Recipients may include:

•      Other parties to a transaction — with your consent or under a confidentiality agreement. For example, we do not share a seller's identity or information with a prospective buyer without a signed confidentiality agreement, and we do not share a buyer's identity or offer with a seller without the buyer's knowledge.

•      Professional advisers — including solicitors, accountants, tax advisers, valuers, regulatory consultants, and other advisers instructed in connection with a transaction, where sharing is necessary for the transaction.

•      Introducers — where you were introduced to us by a third party, or we have referred you to one, we may confirm that fact and share limited transactional information to allow fees to be settled.

•      Service providers — including providers of CRM, email, document-management, electronic-signature, calendar, video-conferencing, website hosting, analytics, accounting, and cybersecurity services. These providers process personal data on our instructions and under written contracts that require them to protect it.

•      Regulators, law-enforcement agencies, courts, and other public bodies — where we are required to do so by law or regulation, or where necessary to pursue or defend a legal claim.

•      Purchasers of our business — if we ever sell or restructure our own business, personal data may be transferred to the purchaser or successor, who will continue to be bound by this notice.

6. International transfers

Most of the personal data we process is handled in the United Kingdom. Some of our service providers process data in the European Economic Area or elsewhere (for example, in the United States). Where we transfer personal data outside the United Kingdom to a country that is not the subject of an adequacy decision, we put in place appropriate safeguards — typically the UK International Data Transfer Agreement or the EU Standard Contractual Clauses together with the UK Addendum — to protect the data.

7. How long we keep your personal data

We keep personal data only for as long as we need it. In summary:

•      Client and transaction files — for at least six years from the end of the matter, to meet tax, anti-money-laundering, and legal-claim obligations, and then typically reviewed for longer retention where a later transaction with the same party is likely.

•      Buyer, seller, and introducer CRM records — for as long as the relationship is active, and for a reasonable period afterwards while future transactions remain reasonably foreseeable, subject to your right to object to direct marketing at any time.

•      Marketing subscriber lists — until you unsubscribe or tell us you no longer wish to receive communications.

•      Website analytics — for a maximum of 14 months in respect of detailed session data.

•      Job applications — for six months after the recruitment round closes, unless you consent to us keeping your details for future opportunities.

8. Your rights

Under UK data protection law you have a number of rights in relation to your personal data. You can:

•      request access to your personal data (a "data subject access request");

•      ask us to correct personal data that is inaccurate or incomplete;

•      ask us to delete your personal data in certain circumstances (the "right to erasure");

•      ask us to restrict our use of your personal data in certain circumstances;

•      object to our use of your personal data where we rely on legitimate interests, and in particular object at any time to direct marketing;

•      where we rely on consent, withdraw that consent (without affecting the lawfulness of anything we did while the consent was in place);

•      ask us to transfer your personal data to another controller in a portable format, where feasible; and

•      complain to the Information Commissioner's Office (ICO) if you think we have mishandled your data — although we would ask you to contact us first so we can try to resolve any concern.

To exercise any of these rights, please contact us at team@jamesdixey.co.uk. The ICO's contact details are available at ico.org.uk.

9. Security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, and unauthorised access — including encrypted storage, access controls, multi-factor authentication, secure document-sharing, confidentiality agreements with staff and contractors, and staff training on data protection. No system can be guaranteed 100% secure, but we continually review our controls as the firm grows and the threat landscape evolves.

10. Changes to this notice

We may update this notice from time to time. When we do, we will change the "last updated" date at the top of the page. If we make material changes, we will take reasonable steps to bring them to your attention.

Contact

James Dixey Limited

Delendale House, 37 Old Dover Road, Canterbury, CT1 3JF

Data protection queries: team@jamesdixey.co.uk

Telephone: +44 (0) 1227 728472

Company number: 08813209