Privacy Policy

Nepalese Business Directory Ltd is the data controller responsible for your personal data collected through this website.

Contact: info@nepalesebusinessdirectory.co.uk

If you have concerns about how we handle your data, you may also contact the Information Commissioner's Office (ICO) at ico.org.uk.

We collect the following categories of personal data:

We use your personal data to:

• Create and manage your account
• Display business listings, jobs, and rooms to other users
• Process event ticket purchases and send booking confirmations
• Process payments via Stripe and manage subscriptions
• Send transactional emails (confirmations, password resets, listing approvals)
• Send marketing emails where you have opted in
• Display reviews and community content
• Verify business ownership claims
• Prevent fraud, abuse, and spam
• Improve the platform through analytics
• Comply with our legal obligations
• Respond to enquiries and support requests

We do not sell your personal data. We share data with:

• Supabase — database and authentication provider (EU/UK data storage).
• Stripe — payment processor, PCI-DSS compliant.
• Netlify — hosting and CDN provider.
• GoHighLevel — CRM and email marketing platform for business contacts.
• Google Analytics / Meta Pixel — analytics tools (only where consent has been given).
• Business owners — your name and email when you submit an enquiry through a listing.
• Event organisers — your name and email for check-in when you buy a ticket.
• Legal authorities — where required by law, court order, or to protect safety.

• Account data: Until you delete your account, plus 30 days for recovery.
• Payment records: 7 years (UK financial regulation requirement).
• Event ticket data: 2 years after the event date.
• Job applications: 6 months after the closing date.
• Analytics data: Up to 26 months; aggregated data indefinitely.
• Newsletter subscribers: Until you unsubscribe.

Under UK GDPR you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your data (subject to legal obligations).
• Restrict processing — limit how we use your data.
• Data portability — receive your data in a machine-readable format.
• Object — object to processing based on legitimate interests or for direct marketing.
• Withdraw consent — unsubscribe from marketing at any time.

Email info@nepalesebusinessdirectory.co.uk to exercise any of these rights. We will respond within 30 days.

We use cookies to operate the site and, with your consent, to analyse traffic and deliver personalised advertising. See our full Cookie Policy.

We implement HTTPS encryption, hashed passwords, row-level database security, and restricted access to production systems. No system is 100% secure. If you believe your data has been compromised, contact us immediately at info@nepalesebusinessdirectory.co.uk.

Our services are not directed at individuals under 13. We do not knowingly collect data from children. If you believe a child has provided us with their data, contact us and we will delete it promptly.

Some service providers (Supabase, Stripe, Netlify) may process data outside the UK. We ensure appropriate safeguards including Standard Contractual Clauses (SCCs) or UK adequacy decisions are in place.

We may update this policy periodically. Significant changes will be communicated by email or a prominent site notice. The “Last updated” date at the top reflects the most recent revision.