Bespoke Champions League Ltd. Company No. 16778449. Last updated: January 2026
Bespoke Champions League Ltd (trading as Bespea) is committed to protecting your privacy and complying with UK GDPR, Data Protection Act 2018, and other applicable data protection laws. This policy explains how we collect, use, store, share and protect your personal data when you use the Bespea platform.
Bespoke Champions League Ltd is the data controller for your personal information. Registered office: [Address to be confirmed]. Company No. 16778449. Contact: privacy@bespea.com or contact@bespea.com.
We collect the following types of personal data: (a) Identity data: name, username, profile photo, business name, company registration details. (b) Contact data: email address, phone number, postal address. (c) Financial data: payment card details (tokenised via Stripe), bank account information for payouts, transaction history. (d) Technical data: IP address, device type, browser type, operating system, cookies, usage logs. (e) Profile data: portfolio images, project descriptions, certifications, skills, ratings, reviews. (f) KYC/AML data: identity verification documents (passport, driving license), proof of address, business verification documents. (g) Behavioural data: platform activity, project interactions, messaging history, certification assessments.
We collect data through: (a) Direct input: when you create an account, update your profile, upload portfolio content or submit forms. (b) Automated collection: cookies, analytics tools, session tracking, error logs. (c) Third parties: payment processors (Stripe), identity verification providers (Sumsub/Onfido), blockchain data (public wallet addresses), social login providers (if used).
We process your data under the following legal bases: (a) Contract: to provide platform services, manage projects, process payments, issue certifications. (b) Legal obligation: to comply with KYC/AML regulations, tax reporting, fraud prevention, court orders. (c) Legitimate interests: to improve platform security, prevent fraud, analyse usage patterns, develop new features, enforce terms of service. (d) Consent: for marketing emails (opt-in), non-essential cookies, AI training on user-generated content (if applicable).
We use your personal data to: (a) provide core platform services (profile creation, project matching, payments, escrow, messaging), (b) verify identity and comply with KYC/AML requirements, (c) process BRIGALSS certifications and maintain on-chain credentials, (d) detect and prevent fraud, abuse and security threats, (e) analyse platform usage and improve features, (f) send transactional emails (account updates, project notifications), (g) send marketing communications (with consent), (h) respond to support requests and legal inquiries, (i) train internal AI models for matching, quality scoring and risk detection (anonymised where possible).
We share your data only as necessary: (a) Service providers: payment processors (Stripe), identity verification (Sumsub/Onfido), cloud hosting (AWS/GCP), email services (SendGrid/Postmark), analytics (Google Analytics, PostHog). (b) Public blockchain: wallet addresses, certification hashes, transaction records are publicly visible on Base/Ethereum. (c) Other users: your public profile, portfolio, ratings and reviews are visible to platform users. Private messages are encrypted. (d) Legal authorities: we disclose data when required by law, court order, regulatory investigation or to protect safety. (e) Business transfers: in case of merger, acquisition or sale, your data may be transferred to the new owner with notice.
We retain your data for as long as necessary: (a) Account data: kept while your account is active, plus 7 years after closure for legal/tax compliance. (b) Transaction records: 7 years minimum (UK financial record-keeping requirements). (c) KYC documents: 5-7 years after account closure (AML regulations). (d) Marketing data: until you unsubscribe or withdraw consent. (e) Blockchain data: permanent and immutable once recorded on-chain. (f) Anonymised analytics: retained indefinitely for research and improvement.
Under UK GDPR, you have the right to: (a) Access: request a copy of your personal data. (b) Rectification: correct inaccurate or incomplete data. (c) Erasure: request deletion of your data (subject to legal retention requirements). (d) Restriction: limit how we process your data. (e) Portability: receive your data in a structured, machine-readable format. (f) Object: object to processing based on legitimate interests or for marketing purposes. (g) Withdraw consent: for consent-based processing (marketing emails, optional cookies). To exercise your rights, contact privacy@bespea.com. We respond within 30 days.
We implement industry-standard security measures: (a) Encryption: data in transit (TLS 1.3) and at rest (AES-256). (b) Access controls: role-based permissions, multi-factor authentication for admin accounts. (c) Monitoring: intrusion detection, audit logs, security testing. (d) Compliance: ISO 27001 aligned practices, regular security audits, GDPR compliance checks. (e) Incident response: breach notification procedures, forensic investigation, user notification within 72 hours if required by law.
We use cookies for: (a) Essential: authentication, session management, security (cannot be disabled). (b) Analytics: understanding usage patterns, page views, feature adoption (Google Analytics, PostHog). (c) Marketing: tracking campaign performance, retargeting ads (with consent). You can manage cookie preferences via your browser or our cookie banner. See our Cookie Policy for details.
Bespea operates primarily in the UK. However, some service providers (AWS, Stripe, analytics tools) may process data in the USA or other countries. We ensure adequate safeguards through: (a) Standard Contractual Clauses (SCCs) approved by UK ICO. (b) Adequacy decisions for countries with equivalent data protection laws. (c) Provider certifications (e.g., ISO 27001, SOC 2).
Bespea is not intended for users under 18. We do not knowingly collect data from children. If we discover data from a minor, we will delete it immediately. If you believe a child has provided data, contact us at privacy@bespea.com.
We send marketing emails only with your consent. You can opt out at any time via: (a) Unsubscribe link in every email. (b) Account settings dashboard. (c) Email to privacy@bespea.com. Transactional emails (project updates, payment confirmations) cannot be disabled as they are essential to the service.
We use automated systems for: (a) Project matching: AI algorithms suggest projects based on skills, location and certification. (b) Risk scoring: fraud detection models flag suspicious activity. (c) Quality scoring: BRIGALSS assessments use automated metrics plus human review. You have the right to request human review of automated decisions that significantly affect you.
We may update this Privacy Policy to reflect legal, operational or feature changes. Updated policies are posted on this page with a new 'Last updated' date. Significant changes will be communicated via email or platform notification. Continued use of Bespea after changes means you accept the updated policy.
If you have concerns about how we handle your data, contact us first at privacy@bespea.com. If unresolved, you can lodge a complaint with the UK Information Commissioner's Office (ICO): www.ico.org.uk, phone: 0303 123 1113.
For privacy questions, data requests or concerns, contact: Bespoke Champions League Ltd, Company No. 16778449, Email: privacy@bespea.com or contact@bespea.com.