Effective date: 1-Apr-2026

Last updated: 1-Apr-2026

This Website Privacy Policy explains how Blacklion
Management Services, LTD (dba Blacklion Property Management) (“we”,
“us” or “our”) collects, uses, stores, shares and protects
personal information when you visit our website, create an account, book
services, upload or provide photographs, contact us, or make payments. It is
designed to support transparency and compliance with applicable data protection
and privacy laws in the United Kingdom, the European Economic Area and the
United States. Please adapt the placeholders in this policy to reflect your
actual practices, vendors, jurisdictions and contact details.

1. Who We Are

Blacklion Management Services, LTD is the controller of
personal information covered by this policy unless stated otherwise.
Registered address: 128 City Road, London, United Kingdom, EC1V 2NX
Email: privacy@blacklion-management.com
Telephone: +44-333-090980
UK representative / EU representative: Steven Harrison
Data Protection Officer: Steven Harrison

2. Personal Information We Collect

•           Identity and contact details, such as name, email address, telephone number and username.
• Address information, including billing address, service address and postcode.
• Booking and service information, such as appointment details, service preferences, special instructions, communications, order history and customer support records.
• Photographs or images you upload, submit or otherwise provide in connection with a booking or service request.
• Payment information, such as billing details, transaction records and limited payment metadata. Unless we explicitly state otherwise, payment card details are processed by our third-party payment providers and are not stored directly by us.
• Technical and usage information, such as IP URLs and interaction logs, address, browser type, device identifiers, cookie data, pages viewed, referral
• Marketing preferences and consent records.
• Any other information you choose to provide to
  us.

3. How We Collect Personal Information

Directly from you when you fill in forms, create
an account, book services, upload photos, contact us, subscribe to marketing or
make a payment.

Automatically through cookies, pixels, server
logs and similar technologies when you use our website.

From service providers and partners, such as
payment processors, booking platforms, analytics providers, fraud prevention
providers and customer support tools.From publicly available sources or social media only where permitted by law and relevant to your enquiry or booking.

4. How We Use Personal Information

To create and manage your account.

To process, confirm, administer and fulfil
bookings and provide services.

To review photographs or other materials you
submit where relevant to the requested service.

To take payment, prevent fraud, issue refunds
and maintain transaction records.

To communicate with you about bookings,
enquiries, customer support and service updates.

To personalise and improve our website, services
and customer experience.

To send marketing communications where permitted
by law and in line with your choices.

To maintain security, troubleshoot issues,
detect abuse and enforce our terms.

To comply with legal obligations, accounting
requirements, tax rules and regulatory requests.

To establish, exercise or defend legal claims.

5. Legal Bases for Processing (UK and EEA)

Where UK GDPR or EU GDPR applies, we rely on one or more of
the following legal bases depending on the context:

Contract: processing is necessary to take
steps at your request before entering into a contract or to perform our
contract with you, including managing bookings and payments.

Legitimate interests: processing is
necessary for our legitimate interests, such as running and improving our
business, customer service, fraud prevention, website security and internal
administration, provided those interests are not overridden by your rights.

Consent: where required by law, such as
certain marketing activities, use of non-essential cookies, or where we request
your permission for specific uses of photos.

Legal obligation: processing is necessary
to comply with applicable laws, regulations, court orders or lawful requests.

Vital interests / legal claims: in
limited circumstances where necessary to protect someone’s vital interests or
establish, exercise or defend legal claims.

If the photographs or information you provide reveal
sensitive or special category data (for example, health information, biometric
data used for identification, racial or ethnic origin, or similar protected
information), do not submit that information unless it is strictly necessary
for the service and we have a valid legal basis to process it. If your business
intentionally collects special category data, this policy should be expanded to
describe the specific data, legal basis, condition for processing, and
safeguards.

6. Payments

Payments made through our website are processed by one or
more third-party payment service providers, such as [Insert provider names].
Those providers process payment information in accordance with their own
privacy notices and security obligations. We do not store full payment card
details unless expressly stated. We maintain appropriate contractual and
organisational measures to support secure payment processing and expect payment
providers to comply with applicable payment security standards, including PCI
DSS where relevant.

7. How We Share Personal Information

With payment processors, banks and fraud
prevention providers to process payments and reduce fraud risk.

With booking, scheduling, hosting, cloud
storage, IT, communications, analytics and customer support providers that act
on our behalf.

With professional advisers, insurers, auditors
and legal counsel where necessary.

With service delivery partners or subcontractors
where needed to provide the booked service.

With regulators, courts, law enforcement or
other authorities when required by law or to protect rights, safety and
property.

In connection with a merger, acquisition,
financing, reorganisation, sale of assets or similar transaction, subject to
appropriate confidentiality safeguards.

We do not sell personal information for money. If applicable
law treats certain advertising or analytics disclosures as a “sale”, “sharing”
or “targeted advertising”, you may have the right to opt out as described
below.

8. International Transfers

Your personal information may be processed in countries
other than the country where you are located. Where required by UK or EU data
protection law, we use appropriate safeguards for restricted transfers, such as
adequacy regulations or decisions, standard contractual clauses, the UK
International Data Transfer Agreement or Addendum, or other lawful transfer
mechanisms. You may request more information about the safeguards we use.

9. Data Retention

We keep personal information only for as long as reasonably
necessary for the purposes described in this policy, including to provide
services, maintain business and financial records, resolve disputes, enforce
agreements and comply with legal, accounting or reporting obligations.
Retention periods vary depending on the type of information, the purpose for
which it is used, and applicable legal requirements. You should insert a
records retention schedule or summary here if you have one.

10. Data Security

We use appropriate technical and organisational security
measures designed to protect personal information against accidental or
unlawful destruction, loss, alteration, unauthorised disclosure and
unauthorised access. These measures may include access controls, encryption
where appropriate, secure development practices, vendor due diligence, staff
training, logging and monitoring, and incident response procedures. No method
of transmission or storage is completely secure, so we cannot guarantee
absolute security.

11. Your Rights (UK and EEA)

If UK GDPR or EU GDPR applies, you may have rights to
request access to your personal information, rectification of inaccurate
information, erasure, restriction of processing, objection to certain
processing, and data portability. Where we rely on consent, you may withdraw
that consent at any time without affecting the lawfulness of processing before
withdrawal. You also have the right to complain to the relevant supervisory
authority, including the Information Commissioner’s Office in the UK or your local
EEA supervisory authority.

12. US Privacy Disclosures

If you are a resident of a US state with applicable privacy
rights, you may have the right to know what categories of personal information
we collect, the sources of that information, the purposes for collection, the
categories of third parties with whom it is disclosed, and the categories of
information disclosed for a business purpose. Depending on the law that
applies, you may also have rights to access, correct, delete, obtain a portable
copy of certain information, opt out of the sale or sharing of personal
information, opt out of targeted advertising, and limit the use or disclosure
of sensitive personal information. We will not discriminate against you for
exercising applicable privacy rights.

To exercise your rights, please contact us using the details
below. We may need to verify your identity before processing your request. If
you use an authorised agent where permitted by law, we may request proof of
authority and identity verification. If your business is subject to specific
state laws such as California requirements, this policy should be reviewed and
supplemented with state-specific notices, metrics or methods for submitting
requests where required.

13. Cookies and Similar Technologies

We use cookies, pixels, tags, SDKs and similar technologies
to operate the website, remember preferences, keep the site secure, understand
usage, improve performance and, where permitted, support advertising and
analytics. Where required by law, we will ask for your consent before placing
non-essential cookies or similar technologies on your device. You can manage
preferences through our cookie banner or browser settings. You should maintain
a separate cookie notice or cookie settings tool if your site uses
non-essential cookies.

14. Children’s Privacy

Our website and services are not directed to children, and
we do not knowingly collect personal information from children except where
permitted by law and with appropriate consent where required. If you believe a
child has provided personal information in breach of this policy, please
contact us so that we can take appropriate action. If your services are
directed to children or you knowingly collect information from children in the
United States, this policy must be updated for compliance with applicable children’s
privacy laws, including COPPA where relevant.

15. Third-Party Links and Services

Our website may contain links to third-party websites,
plug-ins or services. We are not responsible for the privacy practices of third
parties. We encourage you to review their privacy notices before providing
personal information to them.

16. Changes to This Policy

We may update this policy from time to time to reflect
changes in our practices, technologies, legal requirements or other factors. We
will post the updated version on this page and update the effective date above.
Where required by law, we will provide additional notice or obtain consent for
material changes.

17. Contact Us

If you have questions about this policy or would like to
exercise your privacy rights, please contact us at:

Blacklion Management Services, LTD.
Privacy@blacklion-management.com

+44-333-090980