1) Who we are (Data Controller)

• Controller: Think Pieces Ltd, a company registered in England under number  15614251.
• Registered address: 128 City Road, London, England, EC1V 2NX 
• ICO registration number: [●] (if applicable)
• Contact email: info@thinkpieces.co.uk
  
  

2) How to contact us

• For questions or to exercise your privacy rights, email info@thinkpieces.co.uk.
• You can also complain to the UK Information Commissioner’s Office (ICO) (see Section 13) if you are unhappy with how we handle your data.

3) What personal data we collect

• Identity & contact data: name, email address, job title, company, phone, postal address.
• Account data (if you create an account): username, password, preferences, settings.
• Content you provide: enquiry messages, comments, form responses, uploaded files.
• Marketing preferences: opt-in/opt-out records.
• Transactional data (if you purchase something): order details, billing address, VAT number; we do not store full payment card numbers (handled by our payment processor).
• Technical & usage data: IP address, device identifiers, browser type, time zone, operating system, pages viewed, referral URLs, links clicked, time spent, and other diagnostic data.
• Cookies and similar technologies: see Section 10 (Cookies).
• Recruitment data (if you apply for a role): CV/resume, cover letter, work history, references, right-to-work documents.
• Social/third-party data: if you interact via social media or sign in with a third-party provider, we may receive profile data in line with your settings there.

4) Where we get your data

• Directly from you (forms, emails, phone, creating an account, purchasing, events).
• Automatically via cookies/analytics when you use the Site.
• From third parties: marketing platforms, payment providers, event partners, public sources (e.g., LinkedIn, Companies House), and referrers.

5) Why we use your data (purposes & lawful bases)

We process personal data only where a lawful basis applies under UK GDPR.

• Provide and operate the Site/Services
  
  • Examples: create/manage accounts, enable features, respond to enquiries.
  • Lawful basis: Contract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)) to run an effective website.
• Customer support & communications
  
  • Examples: service emails, troubleshooting.
  • Lawful basis: Contract; Legitimate interests.
• Marketing & newsletters
  
  • Examples: send insights, product updates, event invites.
  • Lawful basis: Consent (Art. 6(1)(a)) for email/SMS where required; Legitimate interests for B2B communications compliant with PECR.
• Analytics & improvement
  
  • Examples: measure performance, debug, A/B tests.
  • Lawful basis: Legitimate interests to improve our services; Consent where required for non-essential cookies.
• Security & fraud prevention
  
  • Examples: detect/prevent misuse, protect accounts and systems.
  • Lawful basis: Legitimate interests; Legal obligation.
• Legal & compliance
  
  • Examples: record-keeping, responding to lawful requests.
  • Lawful basis: Legal obligation (Art. 6(1)(c)).
• Recruitment
  
  • Examples: evaluate candidates, schedule interviews, right-to-work checks.
  • Lawful basis: Legitimate interests; Consent where appropriate.

If we rely on consent, you can withdraw it at any time (see Section 12).

6) Sharing your data

• Service providers (processors): hosting ([e.g., AWS/Cloudflare/Vercel]), analytics ([e.g., Google Analytics, Plausible, Matomo]), email delivery ([e.g., Mailchimp, SendGrid, Brevo]), CRM ([e.g., HubSpot, Pipedrive]), payment processing ([e.g., Stripe]), customer support ([e.g., Intercom]), recruitment tools ([e.g., Workable, Greenhouse]).
• Professional advisers: lawyers, accountants, insurers.
• Business transfers: in connection with a merger, acquisition, or sale of assets (we will notify you where required).
• Legal compliance: where required by law, court order, or to protect rights, safety, or property.

We require processors to process data only on our instructions and to keep it secure. A current list of key processors is available on request.

7) International transfers

• Some providers may process data outside the UK. Where we transfer data internationally, we use lawful transfer mechanisms, such as:
  
  • UK Addendum to EU Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreement (IDTA); and/or
  • An adequacy decision by the UK government.
• You can contact us for copies of relevant safeguards (redactions may apply).

8) How long we keep your data (retention)

• Enquiry emails/forms: [12–24 months]
• Account data: for the life of the account and [up to 12 months] after closure
• Marketing records: until you unsubscribe plus [up to 24 months] to maintain suppression lists
• Transaction records: [6–7 years] for tax/audit
• Recruitment data: [6–12 months] unless you consent to a longer talent-pool period
• We securely delete or anonymise data when no longer needed.

9) Security

• We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, least-privilege principles, and staff training.
• However, no system is completely secure; please use unique, strong passwords and enable available security features.

10) Cookies & similar technologies (bullet list version)

We use cookies, pixels, and similar technologies to operate the Site, recognise you, and understand how the Site is used. Where required by UK law (PECR), we request your consent before setting non-essential cookies. You can change or withdraw consent via our Cookie Preferences link at any time and through your browser settings.

Cookie categories we use:

• Strictly necessary cookies – required for core functionality (e.g., security, login, load-balancing).
• Analytics/performance cookies – help us measure and improve the Site.
• Functionality cookies – remember preferences.
• Advertising/marketing cookies – measure campaigns and, where used, personalise content.

Example cookie list (edit to match your setup):

• _ga
  
  • Provider: Google Analytics
  • Purpose: Analytics
  • Expiry: 13 months
  • Type: 1st/3rd-party cookie
• _gid
  
  • Provider: Google Analytics
  • Purpose: Analytics
  • Expiry: 24 hours
    Type: 1st/3rd-party cookie
• thinkpieces_session
  
  • Provider: Think Pieces
  • Purpose: Session management
  • Expiry: Session
  • Type: 1st-party cookie

11) Children’s privacy

• We do not knowingly collect personal data from children under 13.
• If you believe a child has provided us with personal data, please contact us to request deletion.

12) Your rights (UK GDPR)

You have rights over your personal data, subject to conditions and exemptions:

• Access – request a copy of your data.
• Rectification – correct inaccurate or incomplete data.
• Erasure – ask us to delete your data (“right to be forgotten”).
• Restriction – limit how we use your data.
• Portability – receive data in a structured, machine-readable format and/or have it transmitted to another controller.
• Object – to processing based on legitimate interests or for direct marketing.
• Withdraw consent – where processing relies on consent.
• Complain to the ICO – see Section 13.
  
  

To exercise your rights, email info@thinkpieces.co.uk We may need to verify your identity. We aim to respond within one month.

13) Complaints

• If you have concerns, please contact us first so we can try to resolve them.
• You can also complain to the UK ICO:
  
  Information Commissioner’s Office
  Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  Helpline: 0303 123 1113
  Website: https://ico.org.uk/concerns/
  
  

14) Third-party links

• Our Site may contain links to third-party websites/services. We are not responsible for their privacy practices.
• We encourage you to review their policies.
  
  

15) Changes to this policy

• We may update this Privacy Policy from time to time.
• We will post the updated version on this page and revise the “Last updated” date.
• If changes are material, we will take additional steps to notify you.

‍