Privacy Policy

  1. About this policy
    This policy describes how we will collect and use personal data about you. There are words and phrases in the policy that have a specific meaning or that we are using in a particular way, in accordance with GDPR regulations. They are:
    “personal data” – any information about an identifiable living human being
    “process” anything we do with personal data, such as: collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it
    “special category data” personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, health, genetic or biometric data.

    Your continued use of our website will be regarded as acceptance of our practices around privacy and personal information. If you have queries about how we use your data, or comments or questions about this Policy, please do email us. The email address to use is set out in section 2 below.

    Policy updates: We keep this Policy under regular review, and this page may be updated from time to time. Please come back here to check the latest version. This Policy was last updated on the date given in the final box in the table in section 2 below

  2. Who are we?

Name Thinking Outside Ltd
Company Directors   Sara Corcoran and Sophie Lovejoy
Company Registration Number if applicable 13376830
ICO reference A8946155
Email address
Data Retention Period(s) Prospects: 12 months. Clients, Suppliers & Finance: 5 years
Date this Policy last updated 19th May 2021

  1. What information do we process, and why?

    a. Prospect (meaning potential clients)

    Most of the information we process comes from you.  We process it so we can reply to you, and when you contact us again we know what you asked before, what you were sent, and what you told us. Typically, we collect names, contact details, and background information directly provided by you. You are free to refuse our request for personal information, with the understanding that we may be unable to provide you with some of your desired services. We will retain a copy of all correspondence that we exchange, whether by email, post or via our website enquiry form, for our data retention period (see table in Section 2 above).

    If we email you individually using our own email system, or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.

    If you make an enquiry via our website, we will keep details of that enquiry and response for our data retention period (section 2, Table, above).

    If you sign up to a newsletter list, you will be sent what you asked for. You can unsubscribe at any time by clicking the unsubscribe button on a newsletter email. You are not automatically subscribed to any other lists.

    We do not routinely keep and do not process special category data.  To the extent we hold this, it was supplied or made publicly available by you.

    b. Client

    Once you buy something from us, we will collect information from you at the point of sale. This will include the information we collect from Prospects (above). We collect your email address, phone number and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.

    We process your data to support the delivery the goods and services you have bought. We keep records of the goods/services provided to you, and information you give us, so we can support you when needed and advise you of any additional services you may need.
    If you pay us by BACS or direct transfer, we know only what the bank tells us, which is usually the name of the person who paid us and how much and the reference number.

    c. Suppliers

    We collect information on potential and actual suppliers. Typically this is names and contact details together with background information directly provided by you or published by you on social media or on the internet, on good and services we might be interested in.

    If you become a supplier we keep a copy of the contract between us and your bank details so we can pay you. We also keep a record of invoices/payments for accounting purposes.

    We keep a record of the work you undertook along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution.

    This information is all needed to manage our customer relationships and our supply chain.

  1. Newsletters, blogs and automated emails

    We monitor who opens what in our newsletter lists, blogs, and pre-set sequences of information we send you. We do this, so we can see if content is popular.

    Existing clients may receive emails about specific offers relating to things you have already purchased.

    You can unsubscribe from newsletters and automated emails at any time.

    From time to time, we may contact individual email newsletter subscribers but it is extremely rare. This would normally be if something odd were going on and we wanted to check you could see and use the content or find out what was causing a proble

  1. Data sharing – 3rd parties
    We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.

    a. Platforms

    We keep a list of the software platforms we use to run our business. If you would like a list of all the platforms we use, please email us (at the email address included in the table in section 2, above).

    Our website may link to external site that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies

    b. People
    From time to time we may outsource the administration to support our own business. This may include working with Virtual Assistants, Web Designers, IT support, Sales and Marketing, Accounting and more. They have limited access to your data, where the service they provide to us means they need it. For example, if we invoice you, our Accountant needs to process the information in the invoice. Our contracts with these providers require that your information is held in the strictest confidence.

  1. Where is your data located?

    Like most small businesses, we do not have any tailor-made software – we use mainstream packages for everything from our customer records, to email, to accounting.

    This means that some of your data may be held in the EEA, and some may be held in services in the USA (with suitable data privacy shields) or elsewhere. We have picked mainstream suppliers with appropriate security standards.

  1. Retention periods
    Your information will be kept for the length of time set out in our retention period (see the table in section 2, above).

    We need to keep customer and supplier information long enough to satisfy HMRC and our insurers. We keep information on prospective customers long enough to ensure our customer service and response is effective.

    If you subscribed to a newsletter or updates list, you will remain on the list(s) you joined until you unsubscribe from that list.

  1. Your rights

    You have the right to know what information we are collecting on you, and to amend it if it is inaccurate.

    If you feel we have information we should not be keeping, or it is out of date or otherwise wrong, please let us know and we will take appropriate action.

    Most of the information we hold is not based on your individual consent but is based on our needing the information to run our business and provide our services.

    If you want to know what information (if any) we have about you, email us at the email address shown in the table included in Section 2 above and give us your name, email address(es) and we will happily do a search and let you know what information we hold on you and how we are using it/have used it.

    You have a “right to be forgotten” – but that does have some legal limits to it. If you want us to remove information about you, let us know. If you have been a customer, we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.

  1. Complaints

    If you have a complaint about the way we are handling your information or how we have responded to a request for information or removal, you can take this up in the first instance by emailing us at the email address shown in the table included at Section 2 above.

    If we can’t sort it out, you are within your rights to contact the Information Commissioner for the UK.

  1. Cookies

    Information about cookies and how we use them, is included in our Cookie Policy.