This notice explains what personal information Think Bold Ltd collects, why it is collected, what is done with it, and what rights you have over it. It applies to anyone who interacts with us through this website, by email, through our services, or through our marketing channels.
Who we are
Think Bold Ltd is the data controller for the personal information described in this notice.
Company number: 16251766
Registered office: 9 Goldington Road, Bedford, MK40 3JY, United Kingdom
ICO registration number: ZB967270
Contact: rachel@think-bold.co.uk
What information we collect, and why
We collect personal information for four purposes.
Providing and improving services for clients
We collect names, professional contact details, role and institution, project records, correspondence, meeting recordings and transcripts, and transaction data including invoices and payment details. Where a client project requires it, we also process information about the client’s staff, applicants, students or partners as a processor on the client’s behalf, governed by a separate data processing agreement.
Operating client accounts
We hold contractual and billing records, communications, scheduling information and any account credentials needed to deliver work under a current engagement.
Marketing, thought leadership and community engagement
If you subscribe to a Think Bold mailing list, register for a webinar, or join The Bold Collective, we hold your name, email address, role, institution where relevant, and engagement data such as opens and clicks.
Running the website
We collect technical information about how visitors use the website. This is covered in our Cookie Policy.
Lawful bases
Under the UK GDPR we must have a lawful basis for processing your information. The basis we rely on depends on the activity.
- Performance of a contract — for delivering paid services to clients and operating their accounts.
- Legitimate interests — for B2B marketing to professional contacts in the higher education sector, for sector research and thought leadership, and for managing our business relationships. We have considered the impact on you and concluded that this processing does not override your rights and interests. You can object at any time.
- Consent — for email marketing to individuals who have explicitly opted in, for non-essential cookies, and for any processing where consent is the appropriate basis. You can withdraw consent at any time without affecting earlier processing.
- Legal obligation — for retaining financial records under HMRC requirements and for responding to lawful information requests.
Where we get personal information
- Directly from you when you contact us, contract with us, subscribe to a list, or attend an event.
- From your employer or institution when we engage with you in a professional capacity.
- From publicly available sources, such as LinkedIn, sector publications, and institution websites, where we use that information for B2B outreach.
- From suppliers and processors who provide us with services.
Who we share information with
We use the following processors to run the business. Each operates under a written data processing agreement and provides appropriate security and confidentiality safeguards.
| Processor | Purpose and data handled |
| Microsoft 365 | Email, documents, calendars, video meetings, file storage and collaboration. |
| Google Workspace | Forms, spreadsheets and document collaboration where used alongside Microsoft 365. |
| Fireflies.ai | Meeting recording, transcription, summaries and searchable transcripts. |
| Zoom | Video conferencing, meeting recordings and participant data. |
| Kit | Email marketing, subscriber list management, automated campaigns and engagement tracking. |
| AirTable | Project tracking, contact management and structured business data. |
| Zapier | Workflow automation that moves data between the systems above. |
| Canva | Design files and visual assets that may contain client logos or named information. |
| FreeAgent | Quoting, invoicing, expenses and bookkeeping. Holds client and supplier contact and financial data. |
| Stripe | Payment processing for invoices and subscriptions. |
Beyond our software processors, we share personal information with three categories of people in the course of running the business. Each is governed by appropriate written terms.
Associates and subcontractors
Where associates or subcontractors work on our instructions using Think Bold systems, they act as our processors. This includes our virtual assistant. We have written Data Processing Agreements in place that meet the requirements of Article 28 of the UK GDPR, including obligations on confidentiality, security, sub-processing, data subject rights, and return or deletion of data at the end of the engagement.
Partner businesses and joint advisory work
Where we deliver joint products or services with another consultancy, both businesses may act as joint controllers of client information. In those cases we have a Joint Controller Arrangement that sets out who is responsible for what, including the response to data subject requests. The arrangement is summarised in the proposal or engagement letter for that work.
Referrals to other professionals
Where we refer a client to a separate professional who will then contract with the client in their own right, we share the contact details necessary to make the introduction. Once the referral is made, the other professional becomes the controller of any personal information they hold and is responsible for their own privacy notice.
We do not sell personal information. We do not share it for third party marketing.
International transfers
Some of our processors are based in the United States or transfer data outside the United Kingdom. Where this happens, we rely on UK adequacy regulations where applicable, the International Data Transfer Agreement, or the EU Standard Contractual Clauses with the UK addendum. Copies of the relevant agreements are available on request.
How long we keep information
- Mailing list data: for as long as you remain subscribed, plus 12 months for record-keeping. You can unsubscribe at any time.
- Client project files and correspondence: for the duration of the engagement plus six years, to meet contractual and legal requirements.
- Financial and tax records: for six full tax years after the relevant transaction, as required by HMRC.
- Meeting recordings and transcripts: for the duration of the relevant project, unless deletion is requested or required sooner.
- Website analytics data: as set out in our Cookie Policy.
How we keep information secure
We protect personal information through a combination of organisational and technical controls. These include multi-factor authentication on all business systems, encrypted storage, access controls based on need, regular software updates, secure disposal of records at the end of their retention period, and written confidentiality terms with associates and subcontractors.
Automated decision-making
We do not make decisions about you using purely automated processing. Any AI tools we use, such as meeting transcription or workflow automation, support human work rather than replace human judgement.
Your data protection rights
Under UK data protection law you have the following rights, which we will honour without undue delay and within one month of a valid request.
- Right of access to your personal information.
- Right to rectification of information that is inaccurate or incomplete.
- Right to erasure in defined circumstances.
- Right to restrict processing.
- Right to object to processing, including direct marketing.
- Right to data portability.
- Right to withdraw consent where consent is the lawful basis.
To exercise any of these rights, contact rachel@think-bold.co.uk. Some rights have exemptions and we will explain these if they apply.
Complaints
If you have a concern about how we handle your personal information, contact us first. We will investigate and respond. If you remain unhappy, you can complain to the Information Commissioner’s Office.
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk
Changes to this notice
We review this notice annually and update it when our processing changes. The current version date is shown below.
Last updated: 23 May 2026