tc. thinking capital.

Privacy Policy · Last updated 27 April 2026

Privacy Policy

This policy explains how Thinking Capital Partners Limited (“Thinking Capital”, “we”, “us”) collects, uses and protects personal data when you visit thinkingcapitalpartners.com or correspond with us. We are committed to handling your personal data in line with the UK GDPR and the Data Protection Act 2018.

1. Who we are

Thinking Capital Partners Limited is the data controller in respect of the personal data described in this policy. We are a private limited company registered in England & Wales (company no. 17183887), with our registered office at The Clubhouse, 8 St James's Square, London SW1Y 4JU.

2. What personal data we collect

We collect only the personal data we genuinely need:

  • Enquiry data. The name, organisation, email address and message you submit through our enquiry form or via direct email.
  • Correspondence. Emails, calls, meeting notes and any documents you choose to share with us.
  • Portal data. If you sign in to the client portal, the email address linked to your Microsoft account and authentication tokens issued by Microsoft on your behalf.
  • Technical data. Standard server log information (IP address, browser type, timestamps) generated when you visit the site.

We do not knowingly collect personal data from anyone under the age of 18, and our services are not directed at retail consumers.

3. How we use your personal data

  • To respond to your enquiry and follow up where appropriate.
  • To provide and secure access to the client portal.
  • To meet our legal, regulatory and record-keeping obligations.
  • To investigate suspected misuse of our website or services.

We do not use your personal data for advertising, profiling or automated decision-making.

We rely on the following lawful bases under the UK GDPR:

  • Consent. For enquiry-form submissions, which you provide by submitting the form.
  • Legitimate interests. To operate, secure and improve our website and to communicate with prospective clients in a business context. We have assessed that this does not override your rights and freedoms.
  • Contract. Where we are taking steps at your request prior to entering into a relationship.
  • Legal obligation. Where we are required by law to retain or disclose information.

5. Sharing and processors

We do not sell your personal data. We share it only with carefully selected service providers acting on our instructions under written contracts that meet UK GDPR requirements. These currently include:

  • Microsoft (Azure, Microsoft 365, Entra ID). hosting, email, identity and authentication.
  • Our professional advisers (legal, accounting, audit) where engagement requires it.

Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement or an adequacy decision.

6. How long we keep it

We retain enquiry-form correspondence for up to 24 months from the last contact, unless a relationship develops, in which case we retain it for as long as necessary to manage that relationship and meet legal obligations. Server logs are retained for up to 90 days. Portal authentication data is retained only for the duration of your session and is not stored on our servers.

7. Your rights

You have the right to:

  • Request access to your personal data.
  • Ask us to correct inaccurate data or complete incomplete data.
  • Ask us to erase your data, subject to legal exceptions.
  • Object to or restrict our processing.
  • Request portability of data you have provided.
  • Withdraw consent at any time, where consent is the basis for processing.

To exercise any of these rights, email enquiries@thinkingcapitalpartners.com. We will respond within one month.

8. Cookies

We use only strictly necessary cookies and a small number of local-storage items to remember your theme preference and authentication state. We do not use advertising, marketing or analytics cookies. See our Cookie Policy for the full list.

9. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. This includes encryption in transit, role-based access controls, and the use of identity providers with strong authentication.

10. Contact and complaints

Questions or concerns about this policy should be addressed to enquiries@thinkingcapitalpartners.com or by post to The Clubhouse, 8 St James's Square, London SW1Y 4JU.

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ico.org.uk). We would, however, appreciate the chance to address your concerns directly first.