Data Protection Policy

Think Expose

Data Protection Policy

October 2025

Data Protection Policy

Company: Think Expose Ltd
Company Number: 11814664
Registered Office: Unit A, 82 James Carter Road, Mildenhall, Bury St Edmunds, IP28 7DE
Last Updated: October 2025

1. Purpose

The purpose of this policy is to ensure that Think Expose Ltd complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 when handling personal data.
We are committed to protecting the privacy, rights, and freedoms of all individuals whose personal data we process — including clients, employees, suppliers, and business contacts.

2. Scope

This policy applies to all staff, contractors, and anyone acting on behalf of Think Expose Ltd who has access to personal data.
It covers all personal data processed by the company in any format — electronic, paper, or otherwise.

3. Data Protection Principles

We follow the seven principles set out in UK GDPR. Personal data must be:

  1. Lawful, fair, and transparent — processed lawfully and clearly explained to individuals.

  2. Collected for specified, explicit, and legitimate purposes — not used for other incompatible purposes.

  3. Adequate, relevant, and limited — only what is necessary for the stated purpose.

  4. Accurate and up to date — corrected or deleted if inaccurate.

  5. Kept no longer than necessary — retained only as long as required.

  6. Processed securely — protected against unauthorised access, loss, or damage.

  7. Accountable — we take responsibility and can demonstrate compliance.

4. Lawful Bases for Processing

Think Expose Ltd processes personal data under the following lawful bases:

  • Consent (where the individual has given permission)

  • Contract (to perform a service or fulfil an agreement)

  • Legal obligation (to comply with UK law)

  • Legitimate interests (for example, to market our services or manage business relationships, provided the individual’s rights are not overridden)

5. Data We Process

We may process the following categories of personal data:

  • Contact details (name, email, phone number, address)

  • Business information (company name, role, communications)

  • Financial details (for invoicing or payments)

  • Marketing preferences

  • Website and usage data (via analytics tools)

We do not intentionally collect special category data (e.g., health, race, religion) unless legally required and with explicit consent.

6. Individual Rights

Under UK GDPR, individuals have the following rights:

  • Access to their personal data

  • Correction of inaccurate or incomplete data

  • Deletion (“right to be forgotten”)

  • Restriction of processing

  • Data portability

  • Objection to processing (especially for marketing)

  • The right to withdraw consent at any time

Requests should be sent to info@thinkexpose.co.uk and will be handled within one month.

7. Data Security

We maintain strict data security measures, including:

  • Password protection and encryption on all systems

  • Secure servers and restricted access to data

  • Regular security audits and updates

  • Staff confidentiality agreements

  • Secure disposal of paper and digital records

In the event of a data breach, we will:

  • Assess the risk immediately

  • Notify the ICO within 72 hours if required

  • Inform affected individuals where appropriate

8. Data Retention

Personal data is retained only as long as necessary for the purpose it was collected.
When data is no longer required, it will be securely deleted or anonymised.
Retention periods are reviewed regularly in line with legal and business requirements.

9. Data Sharing and Third Parties

We may share data with:

  • Service providers and partners (e.g., IT, email, and hosting platforms)

  • Professional advisers (accountants, legal advisers)

  • Regulatory authorities (if required by law)

All third parties are required to handle data in accordance with UK GDPR and our own security standards.
We do not sell personal data to any third parties.

10. International Transfers

If data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • UK-approved Standard Contractual Clauses

  • Adequacy decisions from the UK government

11. Staff Responsibilities

All staff and contractors are responsible for ensuring that personal data is handled in accordance with this policy.
Training is provided where necessary to maintain awareness of data protection obligations.

12. Data Protection Officer / Contact

For all data protection queries, requests, or concerns, please contact:

Data Protection Lead
Think Expose Ltd
Email: info@thinkexpose.co.uk
Address: Unit A, 82 James Carter Road, Mildenhall, Bury St Edmunds, IP28 7DE

If you are not satisfied with how we handle your data, you may contact the Information Commissioner’s Office (ICO):
www.ico.org.uk

13. Policy Review

This policy will be reviewed annually or sooner if there are changes in data protection legislation or company practices.

© Think Expose Limited 2025