Privacy Policy

Summary

We’re committed to protecting and respecting your privacy, and we believe it should be easy for you to understand our data and privacy practices. We aim to explain in clear language what information we collect, how we use it, and the choices and controls you have.

 

Our commitment to privacy

This privacy policy (‘Privacy Policy’) sets out how Collingwood Limited (‘Collingwood’) (‘we’, ‘us’ and ‘our’ being interpreted accordingly) uses and protects the personal information about you that we collect or that you provide, in accordance with applicable UK data protection law. This includes personal information from the public domain, our previous interactions with you, through your use of our website collingwood.group and, when you become a member or client, participate in our programme(s) or communities, or when you sign up to receive marketing information or other company updates.

 

Changes to our privacy policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Privacy Policy.

 

Information about you

We may collect and process personal information from you in various ways, for example if you:

• Contact us by phone, email, online using a form on a Website, face-to-face or otherwise in writing
• Become a registered user of a Website
• Become a client
• Register for a meetup or webinar
• Request further information about a service or product
• Fill out an online form for access to content or newsletters
• Register and/or purchase services or products from us
• Participate in our discussion boards on a Website or social media platform
• Enter a competition or prize draw
• Complete a survey
• Submit a job application
• Visit our Website (please see the ‘Cookies’ section below)
• Report a problem with a Website, event, product or service
• Provide consent for marketing to be sent to you
• Engage in conversation with us about our services
• Have been recommended to us by a prior or current client
• Are contacted by us as a prospective client
• Work for an organisation that is an existing, prior or prospective client

Types of personal data we collect

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity data: includes first name, last name, title, username, email address or similar identifier, phone number, social media links, photo, CV, and other information about your qualifications, and your right to work, if you choose to provide such details.

Contact data: includes billing address, delivery address, first names, last names, email address and telephone numbers.

Work data: includes job title, company details, email address, username or similar identifier, phone number, country/location, team size, job history, social media links, development goals, account management notes.

Technical data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

Transaction data: includes details about payments to and from you and/or your company, spend amount, and other details of products and services you have purchased from us.

Financial data: includes bank account or payment card details, billing name, billing address, billing email.

Profile data: includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses, social media links, conversation contributions, account management notes.

Usage data: includes information and reporting about how you use our website, products and services.

Marketing and communications data: includes your preferences in receiving marketing from us and third parties and your communication preferences.

 

Special categories of personal data

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

 

Information we receive from other sources

We work closely with third parties, for example, event venues, webinar providers, sub-contractors in payment and delivery services, advertising networks, analytics providers, search information providers, and may receive Personal Data about you from them.

We may record information about you that is available publicly from sources like LinkedIn, corporate websites, related industry websites and online directories. We may then research and record further details about you by contacting your company directly or searching online.

If you use a messaging, chat or discussion service on one of our Websites, we have access to those communications.

If you’re applying for a job at Collingwood, we may receive information about you from your referees and former employers.

If you use our pages on social media platforms, then we may collect any Personal Data which you provide via those platforms in accordance with the policies of the applicable platform.

 

Personal data about other people

If you provide Personal Data to us about any person other than yourself, such as your colleagues, personnel, relatives, your next of kin, your referees (if you are applying for a job), your clients, your advisers or your suppliers, you must ensure that they have given their permission for you to disclose it to us and for us to use it in accordance with this Privacy Policy.

 

Sensitive personal data

Unless we make it clear otherwise, our policy is not to ask for any sensitive Personal Data from you.

If you choose to provide this sensitive Personal Data to us, this will mean that you have given your consent for us to use that information for the reasons explained at the time you provide that sensitive Personal Data to us.

 

Uses we make of personal data

How we use your information

We may use the Personal Data that you provide to us or that we receive from third parties in the following ways:

Direct marketing purposes: where you have expressly consented to us doing so in accordance with applicable law, you have purchased services or products from us or we otherwise have a legitimate interest or legal right, we may contact you by telephone or electronic message (e.g. email, SMS or via a messaging app) for the purposes of providing information on our services and products, or providing information on behalf of our partners. We may also contact you by post from time to time, unless you have told us that you do not want to receive these communications. You can unsubscribe using the link in our emails at any time. If you wish to update your Personal Data or opt-out of receiving further marketing communications from us, email privacy@collingwood.group

Transactional purposes: we may process your Personal Data to provide you with the information that you request from us, to carry out our obligations arising from any contracts entered into between you and us, including managing your registration, attendance and participation at an event, which may include transferring your information to other organisations (see section headed ‘Disclosing Personal Data to third parties’ below); to allow you to participate in interactive features of our Website and services when you choose to do so; to allow you to communicate with other users on our Website.

Website administration and improvement: we may process your Personal Data to manage your access to Collingwood content and resources, and the access by authorised users within your organisation; to ensure that content from our Website is presented in the most effective manner for you and your computer or mobile device (see section headed ‘Cookies’); to notify you about changes to our events, products, services or Website(s); as part of our efforts to keep our Website safe and secure, and for troubleshooting.

Marketing analysis and online marketing: to analyse Personal Data with a view to identifying how we can improve our marketing materials; provide you with products or services that can help to grow your business and send you marketing materials accordingly; to make suggestions and recommendations to you on our Website about services that may interest you (please see ‘Profiling’ section below); to match the email we hold for you to your LinkedIn or Facebook account in order to target advertising to that account.

Internal administration and analysis: to process your job application; to administer the Collingwood database; data analysis, research, statistical and survey analysis; to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.

Legal compliance: to comply with any relevant legal obligations.

 

Additional purposes

We may also contact you for other purposes that you consent to from time to time.

 

Profiling

How we use profiling

We may occasionally use Personal Data to conduct profiling of individuals on our database. This will help us target communications in a more focused, efficient and cost-effective way, helping us reduce the chances of individuals receiving inappropriate or irrelevant communications.

 

What profiling involves

To do this profiling we:

• May cross-check certain Personal Data against public sources (such as a company website) to get a better understanding of who the individuals on our database are
• Track your online behaviour in response to our emails and on our Website
• Analyse your engagement with our content to understand your interests and preferences.

 

Safeguards and your rights

Our profiling is limited to marketing purposes only. We do not make automated decisions based solely on profiling that produce legal effects concerning you or similarly significantly affect you. All profiling is carried out with appropriate technical and organisational safeguards to protect your rights.

You have the right to object to such use of your Personal Data for profiling at any time. If you wish to exercise this right, please email privacy@collingwood.group and we will stop using your data for profiling purposes.

 

Legal basis and obligations

Legal framework

We collect and process your Personal Data in accordance with:

• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018
• The Privacy and Electronic Communications Regulations (PECR)
• Other applicable data protection and privacy laws

 

Data controller

For the purpose of applicable data protection legislation, the data controller is Collingwood Advisory Limited, registered in England and Wales, company number 05842662 and registered address is c/o 3 Coldbath Square, London EC1R 5HL.

 

Legal bases for processing

We process your personal data under the following legal bases. Depending on the purpose of processing, multiple legal bases may apply:

• Consent: where you have given clear consent for us to process your personal data for a specific purpose (e.g. marketing communications)
• Contract: where processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
• Legal obligation: where we need to comply with the law
• Legitimate interests: where processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and interests

 

Disclosing personal data to third parties

 

Our policy on sharing data

We never sell, trade or rent Personal Data.

 

When we may share your data

We may disclose your Personal Data to the extent necessary to the following third parties:

Third party service providers: if you are enquiring about, registering for, or purchasing products, services or events from us, we may disclose your information to third parties involved in their delivery and the provision of our online systems.

Cloud service and productivity providers:

• Google Ireland Limited / Google LLC (Google Workspace): provides our email, calendar, document management, and collaboration tools. Data may be stored within the EEA and transferred internationally under the UK-approved Standard Contractual Clauses and, where applicable, the UK-US Data Bridge.
• Microsoft Ireland Operations Limited (Microsoft 365): provides certain productivity, communication, and file storage tools (including Outlook, Teams, and SharePoint). Data may be processed within the EEA and transferred internationally using the same recognised safeguard

Event partners or business partners: for information, please see ‘Uses we make of Personal Data’ section above.

A purchaser of the business or business assets: if Collingwood, its business, or its assets are acquired by a third party, in which case personal data held by it about its users, suppliers, or clients will be one of the transferred assets.

Authorities, companies and advisors for legal reasons: we may disclose Personal Data to other companies and organisations for the purposes of crime prevention and fraud protection or if we are otherwise under a duty to disclose or share your Personal Data in order to comply with any legal obligation; or to protect the rights, property, or safety of Collingwood, our Website users, our clients, or others.

Referees or employers: if you are enquiring about a job, or making an application, then we may disclose your Personal Data to third parties such as your referees, or current and previous employers (if you ask us to contact them).

 

Third-party processing

We always aim to ensure that Personal Data we pass to third parties is used by them only for lawful purposes in accordance with this Privacy Policy and appropriate data processing agreements.

International data transfers

Transfers outside the UK

The data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom. It may also be processed by staff operating outside the UK who work for us or for one of our suppliers.

Safeguards for international transfers

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, including:

• Adequacy decisions: transferring data to countries that the UK government has determined provide adequate protection for personal data
• Standard Contractual Clauses (SCCs): using UK-approved standard contractual clauses with recipients in countries without adequacy decisions
• UK-US Data Bridge: where applicable, relying on the UK Extension to the EU-US Data Privacy Framework for transfers to certified US organisations.

Third-party providers

We have contracted with the following third-party providers who may transfer your Personal Data internationally:

• HubSpot, Inc.: manages our client relationship management (CRM) database and provides our marketing automation platform. HubSpot is certified under the EU-US and UK Extension to the Data Privacy Framework. For more information please visit https://legal.hubspot.com/privacy-policy
• Xero: provides our accounting systems and may transfer Personal Data internationally using appropriate safeguards. For more information please visit https://www.xero.com/uk/about/legal/privacy
• Zoom: provides our live webinar streaming and virtual video meeting services with appropriate data transfer safeguards. For more information please visit https://zoom.us/privacy and https://explore.zoom.us/en/trust/legal-compliance/
• Google Workspace: provides our cloud-based productivity and collaboration platform, including email, file storage, and shared workspaces. Google’s data protection practices comply with UK GDPR and international transfer requirements. For more information please visit https://policies.google.com/privacy.
• Microsoft 365: provides our productivity suite, including Teams, Outlook, and SharePoint, used to manage communications and internal collaboration. For more information please visit https://privacy.microsoft.com/en-gb/privacystatement.
• Otter: Otter.ai, Inc., used for AI-powered transcription and summarization of meeting audio. For more information please visit https://otter.ai/privacy-policy
• Fathom: Fathom Video Inc., used for AI-powered note-taking and summarization of video conference meetings. For more information please visit https://www.fathom.ai/privacy.

Your rights

By using our services, you acknowledge that these transfers may occur. You have the right to request information about the safeguards we have in place for international transfers by contacting privacy@collingwood.group

Data retention

Retention principles

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Specific retention periods

Marketing contacts: We retain data of individuals who have consented to marketing for up to 2 years from the date of last engagement. After this period, we will delete your data unless you re-engage with our communications.

Client and client data: We retain client relationship and project data for 6 years following the end of the business relationship to comply with accounting and tax requirements.

Financial and transaction data: We retain financial records for 6 years from the end of the financial year in which the transaction occurred, in accordance with UK tax law requirements.

Job applications: We retain unsuccessful job application data for 6 months following the conclusion of the recruitment process, unless you consent to us keeping your details for future opportunities (in which case we retain for up to 2 years).

Website analytics and cookies: Technical data collected via cookies is typically retained for up to 26 months, though you can delete cookies from your browser at any time.

Legal claims: Where there is an ongoing legal claim, we will retain relevant data until the claim is resolved and any appeals period has expired.

Further information

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

For further details about retention periods for specific types of data, please contact privacy@collingwood.group

Cookies

Overview

Our Website uses cookies to distinguish you from other users of our Websites. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy below. You can access our full Cookie Policy at any time from the footer of our website.

Cookie consent

We will only use non-essential cookies with your explicit consent. When you first visit our website, you will be presented with a cookie banner that allows you to accept or reject different categories of cookies. You can change your cookie preferences at any time through the cookie settings on our website.

Essential cookies that are strictly necessary for the website to function are exempt from consent requirements, but you can still block them through your browser settings if you wish.

Security

We employ appropriate technical and organisational security measures to protect Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication measures
• Staff training on data protection and security
• Incident response procedures
• Vendor due diligence: We only engage data processors who can demonstrate compliance with UK GDPR and who provide sufficient guarantees regarding the security of personal data

We also endeavour to take all reasonable steps to protect Personal Data from external threats. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data disclosed or transmitted to us.

Links to third-party websites

Our Websites may, from time to time, contain links to and from the websites of our sponsors, media partners and other third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or the processing of your data by those websites. Please check these policies before you submit any Personal Data to these websites.

Your rights

Overview of your rights

Under UK data protection law, you have the following rights in relation to your personal data:

Right of access: You can request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to.

Right to rectification: You can request that we correct Personal Data that we hold about you which is inaccurate or incomplete.

Right to erasure: You can request that we erase your Personal Data without undue delay in certain circumstances, such as where the data is no longer necessary or you withdraw consent.

Right to restrict processing: You can request that we restrict the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data.

Right to data portability: You can request that we transfer your Personal Data to another organisation in a commonly used, machine-readable format where technically feasible.

Right to object: You can object to:

• Processing based on legitimate interests
• Direct marketing (including profiling for marketing purposes)
• Processing for research or statistical purposes

Right to withdraw consent: Where we rely on consent as the legal basis for processing, you can withdraw your consent at any time.

Right not to be subject to automated decision-making: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you.

Exercising your rights

If you would like to exercise any of the rights set out above, please email privacy@collingwood.group or write to us at our registered address. We will respond to your request within one month, though this may be extended by two further months for complex requests.

We do not charge a fee for responding to your request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to respond.

We may request additional information to verify your identity before responding to your request to ensure we are protecting your personal data.

Limitations

Please note that Collingwood is not required to rectify or erase your data where doing so would prevent you from meeting your contractual obligations to Collingwood or where Collingwood is legally required to retain copies of your Personal Data.

Right to complain

If you are not satisfied with our response or believe we are processing your Personal Data other than in accordance with applicable law, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: https://ico.org.uk

Helpline: 0303 123 1113

Contact

Questions, comments and requests regarding this Privacy Policy are welcomed and should be sent to:

Data Protection Lead

Collingwood Advisory Limited

Email: privacy@collingwood.group

Post: Collingwood Advisory Limited,  c/o 3 Coldbath Square,  London EC1R 5HL

Cookie policy

What are cookies?

Our website uses cookies. A cookie is a small text file which is stored on your computer, tablet or phone when you visit a website. These cookies allow us to distinguish you from other users of our website. This helps us to provide you with a more personalised experience when you browse our website, allows us to monitor website use and helps us identify how we can improve our website.

Types of cookies

There are two main types of cookie:

Session cookies – these are deleted when you finish browsing a website and are not stored on your computer longer than this.

Persistent cookies – these are stored on your computer after you have finished using a website so that the website provider can remember your preferences the next time you use it.

Cookies can be set by the website you have browsed, i.e. the website displayed in the uniform resource locator (URL) window. These are called first party cookies. Third party cookies are set by a website other than the one you are browsing.

Cookie categories

We use the following categories of cookies:

Strictly necessary cookies

These cookies are essential for you to browse the website and use its features. Without these cookies, services you have asked for cannot be provided. These cookies do not require your consent under UK law.

Examples: Session management, security cookies, load balancing

Performance/analytics cookies

These cookies collect information about how visitors use our website, such as which pages visitors go to most often. These cookies don’t collect information that identifies a visitor directly. All information these cookies collect is aggregated and anonymous.

Examples: Google Analytics, website usage statistics

Functionality cookies

These cookies allow our website to remember choices you make (such as your user name, language or region) and provide enhanced, more personal features.

Examples: Language preferences, user interface customisation

Targeting/advertising cookies

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and help measure the effectiveness of advertising campaigns.

Examples: LinkedIn Insights, Facebook Pixel, remarketing cookies

Information we collect using cookies

We use cookies to collect the following information:

• Technical information including the internet protocol (IP) address used to connect your computer to the internet; your site login information; the browser and version of the browser that you are using, the time zone setting, browser plug-in types and versions; your operating system
• Information about your visit to our website including the websites you visited before and after ours; products, services or other terms you searched for; page response times, download errors, length of visits to certain pages; page interaction information (such as scrolling, clicks, mouse-overs), and methods used to browse away from the page

Your cookie consent

First-time visitors

When you first visit our website, you will be presented with a cookie consent banner. This banner allows you to:

• Accept all cookies
• Reject non-essential cookies
• Customise your cookie preferences by category

We will only set non-essential cookies (performance, functionality, and targeting cookies) if you have given your explicit consent.

Essential cookies will be set automatically as they are necessary for the website to function, but you can still block these through your browser settings if you wish.

Managing your preferences

You can change your cookie preferences at any time by:

• Clicking the cookie settings link in the footer of our website
• Accessing the cookie preference centre through our website
• Adjusting your browser settings (see below)

Controlling cookies through your browser

Most browsers automatically accept cookies unless you change your internet browser settings. If you wish to restrict, block or delete the cookies which are set by any websites, you can generally do this through your browser settings. These settings are usually found in the ‘options’ or ‘preferences’ menu of your internet browser.

How to manage cookies in different browsers

For detailed instructions on managing cookies, please refer to your browser’s help section:

• Google Chrome: Cookie settings in Chrome
• Microsoft Edge: Delete cookies in Microsoft Edge
• Safari: Manage cookies and website data in Safari
• Mozilla Firefox: Clear cookies and site data in Firefox

Please note: If you set your internet browser preferences to block all cookies, you may not be able to access all or parts of our site. If you delete cookies relating to this website, we will not remember your cookie preferences, and you will be treated as a first-time visitor the next time you visit the site.

Further information

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit:

• About Cookies: http://www.aboutcookies.org.uk/
• All About Cookies: https://www.allaboutcookies.org/
• ICO Guidance on Cookies: https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/cookies-and-similar-technologies/

Cookie lifespan

Different cookies have different lifespans:

• Session cookies: Expire when you close your browser
• Persistent cookies: Remain on your device for a set period (typically up to 26 months for analytics cookies) or until you delete them

Updates to this cookie policy

We may update this Cookie Policy from time to time to reflect changes in technology, legislation, our operations, or for other operational, legal or regulatory reasons. Please check back regularly for updates.

Cookie policy version 2.0 – last updated: October 2025

For questions about our use of cookies, please contact privacy@collingwood.group

Privacy policy version 2.0 – last updated: October 2025