top of page

Privacy Policy

Introduction

Thurnleigh Group is committed to safeguarding the privacy of our clients, website visitors, and stakeholders. This Privacy Policy explains how we collect, use, disclose, and protect personal information in line with the UK GDPR, the Data Protection Act 2018, and internationally recognised best practices, including ISO 27001.

By using our website or engaging our services, you agree to the terms of this Privacy Policy.

Information We Collect

We may collect and process the following types of information:

  • Contact Information: such as name, email address, phone number, and company details.

  • Professional Information: including role, business affiliation, and service interests.

  • Website Usage Data: collected via cookies, analytics, and log files to improve site performance and security.

  • Service Engagement Data: records of consultancy enquiries, contracts, and compliance documentation.

What to Include in the Privacy Policy

We use personal data only for purposes that are legitimate and relevant to our services, including:

  • Providing ISO 27001 and Cyber Essentials+ consultancy, implementation, and certification services.

  • Responding to enquiries and managing client relationships.

  • Sending updates, newsletters, or industry insights (if you have opted in).

  • Conducting internal compliance, risk management, and audit readiness activities.

  • Meeting legal and regulatory obligations.

Data Sharing & Disclosure

We do not sell personal data. We may share information with:

  • Accredited certification bodies as required for ISO 27001 and Cyber Essentials+ assessments.

  • Service providers and partners who support our business operations (e.g. IT, hosting, or audit partners).

  • Regulators or authorities if legally required.

All third parties are contractually bound to maintain confidentiality and comply with data protection regulations.

Data Retention

We retain personal information only for as long as necessary:

  • Client project records: retained in accordance with certification and regulatory obligations.

  • Marketing subscriptions: retained until you unsubscribe.

  • Website analytics data: anonymised or deleted after defined retention periods.

Your Rights

  • We use cookies and similar technologies to improve website performance, analyse traffic, and enhance your experience. You can control cookie preferences through your browser settings.

Cookies

  • We use cookies and similar technologies to improve website performance, analyse traffic, and enhance your experience. You can control cookie preferences through your browser settings.

Data Security

  • We apply rigorous security measures aligned with ISO 27001 Annex A controls to protect personal data, including encryption, access control, monitoring, and secure data hosting.

bottom of page