Privacy Policy

Lats updated: March 31st 2025

The Legal Bits

From basic contact details to confidential business information, this section explains how we look after your information when working with you. We'll keep this updated, and if you're a client, we'll notify you directly of any significant changes.

Who We Are

This privacy policy relates to Sure Thing Limited, registered in England & Wales with company number 16207531 and registered address at 18 Margaret Street, Brighton, England, BN2 1TS


We are registered with the Information Commissioner's Office. Our registration number will be added here once received.

Our Role: Controller vs Processor

For our own business operations (recruitment, finances, insurance, operating this website and legal obligations), we are a Data Controller. We maintain basic contact details of clients and prospective clients for these purposes.

When providing virtual support and operational partnership services to you, we are a Data Processor. When you engage with us, we'll put in place a Data Processing Agreement outlining how we will handle your data in this capacity.

What Information Do We Have?

To work with you, we may have the following information depending on how we're working together:

  • Personal data about you or your staff

  • Personal data about your customers/clients

  • Business confidential data

  • Operational confidential data

Wherever possible, we keep data in electronic form. Physical copies are discouraged, but when necessary, they're handled with similar high standards.

Note: When you pay invoices, we do not collect or store your payment information directly. This is either stored with you (if you pay via bank transfer) or with the online payment system being used.

Why Do We Use Your Information?

We need to use your information to:

  • Contact you and discuss our services (with your consent or as part of our contract)

  • Work with you to support your business operations as part of our contract

  • Send you promotional material with your consent, including blog posts and newsletters

  • Fulfill our own legal and accounting obligations

  • Process payments for products and services as part of our contract

  • Provide references for future client work (with your consent)

Where We Store Your Information

We ensure that information is kept within the United Kingdom or the European Economic Area wherever possible. However, we do use some systems that store data internationally. All such systems comply with UK data protection requirements through appropriate safeguards.

Our key systems include:

  • Xero (Accounting) - Data stored in multiple regions with appropriate safeguards

  • Google Drive & Google Workspace (Document management and email) - Data may be stored globally with EU-US Data Privacy Framework protections

  • Slack (Communication) - Data stored in the US with appropriate safeguards

  • Productive (Project management) - Data stored in the EU

  • Squarespace (Website) - Data stored in the US with appropriate safeguards

How Long Do We Keep Your Information?

We keep your information for as short a time as necessary:

  • Client data where you're the Data Controller: For as long as you require

  • General correspondence: 1 month from creation

  • Contracts: 7 years from contract end

  • Accounting information: 6 years from accounting year end

  • Marketing subscription data: Until you unsubscribe, when it will be automatically deleted

At the end of our service or when a specific project finishes, we return all data to you.

Are We Doing Anything Complex With Your Information?

No. Your information is not used for analytical or machine learning purposes. The tools we use to run our company and deliver services are straightforward business applications. If this ever changes, we will consult you beforehand.

How Do We Protect Your Information?

We deploy several measures to protect data in our care, including:

  • Strong password policies

  • Two-factor authentication on key systems

  • Encryption of devices

  • Contracts with third parties

  • Regular security reviews

  • Clear policies and staff training

  • Access controls (internal and external)

Who Has Access to Your Data?

Only Sure Thing Limited employees have routine access to your data. For IT maintenance, accounting, and similar purposes, trusted third parties may occasionally access your information.

We do not share your information with other organizations unless:

  • You require us to do so

  • You have provided consent

  • We are required to do so under UK law

What Systems Do We Use?

We often use the systems you already have in place. Where you have no suitable system, we may use our own tools to deliver our services. Here are the main tools we use:

  • Accounting: Xero

  • Document Management: Google Drive

  • Communication and information storage: Slack

  • Project Management: Productive

  • Email: Google Workspace

  • Website: Squarespace

Your Rights

You have several rights regarding your personal data, depending on what the data is and why we're holding it:

  • Right to be informed about how we use your data

  • Right of access to see what data we hold about you

  • Right to rectification if your data is inaccurate

  • Right to erasure in certain circumstances

  • Right to restrict processing in certain circumstances

  • Right to data portability in certain circumstances

  • Right to object to how we use your data

  • Rights related to automated decision making and profiling

Where we are a Data Processor of your information, our contract with you will outline your rights over the data we process and how we will assist you with those rights.

To exercise any of these rights, please contact us at admin@sure-thing.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you're concerned about how we handle your information. Contact the ICO at www.ico.org.uk, casework@ico.org.uk, or 0303 123 1113.

Cookies

Our website uses cookies for basic functionality and, with your consent, for analytics:

Necessary cookies help make the website usable by enabling basic functions like page navigation and access to secure areas of the website. These cookies do not require your consent as the website cannot function properly without them.

Statistics cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. These cookies are only placed if you provide consent.

For more details about the specific cookies we use, please see our Cookie Policy.

Getting in Touch

If you have any questions or concerns about how we handle your information, please contact us at admin@sure-thing.co.uk.

Sure Thing Limited does not have a Data Protection Officer as we do not meet the criteria for requiring one. However, we take data protection seriously and receive professional advice on data protection and cyber security matters.