Privacy Policy

Last Updated: April 29, 2025

1. Introduction

Welcome to Creating Possibilities Limited (“we,” “our,” or “us”), an insight and innovation consultancy based in the United Kingdom. We are committed to protecting and respecting your privacy and ensuring that your personal data is handled in accordance with the UK Data Protection Act 2018, the UK GDPR, and other applicable privacy laws.

This Privacy Policy explains how we collect, use, store, and protect personal data when you engage with our services, visit our website, or otherwise interact with us. Please read this policy carefully to understand our practices regarding your personal data.

2. Who We Are

Creating Possibilities Limited is a data controller registered with the Information Commissioner’s Office (ICO) under registration number 14041881.

Contact Details:

  • Address: 29 Durnsford Avenue, LONDON, SW19 8BH
  • Email: privacy@creatingpossibilities.co.uk
  • Phone: 0207 873 2481
  • Data Protection Officer: The Data Protection Team

3. Personal Data We Collect

We may collect the following types of personal data:

3.1 Data you provide to us:

  • Identity and contact information (name, email address, phone number, job title, employer)
  • Professional background information
  • Feedback, opinions, and insights shared during research activities
  • Account information for our services
  • Marketing preferences

3.2 Data we collect automatically:

  • Technical data (IP address, browser type, device information)
  • Usage data (how you use our website and services)
  • Cookies and similar technologies (see our separate Cookie Policy)

3.3 Data we receive from third parties:

  • Contact information from publicly available sources
  • Professional information from business partners or clients
  • Information from social media platforms where you have made this public

4. How We Use Your Personal Data

We use your personal data for the following purposes:

4.1 Service Provision

  • To provide our consultancy, insight, and innovation services
  • To manage our relationship with you and communicate effectively
  • To fulfill our contractual obligations

4.2 Legitimate Business Interests

  • To develop and improve our services
  • To conduct market research and analysis
  • To maintain records and administer our business
  • For network and information security

4.3 With Your Consent

  • To send you marketing communications about our services
  • To use your data for specific research projects (where applicable)
  • To process special category data (if relevant)

4.4 Legal Obligations

  • To comply with legal and regulatory requirements
  • For tax and accounting purposes

5. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Contract: Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract
  • Legitimate Interest: Processing necessary for our legitimate interests, provided these interests don’t override your fundamental rights and freedoms
  • Consent: Processing based on your specific consent
  • Legal Obligation: Processing necessary to comply with our legal obligations

6. Data Sharing and Recipients

We may share your personal data with:

6.1 Internal Recipients

  • Our employees who need access to your data to perform their duties

6.2 External Recipients

  • Service providers and processors acting on our behalf (e.g., IT service providers, cloud storage providers, market research partners)
  • Professional advisers (e.g., lawyers, accountants, auditors)
  • Regulatory authorities, government bodies, and law enforcement agencies when required by law

We ensure that all third parties who process data on our behalf provide sufficient guarantees to implement appropriate technical and organizational measures to ensure the security of your data.

7. International Transfers

We primarily store and process your personal data within the United Kingdom and the European Economic Area (EEA). However, in cases where we need to transfer your data outside the UK or EEA, we will ensure that:

  • The country has been deemed to provide an adequate level of protection by the UK government
  • Specific approved contracts, standard contractual clauses, or certification mechanisms are in place
  • We have obtained your explicit consent for the transfer, where required

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting requirements. Retention periods vary depending on the type of data and purpose of processing:

  • Client services data: 7 years after the end of our business relationship
  • Marketing data: 3 years after your last interaction with us
  • Website usage data: 13 months

Once personal data is no longer needed, we securely delete or anonymize it.

9. Your Rights

Under UK data protection law, you have the following rights:

  • Right to be informed about how we use your personal data
  • Right of access to your personal data
  • Right to rectification if your personal data is inaccurate or incomplete
  • Right to erasure (“right to be forgotten”) in certain circumstances
  • Right to restrict processing in certain circumstances
  • Right to data portability allowing you to obtain and reuse your data
  • Right to object to certain processing, including direct marketing
  • Rights related to automated decision making and profiling

To exercise any of these rights, please contact us using the details provided in Section 2. We will respond to your request within one month. You will not have to pay a fee to access your personal data or exercise your rights, except in cases where requests are clearly unfounded, repetitive, or excessive.

10. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of security measures
  • Restricted access to personal data
  • Staff training on data protection
  • Secure business premises and systems

11. Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) without undue delay and within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

12. Marketing Communications

We may send you marketing communications if you have:

  • Requested information from us
  • Used our services
  • Provided us with your details and opted in to receive marketing communications

You can opt out of receiving marketing communications from us at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Contacting us using the details in Section 2

13. Cookies and Similar Technologies

Our website uses cookies and similar technologies to distinguish you from other users, improve your browsing experience, and provide us with information about how our website is used. For detailed information about how we use cookies, please see our Cookie Policy [LINK].

14. Children’s Privacy

Our services are not intended for children under 16 years of age, and we do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without appropriate consent, please contact us immediately.

15. Third-Party Links

Our website and communications may contain links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. We encourage you to read the privacy policy of every website you visit.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The most current version will always be available on our website, and significant changes will be communicated to you where possible. We encourage you to review this Privacy Policy periodically.

17. Complaints

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues:

Information Commissioner’s Office

  • Website: www.ico.org.uk
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Telephone: 0303 123 1113

18. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us using the details provided in Section 2.

This policy was last updated on April 29, 2025.