Privacy Policy

This Privacy Policy intends to provide you with all relevant information in relation to the collection and processing of personal data relating to you which may be collected by Expert Thinking (Consulting) Limited (“we”, “us”, “our” or “Expert Thinking”).

By “personal data” we mean all data relating to a living individual who can be identified from that data. Identification maybe by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).

We may need to update this notice from time to time. Should there be any substantial changes, we will let you know by email.

Who we are

Expert Thinking is a cloud technology consultancy, working with its customers to maximise value and benefit from their investment in cloud technology. We have offices in Canterbury but operate across the UK. Expert Thinking is the data controller. This means it decides how personal data is processed and for what purposes.

We have adopted this Privacy Policy to best safeguard personal data and provide a transparent overview of how we handle personal data. Expert Thinking complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

How we collect information about you

We collect personal data each time you are in contact with us, for example, when you:

  • Visit our website
  • Provide your contact details, either in writing or orally to Expert Thinking personnel
  • Communicate with Expert Thinking by means such as email, letter, telephone, meeting, video conference call, via social media platforms, etc.

We also collect some personal data automatically when you visit the website (e.g. your IP address) to enable us to provide you with a browsing experience more tailored to your individual needs through using cookies or gives us a better understanding of how you are using our services.

Personal data may also be given to us from trusted third parties (e.g. our partners). Personal data passed onto us in this way is only ever used to provide you with the services you have requested. We may sometimes pass on your personal data to our partners if we cannot offer you the services you have requested but believe they can assist you.

Why do we collect and use your information?

We will use the personal data we collect for the purpose disclosed at the time of collection or otherwise as set out in this Privacy Policy. We will not use your personal data for any other purpose without first seeking your consent unless authorised or required by law. Generally, we will only process your personal data to:
Communicate with you, for example:

  • Provide information you request on our services and solutions or those of our partners.
  • Respond to enquiries received via our website or social media.
  • Provide relevant marketing communications.
  • Keep you informed of relevant news, updates or services.
  • To support you, for example:
    • Resolve any issues you may have when using our website
    • To successfully deliver our services and solutions, for example:
    • We may pass on personal data to approved contractors or subcontractors who are involved in the supply or services
    • To fulfil our remit as a technology consultancy

The legal basis for processing your personal data

Consent: We hold personal data with the consent of the data subject, for example, when signing up to receive our newsletter or entering into an agreement for the supply of services

Legitimate interests: We hold personal data within the legitimate interests of the business, for example, contacting you to provide relevant marketing communications or processing IP addresses in Google Analytics to help us better understand how customers use our website

Legal obligations: Where processing is necessary for performing our legal obligations under appropriate laws

Who sees your personal data / storing your personal data

Personal data is held securely on computers and servers within the EEA or EU. It is kept strictly confidential and is never sold, given away or otherwise shared with anyone (with the exceptions stated below) unless required by law. We store the majority of personal data in the cloud with access limited to specific relevant personnel. Where possible, personal data is encrypted during transit and at rest. We will not sell or pass any of your personal data to any other third parties without your express written permission, with the following exceptions:

  • By providing us with your personal data you are giving Expert Thinking permission to transfer your personal data to our service providers including CRM software, such as Zoho and HubSpot, which enable us to provide the best service to our customers.
  • By entering into an agreement with us for the supply of services we may share your personal data with third parties for the purposes of invoicing, accounting and project management, such as Xero and Harvest, and we may also pass on your personal data to third parties to formally agree work to be undertaken with you, such as DocuSign
  • To show accountability under GDPR and ensure the security of personal data, it is necessary to back up our data in the cloud for which we primarily use Microsoft SharePoint.
  • Personal data may also be passed onto our website provider, Monster Insights and Google Analytics for the purposes of analysing the flow of traffic or managing our domain.
  • Approved contractors and subcontractors involved in the supply of services may also see your personal data in the supply of the services.

Where such personal data is shared, your personal data is restricted to the purpose for which it is provided and we ensure it is stored securely and kept no longer than necessary.

The categories of information that we may collect, hold or share

Personal data (such as name, telephone number, email address, IP address, location etc.)

Special category (sensitive) personal data

We may in some cases store special category (sensitive) personal data which can be defined as biometric data, genetic data, mental health, philosophical view or associations, physical health, political views or associations, racial or ethnic background, religious views or associations, sex life, sexual orientation or trade union membership.

Special category personal data will only ever be collected with your consent and only if there is a legitimate, lawful reason for its collection as well as meeting a specific condition outlined in Article 9 of the GDPR.

Retention periods

We hold your data for varying lengths of time depending on the type of information in question but in doing so always comply with GDPR.

We conduct annual checks to ensure that the personal data we are holding is accurate and that you agree to us holding it. If you would like to know specific retention periods please refer to the Retention Periods Policy which can be requested by email to

Keeping your personal data up-to-date

Please tell us as soon as any of your personal data change so that we can keep our records up to date. You can change the way we contact you or the kind of material we send you at any time by contacting us by email to

Requesting access to your personal data

You can request access to the personal data that we hold about you by emailing We will provide you with access to your personal data within 30 days unless we are legally authorised to refuse your request. We may refuse your request to access, amend or delete your personal data in certain circumstances. If we do refuse your request, we will provide you with a reason for our decision and, in the case of amendment, we will note with your personal data that you have disputed its accuracy.

Your rights under GDPR

  • The right to request a copy of your personal data which Expert-Thinking holds about you
  • The right to request that Expert Thinking corrects any personal data if it is found to be inaccurate or out of date
  • The right to request your personal data is erased where it is no longer necessary for Expert Thinking to retain such personal data
  • The right to withdraw your consent to the processing of personal data at any time
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability)
  • The right, where there is a dispute concerning the accuracy or processing of your personal data, to request a restriction is placed on further processing
  • The right to object to the processing of personal data
  • The right to lodge a complaint with the Information Commissioners Office (ICO)


Expert Thinking will take reasonable steps to keep secure any personal data, which we hold and to keep this personal data accurate and up to date. Personal data, held electronically, is stored in a secure server or secure files with restricted access and careful monitoring.

The Internet is not a secure method of transmitting information. Accordingly, we cannot accept responsibility for the security of information you send to or receive from us over the Internet or for any unauthorised access or use of that information. We take security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. Your personal data will be held for a reasonable period or as long as the law requires or permits.

Cookies Policy

Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser.

These cookies help us make the website function properly, make the website more secure, provide better user experience, and understand how the website performs and to analyse what works and where it needs improvement.

For more information on what cookies are and how we use them, see our Cookies Policy.


Our website may also include links to other websites. Links provided are for your convenience to provide further information such as LinkedIn, Twitter and our partners’ websites. Please look at the cookie and privacy policies on these third-party sites if you want more information about this. Users of our website click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links.


Any documents or files made available to download from our website are provided at users’ own risk

Further processing

If we wish to use your personal data for a new purpose, not covered by this Privacy Policy, then we will provide you with a notice explaining this new use before commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Changes to this privacy policy

Expert Thinking (Consulting) Limited may amend this Privacy Policy from time to time to ensure compliance with changes or amendments to the law of the UK. Any amended version will be available on our website or upon request by email to We suggest that you visit our website regularly to keep up to date with any changes.

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at

For further information on how your personal data is used, how we maintain the security of your personal data, and your rights to access personal data we hold on you please email