PRIVACY

Who we are

Diagonal Thinking Ltd ("Diagonal Thinking", "we", "us", "our") is a UK company providing AI consultancy, training and workshops. Our registered office is in Manchester, United Kingdom. Companies House number 13397962. Our website is diagonalthinking.co.

We are the data controller for the personal information you share with us through this website, our forms, our mailing list, and any work we deliver for you. For data protection queries, contact us at phil@diagonalthinking.co.

What this notice covers

This notice explains what personal information we collect, why we collect it, how we use it, who we share it with, how long we keep it, and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We have written this in plain language. If anything is unclear, email phil@diagonalthinking.co and we will explain.

What information we collect

We collect personal information in three ways

1. You give it to us. When you fill in a form on our website (contact, webinar registration, paid course booking), subscribe to our mailing list, email us, or otherwise correspond with us. This typically includes your name, email address, company, job title or role, and any message content you share with us.

2. You pay us. When you book a paid product (for example our AI for Contractors course), our payment processor (Stripe) collects card details to process the transaction. We do not see or store your card details. We do see your name, billing email, billing address and amount paid.

3. You visit our website. We use a small set of analytics cookies to understand how the site is used. The website cookie banner explains which cookies are set, what they do, and how you can decline non-essential cookies.

We do not buy personal information from third-party data brokers.

Why we use your information

We use your information for the following purposes, with the legal basis named for each:

- To respond to your enquiry (contact form, direct email). Legal basis: legitimate interests in responding to people who have approached us, or consent.

- To deliver products or services you have booked (workshops, courses, consultancy). Legal basis: performance of a contract with you.

- To send invoices, course joining instructions and other transactional emails related to a product or service you have booked. Legal basis: performance of a contract.

- To send marketing emails about new products, events, and AI updates, only if you have ticked the marketing consent box on a form, or otherwise explicitly opted in. Legal basis: consent. You can withdraw consent at any time using the unsubscribe link in any marketing email, or by emailing phil@diagonalthinking.co.

- To comply with our legal and accounting obligations (HMRC, Companies House, VAT records). Legal basis: legal obligation.

- To understand and improve our website. Legal basis: legitimate interests in running an effective website.

We do not use your information for automated decision-making or profiling.

Who we share your information with

We share personal information with the following categories of third party. Each one acts as a data processor on our behalf and is bound by contract to handle your information only as we instruct.

- Supabase (database and authentication). Stores your form submissions, contact records and course booking records. Hosted in the European Union region for personal data.

- Mailchimp (email marketing). Stores your contact details if you have opted into our mailing list. Mailchimp is operated by Intuit Inc in the United States. We rely on Mailchimp's UK GDPR standard contractual clauses for the international transfer.

- Stripe (payment processing). Stores billing data for paid bookings. Stripe is operated by Stripe Payments UK Ltd in the United Kingdom, with parent in the United States. International transfer covered by UK GDPR standard contractual clauses.

- FreeAgent (accounting and invoicing). Stores invoice and customer records for our accounting purposes. UK-based.

- Resend (transactional email). Sends booking confirmations and course joining emails. US-based, UK GDPR standard contractual clauses.

- Vercel (website hosting). Hosts the website infrastructure. US-based, UK GDPR standard contractual clauses.

- Google Analytics 4 (website analytics). Aggregated visitor statistics only if you accept analytics cookies. US-based.

We may also disclose your information if we are legally required to do so (for example by a court order or HMRC) or if we sell the business (in which case the buyer would be bound by the same protections)

We do not sell or rent your personal information to anyone.

How long we keep your information

- Contact form enquiries: 24 months from your last interaction, unless you ask us to delete sooner.

- Mailing list subscribers: until you unsubscribe, or until we identify you as inactive for 24 months (at which point we will remove you).

- Paid course bookings and invoices: 7 years from the end of the relevant tax year (HMRC requirement).

- Workshop and course attendee lists: 24 months from the workshop date, unless you ask us to delete sooner.

When the period ends we delete or anonymise your personal information.

Where your information is processed

We process your personal information primarily in the United Kingdom and the European Union. Some of our processors (Mailchimp, Stripe, Resend, Vercel, Google Analytics) are based in the United States or transfer data to the United States. Where this is the case, we rely on UK GDPR standard contractual clauses to ensure your information is protected to UK standards.

If you have specific questions about international transfers, email phil@diagonalthinking.co.

Your rights

Under UK GDPR you have the following rights:

- Access. Request a copy of the personal information we hold about you.

- Rectification. Ask us to correct any information that is wrong.

- Erasure. Ask us to delete your information (this right has some limits where we are required to keep records by law, for example invoices).

- Restriction. Ask us to pause processing while we look into a complaint.

- Portability. Ask us to send your information to you, or to another organisation, in a portable digital format.

- Object. Object to processing based on legitimate interests, including direct marketing.

- Withdraw consent. If you previously consented to marketing or other optional processing, you can withdraw consent at any time.

To exercise any of these rights, email phil@diagonalthinking.co. We will respond within one calendar month.

You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or by phone on 0303 123 1113. We would always prefer that you raise concerns with us first so we can put things right.

Cookies

The cookies set on this website are listed in the cookie banner shown when you first visit. Essential cookies (required for the site to work) cannot be turned off. Analytics and marketing cookies are set only if you accept them.

Changes to this notice

We may update this notice from time to time. The "Last updated" date at the top tells you when the current version came into effect. If we make significant changes that affect how we use your information, we will tell you directly (for example by email if you are on our mailing list).

Contact

For any data protection question, email phil@diagonalthinking.co.

Diagonal Thinking Ltd

Manchester, United Kingdom