Data Protection Policy
The following case studies demonstrate our methodology and results. Details have been anonymised because protecting your story matters more than promoting ours.
Our commitment to your privacy
Confidentiality isn’t just a legal requirement for us—it’s the foundation of everything we do. When you’re considering selling your life’s work, you need to know that your information is protected with absolute discretion. This policy explains exactly how we collect, use, and safeguard your personal data.
This policy applies to information collected through our website, consultation process, and all communications with Thornycroft Consultancy.
Who we are
Thornycroft Consultancy is an M&A advisory firm specialising in helping UK SME owners prepare for and execute business exits.
Data controller: Thornycroft Consultancy Ltd
Contact: mike.clancy@thornycroft-consultancy.co.uk
Address: Thornycroft House, Bakers Lane, Chilcompton, Somerset, BA3 4EW
For any questions about this policy or how we handle your data, please contact us using the details above.
What information we collect
Information you provide directly
When you contact us or engage our services, we collect:
- Contact details: Name, email address, phone number, company name
- Business information: Industry sector, company size, approximate turnover, business challenges
- Professional background: Your role, experience, and specific objectives
- Communication records: Correspondence via email, phone, or in-person meetings
We only collect information that’s necessary for us to understand your situation and provide relevant advice.
Information collected automatically
When you visit our website, we collect:
- Technical data: IP address, browser type, device information, operating system
- Usage data: Pages visited, time spent on pages, links clicked, referring website
- Analytics data: This is collected via Google Analytics (see Cookies section below)
How we use your information
We use your personal data to:
- Provide our services: Assess your business readiness, develop exit strategies, manage the transaction process
- Communicate with you: Respond to enquiries, provide updates, share relevant insights
- Improve our service: Understand how clients find us and what information they need
- Comply with legal obligations: Maintain records as required by law and professional standards
- Protect our legitimate interests: Prevent fraud, ensure network security, manage business operations
We will never use your information for unsolicited marketing. If we believe a particular insight or resource would be valuable to you based on our conversations, we’ll ask your permission first.
Legal basis for processing
Under UK data protection law, we must have a legal basis to process your personal data. We rely on:
- Legitimate interests: Providing M&A advisory services and managing our business operations
- Contract performance: When you engage us formally, we process data to fulfil our contractual obligations
- Legal obligation: Where we’re required to retain information for regulatory or legal purposes
- Consent: For certain communications or uses, we’ll ask for your explicit consent
Who we share your information with
Due to the confidential nature of M&A transactions, we share information only when absolutely necessary:
Our team
Your information is shared with members of our team who need it to provide your service. This includes Hayley, our Executive Assistant, who handles confidential documentation and coordinates due diligence processes.
Professional advisers
When working on your transaction, we may need to share relevant information with:
- Legal advisers
- Accountants and tax specialists
- Independent experts or consultants
We ensure all parties are bound by strict confidentiality agreements.
Third-party service providers
We use Google Analytics to understand how our website is used. Google processes usage data in accordance with their privacy policy. We’ve configured Analytics to anonymise IP addresses.
Legal requirements
We may disclose information if required by law, court order, or to protect our legal rights.
Important: We will never share your business information with potential buyers or other parties without your explicit permission and a formal confidentiality agreement in place.
How we protect your data
We take data security seriously. Our measures include:
- Encryption: Email communications and file transfers are encrypted
- Access controls: Limited access on a need-to-know basis only
- Secure storage: Physical documents stored securely; digital files protected by passwords and encryption
- Regular reviews: We regularly assess our security practices
- Confidentiality training: Our team is trained in handling sensitive business information
- Non-disclosure agreements: All team members and advisers sign comprehensive NDAs
Whilst we implement robust security measures, no method of transmission over the internet is 100% secure. We’ll notify you promptly if we become aware of any security breach affecting your data.
Your rights
Under UK data protection law, you have the right to:
- Access: Request a copy of the personal data we hold about you
- Rectification: Correct inaccurate or incomplete information
- Erasure: Request deletion of your data (subject to legal retention requirements)
- Restriction: Limit how we process your data in certain circumstances
- Portability: Receive your data in a structured, commonly used format
- Object: Object to processing based on legitimate interests
- Withdraw consent: Where we rely on consent, you can withdraw it at any time
To exercise any of these rights, contact us at mike.clancy@thornycroft-consultancy.co.uk. We’ll respond within one month.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you’re unhappy with how we’ve handled your data.
How long we keep your data
We retain your personal data only for as long as necessary:
- Enquiry information: 2 years if you don’t proceed with our services
- Client information: 7 years after completion of services (to meet professional and legal requirements)
- Marketing communications: Until you unsubscribe or request removal
- Website analytics: 26 months (Google Analytics default setting)
These retention periods allow us to comply with legal obligations, resolve disputes, and maintain professional standards.
Cookies and analytics
What are cookies?
Cookies are small text files stored on your device when you visit a website. They help us understand how you use our site.
How we use cookies
We use Google Analytics to collect anonymised information about:
- Pages visited and time spent on site
- How visitors navigate through the site
- General location (country/city level only)
- Device and browser type
This helps us improve the website and understand what information is most valuable to visitors.
Your choices
You can control cookies through your browser settings. Most browsers allow you to:
- See what cookies are stored and delete them individually
- Block third-party cookies
- Block all cookies
- Delete all cookies when you close your browser
Note that disabling cookies may affect website functionality. Google Analytics can be opted out using the Google Analytics Opt-out Browser Add-on.
International transfers
Changes to this policy
We may update this policy periodically to reflect changes in our practices or legal requirements. We’ll notify you of any significant changes by email or by posting a notice on our website.
The “last updated” date at the top of this policy shows when it was most recently revised.
Children's privacy
Our services are designed for business owners and we don’t knowingly collect information from individuals under 18.
Contact us
If you have questions about this policy or how we handle your data, please contact:
Thornycroft Consultancy Ltd
Email: mike.clancy@thornycroft-consultancy.co.uk
Phone: 01761 202005
Address: Thornycroft House, Bakers Lane, Chilcompton, Somerset, BA3 4EW
For data protection concerns specifically, you can also contact the Information Commissioner’s Office:
- Website: ico.org.uk
- Helpline: 0303 123 1113
Remember: Our entire business is built on discretion. We understand that your enquiry alone is confidential information. Every conversation, every document, every piece of data is protected with the same rigour we bring to managing your business exit. That’s not just our legal obligation—it’s our professional foundation.