top of page

Privacy policy

Who are we?

This Privacy Policy explains how Thrum Leadership Ltd (“we”, “our”, “us”) collects, uses, and protects your personal information.

Company name: Thrum Leadership Ltd
Registered office: 319 Block H Castle Mill, Roger Dudman Way, Oxford, Oxfordshire, England, OX1 1GF
Company number: 13116938


Contact email for privacy enquiries: matthew.bryon@thrumleadership.com

We act as an independent Data Controller for the purposes of UK data protection law.

What data do we collect?

The data we collect depends on how you interact with us. It may include the following.

Contact and professional information

  • Name

  • Email address

  • Phone number

  • Job title

  • Organisation

Programme and application data

  • Information submitted when applying for a programme or workshop

  • Your rationale for applying

  • Professional background and experience

  • Information provided by your organisation if you were nominated

Programme participation information

  • Attendance at programmes, workshops, coaching sessions, or webinars

  • Engagement data such as polls, questions, feedback forms, evaluations

  • Outputs you create during learning activities such as project summaries or reflections

Pseudonymised identifiers used for evaluation matching

Some evaluation surveys ask for simple identifiers to allow pre and post responses to be matched. These may include:

  • Month of birth

  • First letter of your mother’s first name

  • First digits of your mobile number

These identifiers do not make you anonymous. They are used only for matching your responses over time and are deleted once matching is complete.

Evaluation and behavioural development information

Depending on the programme, we may collect:

  • Leadership confidence ratings

  • Knowledge and skills assessments

  • Team functioning and culture measures

  • Speaking up or psychological safety measures

  • Behavioural frequency scales

  • Job satisfaction and turnover intention questions

  • Reflections on workplace culture and team dynamics

  • Your expectations of the programme and what success looks like for you

Demographic and EDI information (special category data, always optional)

Some evaluations include voluntary demographic questions to help us understand how experiences differ across groups and to support inclusive practice. These may include:

  • Gender identity

  • Whether you identify with the gender assigned at birth

  • Sexual orientation

  • Disability or long-term health conditions

  • Nature of health conditions

  • Religion or belief

  • Ethnicity

  • Socio-economic background indicators such as the occupation of the main household earner when you were aged about 14

  • Year of birth

Providing demographic information is always optional. Special category data is processed only with your explicit consent and is analysed in aggregate.

Website and technical data

  • IP address

  • Device and browser information

  • Cookies and usage analytics through our website or platforms we use

How do we collect your data?

We collect data:

  • Directly from you when you apply, register, or contact us

  • Automatically through cookies or analytics tools

  • From partner organisations when they nominate individuals or co-deliver programmes

  • Through platforms used to deliver programmes, coaching, or webinars

Why do we use your data?

We process personal data only when we have a lawful basis under UK GDPR.

Contractual necessity

To deliver programmes, coaching, workshops, and related services you have enrolled in.

Legitimate interests

To administer applications, shortlist and select participants, run and evaluate programmes, improve our content and delivery, analyse engagement, and communicate with participants. We ensure our interests do not override your rights.

Explicit consent

Required only for:

  • Optional marketing communications

  • Collection of special category demographic data

  • Non-essential cookies

Legal obligations

Where required by law, for example for audit or financial compliance.

How do we use your data?

We may use your personal data to:

 

  • Administer programme and workshop applications

  • Deliver learning programmes, coaching, and related services

  • Communicate before, during, and after events

  • Provide learning materials, follow-up resources, or recordings

  • Analyse and evaluate programme impact

  • Improve programme quality and participant experience

  • Notify you of future cohorts if you have applied previously

  • Meet our legal and contractual obligations

Evaluation data is analysed in aggregate. Individual responses are not used for assessment or selection.

Sharing your data

We do not sell your personal data.

  • We may share data with the following:

  • Trusted delivery partners when programmes are co-delivered

  • Service providers such as webinar platforms, analytics platforms, email systems, or storage providers

  • Regulatory bodies or authorities when legally required

When sharing data with partners, each organisation acts as an independent Data Controller. Any data transferred outside the UK or EEA is protected by appropriate safeguards.

Retention of data

We keep your personal data only as long as necessary for the purposes it was collected.

Typical retention periods are:

  • Programme and workshop application data, including unsuccessful applicants: up to one year to allow notification of future cohorts

  • Programme participation data and coaching records: up to five years

  • Evaluation data and pseudonymised identifiers: up to two years after programme end, then securely deleted or anonymised

  • Special category demographic data: retained only for the time needed to produce aggregated evaluation statistics, then deleted or fully anonymised

  • Webinar registrations and attendance: up to two years

  • Marketing data: until you withdraw consent

  • Contract and financial records: up to six years as required by law

After the retention period ends, data is securely deleted.

Your rights

Under UK GDPR you have the right to:

 

  • Access the personal data we hold about you

  • Request correction or deletion of your data

  • Restrict or object to our processing

  • Withdraw consent (where processing is based on consent)

  • Request transfer of your data to another provider

  • Complain to the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint

Data security

We use secure, encrypted systems for storing and transferring personal data. Access is restricted to staff who need it to deliver our services. We take reasonable steps to protect personal information from loss, misuse, unauthorised access, or disclosure.

Updates to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

Contact details for privacy enquiries

If you have any questions about this Privacy Policy or how we process your data, please contact us at: matthew.bryon@thrumleadership.com

bottom of page