Captain Thinking
Captain Thinking® Elevated Thinking. Grounded Decisions.
Captain Thinking® Legal

Data Protection Policy

How Captain Thinking® collects, uses, stores and protects personal data.

← Back to Captain Thinking

Effective Date: 21/07/2025
Last Updated: 21/07/2025

Captain Thinking Ltd. ("Captain Thinking", "we", "us", or "our") is committed to protecting personal data and ensuring that it is processed lawfully, fairly, and transparently in accordance with applicable data protection laws including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Data Protection Policy explains how we collect, use, store, and safeguard personal data when you interact with our website or services.

By accessing or using www.captainthinking.com or www.captainthinking.co.uk, you acknowledge that your personal data may be processed as described in this policy.

1. Data Controller

Captain Thinking Ltd. is the data controller responsible for determining how and why personal data is processed.

Contact details:

Captain Thinking Ltd.
Offices of ESDG
44 Royal Parade Mews
London
SE3 0TN
United Kingdom

Email: helpdesk@captainthinking.com

2. Personal Data We Collect

We may collect and process personal data when you interact with our website or services.

2.1 Personal Information

For users and customers this may include:

  • Name
  • Email address
  • Billing information
  • Postal address
  • Telephone number
  • Account login credentials

Where services involve children, data may include:

  • Name
  • Age or date of birth
  • Educational activity or progress information
  • Website usage information

2.2 Automatically Collected Information

We may automatically collect technical information including:

  • IP address
  • Device and browser type
  • Website usage statistics
  • Cookie data

2.3 User Generated Content

We may collect content submitted by users including feedback, comments, reviews, or messages sent through the website.

3. How We Use Personal Data

Personal data may be used for the following purposes:

  • Providing requested services or digital content
  • Managing user accounts
  • Processing transactions
  • Improving website functionality and user experience
  • Communicating service updates or support responses
  • Sending marketing communications where consent has been given
  • Meeting legal and regulatory obligations
  • Preventing fraud or misuse of services

4. Legal Basis for Processing

Under UK GDPR we rely on one or more of the following lawful bases:

  • Consent — where you have given clear consent for specific processing
  • Contract — where processing is necessary to deliver requested services
  • Legal obligation — where processing is required to comply with law
  • Legitimate interests — where processing is necessary for business operations provided those interests do not override your rights

5. Sharing Personal Data

We do not sell personal data.

However we may share data with trusted service providers who support the operation of our services such as:

  • Payment processors
  • Hosting providers
  • Email service providers
  • Technical support services

These providers process data only under our instructions and must maintain appropriate security measures.

We may also disclose information where required by law or regulatory authorities.

6. International Data Transfers

Some service providers may process personal data outside the United Kingdom. Where this occurs we ensure appropriate safeguards are in place, such as contractual protections or equivalent legal mechanisms to ensure personal data remains protected.

7. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including meeting legal, regulatory, accounting, or reporting requirements.

Where possible, data will be securely deleted or anonymised once it is no longer required.

8. Your Data Protection Rights

Under UK GDPR individuals have the following rights:

  • Right of access to personal data
  • Right to correct inaccurate data
  • Right to request erasure of personal data
  • Right to restrict processing
  • Right to data portability
  • Right to object to certain types of processing
  • Right to withdraw consent where processing is based on consent

You may also lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data has been processed unlawfully.

9. Data Security

We implement reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, or alteration.

These measures may include secure hosting environments, controlled access to systems, and encryption where appropriate.

However, no internet-based service can guarantee absolute security.

10. Children’s Data Protection

Where services involve children, we take additional steps to ensure that personal data is handled responsibly and in accordance with applicable child protection and data protection laws.

Where required, personal data relating to children will only be processed with the involvement or consent of a parent or legal guardian.

11. Policy Updates

We may update this Data Protection Policy from time to time to reflect changes in legal requirements or operational practices. The latest version will always be published on this page.

12. Contact

If you have any questions about this policy or how your personal data is handled, please contact:

Captain Thinking Ltd.
Offices of ESDG
44 Royal Parade Mews
London
SE3 0TN
United Kingdom

Email: helpdesk@captainthinking.com