The purpose of this policy is to explain how we use your personally identifiable data and how you can determine its use. It should be considered in combination with the other policies that govern our processing of information i.e. the Website Terms of Use, Cookie and Data Protection Policies. 

Our priority in Breakthrough Partners is ensuring the that all information we hold remains confidential and is processed in compliance with the requirements of the UK Data Protection Act 1998, the EU Data Protection Directive (95/46/EC), the General Data Protection Regulation 2016 and the Data Protection Act 2018 and related rules and regulations, including the Privacy Shield as operated by the US Department of Commerce (the “Legislation”). 

As Breakthrough Partners website includes links to third party websites you can access these web-sites by clicking on these links. If you follow the links to these third party sites then the privacy policies of those web-sites will apply for the length of time that you access them. 

1. The Type of Information That We Collect

If you choose to provide us with you contact details during your use of the web-site then we will collect your name, place of work, address, contact number(s) and email addresses. All of this data will be held in compliance with our Data Protection Policy. 

2. Changing Your Details

Opting-in. Breakthrough Partners respects your preferences in terms of how we handle your data and will comply with all applicable legislation. Our policy in relation to outbound marketing communications in most circumstances is to require opt-in to receive marketing communications from us. These e-mails will always include an unsubscribe option which will automatically unsubscribe you from our marketing database. You can find this unsubscribe link at the bottom of Breakthrough Partners marketing emails.  

You can also send an e-mail to info@breakthrough-partners.com, putting OPT-OUT in the subject. 

 Please advise if there are additional e-mails or postal addresses that you wish to be opted out from in the body of the e-mail. 

Inaccurate Data. If your data is inaccurate or needs changing, please send an email to info@breakthrough-parthers.com, putting UPDATE in the subject including details of what  you would like to change and the justification for changing  

3. Related Policy Documents

This privacy policy documents should be read in conjunction with other policy documents which can be accessed on the links below: 

• Breakthrough Partners Website Terms of Use 

• Breakthrough Partners Cookie Policy 

• Breakthrough Partners Data Protection Policy 

1. Website Terms of Use

This document defines the Terms of Use for the breakthrough-partners.com website. Before using this website you should review our Privacy, Cookie and Data Protection Policies. By using breakthrough-partners.com you are deemed to accept these policies. 

As Breakthrough Partners’ website includes links to third party websites you can access these web-sites by clicking on these links. If you follow the links to these third party sites then the privacy policies of those web-sites will apply for the length of time that you access them. 

Any data you provide to breathrough-partners.com must fully comply with English Law and must not defame any third party. You are fully responsible for any data that you enter into our Website. 

2. Definitions and Interpretation

 “you”, ”your” and “yours” means the person(s), you, who are accessing this Website and any party that you are accessing on their behalf 

 “we”, “us” and “our” means Breakthrough Partners Limited. 

  “Website” means this website that you are currently on. 

 Breakthrough Partners Limited is registered in England under No. 11959961 with a registered office at 3 Furze Road, Maidenhead, England, SL6 7RY. 

3. Copyright, Intellectual Property and Trade Marks

This Website contains Intellectual Property and Trade Marks, belonging to, or licenced or authorised and acknowledged for the use by Breakthrough Partners unless otherwise noted. The content within the web-site is the copyright of Breakthrough Partners unless explicitly acknowledged as not being so. 

You may link to our web-site from other web-sites as long as these web-sites comply with English law and do not defame a third party. This link must, however, be removed on request from Breakthrough Partners. Any use outside what would be deemed as normal use of the web-site and its contents e.g. scaping data from the web-site, is not permitted. Any use of our Website and content derived from the web-site must also be appropriately acknowledged. Any content that is copied or extracted from the site must be your own personal i.e. non-commercial, use only or for use in evaluating products and services provided by Breakthrough Partners. 

Unauthorised use of this Website or any of the intellectual property rights held by Breakthrough Partners may give rise to an injunction and to a claim for damages and legal costs and may be a civil and/or criminal offence. 

If you believe or become aware of any material on this Website infringes your, or any other person’s, copyright, please report this by email to info@breakthrough-partners.com. 

4. Governing Laws

These Terms and Conditions will be governed by and construed in accordance with English law, and any disputes relating to these Terms of Use will be subject to the exclusive jurisdiction of the courts of England and Wales.  

1. Introduction

Breakthrough Partners is committed to protecting the rights and freedoms of individuals by safely and securely processing their data in accordance with all of our legal obligations.

We hold personal data about our employees, prospects, clients, suppliers and other individuals for a variety of business purposes.

This policy sets out how we seek to protect personal data and ensure that our staff understand the rules governing their use of the personal data to which they have access in the course of their work. In particular, this policy requires Breakthrough Partners staff to ensure that the Data Protection Officer (DPO) be consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.

2. Definitions

Term	Definition
Business purposes	The purposes for which personal data may be used by us: Personnel, administrative, financial, regulatory, payroll and business development purposes. ·        Compliance with our legal, regulatory and corporate governance obligations and good practice ·        Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or reques ·        Ensuring business policies are adhered to (such as policies covering email and internet use) ·        Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring and checking ·        Investigating complaints ·        Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments ·        Monitoring staff conduct, disciplinary matters ·        Marketing our business ·        Improving services
Personal data	‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data we gather may include: individuals' phone number, email address, educational background, financial and pay details, details of certificates and diplomas, education and skills, marital status, nationality, job title, and CV.
Data controller	‘Data controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by law.
Data processor	‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Processing	‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Supervisory authority	This is the national body responsible for data protection. The supervisory authority for our organisation is the UK Information Commissioners Office.

3. Scope

This policy applies to all Breakthrough Partners staff, who must be familiar with this policy and comply with its terms.

We may supplement or amend this policy by additional policies and guidelines from time to time. Any new or modified policy will be circulated to staff before being adopted.

Our Data Protection Officer (DPO) has overall responsibility for the day-to-day implementation of this policy. You should contact the DPO for further information about this policy if necessary. The Breakthrough Partners DPO can be contacted on info@breakthrough-partners.com.

4. The Principles

Breakthrough Partners shall comply with the principles of data protection (the Principles) enumerated in the EU General Data Protection Regulation. We will make every effort possible in everything we do to comply with these principles. The Principles are:

#	Principle	Meaning of Principle
1	Lawful, fair and transparent	Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used.
2	Limited for its purpose	Data can only be collected for a specific purpose.
3	Data minimisation	Any data collected must be necessary and not excessive for its purpose.
4	Accurate	The data we hold must be accurate and kept up to date.
5	Retention	We cannot store data longer than necessary.
6	Integrity and confidentiality	The data we hold must be kept safe and secure.

5. Our Procedures

Fair and Lawful Processing

Breakthrough Partners will process personal data fairly and lawfully in accordance with individuals’ rights under the first Principle. This generally means that we should not process personal data unless the individual whose details we are processing has consented to this happening.

If we cannot apply a lawful basis (as explained below), Breakthrough Partners will not process the personal data of any individual. We recognise that any processing that does occur where there is no consent or lawful basis will be deemed unlawful. It is recognised that Data subjects have the right to have any data unlawfully processed erased.

Controlling and Processing of Data

Breakthrough Partners is classified as a Data Controller. As such we maintain an appropriate registration with the Information Commissioners Office in order to continue lawfully controlling and processing data.

Lawful Basis for Processing Data

Breakthrough Partners will only process data if it has a lawful basis to do so. We will process data only when:

#	Basis	Explanation
1	Lawful, fair and transparent	Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used.
2	There is a Contract	The processing is necessary to fulfil or prepare a contract for the individual.
3	We have a Legal Obligation	We have a legal obligation to process the data (excluding a contract).
4	There are Vital Interests	Processing the data is necessary to protect a person’s life or in a medical situation.
5	It’s Necessary to Carry Out a Public Function	Processing necessary to carry out a public function, a task of public interest or the function has a clear basis in law.
6	There is Legitimate Interest	The processing is necessary for our legitimate interests. This condition does not apply if there is a good reason to protect the individual’s personal data which overrides the legitimate interest.

How We Decide Which Legal Basis Applies

When we make an assessment as to whether there is a lawful basis to process the data of an individual, we first establish if the processing is necessary. It is only deemed as necessary if there is not an alternative approach we could reasonably have taken to achieve the same purpose without processing the data. If we deem through this analysis that processing is necessary, we will make the decision as to whether we will process the data and under which legal basis this data will be processed by answering and documenting our answers to the following questions:

• What is the purpose for processing the data?
• Can it reasonably be done in a different way?
• Is there a choice as to whether or not to process the data?
• Who does the processing benefit?
• After selecting the lawful basis, is this the same as the lawful basis the data subject would expect?
• What is the impact of the processing on the individual?
• Are we in a position of power over them?
• Are they a vulnerable person?
• Would they be likely to object to the processing?
• Are you able to stop the processing at any time on request, and have you factored in how to do this?

 

Based on our commitment to the principle of Lawful, Fair and Transparent processing, we will ensure that we have documented the assessment of these questions, the decision we have made to process or not process the data, the logic that we have based this decision on and which lawful basis on which the decision to made (if the decision was made to proceed) to process the data. Breakthrough Partner’s recognises that it is our responsibility to ensure that individuals whose data is being processed by us are informed of the lawful basis for processing their data, as well as the intended purpose. In the case of personal data captured via our web-site, this is done at the point of entry of that personal data. Individual are presented with a disclaimer to acknowledge before the details are processed which conveys both the reason for collecting the data and the legal basis for on which data is processed. This applies whether we have collected the data directly from the individual, or from another source.

Special Categories of Personal Data

As a policy, Breakthrough Partners does not process special categories of Personal Data such as race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID

6. Our Responsibilities

Overall Responsibilities

In summary, Breakthrough Partners has the following responsibilities in relation to Data Protection:

• Analysing and documenting the type of personal data we hold;
• Checking procedures to ensure they cover all the rights of the individual;
• Identifying the lawful basis for processing data;
• Ensuring consent procedures are lawful;
• Implementing and reviewing procedures to detect, report and investigate personal data breaches;
• Storing data in safe and secure ways; and
• Assessing the risk that could be posed to individual rights and freedoms should data be compromised;

Specific Additional Responsibilities of the Breakthrough Partners’ Data Protection Officer

• Keeping the Breakthrough Partners board updated about data protection responsibilities, risks and issues;
• Reviewing all data protection procedures and policies on a regular basis;
• Arranging data protection training and advice for all staff members and those included in this policy;
• Answering questions on data protection from staff, board members and other stakeholders;
• Responding to individuals such as clients and employees who wish to know which data is being held on them by Breakthrough Partners; and
• Checking and approving with third parties that handle the company’s data any contracts or agreement regarding data processing.

Specific Additional Responsibilities of the Breakthrough Partners’ Chief Technical Officer

• Ensuring all systems, services, software and equipment meet acceptable security standards;
• Checking and scanning security hardware and software regularly to ensure it is functioning properly; and
• Researching third-party services, such as cloud services the company is considering using to store or process data.

Specific Additional Responsibilities of the Breakthrough Partners’ Marketing Manager

• Approving data protection statements attached to emails and other marketing copy;
• Addressing data protection queries from clients, target audiences or media outlets; and
• Coordinating with the DPO to ensure all marketing initiatives adhere to data protection laws and the company’s Data Protection Policy.

7. Accuracy and Relevance

Breakthrough Partners will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.

If you believe that Breakthrough partners holds information that is inaccurate please inform us by sending an e-mail to the DPO on info@breakthrough-partners.com. We target to review all requests to correct data we hold within 48 hours. Please supply some justification as to why the information is inaccurate.

8. Transferring Data Internationally

EU Data Protection Legislation (GDPR) requires that Personal Data must not be transferred to a country or territory outside the European Economic Area (i.e. the member states of the EU plus Iceland, Liechtenstein and Norway), unless that country or territory or organization ensures an adequate level of protection for the rights and freedoms of Data Subjects in relation to the Processing of Personal Data.

In accordance with this legislation Breakthrough Partners shall not transfer Personal Data to any country outside of the EEA without prior written consent from the individual, except for transfers to and from any country which has a valid adequacy decision from the European Commission.

9. Data Security and Sub-Processors

Breakthrough Partners will take every reasonable step to keep personal data secure against loss or misuse. The DPO with the support the Breakthrough Partners Board will ensure through internal procedures that that the following controls are enforced:

• Where Personally Identifiable Data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it;
• Printed Personally Identifiable Data will be shredded when it is no longer needed;
• Personally Identifiable Data stored on a computer will be protected by strong passwords that are changed regularly;
• Personally Identifiable Data stored on CDs or memory sticks will be encrypted or password protected and locked away securely when they are not being used;
• Personally Identifiable Data stored in the cloud will be stored only with vendors with ISO27001 or equivalent accreditation;
• Personally Identifiable Data will be regularly backed up to secure cloud storage in line with the company’s backup procedures;
• Personally Identifiable Data is never saved directly to mobile devices such as laptops, tablets or smartphones unless that data is encrypted at rest; and
• All services containing Personally Identifiable Data are protected by security software.

 

Where other organisations process personal data as a service on our behalf, the DPO will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third-party organisations.

Currently Breakthrough Partners uses a small number of data sub-processors and we have entered into written agreements with these sub-processors containing privacy, data protection, and data security obligations that provide a level of protection appropriate to their processing activities.

Specifically, Breakthrough Partners utilizes the services of the following sub-processors to process Personal Data as part of its marketing activities and to complete the necessary processing needed to provide its training and consulting services:

• Hubspot – Breakthrough Partners uses this marketing automation/CRM tool to deliver e-mail campaigns to clients, subscribers and other interested parties. Hubspot has the necessary provisions in place to be compliant with GDPR requirements and other data protection regulations. Read more at https://legal.hubspot.com/privacy-policy
• Microsoft 365 – Breakthrough Partners uses the Microsoft 365 suite of office applications to plan, prepare and deliver training and consulting services. Microsoft has the necessary provisions in place to be compliant with GDPR requirements and other data protection regulations. Read more at https://www.microsoft.com/en-gb/trust-center/privacy
• Calendly– Breakthrough Partners uses the appointment boking service offered by Calendly to schedule appointments with potential prospects. Calendly has the necessary provisions in place to be compliant with GDPR requirements and other data protection regulations. Read more at https://calendly.com/pages/privacy
• Klaxoon – Breakthrough Partners using Klaxoon’s digital whiteboard technology to facilitate the provision of training and consulting services to clients. Klaxoon has the necessary provisions in place to be compliant with GDPR requirements and other data protection regulations. Read more at https://klaxoon.com/solutions-trust-center
• Zapier– Breakthrough Partners utilises Zapier to connect the secure services of its sub-processors as required to complete the chain of processing. Zapier has the necessary provisions in place to be compliant with GDPR requirements and other data protection regulations. Read more at https://zapier.com/privacy/
• Stripe– Breakthrough Partners utilises Stripe to collect and process payments from clients. Stripe has the necessary provisions in place to be compliant with GDPR requirements and other data protection regulations. Read more at https://stripe.com/gb/privacy
• Xero– Breakthrough Partners utilises Xero to manage the billing of clients and track and report financial results. Xero has the necessary provisions in place to be compliant with GDPR requirements and other data protection regulations. Read more at https://www.xero.com/uk/about/terms1/privacy/

10. Rights of Individuals

Individuals have rights to their data which Breakthrough Partners will respect and comply with to the best of our ability. These rights are:

#	Right	What Breakthrough Partners Will Do:
1	Right to be Informed	·        Provide privacy notices which are concise, transparent, intelligible and easily accessible, free of charge, that are written in clear and plain language. ·        Keep a record of how we use personal data to demonstrate compliance with the need for accountability and transparency.
2	Right of Access	·        Enable individuals to access their personal data and supplementary information ·        Allow individuals to be aware of, and verify the lawfulness of, the processing activities
3	Right to Rectification	·        Rectify or amend the personal data of the individual if requested if it is inaccurate or incomplete within one month of the request. Right to Rectification Requests should be made in writing to info@breakthrough-partners.com
4	Right to Erasure	·        Delete or remove an individual’s data if requested and there is no compelling reason for its continued processing. Right to Erasure Requests should be made in writing to info@breakthrough-partners.com.
5	Right to Restrict Processing	·        Comply with any request to restrict, block, or otherwise suppress the processing of personal data. Right to Restrict Processing Requests should be made in writing to info@breakthrough-partners.com.
6	Right to Data Portability	·        Provide individuals with their data so that they can reuse it for their own purposes or across different services. Right to Data Portability Requests should be made in writing to info@breakthrough-partners.com. Data will be provided in in a commonly used, machine-readable format, and will be sent directly to another controller if requested.
7	Right to Object	·        Respect the right of an individual to object to data processing based on legitimate interest or the performance of a public interest task. ·        Respect the right of an individual to object to direct marketing, including profiling. ·        Respect the right of an individual to object to processing their data for scientific and historical research and statistics ·        Right to Object Requests should be made in writing to info@breakthrough-partners.com
8	Rights in Relation to Automated Decision Making and Profiling	·        Respect the rights of individuals in relation to automated decision making and profiling to object to such automated processing, have the rationale explained to them, and request human intervention. Right to Object Requests on the basis of Automated Decision making and Profiling should be made in writing to info@breakthrough-partners.com.

11. Audit and Enforcement

The Breakthrough partners DPO will define a schedule of regular data audits and will maintain a data register. This contains information on what data is held, where it is stored, how it is used, who is responsible and any further regulations or retention timescales that may be relevant.

All employees of Breakthrough partners will comply with this policy. The Breakthrough Partners DPO has overall responsibility for this policy. Breakthrough Partners will keep this policy under review and amend or change it as required. It is the responsibility of every employee to notify the DPO of any observed breaches of this policy.

Any breach of this policy, or of data protection laws, must be reported as soon as practically possible. This means as soon as you have become aware of a breach. Breakthrough Partners will comply with legal obligation to report any data breaches to the Information Commissioners Office.

 

 

Updated March 2025

1. What are Cookies?

Cookies are small bits of data that are transmitted from a website and stored in the browser of a person visiting a web-site. Cookies are sent back to the server and they provide details of a person’s previous interaction with the web-site. Cookies are typically used by web-sites to “remember” information that may be useful to web-site visitor e.g. the contents of a shopping cart or their history of previous logins. What Cookies are retained by the browser after the user has left the web-site is dependent on the configuration settings on the web browser. Further information on how your browser handles and manages cookies can be found in your browser’s privacy documentation. 

2. The Benefit of Cookies

Like most modern web-sites, the Breakthrough Partners’ website uses Cookies to help us to provide visitors with a better experience when using the site. 

We use Cookies to: 

• Prevent you having to login every time you visit the site; 

• Persist your settings as you use the site and when you come back to the site; 

• Enable you to share pages with social networks like Linkedin and Facebook; 

• Enhance the security and speed of the web-site; 

• Make it easier for you to access the features you want by personalising your experience; 

• Gather data anonymously that helps us to improve our website for you; 

• Increase the efficiency of our marketing to ensure we continue to provide value for money. 

We never use cookies to: 

• Collect any personally identifiable or sensitive information; 

• Pass data to advertising networks or third parties; 

• Calculate and/or pay sales incentives. 

3. Giving Us Permission to Use Cookies

When you first visit our web-site and your browser is configured to accept Cookies you will be asked via a pop-up if you accept the use of Cookies. If you choose not to accept the Cookies you can continue to use the site, but it is likely that the site may not function as you expect. 

4. Third Party and Social Media Cookies

Third Party Cookies 

Our web-site like many others embeds services provided by third parties. A typical example of such as service is embedded video. The following Third Party Services embedded within our web-site use Cookies: 

 Wistia – <a href="https://wistia.com/privacy" target="_blank">Privacy Policy</a> powers the embedded videos on our site. 

Google – <a href="https://policies.google.com/privacy" target="_blank">Privacy Policy</a> powers the analytical tools (Google Analytics) we use to understand the use of our web-site. 

 Not accepting these cookies will almost certainly degrade the services offered by these third parties. 

Social Media Cookies 

We use Social Media Cookies so you can more easily post and share our web-site content on social networks like Facebook, Linkedin and X. To make this easy we have included social buttons on our site. The relevant privacy policies of the social networks that use Cookies that we include sharing buttons for are detailed below: 

<a href="https://www.facebook.com/policy.php" target="_blank">Facebook Data Policy</a> 

 <a href="https://www.linkedin.com/legal/privacy-policy" target="_blank">LinkedIn Privacy Policy</a> 

  <a href="https://x.com/en/privacy" target="_blank">X Privacy Policy</a> 

Note, the implications for your personal privacy will vary depending on the settings you have configured on these networks. 

5. Removing Cookies from Your Browser

Cookies can typically be removed from your Browser via the configuration settings. All browsers provide a function to remove cookies, typically found under “Clear Browsing Data”. You can also usually restrict your browser from accepting cookies by changing your browser’s privacy settings. This will however likely erode the functionality of the web-sites that you use. 

6. Further Information

You can find further information about Cookies here: 

 <a href="https://en.wikipedia.org/wiki/HTTP_cookie" target="_blank">HTTP Cookie - Wikipedia</a> 

<a href="https://www.aboutcookies.org/" target="_blank">About Cookies</a> 

<a href="https://ico.org.uk/your-data-matters/online/cookies/" target="_blank">Cookie - Information Commissioner's Office</a>