Privacy Policy

Last updated: 01 October 2025

This Privacy Policy explains how Turn Heads Global Ltd ("we", "us", or "our") collects and uses personal information when you visit our websites, purchase services (including “buy a consultation” online), interact with our content, or otherwise communicate with us.

1) Supplier Identification (Controller)

Legal entity: Turn Heads Global Ltd
Company number: 16537569
Registered office: 15 Foxfield Close, Northwood, England, HA6 3NU
Trading names: Turn Heads Global
Email: pr@turnheads.global

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller of personal information described in this notice, unless stated otherwise. If we act as a processor on behalf of a client, we do so under their instructions and separate contract terms.

If you are located in the EEA, we may appoint an EU representative as required by Article 27 GDPR. See Section 13.

2) Scope

This notice applies to:

  • Our websites (www.turnheads.global) and landing pages (the “Sites”).
  • Our online store for consultations and service packages.
  • Scheduling, video meeting links, and client communications.
  • Newsletter subscriptions, surveys, events, or social media interactions that link to this notice.

This notice does not cover client data we process under PR/communications engagements as a processor (e.g., media lists or analytics handled strictly on a client’s instructions). For that, please refer to the relevant client agreement and data processing addendum.

3) What data we collect

We collect the following categories of data (depending on how you interact with us):

  • Identity & Contact: name, job title, company, business email, phone, country/region.
  • Account & Transaction: purchases, invoices, order history, scheduling preferences.
  • Payment: payment status and tokens from our payment providers (we do not store full card numbers).
  • Communications: emails, messages, meeting notes, feedback.
  • Marketing & Preferences: newsletter opt-ins, event RSVPs, interests.
  • Technical & Usage: IP address, device identifiers, browser type, pages viewed, referrers, interactions, and cookie identifiers (see Cookies Policy).
  • Social & Public: information available from your public profiles (e.g., LinkedIn) or that you voluntarily share with us.
  • Consultation Recordings: with prior notice and your explicit consent, we may record consultations or discovery calls for internal review, service quality or training purposes. Where recordings are made, we will obtain express verbal or written consent at the start of the call, and recordings will not proceed without it.

We do not intentionally collect special category data. We expressly request that you do not submit sensitive information (e.g., health, ethnicity, political beliefs). We disclaim liability for any sensitive data provided without request.

4) How we collect data
  • Directly from you when you submit forms, create an order, schedule a meeting, or contact us.
  • Some pages on this Site include embedded forms provided by Tally (tally.so). When you submit a form, the information you enter is processed to handle your request or submission. Tally may also process limited technical or interaction data necessary to deliver the form securely and reliably. We only collect the information you choose to submit.
  • Automatically via cookies, pixels and similar technologies when you browse our Sites (see Cookies Policy).
  • From third parties (e.g., payment providers, scheduling tools, analytics, marketing platforms) and from public sources such as professional profiles.

5) Why we use your data and our legal bases

We only process personal data where we have a lawful basis under UK GDPR. The main purposes and legal bases are:

We use your data to provide and administer our services. For example, we use your details to create orders, take payments, schedule and deliver consultations, and send necessary service messages. This processing is based on our contractual obligations with you and our legitimate interests in running our business.

We use your data for customer support, including responding to enquiries, complaints and feedback. This is done under our legitimate interests to improve services, and in some cases under a legal obligation.

We use your data for marketing communications, such as newsletters, event invitations and updates about our services. Where required by PECR, this is based on your consent. For B2B corporate subscribers, we may rely on legitimate interests, but always provide a clear opt‑out.

We use your data for analytics and site optimisation, such as measuring traffic, improving content and enhancing user experience. This is based on consent for non‑essential cookies and pixels, and on legitimate interests for essential security and operational functions.

We process your data for security and fraud prevention, such as protecting our systems and preventing misuse. This is based on our legitimate interests and in some cases our legal obligations.

Finally, we process your data for legal and regulatory purposes, including maintaining tax and company records and enforcing contracts. This processing is based on our legal obligations and our legitimate interests.

You can object to processing based on our legitimate interests (see Section 11).

6) Direct marketing and your choices

We comply with the Privacy and Electronic Communications Regulations (PECR).

  • Email to individuals (non-corporate): we rely on your consent or the soft opt-in where you bought (or negotiated to buy) a similar service and had a clear opt-out at the time of collection and with every message.
  • B2B corporate subscribers (e.g., name@company.com): we may rely on legitimate interests, always providing an easy opt-out.
  • You can opt out at any time by clicking “unsubscribe” in our emails or by contacting us.

We do not guarantee delivery of all marketing communications and accept no liability for undelivered or misdirected emails due to filtering, firewalls, or third-party errors.

7) Sharing your data

We share personal data only with:

  • Service providers acting under contract (e.g., website hosting, payment processing, scheduling, email/CRM, analytics, video conferencing, accounting).
  • Professional advisers (legal, tax, accounting) and insurers.
  • Authorities and regulators where required by law.
  • Successors in the event of a merger, acquisition or reorganisation.Open Cookie Settings in the banner (or via the CookieYes floating icon) anytime to change your preferences.
  • You can also clear cookies in your browser (see Section 9).
  • Withdrawing consent does not affect processing based on consent before withdrawal.

Current core processors may include (subject to change): Webflow (website and forms), Stripe (payments), Calendly (scheduling), Google Workspace & Google Calendar (email/docs/scheduling), Zoom/Google Meet (calls), QuickBooks/Xero (accounting), and analytics/advertising tools including Google Analytics 4 (GA4), LinkedIn Insight Tag, Meta Pixel, and Google Ads.

We do not sell personal data. We are not responsible for the privacy practices of third parties outside our control. Where we integrate their services (e.g., payment processors, analytics providers), their own privacy policies apply.

We do not sell or share personal information as those terms are defined under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

8) International transfers

Some providers are located outside the UK. When we make a restricted transfer of personal data, we use appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, and conduct transfer risk assessments where required. Copies of relevant safeguards are available on request, subject to redactions.

9) Retention

We keep personal data only as long as necessary for the purposes set out above, including to meet legal, accounting and reporting requirements. Typical retention periods:

  • Orders, invoices and tax records: 6 years after the end of the financial year.
  • Marketing subscriptions: until you unsubscribe or your address consistently bounces, plus a short period to maintain suppression lists.
  • Support and enquiry emails: up to 24 months from last correspondence, unless needed longer for legal reasons.
  • Consultation recordings: up to 24 months from the date of recording, unless retained longer with your explicit consent. 

We may retain limited data to establish, exercise or defend legal claims.

10) Security

We use appropriate administrative, technical and organisational measures to protect personal data, including access controls, encryption in transit, and staff confidentiality obligations. However, no online service can be 100% secure. We are not liable for breaches caused by events outside our reasonable control (including cyberattacks, system failures, or unlawful acts of third parties).

11) Your rights

Subject to conditions and exemptions in law, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase data in certain circumstances
  • Restrict or object to processing, including objecting to direct marketing
  • Data portability for data you provided to us with consent or under contract and processed by automated means
  • Withdraw consent at any time, where processing relies on consent
  • Complain to the UK Information Commissioner’s Office (ICO) (see below).

We aim to respond within one month, but this may be extended by up to two further months where requests are complex or numerous (Art. 12(3) UK GDPR).

To exercise your rights, email us at pr@turnheadsglobal.com. We may ask for information to verify your identity and will respond within statutory timeframes.

12) Cookies and similar technologies

Our Sites use cookies and similar technologies. We seek consent for non-essential cookies/pixels via our cookie banner. For details, please see our Cookies Policy (linked from the footer), which explains the types of cookies, purposes, and how to manage your choices.

13) EEA/EU representative

We are based in the United Kingdom and do not actively target or direct our services to individuals in the EEA. However, individuals in the EEA may access our services. Where EU GDPR applies to our activities, we comply with applicable obligations and will appoint an EU representative in accordance with Article 27 GDPR if required.

14) Children

Our Sites and services are intended for professionals and are not directed to children under 16. We do not knowingly collect personal data from children.

15) Third-party links

Our Sites may contain links to third-party websites, plug-ins or apps. Those third parties are responsible for their own privacy practices.

16) Changes to this notice

We will update this notice from time to time. The "Last updated" date shows when changes were made. Significant changes will be communicated on the Sites or by email where appropriate.

17) How to contact us / complaints

Email: pr@turnheadsglobal.com
Postal: Turn Heads Global Ltd, 15 Foxfield Close, Northwood, England, HA6 3NU

If you are unhappy with how we handle your data, you can lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113. We would appreciate the opportunity to address your concerns first.

18) Governing law and jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of England and Wales, and any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

About Turn Heads Global

Turn Heads Global is a strategic communications partner for ambitious tech companies. From AI startups to SaaS scaleups, we help brands win global visibility through media coverage, employer branding, and PR mentorship.

FOLLOW

LinkedInInstagram
StoreFor businessFor expertsFor investorsAbout usBlogPortfolioGet in touch
© 2025 Turn Heads Global Ltd. All rights reserved.
All Rights Reserved © 2025
Terms of UseTerms of SaleCookies PolicyPrivacy Policy