Privacy Policy

Last Updated: May 13, 2026

Important Information and Who We Are

Please read this Privacy Policy carefully before using www.mythreadlink.com (the "Site") or engaging with any of our services. This Privacy Policy describes how ThreadLink ("we," "us," or "our") collects, uses, stores, discloses, and protects the personal data of individuals who interact with us through our Site or in the course of our business operations.

This Privacy Policy applies to all visitors of the Site, prospective and current clients, and any individual whose personal data we process in connection with our services, which include website design and development, search engine optimization, social media management, digital advertising, artificial intelligence solutions, and custom software development.

We are committed to protecting your personal data and processing it responsibly, transparently, and in accordance with applicable data protection and privacy laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK GDPR as retained in domestic law by the Data Protection Act 2018, the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"), and other applicable state and federal privacy laws in the United States.

Controller Information

For the purposes of applicable data protection law, the data controller (the entity that determines the purposes and means of processing your personal data) is:

ThreadLink
Website: www.mythreadlink.com
Email: privacy@mythreadlink.com

If you have any questions about this Privacy Policy, wish to exercise any of your rights described herein, or have concerns about how we handle your personal data, please contact us at privacy@mythreadlink.com. We will endeavor to respond to all legitimate requests within 30 days.

Third-Party Links

The Site may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control those third-party websites and are not responsible for their privacy statements or practices. When you leave our Site, we encourage you to read the privacy policy of every website you visit, as they may differ materially from our own.

Children

This Site is not intended for, and does not knowingly collect personal data from, individuals under the age of 13. If we become aware that we have inadvertently collected personal data from a child under 13 without appropriate parental consent, we will take immediate steps to delete that information from our records. If you believe we may have collected data from or about a child, please contact us immediately at privacy@mythreadlink.com.

1. The Personal Data We Collect About You

Personal data means any information about a living individual from which that person can be identified, either directly or indirectly. It does not include data from which all identifying information has been permanently removed (anonymous data). We may collect, use, store, and transfer different kinds of personal data about you, which we have organized into the following categories for clarity:

Identity Data includes your first name, last name, username, title, or similar identifiers that you provide when you contact us, engage our services, or create an account with us or any of our partner platforms.

Contact Data includes your email address, telephone number, postal address, and any other contact information you provide through our forms, via email, or through our scheduling and booking system.

Technical Data includes your internet protocol (IP) address, browser type and version, time zone setting and geographic location derived from your IP address, browser plug-in types and versions, operating system and platform, device identifiers, and other technology on the devices you use to access the Site. Technical Data is collected automatically when you visit the Site.

Usage Data includes information about how you use and interact with the Site, including the pages or content you view, the links you click, time spent on pages, scroll depth, search queries, traffic sources and referring URLs, and the actions you take before and after visiting the Site.

Communications Data includes the content, metadata, and records of any messages, inquiries, feedback, or other communications you send to us, whether through contact forms, email, our scheduling tool, or any other channel.

Profile Data includes information derived from your interactions with us, such as your service preferences, feedback you have provided, and records of consultations or meetings you have had with us.

Marketing and Preferences Data includes your preferences in receiving marketing and promotional communications from us, your communication channel preferences, and records of any consent you have given or withdrawn in relation to marketing.

We do not intentionally collect any Special Categories of Personal Data about you. Special categories means particularly sensitive personal data including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, or genetic and biometric data. We also do not collect any information about criminal convictions or offenses. If we ever need to process special category data in connection with a specific service engagement, we will seek your explicit consent and provide a separate notice explaining the purpose.

2. How We Collect Your Personal Data

We collect personal data through the following means:

2.1 Direct Interactions

You may provide us with Identity, Contact, and Communications Data by:

• Completing contact, inquiry, or project brief forms on our Site
• Booking a consultation, strategy call, or meeting through our scheduling system
• Emailing us directly or responding to our communications
• Engaging us to provide creative, technical, or strategic services
• Subscribing to any newsletters or updates we may offer
• Providing feedback, testimonials, or reviews

2.2 Automated Technologies and Interactions

As you interact with our Site, we may automatically collect Technical Data and Usage Data using cookies, server logs, web beacons, pixel tags, and similar tracking technologies. These technologies allow us to distinguish you from other users of the Site, improve your experience, and gather analytics about how our Site is used. For full details of the cookies and tracking technologies we use, the purposes for which we use them, and how you can manage your preferences, please see our Cookie Policy.

2.3 Third-Party and Publicly Available Sources

We may receive Technical Data and Usage Data about you from third parties, including:

• Analytics providers that supply aggregated and pseudonymized data about Site traffic and user behavior
• Advertising networks that share conversion and attribution data with us in connection with our advertising campaigns
• User experience research platforms that provide session recording and behavioral analytics data, subject to your consent
• Publicly available sources such as professional networking sites, where relevant to a potential business relationship

3. How We Use Your Personal Data

We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:

• Performance of a Contract: Where we need to process your data to perform a contract we are about to enter into or have entered into with you, or to take steps at your request prior to entering into such a contract.
• Legitimate Interests: Where processing is necessary for the purposes of our legitimate interests or those of a third party, provided those interests are not overridden by your interests, fundamental rights, or freedoms. When we rely on legitimate interests, we carry out a balancing test to assess whether our interests are proportionate and whether they override your rights.
• Compliance with a Legal Obligation: Where we need to process your personal data to comply with a legal or regulatory obligation to which we are subject.
• Consent: Where you have given us specific, informed, and freely given consent to process your personal data for a specific purpose. You have the right to withdraw consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

The table below sets out all of the ways we use your personal data and the legal basis we rely on for each purpose:

Purpose of ProcessingCategories of DataLegal BasisRespond to inquiries, proposals, and service requestsIdentity, Contact, CommunicationsPerformance of Contract; Legitimate InterestsOnboard and provide services to clientsIdentity, Contact, ProfilePerformance of ContractSchedule, manage, and follow up on client consultationsIdentity, ContactPerformance of Contract; Legitimate InterestsAnalyze Site traffic, user behavior, and content performanceTechnical, UsageLegitimate Interests; Consent (where cookies are used)Measure the reach and effectiveness of advertising campaignsTechnical, UsageConsentConduct user experience research and session analysisTechnical, UsageConsentProtect the Site against spam, bots, and fraudulent form submissionsTechnicalLegitimate InterestsManage and administer our relationship with clients and contactsIdentity, Contact, Profile, CommunicationsPerformance of Contract; Legitimate InterestsSend marketing communications and promotional content (opted-in only)Identity, Contact, Marketing and PreferencesConsentComply with legal, regulatory, and tax obligationsIdentity, Contact, FinancialLegal ObligationEstablish, exercise, or defend legal claimsAll relevant dataLegitimate Interests; Legal ObligationAdminister and protect our business, systems, and infrastructureTechnicalLegitimate Interests

We will not use your personal data for any automated decision-making or profiling that produces legal or similarly significant effects on you.

4. Disclosures of Your Personal Data

We do not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. We may share your personal data in the following limited and controlled circumstances:

Service Providers and Data Processors: We engage third-party companies and individuals to perform services on our behalf, such as website hosting, analytics, advertising measurement, scheduling, and fraud prevention. These parties are permitted to process your personal data only on our written instructions and are prohibited from using it for any other purpose. They are required to maintain appropriate technical and organizational security measures to protect your data. For a full list of our third-party processors, please see Section 5.

Professional Advisors: We may share your personal data with lawyers, accountants, auditors, insurers, and other professional advisors where necessary in connection with the running of our business, subject to appropriate confidentiality obligations.

Regulatory and Law Enforcement Authorities: We may disclose your personal data to courts, regulators, law enforcement agencies, and other governmental authorities where we are legally required to do so, or where we believe in good faith that disclosure is necessary to comply with a legal obligation, protect our rights or the rights of others, or investigate potential violations of law.

Business Transfers: In the event that we sell, transfer, or merge all or part of our business or assets, your personal data may be transferred to the acquiring entity as part of that transaction. In such circumstances, we will take appropriate steps to ensure that your data continues to be protected in accordance with this Privacy Policy, and we will notify you of any material change in how your data is processed.

5. Third-Party Service Providers

We currently engage third-party service providers across the following categories, each of whom processes personal data on our behalf as a data processor in accordance with our written instructions and applicable data protection law:

CategoryRoleData ProcessedLocationAnalytics providersSite traffic measurement and user behavior analysisTechnical, Usage (pseudonymized)USAAdvertising networksConversion tracking, campaign measurement, and remarketingTechnical, UsageUSATag management platformsDeployment and management of measurement and marketing tagsTechnicalUSASecurity and fraud prevention servicesBot detection and protection against fraudulent form submissionsTechnicalUSAUser experience research platformsBehavioral analytics, session recordings, and heatmappingTechnical, UsageUSA / EUScheduling and booking platformsMeeting scheduling, calendar management, and booking confirmationIdentity, ContactUSAWebsite hosting and infrastructure providersSite hosting, content delivery, and form processingTechnicalUSA

You may request the identity of specific processors within any of these categories by contacting us at privacy@mythreadlink.com.

6. International Data Transfers

Several of the third-party service providers listed in Section 5 are based in the United States, which is outside the United Kingdom and the European Economic Area (EEA). The transfer of personal data to these countries requires appropriate safeguards to ensure that your data continues to receive a level of protection equivalent to that provided within the UK and EEA.

Where we transfer personal data internationally, we rely on one or more of the following lawful transfer mechanisms:

• Adequacy Decisions: Where the receiving country has been recognized by the European Commission or the UK Information Commissioner's Office as providing an adequate level of data protection.
• Standard Contractual Clauses (SCCs): Contractual provisions approved by the European Commission and adopted by the UK ICO that impose data protection obligations on the data importer equivalent to those in the UK and EEA.
• EU-US and UK-US Data Privacy Framework: Where the relevant provider is certified under an applicable data transfer framework recognized by applicable regulators.

You may request further information about the specific safeguards we have in place for international transfers by contacting us at privacy@mythreadlink.com.

7. Data Security

We have implemented appropriate and proportionate technical and organizational measures designed to protect your personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include, but are not limited to:

• HTTPS/TLS encryption across all pages of the Site to protect data in transit
• Access controls and role-based permissions to restrict access to personal data to authorized personnel only, on a need-to-know basis
• Use of reputable, security-certified third-party processors who are themselves subject to rigorous data protection and security obligations
• Regular internal reviews of our data collection, storage, and processing practices
• Procedures for detecting, investigating, and reporting personal data breaches

We have put in place procedures to deal with any suspected personal data breach. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required under applicable law. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, unless an exemption under applicable law applies.

Please note that while we take the security of your data seriously, the transmission of information over the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to our Site, and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security measures to prevent unauthorized access.

8. Data Retention

We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, tax, or reporting requirements. We may retain personal data for a longer period in the event of a complaint, a dispute, or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and the applicable legal, regulatory, and contractual requirements.

Category of Personal DataRetention PeriodClient inquiry and contact form records2 years from the date of last contact or inquiryActive client records and project documentationDuration of engagement plus 3 yearsMeeting, consultation, and booking records2 years from the date of the meetingMarketing communications and consent records3 years from last interaction, or until consent is withdrawnAnalytics data (Google Analytics 4)14 months, as configured in our GA4 property settingsCookie consent records12 months, after which consent will be re-requestedServer logs and access records90 daysFinancial, billing, and tax records7 years from end of relevant financial year (legal obligation)

In some circumstances, we may anonymize your personal data so that it can no longer be associated with you, in which case we may retain and use that anonymized data indefinitely without further notice to you.

9. Your Legal Rights

Depending on your location and the applicable laws, you have a number of rights in relation to the personal data we hold about you. We will handle all requests in good faith and respond within the timeframes required by applicable law, ordinarily within 30 days, although this may be extended in certain complex circumstances. We will not charge a fee to process your request unless it is manifestly unfounded or excessive.

To exercise any of the rights set out below, please contact us at privacy@mythreadlink.com. We may need to request specific information from you to confirm your identity before we can action your request; this is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

9.1 Right of Access

You have the right to request a copy of the personal data we hold about you and to receive supplementary information about how we process it, including the purposes of processing, the categories of data concerned, the recipients to whom the data is disclosed, and the applicable retention periods. This is commonly known as a Subject Access Request. We will provide you with a copy of your personal data in a commonly used electronic format.

9.2 Right to Rectification

You have the right to request that we correct any personal data we hold about you that is inaccurate, incomplete, or out of date. We may need to verify the accuracy of the new data you provide before making any correction.

9.3 Right to Erasure

You have the right to request that we delete or remove your personal data in certain circumstances, for example where the data is no longer necessary for the purposes for which it was collected, where you have withdrawn your consent and no other legal basis applies, or where the data has been unlawfully processed. Please note that this right is not absolute and may be subject to exceptions, such as where we are required to retain data to comply with a legal obligation or in connection with the establishment, exercise, or defense of legal claims.

9.4 Right to Restriction of Processing

You have the right to request that we suspend the processing of your personal data in certain circumstances, for example if you wish to contest the accuracy of the data while we verify it, or if you have objected to our processing and we are considering whether our legitimate grounds override your rights. Where processing is restricted, we will continue to store your data but will not actively process it without your consent, except for the limited purposes permitted by law.

9.5 Right to Data Portability

Where we process your personal data based on your consent or in performance of a contract, and the processing is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to request that we transmit that data directly to another controller, where technically feasible.

9.6 Right to Object

You have the right to object at any time to the processing of your personal data where we rely on legitimate interests as our legal basis. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing is necessary for the establishment, exercise, or defense of legal claims. You have an absolute right to object to the processing of your personal data for direct marketing purposes at any time.

9.7 Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing (for example, in relation to analytics cookies or marketing communications), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of any processing we carried out prior to the withdrawal. You may withdraw cookie consent at any time using the Cookie Settings link in the Site footer.

9.8 Rights Under CCPA / CPRA (California Residents)

If you are a resident of California, you have the following additional rights under the CCPA as amended by the CPRA:

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted by law.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell or share your personal information. We do not sell personal information as defined under the CCPA/CPRA, and we do not share personal information for cross-context behavioral advertising without your consent.
• Right to Limit Use of Sensitive Personal Information: You have the right to request that we limit our use and disclosure of sensitive personal information to uses necessary to perform the services you have requested.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights under the CCPA/CPRA.

To submit a CCPA/CPRA request, please email privacy@mythreadlink.com with the subject line "California Privacy Request." We will acknowledge receipt within 10 business days and fulfill verified requests within 45 days, extendable by an additional 45 days where reasonably necessary.

10. Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies to distinguish you from other users, to provide you with a good experience when you browse, and to allow us to improve the Site. We operate a layered cookie consent mechanism that presents you with a clear choice before any non-essential cookies are activated.

We categorize our cookies as Essential, Analytics, and Marketing. Essential cookies cannot be disabled as they are necessary for the Site to function. Analytics and Marketing cookies are only placed on your device after you have given your explicit consent through our cookie banner.

You may view, update, or withdraw your cookie consent preferences at any time by clicking the Cookie Settings link in the footer of this Site. For a full description of every cookie we use, including the name, provider, purpose, type, and expiry period of each, please see our Cookie Policy.

Our Site also implements a consent signal framework that governs how our measurement and advertising tags behave in response to your consent choices, ensuring that analytics and advertising measurement only occurs in the manner permitted by your preferences.

11. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, the services we offer, applicable law, or for other operational, legal, or regulatory reasons. The "Last Updated" date at the top of this page will always reflect the most recent revision.

Where changes are material (meaning they significantly affect your rights or our obligations), we will take steps to notify you in advance, such as by posting a prominent notice on the Site or, where appropriate, by sending you a direct communication. Your continued use of the Site following the posting of changes to this Privacy Policy will constitute your acknowledgment of those changes.

12. Contact Us and How to Complain

We take our data protection obligations seriously and welcome any questions, concerns, or feedback you may have about how we handle your personal data. Please do not hesitate to contact us:

ThreadLink
Email: privacy@mythreadlink.com
Website: www.mythreadlink.com

We will investigate all complaints and endeavor to resolve them fairly and promptly. If you are not satisfied with our response, or if you believe that we have not addressed your concern adequately, you have the right to make a formal complaint to the relevant supervisory authority:

• United Kingdom: Information Commissioner's Office (ICO), ico.org.uk, 0303 123 1113
• European Union: Your local national data protection supervisory authority. A list of EU data protection authorities can be found at edpb.europa.eu.
• United States (California): California Privacy Protection Agency (CPPA), cppa.ca.gov, or the California Attorney General.
• United States (Federal): Federal Trade Commission (FTC), ftc.gov.

We would, however, appreciate the opportunity to deal with your concerns before you approach any supervisory authority, and ask that you please contact us in the first instance.

‍