LAST UPDATED: 20 October 2025

This Privacy Policy explains how Time to Scale Ltd (“Time to Scale”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards personal data in connection with our website www.timetoscale.co.uk (the “Site”), our marketing (including Facebook/Instagram/LinkedIn lead ads and cold outreach), and our services. We process personal data in accordance with the UK GDPR and the Data Protection Act 2018, and comply with applicable PECR rules for electronic marketing.

1. Who is the Controller

Time to Scale Ltd is the controller for personal data described in this Policy. Contact: [email protected].

2. What Data We Collect

We collect and process:

a) Data you provide
Name; email; phone; company; role; service interests; messages; appointment details; testimonials; billing and support information.

b) Data we obtain automatically
IP address; device and browser data; time zone; pages viewed and time on page; referring URLs; clickstream; approximate location; form interactions; call metadata (duration, timestamps); session recordings where applicable.

c) Data we obtain from third parties
Lead data from platforms (e.g., Facebook/Instagram/LinkedIn lead ads); business contact data from public sources or reputable B2B providers; analytics and advertising partners; Google Business Profile (GBP) messages and insights.

d) Cookies & similar tech
We use cookies, pixels (e.g., Meta Pixel), tags, and unique identifiers. See our Cookie Policy below.

3. How We Use Your Data (Purposes & Legal Bases)

We only process personal data where we have a lawful basis. The table below summarises key purposes:

- Responding to enquiries; providing quotes; pre‑contract steps and service delivery.
Legal basis: Contract or Legitimate Interests (to respond to your request).

- Account management, onboarding, and customer support.
Legal basis: Contract; Legitimate Interests.

- Marketing communications (email, SMS, phone, messaging apps).
Legal basis: Consent (e.g., when you submit Meta/LinkedIn lead forms or tick an opt‑in) or Legitimate Interests for B2B prospects where PECR permits, provided you can opt out at any time.

- Cold outreach to business contacts (B2B).
Legal basis: Legitimate Interests (introducing our services to relevant business contacts) in line with PECR where applicable; opt‑out offered on every message.

- Review requests and NPS/feedback.
Legal basis: Legitimate Interests (service improvement) and/or Contract.

- Improving the Site and Services; analytics and conversion tracking.
Legal basis: Legitimate Interests.

- Fraud prevention, security, and compliance with law.
Legal basis: Legal Obligation; Legitimate Interests (security).

We maintain a legitimate interests assessment and will provide key points upon request.

4. Our Marketing Promise (Opt‑In, Opt‑Out, and Channels)

When you submit your details (e.g., via Facebook/Instagram/LinkedIn lead ads, our website forms, live chat) or reply to our cold outreach, we will send you marketing emails, texts (SMS/WhatsApp), and calls about our services until you opt out. For B2B cold outreach, we typically send up to 2–3 emails (unless you opt out sooner) and no more than one email every 3–5 business days; every message includes a clear opt‑out.

·         Email: Unsubscribe at any time using the link (or by replying with “OPT OUT”) in our emails, or email [email protected].

·         SMS/WhatsApp: Reply STOP or STOP ALL to end messages; reply HELP for help. Message and data rates may apply.

·         Phone: Tell us on a call or email us to be added to the do‑not‑call list.

·         Soft opt‑in (customers & trials): If you’re an existing customer or have enquired about/used our services, we may market similar services to you under the soft opt‑in rule. You can opt out at any time.

·         Suppression list: If you opt out, we keep your email/phone on a suppression list so we don’t contact you again for marketing. We retain only what’s necessary for this purpose.

We do not sell your data. We only use reputable service providers acting on our instructions.

5. Profiling & Personalisation

We may segment contacts by business type, location, engagement, and service interest to send more relevant messages and to prioritise follow‑ups. We do not make decisions with legal or similarly significant effects solely by automated means.

6. Sharing Your Data (Processors & Recipients)

We may share personal data with: - Service providers acting as processors (e.g., hosting, CRM/automation platforms such as, email/SMS providers, analytics and call‑tracking vendors, payment processors).
- Professional advisers (legal, accounting) under confidentiality.
- Authorities where required by law or to protect rights, safety, or security.

We require processors to implement appropriate security and only process data per our instructions.

7. International Transfers

Some providers may process data outside the UK. Where this occurs, we rely on a lawful transfer mechanism such as an adequacy decision (e.g., UK‑US Data Bridge) or appropriate safeguards including the UK International Data Transfer Addendum (IDTA) and/or Standard Contractual Clauses (SCCs) with supplementary measures, as required.

8. Data Retention

We keep data only as long as necessary for the purposes described: - Marketing contacts: generally up to 24 months from the last meaningful interaction (opening/clicking, reply, call) unless you opt out earlier.
- Client/account records: for the life of the relationship and then 6 years for tax/legal records.
- Call recordings/lead logs (where used): typically 12 months unless needed longer for dispute resolution, compliance, or you ask us to delete sooner (subject to legal holds).
We periodically review and delete or anonymise data.

9. Security

We use appropriate technical and organisational measures to protect data (access controls, encryption in transit, least‑privilege access, regular reviews). No method is 100% secure; we cannot guarantee absolute security.

9A. Call Recording

We may record inbound and outbound calls for quality, training, lead verification, and dispute resolution. Where required, we will notify you at the start of the call. You may request that recording stop, or choose an alternative channel (e.g., email or chat). Call recordings are retained in line with Section 8 (Data Retention).

9B. Data Breach Notification

We maintain incident response procedures. Where required by law, we will notify the ICO and affected individuals without undue delay following a personal data breach and in accordance with UK GDPR requirements.

10. Your Rights (UK GDPR)

You have the right to access, rectify, erase, restrict, object (including to direct marketing), and data portability, and to withdraw consent where we rely on consent. To exercise rights, contact [email protected]. We may request information to verify your identity before acting. We aim to respond within one month of valid requests.

You can complain to the Information Commissioner’s Office (ICO): ico.org.uk. We would appreciate the chance to address your concerns first.

11A. Special Category Data

We do not intentionally collect special category data (e.g., health data, political opinions, religious beliefs). Please do not submit such data to us. If you do, we will delete or restrict it where feasible.

11. Children’s Data

Our Site and Services are intended for business users. We do not knowingly collect data from children under 16.

12. Third‑Party Links

Our Site may link to third‑party sites. Their privacy practices and content are their responsibility.

13. Controller vs Processor

For our own marketing, sales, and operations, Time to Scale Ltd acts as the controller. When we manage or process personal data on behalf of clients inside their systems (e.g., CRM, forms, messaging, review workflows), we act as a processor and process data under the client’s instructions. A Data Processing Addendum (DPA) is available on request.

13. Changes to this Policy

We may update this Policy. We will post changes with an updated Last Updated date. Material changes may be notified by email or prominent notice on the Site.

14. Contact Us

Time to Scale Ltd
Email: [email protected]
Website: www.timetoscale.co.uk
Company No: 16407166
Registered Office: 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE

Appendix A: Sub‑processors (Overview)

We use reputable service providers to deliver our Site and Services. Core categories include: hosting/infrastructure, CRM & automation, email/SMS, analytics, call tracking, and payment processing. A current list of key sub‑processors is available on request. We will notify you of material changes as required.

Cookie Policy (Summary)

Effective Date: 20 October 2025

This Cookie Policy explains how we use cookies and similar technologies on www.timetoscale.co.uk.

A. Types of Cookies We Use

·         Strictly Necessary – required for core functionality (security, login, form submissions).
·         Performance/Analytics – to understand usage and improve the Site (e.g., Google Analytics).
·         Functional – to remember preferences.
·         Advertising/Retargeting – to measure and improve our ads (e.g., Meta Pixel, Google Ads). Used where permitted and subject to consent where required.

B. Managing Cookies

You can control cookies in your browser settings and, where applicable, via our cookie banner/controls. You may also opt out of certain analytics/advertising cookies via the providers’ tools. Disabling some cookies may impact Site functionality.

C. Updates

We may update this Cookie Policy; we’ll post the new date at the top of this section.

For questions about cookies or privacy, contact [email protected].