PRIVACY POLICY

Introduction

We Are Toucan Ltd ("we", "us", or "our") is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store, and protect personal information when you visit our website, contact us, complete one of our communications scorecards or assessment tools, or work with us.

We regularly work with organisations operating in regulated industries where confidentiality, trust, and responsible information handling are critical. Appropriate data protection and information governance practices are embedded into how we work.

By using our website or submitting information through our contact forms, scorecards, or assessment tools, you agree to the collection and use of information in accordance with this policy.

Who We Are

We Are Toucan Ltd
167-169 Great Portland Street
5th Floor
London
W1W 5PF

Company Number: 16020219

For any privacy-related questions, please contact:
hello@wearetoucan.co.uk

We Are Toucan Ltd is registered with the Information Commissioner's Office (ICO).
ICO Registration Reference: ZB918267

What Information We Collect

We may collect and process the following information:

Information you provide directly

  • Name

  • Email address

  • Telephone number

  • Company name

  • Job title

  • Information submitted through contact forms or enquiries

  • Information submitted through communications scorecards, quizzes, or assessment tools

Information collected automatically

  • IP address

  • Browser type and device information

  • Website usage data

  • Pages visited and time spent on site

  • Referral source information

  • Technical information relating to scorecard or assessment usage

This information may be collected through cookies, analytics tools, and trusted third-party platforms.

How We Use Your Information

We use personal information to:

  • Respond to enquiries

  • Provide services and project support

  • Deliver scorecard results and related insights

  • Improve our website, tools, and user experience

  • Understand website and scorecard usage

  • Manage business operations

  • Support marketing and business development activity where lawful to do so

  • Provide relevant communications and insights where you have chosen to receive them

We only process personal information where we have a lawful basis under UK GDPR.

Lawful Bases for Processing

Depending on the circumstances, we may process your information on the basis of:

  • Consent

  • Legitimate interests

  • Contractual necessity

  • Legal obligation

Where consent is required, you may withdraw it at any time.

Communications Scorecards & Assessment Tools

We may offer communications scorecards, assessments, quizzes, or interactive tools through our website or trusted third-party platforms such as ScoreApp.

When you complete one of these tools, we may collect:

  • Name

  • Email address

  • Company or organisation name

  • Responses submitted through the assessment

  • Technical information such as browser or device data

We use this information to:

  • Deliver personalised results or follow-up content

  • Improve our tools and services

  • Provide relevant communications and insights where you have chosen to receive them

Where ongoing marketing communications are offered, these are always optional and based on your consent.

We do not sell or share personal data for third-party marketing purposes.

Scorecards and assessment tools may be hosted on trusted third-party platforms acting as data processors on our behalf. We remain responsible for your personal data and expect providers to maintain appropriate privacy and security standards.

Cookies & Analytics

Our website uses cookies and similar technologies to help us understand website performance and improve user experience.

We currently use:

  • Google Analytics

  • HubSpot

  • Vimeo and YouTube embedded content

Some of these services may place cookies on your device.

You can manage cookie preferences through our cookie consent settings.

For more information, please see our Cookie Policy.

Third-Party Services

We may use trusted third-party providers to support our business operations, including:

  • Google Workspace

  • HubSpot

  • Vimeo

  • YouTube

  • Frame.io

  • ScoreApp

These providers may process information on our behalf under their own privacy and security frameworks.

How We Store & Protect Information

We take appropriate technical and organisational measures to protect personal information and commercially sensitive materials.

Our approach includes:

  • Secure cloud-based systems and storage

  • Controlled access to project materials

  • Two-factor authentication (2FA)

  • Encrypted connections and secure remote access

  • Backup and business continuity measures

  • Contractor confidentiality agreements and onboarding controls

We regularly support organisations operating in highly regulated environments where confidentiality and communication accuracy are essential.

Our IT and data security approach is aligned to Cyber Essentials principles and controls.

International Transfers

Some third-party providers may process information outside the UK or European Economic Area (EEA).

Where this happens, we take reasonable steps to ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Data Retention

We retain personal information only for as long as reasonably necessary for the purposes for which it was collected, including legal, operational, and contractual requirements.

Where information is collected through scorecards or assessment tools, we may retain:

  • Contact and professional information for the duration of any active relationship

  • Assessment responses for analytical and service improvement purposes

  • Marketing consent records where legally required

You may request deletion of your information at any time, subject to any legal or operational obligations we are required to maintain.

Your Rights

Under UK GDPR, you have rights including:

  • The right to access your data

  • The right to correct inaccurate information

  • The right to request deletion

  • The right to restrict or object to processing

  • The right to data portability

  • The right to withdraw consent

To exercise any of these rights, please contact hello@wearetoucan.co.uk.

Complaints

If you have concerns about how we handle personal information, please contact us first.

We would welcome the opportunity to resolve any concerns directly.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): https://ico.org.uk

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in regulation, technology, or how we operate.

The latest version will always be available on our website.