TFS Partners Ltd, trading as The Founders Suite, respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, share and protect personal data when you visit our website, contact us, make an enquiry, become a client, engage with our services, interact with our marketing, or otherwise communicate with us.

This policy has been prepared in accordance with the UK General Data Protection Regulation, the
Data Protection Act 2018 and, where applicable, the Privacy and Electronic Communications
Regulations.

1. Who we are

TFS Partners Ltd, trading as The Founders Suite, is a company registered in England and Wales undercompany number 17264656. For the purposes of data protection law, TFS Partners Ltd is the data controller of the personal data described in this Privacy Policy. This means we decide how and why your personal data is used.

2. About The Founders Suite

The Founders Suite provides business support, consultancy, creative, digital and implementation services for founders, entrepreneurs, start-ups and growing businesses. Our services may include, but are not limited to:

• business consultancy and strategy
• brand development and brand identity
• website design and development
• CRM planning, build and implementation
• sales process development
• automation planning and implementation
• marketing support
• client onboarding support
• business documentation
• operational support
• commercial advisory services
• and related creative, strategic and technical services.

We process personal data only where we have a lawful reason to do so and only for purposes connected with operating, improving, promoting and delivering our services.

3. Scope of This Privacy Policy

This Privacy Policy applies to personal data we collect and use when you:

• visit our website
• submit an enquiry form
• book a call or consultation
• request information, proposals, brochures or pricing
• purchase or engage our services
• communicate with us by email, telephone, social media, messaging platform or post
• subscribe to our mailing list
• interact with our adverts or marketing campaigns
• provide information during discovery, onboarding or project delivery
• work with us as a supplier, contractor, partner or service provider
• or otherwise provide personal data to us.

This policy does not apply to third-party websites, platforms or services that we do not control. Where our website links to third-party websites, you should read their privacy policies separately.

4. Personal Data We Collect

We may collect and process different types of personal data depending on how you interact with us.

4.1 Identity and contact information

This may include: full name; business name; job title or role; email address; telephone number; postal address; billing address; social media handle; company details; and preferred method of contact.

4.2 Enquiry and client information

This may include: details of your business; information about your goals, challenges, requirements and service interests; information submitted through website forms; discovery call notes; consultation notes; proposal details; onboarding information; project briefs; business plans, brand information, website requirements, CRM requirements or operational information you provide to us; communications between you and us; and feedback, testimonials or review content.

4.3 Transaction and payment information

Where you purchase services from us, we may process information relating to: invoices; payment status; transaction references; service packages purchased; contract details; account history; and billing communications. We do not intentionally collect or store full card details unless this is processed securely through an authorised payment provider. Where payment providers are used, they act in accordance with their own security and data protection obligations.

4.4 Website, device and technical information

When you visit our website, we may collect certain technical information, including: IP address; browser type and version; device type; operating system; referring website; pages viewed; time and date of visit; time spent on pages; click behaviour; approximate location derived from technical data; cookie identifiers; and analytics data. Some of this information may be collected through cookies, pixels, tags or similar technologies. Please see the section on cookies and tracking below.

4.5 Marketing and communication information

This may include: your marketing preferences; whether you have opened or clicked an email; your responses to campaigns; your interaction with adverts; your preferences in relation to services; opt-in and opt-out records; and suppression list records where you have unsubscribed.

4.6 Supplier, contractor and partner information

If you work with us as a supplier, contractor, freelancer, build partner, technical provider or other business partner, we may process: your name; business name; contact details; payment details; contract details; project correspondence; service delivery information; and records necessary to manage our working relationship.

4.7 Special category data

We do not generally seek to collect special category data, such as health information, religious beliefs, political opinions, trade union membership, biometric data or sexual orientation. If you choose to provide information of this nature to us, we will only process it where there is a lawful basis and an appropriate condition under data protection law, or where it is clearly necessary in connection with a specific matter you have asked us to handle.

5. How We Collect Personal Data

We may collect personal data in the following ways.

5.1 Directly from you

This includes when you: complete a website form; contact us by email, telephone, post, social media or messaging platform; book a consultation; purchase services; sign a contract or proposal; complete onboarding forms; provide project information; subscribe to our mailing list; respond to our marketing; or provide information during meetings or calls.

5.2 Automatically through our website and digital tools

We may collect technical data automatically through: cookies; analytics tools; tracking pixels; website forms; CRM systems; email marketing tools; advertising platforms; security logs; and server logs.

5.3 From third parties

We may receive personal data from third parties where lawful and relevant, including: referral partners; social media platforms; advertising platforms; analytics providers; payment providers; CRM and automation platforms; subcontractors or build partners; publicly available sources such as Companies House, LinkedIn or business websites; and professional advisers or service providers.

6. How We Use Personal Data

We may use your personal data for the following purposes:

• to respond to enquiries
• to provide information about our services
• to book calls, consultations or meetings
• to understand your business requirements
• to prepare proposals, quotes and service recommendations
• to enter into and perform contracts with you
• to provide consultancy, branding, website, CRM, automation, marketing, documentation and business support services
• to manage client onboarding
• to communicate with you during project delivery
• to manage invoices, payments and accounts
• to provide customer support
• to manage complaints, disputes or service issues
• to send service-related communications
• to send marketing communications where permitted
• to personalise and improve our website, content and services
• to analyse website performance and marketing activity
• to manage advertising and retargeting campaigns
• to maintain business records
• to comply with legal, accounting, tax and regulatory obligations
• to protect our business, systems, website and users
• to prevent fraud, misuse or unauthorised access
• to enforce our contracts and legal rights
• to defend or bring legal claims
• and to support any business sale, restructure, merger or transfer.

7. Lawful Bases for Processing

We will only process personal data where we have a lawful basis under data protection law. Depending on the circumstances, we may rely on one or more of the following lawful bases.

7.1 Consent

We may rely on consent where you have given us clear permission to process your personal data for a specific purpose. This may include: subscribing to marketing emails; accepting non-essential cookies; submitting certain forms; consenting to receive specific information; or consenting to use of testimonials, case studies or other promotional material. You can withdraw consent at any time.

7.2 Contract

We may process personal data where it is necessary to perform a contract with you, or to take steps at your request before entering into a contract. This may include: preparing proposals; providing services; managing onboarding; communicating about your project; issuing invoices; collecting payment; and delivering agreed work.

7.3 Legal obligation

We may process personal data where necessary to comply with legal obligations. This may include: maintaining accounting and tax records; responding to lawful requests from authorities; verifying identity where required; complying with data protection obligations; retaining business records; and meeting legal, regulatory or reporting requirements.

7.4 Legitimate interests

We may process personal data where it is necessary for our legitimate business interests, provided your rights and freedoms do not override those interests. This may include: responding to business enquiries; managing client relationships; improving our services; analysing website and campaign performance; sending relevant business communications; protecting our website and systems; preventing fraud; managing business operations; maintaining internal records; enforcing contracts; handling complaints or disputes; improving our marketing strategy; using limited B2B marketing where legally permitted; managing supplier and contractor relationships; and protecting our commercial and legal interests. Where we rely on legitimate interests for direct marketing, you can object at any time.

8. Marketing Communications

We may use your personal data to send you marketing communications about The Founders Suite, our services, updates, offers, events, resources, guides, case studies or other relevant business content. We will only send marketing where permitted by law. This may be where: you have expressly consented; you have requested information from us; you are an existing client; you have purchased or negotiated services from us; the communication is relevant to your business role; or we are otherwise permitted to contact you under applicable direct marketing rules. You can opt out of marketing at any time by: clicking the unsubscribe link in our emails; replying to the communication; contacting us at Hello@thefounderssuite.co.uk; or using any preference management option we provide. If you opt out, we may keep limited information on a suppression list to ensure we do not continue sending you marketing. Opting out of marketing does not stop us from sending important service, transactional, contractual or legal communications.

9. Cookies, Analytics and Tracking Technologies

Our website may use cookies, pixels, tags, scripts, analytics tools and similar technologies. These technologies may be used to: make the website work properly; improve website performance; remember user preferences; understand how visitors use the website; measure marketing performance; improve user experience; support advertising and retargeting; protect the website from misuse; and monitor website security. Some cookies are essential for the website to function. Other cookies, such as analytics, advertising or tracking cookies, may require your consent. Where required, we will ask for your consent before placing non-essential cookies or similar technologies on your device. You can control cookies through your browser settings and, where available, through our cookie banner or cookie preference tool. For more information, please refer to our Cookie Policy.

10. Sharing Personal Data

We may share personal data where necessary and lawful.

10.1 Our team

Your personal data may be accessed by our directors, employees, consultants, contractors and authorised team members where necessary to operate the business and provide services.

10.2 Service providers and processors

We may share personal data with trusted third-party service providers who support our business. These may include: website hosting providers; CRM providers; email providers; cloud storage providers; analytics providers; payment providers; accountants; legal advisers; IT support providers; marketing platforms; advertising platforms; automation providers; form and booking systems; subcontracted designers, developers or technical build partners; and other providers who help us deliver services. Where these providers process personal data on our behalf, they are required to keep it secure and process it only in accordance with our instructions.

10.3 Build partners and subcontractors

Where you engage us to provide services involving website development, branding, CRM implementation, automation, design, copywriting, marketing, technical setup or other implementation work, we may share relevant personal data and project information with subcontractors, build partners or technical providers strictly for the purpose of delivering those services. We will only share information that is reasonably necessary for the relevant service.

10.4 Professional advisers and authorities

We may share personal data with: accountants; auditors; legal advisers; insurers; banks; payment providers; HMRC; regulators; law enforcement agencies; courts or tribunals; and other authorities where legally required or necessary to protect our rights.

10.5 Business sale, restructuring or transfer

If our business is sold, merged, restructured, transferred or reorganised, personal data may be shared with relevant third parties as part of that process, subject to appropriate confidentiality and data protection safeguards.

11. International Data Transfers

Some of the systems, platforms or service providers we use may process personal data outside the United Kingdom. This may happen where we use cloud-based software, CRM systems, email systems, analytics tools, advertising platforms, hosting providers, payment providers, communication tools or other technical service providers with servers, group companies or support teams located outside the UK. Where personal data is transferred outside the UK, we will take steps designed to ensure that appropriate safeguards are in place. These may include: using providers located in countries that are recognised as providing adequate protection; using the UK International Data Transfer Agreement; using the UK Addendum to the EU Standard Contractual Clauses; relying on approved contractual safeguards; completing transfer risk assessments where required; and using providers with appropriate technical and organisational security measures. We will not intentionally transfer personal data internationally unless we have a lawful basis and appropriate safeguards in place.

12. How Long We Keep Personal Data

We will not keep personal data for longer than necessary. How long we retain personal data depends on: the reason it was collected; the nature of our relationship with you; whether we are providing services; whether there is an ongoing enquiry, contract, dispute or claim; legal, accounting and tax requirements; regulatory obligations; whether retention is necessary to protect our business; and whether you have exercised any data protection rights. As a general guide:

• enquiry records may be kept for up to 24 months after the last meaningful interaction
• client records may be kept for up to 7 years after the end of the client relationship
• contract, invoice, payment and accounting records may be kept for up to 7 years
• marketing preference records may be kept until you unsubscribe or withdraw consent
• suppression records may be kept for as long as necessary to ensure we respect your opt-out
• website analytics data may be kept according to the retention settings of the relevant analytics platform
• project files may be kept for as long as reasonably necessary to provide services, support the client relationship, maintain business records, or protect legal rights.

We may keep data for longer where required by law, where there is a dispute, where we need to establish, exercise or defend legal claims, or where another lawful reason applies.

13. How We Protect Personal Data

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, disclosure or destruction. These measures may include: password protection; access controls; secure cloud systems; encrypted platforms where available; restricted user permissions; staff and contractor confidentiality obligations; secure storage of business records; security monitoring; supplier due diligence; data minimisation; and internal procedures for handling personal data. However, no method of transmission over the internet or electronic storage is completely secure. While we take steps to protect personal data, we cannot guarantee absolute security. You are responsible for ensuring that any information you send to us is accurate and that you use secure methods where appropriate.

14. Your Data Protection Rights

Under data protection law, you may have the following rights in relation to your personal data.

14.1 Right to be informed

You have the right to be informed about how we collect and use your personal data. This Privacy Policy is intended to provide that information.

14.2 Right of access

You have the right to request a copy of the personal data we hold about you.

14.3 Right to rectification

You have the right to ask us to correct inaccurate or incomplete personal data.

14.4 Right to erasure

You have the right to ask us to delete your personal data in certain circumstances.

14.5 Right to restrict processing

You have the right to ask us to restrict the way we use your personal data in certain circumstances.

14.6 Right to data portability

You may have the right to receive certain personal data in a structured, commonly used and machine-readable format.

14.7 Right to object

You have the right to object to certain types of processing, including processing based on legitimate interests and direct marketing.

14.8 Right to withdraw consent

Where we rely on consent, you have the right to withdraw that consent at any time.

14.9 Rights relating to automated decision-making

You have rights in relation to automated decision-making and profiling where such processing produces legal or similarly significant effects. We do not currently make decisions about individuals based solely on automated processing that produce legal or similarly significant effects.

15. How to Exercise Your Rights

To exercise any of your rights, please contact us using the details below: Email: Hello@thefounderssuite.co.uk Post: TFS Partners Ltd, 1 Allied Business Centre, Coldharbour Lane, Harpenden, Hertfordshire, AL5 4UT We may need to request information from you to confirm your identity before responding to certain requests. We aim to respond to valid data protection requests within one month. In some cases, where a request is complex or where we receive multiple requests, we may be permitted to extend this period in accordance with data protection law. We do not usually charge a fee for handling data protection requests. However, we may charge a reasonable fee or refuse to comply where a request is manifestly unfounded, excessive or repetitive.

16. Complaints

If you have any concerns about how we handle your personal data, please contact us first so we can try to resolve the issue. Email: Hello@thefounderssuite.co.uk Post: TFS Partners Ltd, 1 Allied Business Centre, Coldharbour Lane, Harpenden, Hertfordshire, AL5 4UT You also have the right to complain to the UK data protection regulator, the Information Commissioner’s Office. Information Commissioner’s Office — Website: https://ico.org.uk — Telephone: 0303 123 1113

17. Children’s Data

Our website and services are intended for business users, founders, entrepreneurs, professionals and adults. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent or lawful basis, we will take reasonable steps to delete it.

18. Third-Party Links

Our website may contain links to third-party websites, tools, platforms or services. We are not responsible for the privacy practices, content, security or policies of third-party websites or services. You should read the privacy policy of any third-party website or platform before providing personal data to them.

19. Social Media

We may operate pages or profiles on social media platforms. If you interact with us through social media, the relevant platform may process your personal data in accordance with its own privacy policy. We may also process information you make publicly available or send to us directly through those platforms. We are not responsible for how social media platforms process your personal data.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, services, legal obligations, technology, systems or data processing practices. The updated version will be published on our website with a revised “last updated” date. We recommend that you review this Privacy Policy periodically.

21. Contact Details

If you have any questions about this Privacy Policy or how we handle personal data, please contact us:

Last updated: 8 June 2026 Copyright © 2026 TFS Partners Ltd T/A The Founders Suite. Company No. 17264656. Registered in England and Wales. All Rights Reserved.