Book a conversation

Privacy Policy

Last updated: 24 June 2026

This Privacy Policy explains how Big Picture Lab Consulting Ltd ("Big Picture Lab", "we", "us" or "our") collects, uses, shares and protects your personal information when you visit our website, contact us, download our resources or otherwise engage with us.

We are committed to protecting your privacy and handling your personal data openly and honestly. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully so you understand what we do with your information and the rights you have.

Who we are

For the purposes of data protection law, the data controller is:

Big Picture Lab Consulting Ltd Company number: 17296350 Registered address: Unit 29 Highcroft Industrial Estate, Enterprise Road, Horndean, Waterlooville, Hampshire, PO8 0BT Email: info@bigpicturelab.co.uk

If you have any questions about this policy or about how we handle your personal data, please contact us using the details above.

What this policy covers

This policy applies to personal data we collect through our website (bigpicturelab.co.uk), through our enquiry and resource forms, through our mailing list, and during the course of our work with clients and prospective clients. It does not cover any third-party websites we may link to, which have their own privacy policies.

The personal data we collect

We only collect the information we need to respond to you, deliver our services and improve how we work. Depending on how you interact with us, this may include:

Information you give us directly

  • When you contact us through our enquiry form: your name, role, email address, organisation, the area you are interested in, the challenge you are looking to solve, and any message you choose to send us.
  • When you download a guide or resource: your business email address, so we can deliver the resource and send you related information.
  • When you subscribe to our mailing list ("Stay updated with our latest organisational insights"): your email address.
  • When you use our diagnostic or assessment tools (including the upcoming Mini System Health Check): your business email address and the responses you provide.
  • When you become a client or work with us: contact details for you and relevant colleagues, and information relevant to the engagement.

Information we collect automatically

When you visit our website, we may automatically collect limited technical information such as your IP address, browser type and version, device information, the pages you view and how you interact with the site. This is collected through cookies and similar technologies — see the "Cookies" section below.

We do not deliberately collect special category data (such as health, ethnicity or religious information) through our website forms. Please do not include sensitive personal information in free-text fields unless it is necessary, and never include it if you would prefer us not to hold it.

How we use your personal data and our legal bases

Under UK GDPR we must have a lawful basis for processing your personal data. The bases we rely on are set out below.

To respond to your enquiries and provide our services. When you contact us or engage us, we use your information to reply, arrange conversations, provide quotes and deliver our work. Legal basis: performance of a contract, or our legitimate interests in responding to and managing enquiries.

To deliver resources you have requested. When you ask for a guide or use a tool, we use your email address to send it to you and to provide related material. Legal basis: consent and/or our legitimate interests.

To send marketing and insights. Where you have signed up to our mailing list or otherwise opted in, we use your email address to send you organisational insights, resources and updates. You can unsubscribe at any time. Legal basis: consent, or our legitimate interests in marketing to existing clients about similar services.

To operate, secure and improve our website. We use technical and usage data to keep the site running, protect it against misuse and understand how it is used. Legal basis: our legitimate interests in running a safe, effective website.

To meet legal and regulatory obligations. We may process data to comply with our legal duties, including accounting, tax and record-keeping requirements. Legal basis: compliance with a legal obligation.

Where we rely on legitimate interests, we have considered the impact on you and do not believe your rights override those interests. You can ask us about this balancing assessment at any time.

Marketing and your choices

We will only send you marketing communications where we are permitted to do so. Every marketing email includes an easy way to unsubscribe, and you can opt out at any time by clicking the unsubscribe link or emailing us at info@bigpicturelab.co.uk. Opting out of marketing will not affect any service-related communications you need to receive from us.

Who we share your personal data with

We do not sell your personal data and we never will. We share it only where necessary, and with appropriate safeguards in place. This may include:

  • Service providers and processors who help us operate. These include Vercel Inc., which hosts our website and supporting infrastructure, and Resend (Plus Five Five, Inc.), which we use to manage our mailing list and send emails. We may also use other form, analytics and IT support providers. These providers act on our instructions and are bound by contracts that require them to keep your data secure and use it only for the purposes we specify.
  • Professional advisers such as accountants, insurers and legal advisers where reasonably required.
  • Authorities or regulators where we are required to disclose information by law.

A current list of the key processors we use is available on request by emailing info@bigpicturelab.co.uk.

International transfers

Some of the service providers we use may store or process data outside the UK. Where this happens, we take steps to ensure your data receives an equivalent level of protection to that required under UK law — for example by relying on UK adequacy regulations or by putting in place approved safeguards such as the International Data Transfer Agreement or Standard Contractual Clauses. You can contact us for more information about the safeguards in place.

How long we keep your data

We keep personal data only for as long as we need it for the purposes set out in this policy, or for as long as we are required to by law.

  • Enquiries that do not become engagements are typically kept for up to 24 months and then deleted.
  • Client records are kept for the duration of our engagement and for a reasonable period afterwards to meet legal, accounting and regulatory requirements (usually up to six years).
  • Mailing list data is kept until you unsubscribe or ask us to remove it.

When we no longer need your personal data, we securely delete or anonymise it.

How we protect your data

We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it against loss, misuse and unauthorised access. No method of transmission over the internet is completely secure, but we work to protect your information and to limit access to those who need it.

Your rights

Under UK data protection law you have the following rights:

  • The right to be informed about how we use your personal data (this policy).
  • The right of access to the personal data we hold about you.
  • The right to rectification if your data is inaccurate or incomplete.
  • The right to erasure ("the right to be forgotten") in certain circumstances.
  • The right to restrict processing in certain circumstances.
  • The right to data portability, allowing you to obtain and reuse your data.
  • The right to object to processing based on legitimate interests or to direct marketing.
  • Rights relating to automated decision-making and profiling — we do not currently make decisions about you based solely on automated processing.

Where we rely on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of any processing carried out before you withdrew it.

To exercise any of these rights, please email info@bigpicturelab.co.uk. We will respond within one month. We will not normally charge a fee, and we may need to verify your identity before acting on your request.

Cookies

Our website uses cookies and similar technologies to help it function, to remember your preferences and to understand how the site is used. You can control or disable cookies through your browser settings, although some parts of the site may not work properly if you do. For more detail, please see our Cookie Policy.

Children's privacy

Our website and services are intended for businesses and professionals and are not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently collected such data, please contact us and we will delete it.

Links to other websites

Our website may contain links to other websites. We are not responsible for the privacy practices or content of those sites, and we encourage you to read their privacy policies before sharing any personal data with them.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you. Please check back periodically to stay informed.

How to contact us or make a complaint

If you have any questions, concerns or requests relating to your personal data, please contact us:

Big Picture Lab Consulting Ltd Unit 29 Highcroft Industrial Estate, Enterprise Road, Horndean, Waterlooville, Hampshire, PO8 0BT Email: info@bigpicturelab.co.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, if you believe we have not handled your personal data properly. We would, however, appreciate the chance to address your concerns first.

Information Commissioner's Office Website: ico.org.uk Helpline: 0303 123 1113