Privacy Policy
TenderCraft Ltd
Website: https://tendercraft.consulting/
Last Updated: 26 March 2026
1. Introduction
1.1 TenderCraft Ltd (“TenderCraft”, “we”, “us”, “our”) is committed to protecting and respecting your privacy.
1.2 This Privacy Policy explains how we collect, use, store, disclose and otherwise process personal data when you:
(a) visit or use our website at https://tendercraft.consulting/ (the “Site”);
(b) submit an enquiry, questionnaire, contact form or other information through the Site;
(c) purchase the Market Positioning and Strategic Direction Briefing or any other service made available through the Site;
(d) engage with us in relation to any of our wider advisory services; or
(e) otherwise communicate with us in connection with our business.
1.3 This Privacy Policy is intended to operate alongside our Website Terms, Terms of Sale and Service Terms. It should be read together with those terms.
1.4 We are primarily a business-facing advisory firm, but this Privacy Policy also explains the position if we process personal data relating to individuals, sole traders, employees, contractors, representatives, or consumers.
2. Who We Are
2.1 TenderCraft Ltd is a company registered in England and Wales under company number 17049195.
2.2 Our registered office is:
2 Glenside
Kirkby-In-Ashfield
Nottingham
England
NG17 7GZ
2.3 For the purposes of applicable data protection law, TenderCraft Ltd is generally the controller of the personal data described in this Privacy Policy, meaning we decide why and how that personal data is processed.
2.4 If you have any questions about this Privacy Policy or how we handle personal data, you can contact us at:
Email: info@tendercraft.consulting
3. The Scope of This Policy
3.1 This Privacy Policy applies to personal data processed by us in connection with:
(a) website browsing and usage;
(b) questionnaire, intake and enquiry submissions;
(c) direct sales made through the Site;
(d) delivery of advisory services;
(e) client and prospective client relationship management;
(f) supplier and professional contact management; and
(g) legal, compliance and business administration activities.
3.2 This Privacy Policy does not apply to third-party websites, platforms or services that may be linked from our Site. If you follow any third-party link, you should review that third party’s own privacy policy and terms.
4. The Personal Data We Collect
4.1 We may collect, use, store and process different categories of personal data depending on how you interact with us.
4.2 These categories may include:
(a) Identity Data
This may include:
- your name
- job title
- business name
- employer or organisation name
- role within your organisation
(b) Contact Data
This may include:
- email address
- telephone number
- postal address
- billing address
- service delivery contact details
(c) Account, Booking and Transaction Data
This may include:
- service selections
- booking details
- payment status
- invoice data
- transaction references
- purchase history
- order confirmations
(d) Enquiry and Submission Data
This may include:
- information submitted through contact forms
- tender readiness questionnaire responses
- business context information
- procurement maturity details
- current bidding position
- capability information
- market entry objectives
- notes relating to service suitability or triage
(e) Advisory Engagement Data
This may include:
- meeting notes
- strategic observations
- materials shared with us during a session or engagement
- client communications
- project-related information
- information relevant to service delivery
- deliverable preparation information, including material used to prepare a Post-Briefing Summary or other output
(f) Technical and Usage Data
This may include:
- IP address
- browser type and version
- device type
- operating system
- referral source
- Site navigation behaviour
- date/time access information
- pages viewed
- limited analytics and cookie-derived data
(g) Marketing and Communications Data
This may include:
- your communication preferences
- records of whether you have opted in or out of marketing
- records of our communications with you
4.3 We do not intentionally collect more personal data than is reasonably necessary for the relevant purpose.
5. Special Category Data and Sensitive Information
5.1 We do not generally require or seek special category personal data (such as health data, racial or ethnic origin, religious beliefs, political opinions, trade union membership, biometric data, genetic data, or data concerning sex life or sexual orientation) for the provision of our services.
5.2 We ask that you do not submit special category personal data to us unless it is strictly necessary and lawful to do so.
5.3 If you do provide special category data, we will only process it where:
(a) we have a lawful basis to do so; and
(b) an additional condition for processing under applicable law is satisfied.
5.4 We do not seek criminal convictions data as part of our standard service model and ask that you do not provide it unless clearly necessary and lawful.
6. How We Collect Personal Data
6.1 We may collect personal data:
(a) Directly from you
For example, when you:
- browse the Site
- complete a contact form
- complete a tender readiness questionnaire or similar tool
- email or call us
- book or purchase a service
- attend a briefing session
- provide materials for an engagement
- correspond with us about services
(b) Automatically through your use of the Site
For example, through:
- server logs
- cookies
- analytics tools
- technical tracking technologies
(c) From your organisation or representatives
For example, where:
- a colleague books a service on your behalf
- your organisation introduces you as a contact person
- someone within your organisation sends us information relevant to service delivery
(d) From third parties
For example:
- payment processors
- website hosting and technology providers
- professional advisers
- public sources relevant to business engagement administration
6.2 Where you provide us with personal data about another person, you must ensure that you are entitled to do so.
7. How We Use Personal Data
7.1 We use personal data only where we have a lawful basis and a legitimate business reason to do so.
7.2 We may use personal data for the following purposes:
(a) To operate, maintain and improve the Site
Including:
- making the Site available
- troubleshooting
- security monitoring
- analysing usage
- improving user experience
(b) To manage enquiries and submissions
Including:
- responding to contact requests
- reviewing questionnaires or readiness submissions
- assessing service suitability
- triaging leads and business enquiries
(c) To process bookings and purchases
Including:
- taking payment
- confirming orders
- managing scheduling
- administering refunds or rescheduling
- keeping records of transactions
(d) To deliver services
Including:
- conducting the Market Positioning and Strategic Direction Briefing
- preparing the Post-Briefing Summary
- delivering wider advisory services
- managing client relationships
- following up on service delivery matters
(e) To administer and manage our business
Including:
- record keeping
- invoicing
- internal reporting
- legal and regulatory compliance
- insurance and risk management
- defending or bringing legal claims
(f) To communicate with you
Including:
- responding to messages
- sending service updates
- sending booking confirmations
- arranging calls or sessions
- notifying you of changes to our terms, services or policies
(g) To send limited marketing or business development communications
Where lawful, including:
- updates about our services
- relevant insights
- invitations to engage with us further
(h) To protect our business, Site and legal rights
Including:
- fraud prevention
- misuse prevention
- investigating suspicious activity
- enforcing our contractual rights
8. Lawful Bases for Processing
8.1 Under UK data protection law, we must have a lawful basis for processing your personal data.
8.2 Depending on the context, we may rely on one or more of the following lawful bases:
(a) Contract
Where processing is necessary:
- to take steps at your request before entering into a contract; or
- to perform a contract with you
This may apply, for example, when:
- you book a service
- you purchase a service
- we deliver an advisory engagement
- we manage bookings, sessions and deliverables
(b) Legitimate Interests
Where processing is necessary for our legitimate interests or those of a third party, and those interests are not overridden by your rights.
Our legitimate interests may include:
- operating and improving our business
- assessing business enquiries
- delivering relevant advisory services
- maintaining security
- preventing misuse
- administering client relationships
- keeping records
- protecting our legal position
(c) Legal Obligation
Where processing is necessary for compliance with a legal obligation, including:
- accounting and tax obligations
- responding to lawful requests
- record keeping obligations
(d) Consent
Where required by law, we may rely on your consent, for example:
- for certain cookies
- for certain direct marketing communications
8.3 Where we rely on consent, you may withdraw that consent at any time, although this will not affect the lawfulness of processing carried out before withdrawal.
9. Legitimate Interests
9.1 Where we rely on legitimate interests, we consider and balance:
- our business interests
- the necessity of the processing
- the potential effect on individuals
- the safeguards we can apply
9.2 We generally consider our use of personal data to be proportionate where it relates to:
- business enquiries
- client and prospective client communications
- delivery of business advisory services
- limited B2B relationship management
- protection of our legal rights and systems
10. If You Do Not Provide Personal Data
10.1 Where we need personal data:
- to respond to an enquiry
- to process a booking
- to deliver a service
- to comply with law
and you do not provide that data, we may be unable to:
- provide the Site or a part of it effectively
- process a purchase
- deliver the relevant service
- continue an engagement
10.2 We are not responsible for any resulting inability to provide services where the necessary information is not supplied.
11. Marketing Communications
12. Cookies and Similar Technologies
11.1 We may send you business-related communications where lawful to do so.
11.2 We may contact you with information about our services where:
(a) you have requested information from us;
(b) you have purchased or discussed services with us;
(c) you have consented; or
(d) we are otherwise permitted to do so by law.
11.3 You can ask us to stop sending marketing communications at any time by:
- using any unsubscribe mechanism included in a message; or
- contacting us directly at info@tendercraft.consulting
- 11.4 Even if you opt out of marketing, we may still send non-marketing communications where necessary, including:
- service messages
- booking messages
- contract-related communications
- legal or policy notices
12.1 Our Site may use cookies, analytics tools and similar technologies to:
- operate the Site
- improve functionality
- understand how the Site is used
- support security and performance
12.2 Some cookies may be strictly necessary for the operation of the Site.
12.3 Other cookies or analytics technologies may require consent, depending on how the Site is configured and the applicable legal requirements.
12.4 Where required, we will request your consent before placing non-essential cookies or similar technologies on your device.
12.5 You can usually control cookies through your browser settings and, where applicable, through our cookie consent tools.
12.6 A separate Cookie Policy or cookie notice may also be provided.
13. Payment Processing
13.1 We do not necessarily store full payment card details ourselves.
13.2 Payments made through the Site may be processed by third-party payment processors.
13.3 Where third-party payment processors are used, your payment information will be processed in accordance with their own privacy notices and security practices.
13.4 We may receive limited transaction-related information from payment providers, such as:
- payment confirmation
- transaction identifiers
- limited billing details
- payment status
13.5 We use that information to administer purchases, bookings, refunds and records.
14. Sharing Personal Data
14.1 We do not sell your personal data.
14.2 We may share personal data where reasonably necessary with:
(a) Service providers and processors
Such as providers of:
- website hosting
- analytics
- scheduling
- payment processing
- document storage
- IT support
- professional software tools
(b) Professional advisers
Such as:
- lawyers
- accountants
- insurers
- compliance advisers
(c) Contractors or collaborators
Where reasonably required to support service delivery or business operations and subject to appropriate confidentiality and data protection controls.
(d) Regulators, authorities or law enforcement
Where required by law or where reasonably necessary to protect our legal rights.
(e) Corporate counterparties
If our business is restructured, sold, merged, financed or transferred, personal data may be disclosed to relevant parties under appropriate safeguards.
14.3 We require third parties processing personal data on our behalf to respect security and confidentiality obligations and to act only on appropriate instructions where required.
15. International Transfers
15.1 We are based in the United Kingdom.
15.2 Some of our service providers may process personal data outside the UK.
15.3 Where personal data is transferred outside the UK, we will take reasonable steps to ensure that appropriate safeguards are in place where required by law.
15.4 Such safeguards may include:
- adequacy regulations
- approved standard contractual clauses or addenda
- other lawful transfer mechanisms
16. Data Security
16.1 We take appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.
16.2 These measures may include:
- restricted access controls
- password protection
- secure systems and platforms
- document handling controls
- contractual confidentiality obligations
16.3 However, no method of transmission over the internet or method of storage is completely secure, and we cannot guarantee absolute security.
16.4 You are responsible for ensuring that any information you send to us is sent appropriately and lawfully.
17. Data Retention
17.1 We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including:
- delivering services
- maintaining records
- managing disputes
- complying with legal, tax and accounting obligations
- protecting our legal interests
17.2 Retention periods may vary depending on:
- the nature of the relationship
- whether an enquiry became a client engagement
- the sensitivity of the information
- legal and regulatory requirements
- limitation periods for legal claims
17.3 In general:
- enquiry data may be retained for a reasonable period to manage follow-up and business records
- client and transaction data may be retained for longer where needed for contractual, tax, accounting or legal purposes
- advisory materials may be retained for record-keeping, service continuity, quality assurance and legal protection purposes
17.4 When personal data is no longer required, we will delete it, anonymise it, or securely archive it in accordance with our retention practices and legal obligations.
18. Your Data Protection Rights
18.1 Depending on the circumstances and applicable law, you may have rights including the right to:
(a) request access to the personal data we hold about you;
(b) request correction of inaccurate or incomplete personal data;
(c) request erasure of your personal data;
(d) request restriction of processing;
(e) object to certain processing;
(f) request transfer of certain personal data to you or a third party;
(g) withdraw consent where we rely on consent; and
(h) complain to the relevant supervisory authority.
18.2 These rights are not absolute and may be subject to legal exemptions or conditions.
18.3 We may need to verify your identity before responding to a rights request.
18.4 To exercise your rights, please contact us at info@tendercraft.consulting.
19. Complaints
19.1 If you have concerns about how we process personal data, we would appreciate the opportunity to address them first.
19.2 You may contact us at info@tendercraft.consulting.
19.3 You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.
20. Business Contact Data and Corporate Information
20.1 Because TenderCraft primarily operates in a business and professional context, we often process personal data relating to:
- directors
- founders
- employees
- consultants
- representatives
- procurement leads
- bid team contacts
- operational stakeholders
20.2 Where we process business contact data, we do so for legitimate business purposes including:
- responding to enquiries
- delivering services
- maintaining client relationships
- administration and record keeping
20.3 The fact that data is connected to a business does not necessarily mean it ceases to be personal data. We will treat business contact information as personal data where applicable law requires.
21. Information Provided by Clients About Third Parties
21.1 In the course of questionnaires, enquiries or advisory engagements, clients may provide information about other individuals, including:
- employees
- subcontractors
- consortium partners
- delivery partners
- bid contributors
- customer contacts
21.2 Where you provide us with personal data relating to another person, you are responsible for ensuring that:
(a) you have a lawful basis to share that data;
(b) the disclosure is fair and lawful; and
(c) any required notices or permissions have been given.
21.3 We are not responsible for unlawful disclosures made to us by clients or users of the Site.
22. Automated Decision-Making
22.1 We do not generally make decisions about individuals based solely on automated processing in a way that produces legal or similarly significant effects.
22.2 If we use questionnaires, triage tools or internal scoring approaches, they are generally used as screening or advisory support tools and not as the sole basis for legally significant decisions about individuals.
23. Children’s Data
23.1 Our Site and services are intended for business and professional use and are not directed at children.
23.2 We do not knowingly collect personal data from children.
23.3 If you believe that personal data relating to a child has been provided to us in error, please contact us and we will take appropriate steps.
24. Changes to This Privacy Policy
24.1 We may update this Privacy Policy from time to time.
24.2 Any updated version will be posted on the Site with a revised “Last Updated” date.
24.3 We encourage you to review this Privacy Policy periodically.
24.4 Where required by law, we will take appropriate steps to notify you of material changes.
25. Contact Us
25.1 If you have any questions about this Privacy Policy or our data practices, please contact:
TenderCraft Ltd
2 Glenside
Kirkby-In-Ashfield
Nottingham
England
NG17 7GZ
Email: info@tendercraft.consulting