Legal

Privacy and Cookies Policy

Effective date: 20 May 2026

1. Introduction

The Oakworth Group is committed to protecting the privacy of individuals whose personal data it processes. This policy explains what data is collected, how it is used, the legal basis for processing, and the rights of data subjects.

The data controller is THEOAKWORTH (PRIVATE) LIMITED, with its operating office at 5 Brayford Square, London, E1 0SG, United Kingdom.

2. Data Collected

The Oakworth Group collects personal data only when voluntarily provided by the individual. Data may be collected through:

  • The Blueprint Diagnostic request form — company name, website, revenue stage, industry, capital stage, primary purpose, additional context, and email address.
  • The Request a Model form — email address, name, model of interest, modules selected, and additional requirements.
  • The Investor Readiness Scorecard optional email field — email address and platform-interest preference.
  • Direct email correspondence with the firm.

No sensitive personal data, financial account information, or payment card details are collected or stored by this site. Payment processing is handled by third-party providers.

3. How Data Is Used

Personal data is used solely for the purpose for which it was provided:

  • Blueprint Diagnostic requests: to send a payment link, deliver the diagnostic PDF, and communicate about the assessment.
  • Request a Model submissions: to respond to the enquiry and discuss scope and requirements.
  • Scorecard email capture: to send the scorecard result and, if the platform-interest checkbox was selected, to notify the individual when the Oakworth digital platform becomes available.

Data is not used for marketing purposes. The firm does not send newsletters, promotional emails, or unsolicited communications. If the individual has not checked the platform-interest checkbox, no further communication is sent beyond the response to their specific request.

4. Legal Basis for Processing

Personal data is processed on the basis of:

  • Consent — where the individual has voluntarily provided their data through a form and agreed to the terms.
  • Legitimate interest — where the firm needs to respond to a direct enquiry or deliver a requested service.

The platform-interest checkbox on the Scorecard is always unchecked by default. Selecting it constitutes explicit consent to be notified about the future platform. This consent can be withdrawn at any time by contacting the firm.

5. Data Sharing and Storage

Personal data is not sold, rented, or shared with third parties except as strictly necessary to deliver the requested service. Service providers who may process data on the firm's behalf include:

  • Lemon Squeezy — payment processing for the Blueprint Diagnostic. Lemon Squeezy acts as the Merchant of Record.
  • Resend — transactional email delivery for diagnostic confirmations and model request responses.
  • Airtable — secure storage of submission records for operational purposes.

Each provider is contractually obligated to process data only on the firm's instructions and to maintain appropriate security measures.

6. Data Retention

Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Blueprint and model request records are retained for the duration of any resulting client relationship plus six years. Scorecard email addresses provided solely for platform-interest notification are retained until the platform launches and the notification is sent, or until consent is withdrawn.

7. Data Subject Rights

Under UK data protection law, individuals have the right to:

  • Request access to their personal data.
  • Request correction of inaccurate data.
  • Request deletion of their data where there is no compelling reason for continued processing.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with the Information Commissioner's Office (ICO).

To exercise any of these rights, contact contact@theoakworth.com. The firm will respond within one month.

8. Cookies

This site does not use advertising cookies, tracking cookies, or retargeting pixels. The site does not serve third-party advertisements and does not engage in behavioural tracking.

The site uses Microsoft Clarity for session recording and heatmap analytics. Clarity operates on a cookieless model for visitors from the UK, EEA, and Switzerland. No consent banner is required under current UK guidance for Clarity's cookieless implementation. Clarity processes anonymised interaction data to help the firm understand how visitors use the site. No personally identifiable information is captured by Clarity unless voluntarily provided through a form on the site.

If Clarity's data processing model changes in a way that requires consent, a consent mechanism will be implemented and this policy will be updated.

9. Security

The site is served over HTTPS with TLS encryption. Security headers including Content Security Policy, Strict Transport Security, and X-Frame-Options are configured to protect against common web vulnerabilities. Access to personal data stored in third-party services is restricted to authorised personnel and protected by multi-factor authentication.

10. Changes to This Policy

This policy may be updated from time to time. The current version is always published at https://theoakworth.com/legal/privacy/. Material changes will be noted on this page.

11. Contact

Questions about this policy or requests regarding personal data should be directed to contact@theoakworth.com.