Last updated: 16 June 2026
1. Who we are
TTG Consulting Limited, trading as The Transformation Group ("we", "us", "our"), is the data controller of the personal information collected through this website. We are registered in England and Wales and provide AI strategy, business transformation, process automation and executive intelligence consulting services.
Registered address: TTG Consulting, The Transformation Group, London, United Kingdom.
Data Protection Contact: john.mitchell@ttg-consulting.com | +44 7702 824 438
2. Information we collect
We collect personal information in the following ways:
2.1 Information you provide to us
When you submit our contact form, workshop enquiry form, or otherwise correspond with us, we collect:
- Full name
- Company or organisation name
- Job title or role
- Email address
- Telephone number (if provided)
- The contents of your message or enquiry
- Your stated area of interest (e.g. AI Strategy, Process Automation, Executive Intelligence)
- Your consent record (date, time and wording of consent)
2.2 Information we collect automatically
When you visit our website, we collect certain technical information using cookies and similar technologies:
- IP address and general location (country/region level)
- Browser type, version and language
- Operating system and device type
- Pages visited, time spent on pages and navigation paths
- Referring website or search terms (where available)
- Date and time of access
2.3 Information from third parties
We may receive information about you from third parties if you have indicated interest in our services through partner events, professional networks or referrals. We will only use this information where we have a lawful basis to do so.
3. How we use your information
We use your personal information for the following purposes:
- To respond to your enquiry — to contact you about your submitted request, arrange follow-up conversations and provide the information you have asked for.
- To deliver services — to prepare proposals, scope engagements, deliver workshops, provide consulting services and manage our commercial relationship with you.
- To communicate with you — to send relevant business updates, insights, event invitations and service information where you have consented, or where we have a legitimate interest and you have not objected.
- To improve our website and services — to analyse how visitors use our site, diagnose technical issues and enhance user experience.
- For security and fraud prevention — to protect our website, systems and users from malicious activity.
- To comply with legal obligations — to meet our regulatory, tax and accounting obligations, and to respond to lawful requests from public authorities.
4. Legal basis for processing
Under the UK GDPR and Data Protection Act 2018, we rely on the following legal bases:
- Consent — where you have explicitly agreed (via the form checkbox) to us processing your data for marketing communications or to respond to your enquiry.
- Legitimate interests — where processing is necessary for our legitimate business interests in responding to enquiries, delivering services, maintaining client relationships and improving our offering, provided your rights and interests do not override these.
- Contractual necessity — where processing is required to enter into or perform a contract with you (e.g. preparing a statement of work or engagement letter).
- Legal obligation — where we are required to process data to comply with applicable law (e.g. tax and accounting record-keeping).
You may withdraw consent at any time by contacting us at john.mitchell@ttg-consulting.com or by using the unsubscribe link in any marketing email. Withdrawing consent will not affect the lawfulness of processing carried out before withdrawal.
5. Data sharing and recipients
We do not sell, rent or trade your personal information. We may share your data with the following categories of recipients, always under appropriate contractual safeguards:
- Service providers — trusted third parties who provide services on our behalf, such as email delivery platforms, cloud hosting providers (Supabase / Vercel), customer relationship management (CRM) systems and IT support providers. These processors act only on our instructions.
- Professional advisers — our lawyers, accountants and insurers, where necessary for the provision of their services to us.
- Regulators and authorities — courts, government agencies or regulatory bodies where required by law or to protect our legal rights.
- Business transfers — in the event of a merger, acquisition, reorganisation or sale of assets, your data may be transferred to the relevant successor entity.
6. International transfers
Your personal data is primarily stored and processed within the United Kingdom and European Economic Area (EEA). Some of our service providers (e.g. cloud hosting, email delivery) may process data in the United States or other jurisdictions outside the UK/EEA.
Where we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK/EU authorities, or transfers to countries recognised as providing an adequate level of data protection.
7. Data retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting and reporting requirements. Our retention periods are as follows:
- Enquiry and contact form submissions: 3 years from the date of last contact, unless you become a client (in which case, see below).
- Client and project records: 7 years after the end of the engagement, to comply with UK tax, accounting and contractual limitation periods.
- Marketing consent records: Retained for as long as you remain subscribed, plus 2 years after unsubscribing, to demonstrate compliance with consent requirements.
- Website analytics and log data: 26 months, after which data is aggregated and anonymised.
- Cookies and tracking data: As detailed in our Cookie section (Section 9), individual cookies have lifespans from session-only to 12 months.
When data is no longer required, we securely delete or anonymise it in accordance with our data retention policy. Anonymised data may be retained indefinitely for statistical and research purposes.
8. Your data protection rights
Under UK and EU data protection law, you have the following rights:
- Right to access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — you can request deletion of your data where there is no overriding legal basis for retention.
- Right to restrict processing — you can ask us to suspend processing in certain circumstances.
- Right to data portability — you can request your data in a structured, commonly used format for transfer to another controller.
- Right to object — you can object to processing based on legitimate interests or for direct marketing purposes.
- Rights relating to automated decision-making — we do not engage in automated decision-making or profiling that produces legal or similarly significant effects.
- Right to withdraw consent — at any time, where processing is based on consent.
- Right to complain — to the UK Information Commissioner's Office (ICO) or your local supervisory authority.
To exercise any of these rights, please contact us at john.mitchell@ttg-consulting.com or write to us at our registered address. We will respond within one month of receiving your request, which may be extended by a further two months for complex requests. We may need to verify your identity before processing your request.
9. Cookies and tracking technologies
Our website uses cookies and similar technologies. Cookies are small text files stored on your device when you visit a website.
9.1 Essential cookies
These cookies are necessary for the website to function and cannot be switched off. They include session cookies that enable you to navigate the site and use its features. These cookies do not store personal information.
9.2 Analytics cookies
We use analytics cookies to understand how visitors interact with our website, which pages are most popular, and to identify technical issues. This data is collected in an aggregated and anonymised form where possible. We currently use essential and basic analytics cookies only; we do not use third-party advertising or retargeting cookies.
9.3 Managing cookies
You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information on managing cookies, visit aboutcookies.org.
10. Data security
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it:
- Encryption: All data transmitted between your browser and our servers is protected using TLS/SSL encryption (HTTPS).
- Access controls: Personal data is accessible only to authorised TTG Consulting personnel who need it to perform their roles.
- Secure infrastructure: We use reputable cloud service providers with industry-standard security certifications (ISO 27001, SOC 2).
- Regular review: We review and update our security practices periodically to address emerging threats.
While we employ robust security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we continuously work to protect your information.
11. Children's privacy
Our website and services are not directed at children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or the functionality of our website. Material changes will be communicated via a prominent notice on our website or by email if we have your contact details.
The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically. Your continued use of the website after changes are posted constitutes acceptance of the revised policy.
13. Contact us
If you have any questions, concerns or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Contact:
TTG Consulting | The Transformation Group
Email: john.mitchell@ttg-consulting.com
Phone: +44 7702 824 438
Website: www.ttg-consulting.com
ICO Registration: We are registered with the Information Commissioner's Office.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:
