Skip to main content
Address
2 Fairwyn Road,
London,
SE26 4AE
Email
hello@all3points.com

Last updated: 8 May 2026

Privacy Policy

1. Introduction

all.three.points. Ltd (“all.three.points.”, “we”, “us”, or “our”) is committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have in relation to your personal data.

This policy applies to information collected through our website (www.all3points.com), through our business relationships with clients and partners, and from members of the public who interact with us — for example, by signing up to our mailing list or contacting us about our work.

Important: If you are taking part in one of our research, co-creation or workshop projects — or if you are a parent or guardian whose child is taking part — please also read our separate Participant Privacy Notice, which sets out in detail how we handle data collected during projects.

2. Who we are

all.three.points. Ltd is a youth strategy and innovation consultancy registered in England and Wales.

  • Company name: all.three.points. Ltd
  • Company number: 11428210
  • Registered address: 2 Fairwyn, London, SE26 4AE, United Kingdom
  • Contact email: hello@all3points.com

For the purposes of UK data protection law, all.three.points. Ltd is the “data controller” for the personal information described in this policy, except where we act as a “data processor” on behalf of a client or partner institution (for example, when we run a research project at a school or university under that institution’s instructions). Where we act as a processor, the relevant institution’s privacy notice will apply alongside ours.

3. Information we collect

We collect personal information in the following categories:

3.1 Information you give us directly

  • Your name, job title, employer, email address and phone number when you contact us, fill in a form on our website, or correspond with us about a potential or live project.
  • Information you choose to share when meeting with us, attending a pitch or briefing, or providing feedback.
  • Marketing preferences, including whether you have opted in to receive updates from us.

3.2 Information collected automatically when you visit our website

  • Technical information such as your IP address, browser type, device type, operating system, referring URL, and pages visited.
  • Usage information collected through cookies and similar technologies. For full details, please see our Cookie Policy.

3.3 Information from third parties

  • Information from publicly available sources (for example, LinkedIn or company websites) when researching prospective clients or partners.
  • Information from our partner institutions (such as schools, universities and youth organisations) when they introduce us to staff, students or members for collaborative projects, in line with their own privacy and safeguarding policies.

3.4 Research and project participants

Where we run research, co-creation, workshop or innovation projects involving members of the public — in particular Gen Alpha and Gen Z participants — we collect a wider range of information, which is described in detail in our separate Participant Privacy Notice. That notice covers, among other things, audio and video recordings, photographs, written contributions, and follow-up engagement through our Youth Impact Curve programme.

4. How we use your information

We use your personal information for the following purposes, in each case relying on the lawful bases set out below:

4.1 To run our business and deliver our services

  • Responding to enquiries, preparing proposals, and managing client relationships.
  • Delivering projects and services we have agreed to provide.
  • Invoicing, accounting and financial administration.

Lawful basis: performance of a contract, or our legitimate interests in operating and growing our business.

4.2 To communicate with you

  • Sending you information about our services, projects, thought leadership and events, where you have opted in or where we have an existing business relationship and you have not objected.
  • Notifying you about changes to our services or this policy.

Lawful basis: your consent (for marketing emails to new contacts), or our legitimate interests in maintaining business relationships. You can unsubscribe at any time using the link in any marketing email or by contacting us.

4.3 To improve our website and services

  • Analysing how our website is used, so we can improve it.
  • Understanding which of our services are of interest to clients and partners.

Lawful basis: your consent (for non-essential cookies and analytics), or our legitimate interests in understanding and improving our offering.

4.4 To comply with legal and regulatory obligations

  • Keeping records as required by tax, company and other applicable laws.
  • Responding to lawful requests from regulators, courts or law enforcement.

Lawful basis: compliance with a legal obligation.

5. Who we share your information with

We do not sell your personal information. We share information only with the following categories of recipient, and only as necessary:

  • Our team and trusted associates: members of the all.three.points. Collective and Youth Advisory Squad who are working on projects, all of whom are bound by confidentiality obligations.
  • Service providers: providers of business tools we use to run our work, including Google Workspace (email, documents, file storage), Microsoft Teams (video calls and collaboration), and Quallie.Ai (qualitative research analysis). These providers act as our processors and are contractually required to protect your data.
  • Partner institutions: our exclusive partners, including Ravensbourne University, and other youth organisations, where this is necessary to deliver a project together. Information is shared on a need-to-know basis and subject to appropriate agreements.
  • Clients: where you are a research participant or contributor, anonymised or aggregated insights are typically shared with our clients as part of project deliverables. Where identifiable information would be shared (for example, a video clip of you), we will obtain your specific consent first — see our Participant Privacy Notice.
  • Professional advisers: our accountants, lawyers and insurers, where necessary.
  • Regulators and authorities: where we are legally required to disclose information, or to protect our rights or those of others.
  • Successors and acquirers: if we sell, transfer or reorganise our business, your information may be transferred to the relevant party as part of that transaction.

6. International transfers

We are based in the United Kingdom and most of our data processing takes place in the UK or the European Economic Area (EEA). Some of our service providers (in particular Google and Microsoft) may process data in the United States or other countries outside the UK and EEA.

Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, such as the UK’s International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or transfers to countries that the UK Government has determined provide an adequate level of protection.

As we expand into the EU and US, we will update this section to reflect any new arrangements.

7. How long we keep your information

We keep personal information only for as long as we need it for the purposes set out in this policy, or as required by law. In practice:

  • Client and prospect contact details: for the duration of our relationship and for up to 6 years after our last meaningful interaction (to support business records and tax obligations).
  • Project records: typically for 6 years after the end of the project, in line with limitation periods under English law.
  • Marketing list contacts: until you unsubscribe, or after 2 years of inactivity, whichever is earlier.
  • Website analytics data: as set out in our Cookie Policy.
  • Research participant data: as set out in our Participant Privacy Notice. The Youth Impact Curve programme involves contact 6 and 12 months after a project, and contact details are retained for that purpose with consent.

8. Your rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Access: to ask for a copy of the personal data we hold about you.
  • Correction: to ask us to correct information that is inaccurate or incomplete.
  • Erasure: to ask us to delete your personal data, in certain circumstances.
  • Restriction: to ask us to limit how we use your data, in certain circumstances.
  • Objection: to object to processing based on our legitimate interests, or to direct marketing.
  • Portability: to receive a copy of certain data in a structured, machine-readable format.
  • Withdraw consent: where we rely on your consent, you can withdraw it at any time.
  • Complain: to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk. We would, however, appreciate the chance to address any concerns directly first.

To exercise any of these rights, please contact us at hello@all3points.com. We will respond within one month, and we will not charge a fee unless your request is manifestly unfounded or excessive.

9. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or alteration. These include access controls, encryption in transit, secure cloud storage, and confidentiality obligations on everyone who works with us. However, no online transmission or storage system is ever fully secure, and we cannot guarantee absolute security.

10. Children’s data

Our website is not directed at children under 13 and we do not knowingly collect personal data from children through the website.

Where children and young people take part in our research, co-creation or workshop projects, we have a separate Participant Privacy Notice and consent framework that is age-appropriate. For participants under 18, we obtain consent from a parent or guardian as well as the young person themselves. For participants under 13, parental consent is required as a matter of law and policy. Activities are typically run in partnership with schools or youth organisations and follow their safeguarding policies.

11. Third-party links

Our website may contain links to third-party websites. We are not responsible for their privacy practices or the content of those sites. We encourage you to read their privacy policies before providing any personal information.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services or applicable law. The “Last updated” date at the top of this policy shows when it was last revised. We encourage you to review this page periodically.

13. How to contact us

If you have any questions about this Privacy Policy, or if you would like to exercise any of your rights, please contact us:

  • Email: hello@all3points.com
  • Post: Data Privacy, all.three.points. Ltd, 2 Fairwyn, London, SE26 4AE, United Kingdom

A unique youth engagement platform for brands

© A3P 2026

Site by

WWWonder