Tumblehill Holdings Ltd.

Privacy Policy

Effective date: 5 April 2025 · Last updated: 21 April 2026

1. About This Policy

Tumblehill Holdings Ltd. (“Tumblehill,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal data.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you visit our website, subscribe to our publications, request information, register for an event, communicate with us, or otherwise interact with us.

2. Contact Details

General enquiries: nexus@tumblehillholdings.com

Privacy enquiries and data rights requests: privacy@tumblehillholdings.com

3. Scope

This Policy applies to personal data collected through our website and related digital services, enquiry forms, newsletter or publication sign-up pages, event registration pages, email and phone communications, and cookies or similar technologies used on our website.

4. Personal Data We May Collect

Depending on how you interact with us, we may collect:

  • identifiers and contact details such as your name, email address, telephone number, company name, job title, and country or location;
  • transactional or administrative information such as subscription details, registration information, and billing or payment-related information where relevant;
  • information you include in enquiries, messages, forms, event registrations, downloads, or submissions;
  • technical and usage data such as IP address, browser type, device type, operating system, referring website, pages visited, time spent on pages, dates and times of access, and approximate geographic location derived from IP address;
  • cookie identifiers, analytics information, and similar online activity data;
  • information lawfully received from service providers, analytics providers, payment processors, event partners, social media platforms, or publicly available sources.

5. How We Use Personal Data

  • to operate, maintain, secure, and improve our website, research offerings, publications, and services;
  • to respond to enquiries, requests, complaints, and other communications;
  • to administer subscriptions, registrations, downloads, events, and related records;
  • to send newsletters, research updates, event invitations, and other communications you request or agree to receive;
  • to personalise website content and improve user experience where appropriate;
  • to monitor performance, detect fraud, prevent abuse, and investigate security or compliance issues;
  • to enforce our Terms of Use and protect our legal rights;
  • to comply with legal, regulatory, tax, accounting, and record-keeping obligations.

6. Legal Bases for Processing

Where required by applicable law, we process personal data on one or more of the following grounds: consent, performance of a contract, steps taken at your request before entering into a contract, compliance with legal obligations, and our legitimate interests in operating, improving, protecting, and administering our business and digital services, provided those interests are not overridden by your rights.

7. Marketing Communications

Where permitted by law, we may send you newsletters, event invitations, insights, or updates about our publications and services. You may opt out at any time by using the unsubscribe link in our emails or by contacting us at nexus@tumblehillholdings.com. We may still send non-marketing messages that are necessary for service, transactional, or legal purposes.

8. Cookies and Similar Technologies

We may use cookies, pixels, tags, and similar technologies to help the website function, remember preferences, understand how visitors use the Site, improve performance, and support analytics and communications.

Where required by applicable law, we will request consent before placing non-essential cookies on your device. You can manage cookies through your browser settings and, where available, through any cookie preference tools we provide.

9. Sharing Personal Data

We may share personal data with:

  • website hosting, IT, analytics, communication, and customer relationship management providers;
  • payment processors and subscription administration providers;
  • professional advisers such as lawyers, auditors, insurers, and compliance consultants;
  • event, research, publishing, or commercial partners where relevant and lawful;
  • regulators, law-enforcement agencies, courts, or public authorities where required by law;
  • buyers, investors, successors, or transaction counterparties in connection with a merger, acquisition, restructuring, financing, or sale of assets.

We do not sell personal data.

10. International Transfers

Your personal data may be stored or processed in countries other than your own where our service providers, partners, or technical infrastructure operate. Where personal data is transferred internationally, we will take reasonable steps to ensure appropriate safeguards are in place consistent with applicable data protection laws.

11. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including to satisfy legal, regulatory, tax, accounting, reporting, dispute-resolution, record-keeping, operational, and security requirements. When personal data is no longer needed, we will delete, anonymise, or otherwise dispose of it where feasible and lawful.

12. Data Security

We use reasonable technical, organisational, and administrative measures to protect personal data against unauthorised access, loss, misuse, disclosure, alteration, or destruction. However, no internet transmission or electronic storage system is completely secure, so we cannot guarantee absolute security.

13. Your Rights

Subject to applicable law, you may have the right to:

  • request information about how your personal data is used;
  • request access to personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of personal data in appropriate circumstances;
  • object to or request restriction of certain processing;
  • withdraw consent where processing is based on consent;
  • request portability or transfer of personal data where applicable;
  • lodge a complaint with a relevant supervisory or regulatory authority, where available.

To exercise these rights, contact privacy@tumblehillholdings.com. We may need to verify your identity before responding.

14. Children

Our website and services are not directed to children, and we do not knowingly collect personal data from children except where expressly stated and lawfully permitted. If you believe a child has provided personal data improperly, please contact us so we can take appropriate action.

15. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy, security, or content practices of third parties. You should review their privacy policies before providing any personal data to them.

16. Cross-Border and Jurisdictional Compliance

This Policy is intended to support operation across multiple jurisdictions. Tumblehill will handle personal data in accordance with the data protection and privacy laws that apply to the jurisdiction from which it principally operates the relevant website, service, or activity, together with any mandatory laws that apply to the individual concerned. Where specific local law grants additional privacy rights or imposes additional obligations, those local requirements will apply to the extent required.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised “Last Updated” date. Where required, we will provide additional notice of material changes.

18. Contact Us

Questions about this Privacy Policy or the handling of personal data may be sent to privacy@tumblehillholdings.com.

Tumblehill Holdings Ltd.Privacy Policy — Effective 5 April 2025