The House of Tom Davies (THOTD) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect, use and store personal information about you during and after your business relationship with us, in accordance with the UK General Data Protection Regulation (The UK GDPR).
THOTD is a “data controller”. This means that we are responsible for deciding how we hold and use and store personal information about you. We are required under the UK GDPR to notify you of the information contained in this privacy notice.We may update this notice at any time
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using your personal information.
DATA PROTECTION PRINCIPLES
We will comply with all relevant data protection laws (including the EU GDPR). This requires that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
THE KIND OF INFORMATION WE HOLD ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified, whether directly or indirectly. It does not include data where the identity has been removed (anonymous data).
We collect and hold personal information about individuals for the provision of our products and services and purposes connected to those products and services.
Consistent with the provision of our products and services, the types of personal information we may collect and hold include:
- Your identity and contact details - includes your name, email address and your contact telephone numbers;
- Other information – we may collect text of communications gathered in the course of our interaction with you on live-chat, social media and emails, and other information from your interactions with us online including cookies information (and information from other similar technologies), including IP address, URL’s, search histories and other associated information.
The basis for our processing of your personal information under the General Data Protection Regulation (GDPR) is with your consent and to enable us to perform the contract with you related to the services you have asked us to provide. If you don’t provide us with personal information we are unlikely to be able to provide you with our services.
HOW YOUR PERSONAL INFORMATION IS COLLECTED
We typically collect personal information about you: [We will sometimes collect additional information from third parties including data providers].
Special offers via www:
- We use google-analytics, campaign monitor, Facebook analytics, we do not actually record anything in this instance, but google does on our behalf.>/li>
We take reasonable steps to ensure the security and integrity of the personal information we collect in store, use and disclose including restricted server access, encryption and other industry standard security protocols like use of firewalls and complex password protection.
HOW WE WILL USE INFORMATION ABOUT YOU
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract, we have entered into with you.
- Where we need to administer your account with us.
- Where we seek your views on the products and services that we provide.
- Where we need to notify you of changes to our products and services.
- Where we send you information about other products or services that you have specifically requested from us.
- Where we need to comply with a legal or regulatory obligation.
- We will need to process a job application or respond to an enquiry about a possible job with us.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We will also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests).
- Where it is needed in the public interest or for official purposes.
SITUATIONS IN WHICH WE WILL USE YOUR PERSONAL INFORMATION
We need all the categories of information detailed in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal and regulatory obligations. In some cases we will use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below.
- Administering the contract, we have entered into with you and providing our products and services to you.
- Business management and planning, including accounting and auditing.
- Making arrangements for the termination of our contracting relationship.
- Dealing with legal disputes involving you, or any disputes that will arise under the contract that we have with you or the way in which we provide our products and services to you.
- To prevent fraud.
- To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
- To conduct data analytics studies to review and better understand customer engagement, retention and attrition rates.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
CHOICES YOU HAVE WITH YOUR PERSONAL INFORMATION
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the work we do and our exciting products and services, then you can select your choices by ticking the relevant boxes situated on our website We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email: email@example.com
CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you in writing and we will explain the legal basis which allows us to do so.
Please note that we will process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
How secure is my information with third-party service providers and other entities in our group?
All our third-party service providers [and other entities in the group] are required to take appropriate security measures to protect your personal information in line with our policies and this is supported by a contractual agreement with clear obligations on the third parties. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our written instructions.
What about other third parties?
We will share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We will also need to share your personal information with a regulator or to otherwise comply with the law.
We have put in place appropriate technical and security measures to protect the security of your personal information. Details of these measures are available upon request. Third parties will only process your personal information on our written instructions and where they have agreed to treat the information confidentially and to keep it secure as part of their contractual arrangement with us.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures are available upon request.
We have put in place technical and organisational processes and procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
ACCESS AND CORRECTION
We will take all reasonable steps to ensure any personal data we collect, use or disclose is up to date and accurate. If you believe personal information we hold about you is not up to date or accurate, you may ask us to correct it.
You may ask us to provide you with details of the personal information we hold about you, and copies of that information. We will respond to your request and attempt to provide you with the data within 30 days of receipt of your request.
If we provide you with copies of the information you have requested, we may charge you a reasonable fee to cover the administrative costs of providing you with that information.
Please direct all requests for access and correction to firstname.lastname@example.org.
Some other rights in relation to your privacy
Some individuals also have a right, in certain circumstances, to have the information held about them erased. You can talk to us further about this at email@example.com.
You can also request that we restrict or suspend the processing of your personal information. If you do so, note that we will then be most likely unable to provide the services to you.
The GDPR also provides that in some circumstances individuals have a right to data portability, to withdraw their consent at any time, to object to data processing and to object to processing of data for marketing purposes.
Relevant to the GDPR, in order to provide our services to you, we may disclose the information which we process to countries outside the European Economic Area (EEA). Regardless of the location of our processing, we will impose adequate data protection safeguards and implement appropriate measures to ensure that your personal data is protected in accordance with applicable data protection laws.
We currently have several data warehouses within the UK and USA.
CHANGES TO THIS POLICY
If you consider a breach of the Privacy Act 1988 (Cth) has occurred, you may direct your query to our Privacy Officer and we will attempt to resolve your complaint.
We have appointed a Data Protection Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact our DPO at firstname.lastname@example.org.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.