In this Policy we explain how we collect, store, protect and use the personal data that you provide to us. Personal Data has a legal definition but, in brief, it means information relating to an identifiable person who can be directly or indirectly identified from it.
We may update this Policy from time to time. This Policy was last updated on 14/05/2020.
‘We’, ‘us’, and ‘our’ means ThingCo Limited, the owner of the Website. We are a company registered in England and Wales under company number 11106355 whose registered office is at 15th Floor 6 Bevis Marks, London, England, EC3A 7BA. The term ‘you’ refers to the individual accessing and/or submitting information to us.
We act as the data controller, (this means that we are the entity responsible for ensuring that your data is used in accordance with this Policy), and our Data Protection Officer can be contacted with any questions or issues at:
Letter: Data Protection Officer, Suite 208, 32 Threadneedle Street, EC2R 8AY
We have to collect personal data to provide our services. We set out more detail below about how we do this and what we collect but generally;
When you use the Website we may collect the following personal data:
In accordance with the law we will only use your personal data where we have a legal basis to do so. Our legal basis for processing your data and details of what we use it for and how we use it is set out below:
We also use your personal data to do the following, which are necessary for the business that we operate – but we always ensure that our business interests do not interfere with your own rights.
We do the following in the interests of our business:
The legal basis for which is...
This processing is necessary for the legitimate interests we pursue in ensuring you receive the best experience of our services, subject to you raising an objection (see “what rights do I have?” below), requiring us to check that our interest in the processing is not overridden by the resulting risk to your rights and freedoms.
In addition to the above, we also have to comply with relevant laws and so we may also process your personal data:
The legal basis for which is...
This processing is necessary due to legal obligations that we are subject to.
We may use your data to make decisions about you, using automated means.
Where we are processing your personal data on the basis of your consent then you will be required to give consent to those processing activities before we can process personal data in that way. Where applicable, we will seek this consent from you when you first submit personal data to us.
If you have previously given consent you may freely withdraw such consent at any time. You can do this through the app or by notifying us in writing by contacting our Data Protection Officer.
If you withdraw your consent, and if we do not have another legal basis for processing your information (see table above), then we will stop processing your personal data. If we do have another legal basis for processing your personal data, then we may continue to do so subject to your legal rights (for which see “what rights do you have?” below).
You cannot withdraw consent for processing that has already taken place.
Please note that if we need to process your personal data in order to operate the Website and/or provide our services, and you object or do not consent to us processing your personal data, the Website and/or those services may not be available to you.
All information we collect and hold on you is stored within the European Economic area (EEA). There may be times when third parties used to ensure fulfilment of the ThingCo services send data outside of the EEA. For third parties sending your data outside of the EEA we will put contractual clauses in place requiring your data to be managed in line with data protection laws in force in the UK.
We do not and will not sell any of your personal data to third parties. We provide a service to you and therefore we need to earn and maintain your trust in us as a service provider.
Your data will be shared with the following company types as part of our contract to you.
We may provide third parties with anonymous and aggregated information about our customers in order to improve our service, but we will make sure before doing so that there is no way to identify you from that information.
We may sometimes get data from external sources (for example to help prevent fraud).
If you would rather we did not contact you for these purposes or would like to confirm how you would like to be contacted and for which services and products, please email us at email@example.com
We’ll keep your personal information in line with our data retention policy.
You do have the right to request your information be deleted, but under some circumstances some information may not be deleted.
Depending on the contract you have with us, there are slight differences. Regardless of the contract type, you’ll always have these rights.
We would like the opportunity to resolve any complaints you have about how we collect or process your Information, so please contact us if you have any concerns via firstname.lastname@example.org. Alternatively, you have the right to lodge a complaint with a supervisory authority, which for the UK is the UK Information Commissioner’s Office (“ICO”). Complaints can be submitted to the ICO through the ICO helpline by calling 0303 123 1113. Further information about reporting concerns to the ICO is available at https://ico.org.uk/concerns/.