Our privacy notice

Privacy notice
1. Purpose

Thought Machine Group Limited and our group companies (“Thought Machine”, “we”, “us”, “our”) gathers and processes personal information in accordance with this privacy notice and in compliance with the relevant data protection laws and regulations, including the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, the EU General Data Protection Regulation (“EU GDPR”), and any other relevant local data protection laws. 

This notice summarises what personal information we may collect and how we may use your information. Thought Machine’s commitment to data privacy reflects the value we place on earning and retaining the trust of our clients, partners, suppliers and others who share their personal data with us.

2. Definitions

A “client” refers to any person or entity that is a customer of Thought Machine

processing” relates to all actions or handling of personal data by manual or automated means, e.g., data collection, erasure and destruction plus everything in between including recording, use, disclosure, sharing and storage

A “data controller” is an individual or organisation who:

  • Decides to collect or process personal data
  • Decides what the purpose or outcome of processing is to be
  • Decides what personal data should be collected
  • Decides which individuals to collect personal data about;

Thought Machine is considered a data controller when it processes client, supplier, partner and other personal data.

A “data subject” is a living individual who can be identified from the personal data or from additional information held or obtained. This can include an individual connected with a potential or existing client, supplier or partner

other party” refers to any person or entity, other than a client, supplier or partner, that may be dealing with Thought Machine for other purposes.

‍A “partner” refers to any person or entity that collaborates with Thought Machine in delivering and implementing Thought Machine’s products / services, or providing compatible components that complement Thought Machine’s products


personal data” is any information that relates to a data subject and that can be used to identify the person directly, or indirectly when used with other information. It includes, but is not limited to:

  • A person’s name
  • Job title
  • Age
  • Postal or email address
  • IP address, e.g., online identifier
  • Vehicle registration number
  • Bank details

There are “special categories” of personal data and these include but are not limited to data revealing:

  • Race or ethnicity
  • Religious or philosophical beliefs
  • Trade union membership
  • Sexual orientation
  • Genetic or biometric data

A “supplier” refers to any person or entity that provides goods or services to Thought Machine

third party” collectively refers to clients, suppliers, partners and other parties

3. Data Protection Principles

Thought Machine is committed to comply with the principles of data protection enumerated in the UK GDPR and other data protection regulations, which means your personal data will be: 

  1. Used lawfully, fairly and in a transparent way (Lawfulness, fairness and transparency)
  2. Collected only for a specific, lawful purpose (Purpose limitation)
  3. Adequate, relevant and limited to what is necessary (Data minimisation)
  4. Accurate and, where necessary, kept up to date (Accuracy)
  5. Kept only as long as necessary for the purposes we have told you about (Storage limitation)
  6. Kept securely (Integrity, confidentiality and security)

4. Client, Supplier, Partner and Other Personal Data

As a data controller, Thought Machine collects personal data for the purpose of contacting and maintaining relationships with its clients, suppliers and partners. Thought Machine may also collect personal data from other parties, including but not limited to prospective clients or those who visit our offices or reach out to us via our available communication channels. 

  1.  The type of client, supplier and other party personal data we collect

The types of personal data that we may process include the following:

  • Contact information of individual(s) representing or acting on behalf of a third party, e.g., name, company name, job title, phone number, email, social media profile and other contact details
  • CCTV footage in respect of any visitors who have entered any Thought Machine offices
  • Other identification details to verify the identity of individual(s) representing or acting on behalf of a third party, e.g., date of birth or identity card/s
  • Certain technical data when you interact and use our website, e.g., internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access our website
  • Usage data, e.g., information about how you interact with and use our website, products and services 
  • Username, if you have been granted access to the Vault Portal on behalf of your organisation 
  • Marketing and communications data, e.g., your preferences in receiving marketing from us and your communication preferences, if you express interest in our products or services or make an enquiry on our website

Thought Machine may anonymize or aggregate any of the information we collect and use it for any purpose, including for research and product development purposes. Such information will not individually identify any of our Clients, Suppliers, Partners and Other Parties is not personal data as it does not directly (or indirectly) reveal your identity. 

  1. How we collect client, supplier and other party personal data

Thought Machine collects personal data:

  • From you directly, by post, email telephone or other means, if you give us your personal data by filling in the online enquiry form on our website, request marketing to be sent to you or give us feedback or contact us
  • In the course of offering or providing our services if you act on behalf of a Client, Partner or Supplier
  • Automatically when you interact with our website, e.g., certain technical data about your equipment, browsing  actions and patterns by using cookies and other similar technologies 
  • From third parties or publicly available sources for the purposes of marketing, Thought Machine may obtain contact details from third parties but only on a lawful basis where it is in the interest of prospective clients, suppliers and partners to know about Thought Machine’s products and services

We may also receive personal Data from public sources, mobile websites or applications you visit or from third parties we have engaged such as analytics providers, intelligence research organisations, search information providers, marketing platforms, recruitment agencies, business associates or subcontractors. In that case, we conduct the appropriate due diligence of such third parties and a risk-based assessment of the lawful basis for processing such personal information shared to us.

If you give us personal data in relation to another individual representing our client, supplier, partner or other party, you confirm that you have provided them the information set out in this privacy notice.

  1. How we use client, supplier and other party personal data

Thought Machine may use client, supplier, partner and other party personal data to:

  • Develop and manage our relationship with potential and existing clients, suppliers, partners and other parties. This may include delivering services or carrying out work that a client, cupplier, partner or other parties have requested or that we are contractually obligated to do so
  • Communicate with potential and existing clients, suppliers, partners and other parties. This may include: (i) informing our clients, partners or other parties of Thought Machine products and services that may be of interest to them; (ii) providing information about relevant Thought Machine products or services, including, for example, pricing information, invoices, shipping or production information; and (iii) responding to questions or inquiries from our clients, suppliers, partners or other parties
  • To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  • To use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing

Thought Machine may also use client, supplier, partner and other party personal data for other uses consistent with the context in which the information was collected or with your consent.

  1. Direct marketing

You may receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving the marketing.

  1. Opting out of marketing

You can ask to stop sending you marketing communications at any time by following the opt-out links within any marketing communication sent to you or by contacting us (dpo@thoughtmachine.net).

If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes.

5. Legal Basis for Processing Client, Supplier, Partner and Other Party Personal Data

We must have a legal basis for using your personal data. We rely on one or more of the following lawful bases:  

  • Performance of a contract: To establish or carry out our contractual obligations and performing agreements with clients, suppliers, partners or other parties in connection with our products and services
  • Legitimate interests: To enable our business or pursue legitimate interests, e.g., facilitating and personalising our interactions with you, notifying you with changes to our services and products, understanding your requirements and performing analysis and comparisons to obtain your view on our products and services, performing targeted marketing activities in order to establish a relationship with a client, analysing personal data, performing internal management and management reporting, managing our and administering safety and security measures
  • Consent: Your consent, to supplement a contractual obligation or legitimate interest, or where either of these two bases otherwise does not exist
  • Legal obligation: To comply with laws and protect our legal rights, in connection with reporting requirements under applicable laws, legal claims, compliance and regulatory investigative purposes (including disclosure of information in connection with legal process or litigation), and other compliance and ethics reporting

In the event a lawful basis cannot be determined for data collection, we will not collect or process it.

6. Sharing and Transferring Personal Data

Thought Machine may need to make international transfers of Personal Data by electronic or other means:

  • Among Thought Machine group companies, including our various branches and offices in many parts of the world. Thought Machine has put in place data processing agreements to ensure that transfers are subject to data protection controls of the highest standards. This may include European Commission- and Information Commissioner’s Office-approved standard clauses and appropriate data transfer arrangements
  • To and among third party processors (some of whom may be based outside the UK or the European Economic Area (EEA)) for any one or a combination of the following purposes:
  • if we are legally obliged to do so
  • where we need to comply with our contractual agreements to our clients, in the case of platform hosting providers, CRM and other technology providers; and
  • to support our business, in the case of marketing service providers, survey providers, event organisers and digital agencies

When engaging third parties, we ensure that they are fully compliant with the GDPR and the applicable data protection law in your jurisdiction before engaging with them and, among others, by limiting their use of personal data for the services they perform on our behalf.

The personal data that transferees and third parties have in respect of our clients, suppliers, partners and other parties will be kept no longer than is necessary for the purposes for which they are processed, and all reasonable steps are taken to delete information when it is no longer required.

7. Data Retention

Thought Machine will store client, supplier, partner and other party personal data for the duration of our relationship with the relevant party, and for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy notice. In some circumstances, we may store your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements.

In specific circumstances, we may store your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.

8. Data Security

Thought Machine takes privacy seriously and we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. 

All our third party service providers and Thought Machine group companies are required to take appropriate security measures to protect your personal data in line with our policies. They may include encryption, physical access security or other tools that we believe enhance the security of our data processing systems.

We limit access to your Personal Data on a need-to-know basis using LDAP group memberships. Our employees, contractors and agents are subject to a strict duty of confidentiality and required to use personal data only in accordance with our instructions and not for any other purposes. 

We have security measures and procedures in place to detect, identify and mitigate suspected and actual personal data breaches and will notify you and the relevant supervisory authority of a relevant personal data breach where we are legally required to do so.

9. Automated Decision-Making

We do not rely solely on automated decision-making. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

10. Data Subject Rights

You have several rights in relation to your personal data that we hold:

  • Right of access (commonly known as a “data subject access request”) - This enables you to receive a copy of the personal data we hold about you and to check we are lawfully processing it
  • Right to rectification – This enables you have any incomplete or inaccurate information we hold about you corrected 
  • Right to erasure (also known as the ‘right to be forgotten”) – This enables you, in certain circumstances, to ask us to delete or remove personal data where there is no good reason for us continuing to process it
  • Right to restrict processing – This enables you to ask us to suspend processing of your personal data, e.g., if you deem it is being used illegally or the data is not correct
  • Right to object to processing - Where we are relying on legitimate interest, you can object to your personal data being used if it is not being used in the manner for which it was collected (e.g., profiting, automation, direct marketing)
  • Right to data portability - Thought Machine must provide you with your personal data so that you can reuse it for your own purposes or across different services. We must provide it in a commonly used, machine-readable format
  • Right to object to automated individual decision-making – Thought Machine must respect the rights of individuals in relation to automated decision-making and profiling
  • Right to lodge a complaint – You have the right to lodge a complaint with the applicable data protection regulator or supervisory authority (e.g., the UK Information Commissioner’s Office)
  • Right to withdraw consent (where consent is the lawful basis) - If you have provided consent for the processing of your personal data for the purposes of our recruitment process, you have the right to withdraw that consent at any time which will not affect the lawfulness of the processing before their consent was withdrawn. To withdraw your consent, or for any complaints, requests or queries, individuals should contact dpo@thoughtmachine.net

Once we have received notification that you have withdrawn your consent, we will no longer process your application and, subject to our retention policy, we will dispose of your personal data securely. We may ask you to verify your identity before acting on the request - this is to ensure that your data is protected and kept secure.

11. Contact Details

Our Data Protection Officer is entrusted with monitoring and enforcing compliance with all data protection laws, to ensure that personal data that is collected and processed is handled appropriately.

If you have any questions or concerns about this privacy notice or how we handle your personal data, our Data Protection Officer can be contacted via the following e-mail address: dpo@thoughtmachine.net

Contact address: Data Protection Officer

7 Herbrand St, London WC1N 1EX

12. Complaints

You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). However, before doing so please make sure you have first made your complaint to us or asked us for clarification if there is something you do not understand.

13. Changes to this Privacy Policy and Your Duty to Inform Us of Changes

We keep our privacy policy under regular review. Historic versions can be obtained by contacting us.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

Cookies

This website uses cookies. We use cookies to personalise content and marketing, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, marketing and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

What are Cookies?

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

How Does Thought Machine Use Cookies?

Cookies allow us to tailor the content on our website to fit the needs of our website's visitors and helps us improve the user experience. Without certain types of cookies enabled, we can't guarantee that the website and your experience of it are as we intended it to be.

We use cookies to obtain information about your visits and about the device you use to access our website. This includes where available, your IP address and pseudonymous identifiers, operating system and browser type and, depending on the cookie, also includes the reporting of statistical data about our users’ browsing actions and patterns.

What Types of Cookies are there?

1. Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

2. Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

3. Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. This data allows us to improve the website's structure and guides us to create more relevant, valuable content.

4. Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

5. Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.

How You Can Control and Delete Cookies

You can change or withdraw your consent on our website at any time, either from the cookie declaration page or by using the cookie widget on each page. Please bear in mind that deleting and blocking cookies may have an impact on your user experience.

Learn more about who we are, how you can contact us and how we process personal data in our cookie declaration page.

Melden Sie sich für unseren Newsletter an
Thank you! You will now receive some incredible content in your inbox!
Oops! Something went wrong while submitting the form.
Informationen darüber, wie wir Ihre Daten verwenden, finden Sie in unserer Datenschutzrichtlinie.