Our privacy notice

Privacy notice
1. Purpose

Thought Machine Group gathers and processes personal information in accordance with this privacy policy and in compliance with the relevant data protection laws and regulations. This notice summarises what personal information we may collect and how we may use your information. Thought Machine’s commitment to data privacy reflects the value we place on earning and retaining the trust of our clients, partners, suppliers and others who share their personal data with us.

2. Definitions

A “Data Subject” is a living individual who can be identified from the personal data or from additional information held or obtained. This can include a potential or existing client, supplier or partner.

“Personal Data” (“PD”) or “Personally identifiable information (PII)“ is any information that relates to an identifiable person (or “Data Subject”) and that can be used to identify the person directly, or indirectly when used with other information. It includes, but is not limited to:

  • A person’s name
  • Job title
  • Age
  • Postal or email address
  • IP address, e.g. online identifier
  • Vehicle registration number
  • Bank details

“Client, Supplier, Partner and Other Personal Data” refers to Personal Data relating to Clients, Suppliers, Partners or Other Parties, respectively.

A “Client” refers to any person or entity that is a customer of Thought Machine.

A “Supplier” refers to any person or entity that provides goods or services to Thought Machine.

A “Partner” refers to any person or entity that collaborates with Thought Machine in delivering and implementing Thought Machine’s products or providing compatible components that complement Thought Machine’s products.

“Other Party” refers to any person or entity, other than a Client, Supplier or Partner, that may be dealing with Thought Machine for other purposes.

There are “Special Categories” of personal data and these include but are not limited to data revealing:

  • Race or ethnicity 
  • Religious or philosophical beliefs
  • Trade union membership
  • Sexual orientation
  • Genetic or biometric data

“Processing” relates to all actions or handling of personal data by manual or automated means, e.g. data collection, erasure and destruction plus everything in between including recording, use, disclosure, sharing and storage.

A “Data Controller” is an individual or organisation who:

  • decides to collect or process personal data;
  • decides what the purpose or outcome of processing is to be;
  • decides what personal data should be collected;
  • decides which individuals to collect personal data about;
  • whose data subjects are potential and existing clients, suppliers and partners of Thought Machine; and
  • has a direct relationship with the data subjects.

Thought Machine is considered a Data Controller when it processes Client, Supplier, Partner and Other Personal Data.

3. Data Protection Principles

Thought Machine is committed to comply with the principles of data protection enumerated in the GDPR and the  data protection law applicable to your jurisdiction. Thought Machine will make every effort possible to comply with these principles. Personal data must:

  1. be processed lawfully, fairly and in a transparent manner (Lawful, fair and transparent);
  2. be obtained only for a specific, lawful purpose (Purpose limitation);
  3. be adequate, relevant and limited to what is necessary (Data minimisation);
  4. be accurate and, where necessary, kept up to date (Accuracy);
  5. not be held for any longer than necessary (Storage limitation); and  
  6. be protected and safeguarded in appropriate ways (Integrity, confidentiality and security).
4. Client, Supplier, Partner and Other Personal Data

As a Data Controller, Thought Machine collects personal data for the sole purpose of contacting and maintaining relationships with its Clients, Suppliers and Partners. Thought Machine may also collect personal data from Other Parties, including but not limited to prospective clients or those who visit our offices or reach out to us via our available communication channels. Collectively, these are called Client, Supplier, Partner and Other Personal Data. The types of personal data that we may process include the following:

  • Contact information such as the  name, company name, job title, and address of an individual representing or acting on behalf of a client; 
  • Email address, phone number, social media profile, and other contact details; 
  • CCTV (any visitors who have entered any of Thought Machine Group’s offices); 
  • Other identification details such as your date of birth or identity card/s.

If you give us personal information on behalf of another person representing our Client, Supplier, Partner or Other Parties, you confirm that you have provided them the information set out in this notice.

We may also receive Personal Data from public sources, mobile websites or applications you visit or from third parties we have engaged such as analytics providers, intelligence research organisations, search information providers, marketing platforms, recruitment agencies, business associates or subcontractors. In that case, we conduct the appropriate due diligence of such third parties and a risk-based assessment of the lawful basis for processing such personal information shared to us.

4.1. Legal Basis for Processing Client, Supplier, Partner and Other Personal Data

Thought Machine collects, uses or otherwise processes Client, Supplier, Partner and Other Personal Data in compliance with the GDPR and the applicable data protection law in your jurisdiction. The lawful basis we rely on to process Personal Data may involve one or a combination of the following:

  • To establish or carry out our contractual obligations and performing agreements with Clients, Suppliers, Partners or Other Parties in connection with our products and services;
  • To enable our business or pursue legitimate interests, including but not limited to; facilitating and personalising our interactions with you, notifying you with changes to our services and products, understanding your requirements and performing analysis and comparisons to obtain your view on our products and services, performing targeted marketing activities in order to establish a relationship with a Client, analysing Personal Data, performing internal management and management reporting, managing our and administering safety and security measures;
  • Your consent, to supplement a contractual obligation or legitimate interest, or where either of these two bases otherwise does not exist; or
  • To comply with laws and protect our legal rights, in connection with reporting requirements under applicable laws, legal claims, compliance and regulatory investigative purposes (including disclosure of information in connection with legal process or litigation), and other compliance and ethics reporting.

In the event a lawful basis cannot be determined for data collection, the data should not be collected or processed.

4.2. How We Collect Client, Supplier, Partner and Other Personal Data

Thought Machine collects Personal Data in the following manner:

The data provided to Thought Machine by Clients, Suppliers, Partners and Other Parties - In the course of offering or providing our services. Thought Machine may  collect Personal Data in a number of ways for example contact through the official website, post, telephone, email and any other means.The data is collected automatically - this can be done when Thought Machine engages with clients via an electronic means.
For the purposes of marketing, Thought Machine may obtain contact details from third parties. The personal data obtained is under lawful basis as it is in the interest of prospective clients, suppliers and partners to know about Thought Machine’s products and services.

4.3. How We Use Client, Supplier, Partner and Other Personal Data

Thought Machine may use Client, Supplier, Partner and Other Personal Data to:

Develop and manage our relationship with potential and existing Clients, Suppliers, Partners and Other Parties. This may include (i) delivering services or carrying out work that a Client, Supplier, Partner or Other Parties have requested or that we are contractually obligated to do so and (ii) providing information about Thought Machine product offerings and services that may be of interest to them Communicate with potential and existing Clients, Suppliers, Partners and Other Parties. This may include (i) informing our Clients, Partners or Other Parties of Thought Machine products and services that may be of interest to them; (ii) providing information about relevant Thought Machine products or services, including, for example, pricing information, invoices, shipping or production information; and (iii) responding to questions or inquiries from our Clients, Suppliers, Partners or Other Parties.

Thought Machine may also use Client, Supplier, Partner and Other Personal Data for other uses consistent with the context in which the information was collected or with your consent.

Thought Machine may anonymize or aggregate any of the information we collect and use it for any purpose, including for research and product development purposes. Such information will not individually identify any of our Clients, Suppliers, Partners and Other Parties.

4.4. Sharing and Transferring Personal Data

Thought Machine may need to make international transfers of Personal Data by electronic or other means:

Among Thought Machine Group, including its various branches and offices in many parts of the world. Thought Machine has put in place data processing agreements to ensure that transfers are subject to data protection controls of the highest standards. This may include European Commission- and Information Commissioner’s Office-approved standard clauses and appropriate data transfer arrangements.

To and among third party processors, including Clients, Suppliers, Partners and Other Parties (some of whom may be based outside the UK or the European Economic Area (EEA) for any one or a combination of the following purposes:

  • if we are legally obliged to do so; 
  •  where we need to comply with our contractual agreements to our clients, in the case of platform hosting providers, CRM and other technology providers; and
  • to support our business, in the case of marketing service providers, survey providers, event organisers and digital agencies;

When engaging third parties, we ensure that they are fully compliant with the GDPR and the applicable data protection law in your jurisdiction before engaging with them, among others by limiting their use of Personal Data for the services they perform on our behalf.

The Personal Data that transferees and  third parties have on Clients, Suppliers, Partners and Other Parties will be kept no longer than is necessary for the purposes for which they are processed, and all reasonable steps are taken to delete information when it is no longer required.

4.5. Data Retention

Thought Machine will store Client, Supplier, Partner and Other Personal Data for the duration of our relationship with the Client, Supplier, Partner or Other Party and for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements.

In specific circumstances we may store your Personal Data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings.

4.6. Safeguarding Measures

Thought Machine takes privacy seriously and takes every reasonable measure and precaution to protect and secure Client, Supplier, Partner and Other Personal Data from unauthorised access, alteration, disclosure or destruction. We use appropriate technical and organisational security measures as required under the GDPR and the applicable data protection law in your jurisdiction. These measures are designed to prevent your Personal Data from being accidentally lost, or accessed or used in an unauthorised way. They may include encryption, physical access security or other tools that we believe enhances the security of our data processing systems.

We limit access to your Personal Data on a need-to-know basis using LDAP group memberships. Our employees, contractors and agents are subject to a strict duty of confidentiality and required to use Personal Data only in accordance with our instructions and not for other purposes.We have put in place several security measures to detect and identify a suspected breach of Personal Data, and will notify you and the relevant data protection supervisory authority of a personal data breach where we are legally required to do so. We however cannot be held responsible for the security of Personal Data that you transmit to us via the internet, which you do so at your own risk.

5. Data Subject Rights

Data Subjects have a number of rights in relation to the personal data that we hold. These rights include

  1. The right to be informed - to know what information is being processed about the data subject.
  2. The right of access - to check what data is being held about the data subject.
  3. The right to rectification - gives the data subject the right to correct errors in the information that is held.
  4. The right to erasure - under certain circumstances the employee can ask for their personal data to be permanently erased. This is ‘the Right to be Forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for, or the data subject’s consent for the processing of that data has been withdrawn.
  5. The right to restrict processing - the data subject can stop or halt the processing of their information if they deem it’s being used illegally or the data is not correct.
  6. The right to object - the data subject can object to information being used if it is not being used in the manner for which it was collected, e,g.: profiting, automation, marketing.
  7. Rights in relation to automated decision making and profiling - Thought Machine must respect the rights of data subjects in relation to automated decision making and profiling.
  8. The right to data portability - Thought Machine must provide individuals with their data so that they can reuse it for their own purposes or across different services. Thought Machine must provide it in a commonly used, machine-readable format.
  9. The right to lodge a complaint to the relevant data protection supervisory authority - In the event that Personal Data is being processed contrary to GDPR or the data protection law applicable to your jurisdiction, the data subject may seek redress by filing a complaint with the relevant data protection supervisory authority or courts

If a data subject has provided consent for the processing of Personal Data, they have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before their consent was withdrawn.

For any complaints, requests or queries, data subjects may contact dpo@thoughtmachine.net.

6. Contact

The Data Protection Officer is entrusted with monitoring and enforcing compliance with all data protection laws so as to ensure that personal data that is collected and processed is handled appropriately.

The Data Protection Officer can be contacted via the following e- address:

Data Protection Officer dpo@thoughtmachine.net
7 Herbrand St, London WC1N 1EX
Last updated: 15 September 2023


This website uses cookies. We use cookies to personalise content and marketing, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, marketing and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

What are Cookies?

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

How Does Thought Machine Use Cookies?

Cookies allow us to tailor the content on our website to fit the needs of our website's visitors and helps us improve the user experience. Without certain types of cookies enabled, we can't guarantee that the website and your experience of it are as we intended it to be.

We use cookies to obtain information about your visits and about the device you use to access our website. This includes where available, your IP address and pseudonymous identifiers, operating system and browser type and, depending on the cookie, also includes the reporting of statistical data about our users’ browsing actions and patterns.

What Types of Cookies are there?

1. Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

2. Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

3. Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. This data allows us to improve the website's structure and guides us to create more relevant, valuable content.

4. Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

5. Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.

How You Can Control and Delete Cookies

You can change or withdraw your consent on our website at any time, either from the cookie declaration page or by using the cookie widget on each page. Please bear in mind that deleting and blocking cookies may have an impact on your user experience.

Learn more about who we are, how you can contact us and how we process personal data in our cookie declaration page.

Sign up to our newsletter
Thank you! You will now receive some incredible content in your inbox!
Oops! Something went wrong while submitting the form.
For information about how we use your data please read our privacy policy.