ABOUT THIS POLICY
1.1 Protecting your data, privacy and personal information is very important to Thunderhead (One) Limited and its group companies (collectively “Thunderhead”, “our”, “us” or “we”).
1.4 Our Website contains links to third party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third-party websites.
INFORMATION WE MAY COLLECT
2.1 We may collect and process the following data about you:
Information that you provide to us. You will be asked to provide us with your information when you:
fill in forms on our Website;
correspond with us by phone, email or otherwise;
report a problem with our Website.
Information we collect about you. With regard to each of your visits to our Website we may automatically collect the following information:
device-specific information, such as your hardware model, operating system version, unique device identifiers, and mobile network information;
technical information about your computer, including where available, your IP address, operating system and browser type, for system administration and analytical purposes; and
details of your visits to, and activity on, our Website.
Information we receive from other sources. We may collect personal data provided to us by third parties (such as market research providers and business data repositories).
HOW WE USE YOUR INFORMATION AND JUSTIFICATION OF USE
3.1 Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the ground in respect of each use of your personal data in this policy. These are the principal grounds that justify our use of your information:
Consent: where you have consented to our use of your information (you are providing explicit, informed, freely given consent, in relation to any such use and may withdraw your consent in the circumstance detailed below by notifying us);
Contract performance: where your information is necessary to enter into or perform our contract with you;
Legal obligation: where we need to use your information to comply with our legal obligations;
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights; and
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you or a third party.
3.2 We use information held about you (and information about others that you have provided us with) in the following ways:
3.3 When you communicate with us by telephone or video link, we may record the audio and/or video call for quality control, training, or marketing purposes. All recordings are stored securely. We will not share the recordings with any third party (unless we are required to do so by law) or distribute the recordings outside of the Thunderhead group of companies.
3.4 We will not sell your personal data (or any other data you provide us with) to third-parties; however, we reserve the right to share any data which has been anonymised and/or aggregated. You acknowledge and accept that we own all right, title and interest in and to any derived data or aggregated and/or anonymised data collected or created by us.
4.DISCLOSURE OF YOUR INFORMATION
4.1 We may also disclose your personal information to third parties in the following circumstances:
SECURITY OVER THE INTERNET
5.1 No data transmission over the internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
5.2 Sensitive information between your browser and our Website is transferred in encrypted form using secure Socket Layer (“SSL”) or equivalent cryptographic protocols using certificates issued by a trusted third-party authority. When transmitting sensitive information, you should always make sure that your browser can validate the Thunderhead certificate.
5.3 All information you provide to us is stored on our, or our subcontractors’, secure servers and accessed and used subject to our security policies and standards. We use hosted services (such as Oracle Marketing Cloud and Salesforce) in the course of our business, including for the provision of marketing and sales activities.
5.4 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share your password with anyone.
EXPORTS OUTSIDE THE EEA
6.1 Your personal information may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the European Economic Area (EEA) in which data protection laws may be of a lower standard than in the EEA. Regardless of location or whether the person is an employee or contractor, we will impose the same data protection safeguards that we deploy inside the EEA.
6.2 Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals, we will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient, or the Privacy Shield Framework unless we are permitted under applicable data protection law to make such transfers without such formalities.
6.3 Please contact us if you would like to further details of the specific safeguards applied to the export of your personal data.
EU-U.S. & SWISS-U.S. PRIVACY SHIELD
7.2 The Federal Trade Commission has jurisdiction over Thunderhead’s compliance with the Privacy Shield. In certain situations, we may be required to disclose personal information requested by government authorities, including for national security or law enforcement purposes.
7.3 Thunderhead commits to cooperate with The UK Information Commissioner’s Office and/or the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by UK Information Commissioner’s Office and the Swiss Federal Data Protection and Information Commissioner with regard to personal data transferred from the EU, EEA and Switzerland.
HOW LONG WE RETAIN YOUR PERSONAL DATA
8.1 We will hold the above information for as long as is necessary in order to conduct the processing detailed in the table above, deal with any specific issues that may raise, or otherwise as is required by law or any relevant regulatory body. Some personal data may need to be retained for a longer period of time to ensure Thunderhead can comply with applicable laws and internal compliance procedures, including retaining your email address for marketing communication suppression if you have opted not to receive any further marketing.
8.2 If information is used for two purposes, we will retain it until the purpose with the latest period expires but we will stop using it for the purpose with a shorter period when that period expires.
8.3 We restrict access to your personal information to those persons who need to use it for the relevant purpose(s). Our retention periods are based on business needs and your information that is no longer needed is either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
9.1 Under the General Data Protection Regulation (EU) 2017/676 and Privacy Shield Framework, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at firstname.lastname@example.org.
9.2 In certain circumstances, you have the following rights in relation to your personal data:
9.3 Thunderhead will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.
9.4 Where you request Thunderhead to rectify or erase your personal data or restrict any processing of such personal data, Thunderhead may notify third parties to whom such personal data has been disclosed of such request. However, such third party may have the right to retain and continue to process such personal data in its own right.
11.2 Thunderhead One Inc. has control over the sales and marketing activity in the U.S. and decides the purpose and means for how the personal data related to such activity in the U.S. is processed. Subject to the foregoing, the data controller is Thunderhead ONE Limited (company no. 08115007), with registered address at Ingeni Building, 17 Broadwick Street, London, W1F 0DJ.
CHANGES TO THIS POLICY
Date of last revision: November 2018