GDPR Compliance

Our commitment to protecting your data rights under UK GDPR

Last updated: 1 January 2024

Our Commitment to Data Protection

ThamesoroTechAI Ltd is fully committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We recognise the importance of protecting personal data and have implemented comprehensive measures to ensure your information is handled responsibly and transparently.

This page provides detailed information about how we comply with data protection legislation and outlines your rights as a data subject.

Data Controller Information

ThamesoroTechAI Ltd acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.

Registered Name: ThamesoroTechAI Ltd

Company Number: 08451792

Registered Address: 47 Queen Victoria Street, London, EC4N 4SA

Data Protection Contact: [email protected]

Lawful Bases for Processing

Under UK GDPR, we must have a valid lawful basis to process your personal data. We rely on the following bases depending on the nature of the processing:

Contractual Necessity

When you engage our services, we process your personal information as necessary to fulfil our contractual obligations. This includes using your contact details to communicate about your consultation, processing financial information to provide personalised guidance, and maintaining records of our service delivery.

Legitimate Interests

We may process certain data based on our legitimate business interests, provided these do not override your fundamental rights. Examples include website analytics to improve user experience, internal administrative purposes, and preventing fraud or ensuring network security.

Consent

Where we send marketing communications or use non-essential cookies, we rely on your freely given consent. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Legal Obligation

Some processing activities are necessary to comply with legal requirements, such as maintaining financial records for tax purposes or responding to regulatory enquiries.

Your Data Subject Rights

UK GDPR grants you several rights regarding your personal data. We are committed to facilitating these rights and will respond to any request within the statutory timeframe of one month.

Right of Access

You have the right to obtain confirmation that we are processing your personal data and to receive a copy of that data. This is commonly known as a "subject access request".

Right to Rectification

You can request that we correct any inaccurate personal data or complete any incomplete data we hold about you.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.

Right to Restrict Processing

You can request that we limit the processing of your personal data in specific situations, such as while we verify the accuracy of data you have contested.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or processing for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.

How to Exercise Your Rights

To make a request regarding your personal data, please contact us at [email protected]. To help us process your request efficiently, please include:

  • Your full name and contact details
  • A clear description of the information or action you are requesting
  • Any relevant reference numbers or dates that may help us locate your records
  • Proof of identity (we may request this to protect your data from unauthorised access)

We do not charge a fee for most requests. However, if a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.

Data Security Measures

We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing. Our security measures include:

  • Encryption of personal data during transmission using TLS/SSL protocols
  • Encryption of sensitive data at rest
  • Regular testing and evaluation of security measures
  • Access controls ensuring only authorised personnel can access personal data
  • Staff training on data protection and information security
  • Incident response procedures for potential data breaches
  • Regular backups with secure storage

Data Breach Procedures

In the event of a personal data breach, we have procedures in place to:

  • Detect, investigate, and report breaches promptly
  • Notify the Information Commissioner's Office within 72 hours where required
  • Communicate with affected individuals without undue delay when the breach is likely to result in high risk to their rights and freedoms
  • Document all breaches and remedial actions taken

International Data Transfers

We primarily process and store personal data within the United Kingdom. Where transfers to third countries are necessary, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by the UK Information Commissioner
  • Transfers to countries with adequate data protection recognised by the UK
  • Specific derogations where applicable under UK GDPR

Data Protection Impact Assessments

For processing activities likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimise data protection risks. This helps us ensure that privacy considerations are embedded in our processes from the outset.

Complaints

If you are dissatisfied with how we have handled your personal data or responded to a request, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office

Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF

Website: ico.org.uk

We encourage you to contact us first so we have the opportunity to address your concerns directly.

Updates to This Information

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website. We recommend reviewing this page periodically to stay informed about how we protect your data.