Themis Executives Limited, trading as Themis Consultancy (“we”, “our” or “us”) is committed to safeguarding the privacy of your personal data. Themis Consultancy is registered with the Information Commissioner’s Office (ICO) under registration number ZA831333.This is an important notice regarding your privacy and the way in which Themis Executives Limited collects and makes use of your personal data. We want to be open and transparent with you, and therefore encourage you to contact us if you have any questions about this policy or the ways in which we use your personal data.
This Policy was created in January 2021 and sets out how we will process the personal data you provide to us when you us contact via the website, by email and/or by phone as a prospective client. In the event we are engaged by you to provide services as our client, we will provide you with details as to how any additional personal data collected from you during our engagement will be processed.
This policy applies to all individuals and businesses who provide us with personal data prior to engaging our service.
For the purpose of applicable privacy legislation, Themis Executives Limited of 20-22 Wenlock Road, London, England, N1 7GU, Company number 13018907 acts as a data controller in relation to the personal data referenced below. Any queries regarding this policy should be directed to us at email@example.com.
- WHAT INFORMATION DO WE COLLECT AND HOLD?
- HOW WILL WE USE THE PERSONAL INFORMATION WE OBTAIN AND THE LEGAL BASIS UPON WHICH WE RELY FOR DOING SO?
We will only use the personal information provided or, or obtained by us, in order to respond to your business enquiry and/or for the purposes of keeping you up to date with your enquiry. As such we have a legitimate interest and hence a legal basis for collecting this information. In the event a business enquiry results in you engaging Themis Consultancy to provide services to you, our general terms of engagement will set out how we will process any additional personal data provided at or after that time.
- FROM WHERE DO WE OBTAIN YOUR PERSONAL INFORMATION?
Themis Consultancy will, in the main, obtain your personal information directly from you or from your firm. In some circumstances, we may obtain your personal information from public sources such as the Financial Services Register and Companies House. Typically, the personal information relating to you that we collect from public sources is limited to your full name, your role, any Senior Management Function role, business details and business email address.
We may also, through either our business or employees connected with you on LinkedIn and use this platform to obtain personal information about you.
- WITH WHOM MIGHT WE SHARE YOUR PERSONAL INFORMATION?
We may share your personal information with one or more of the following named third party contractors:
- Signature Compliance Limited, Company Number 10305512, registered office address Kemp House, City Road, London, United Kingdom, EC1V 2NX;
- JHD Executive Consultants Limited, Company Number 11183330, registered address 37 Hillend, Twyning, Tewkesbury, GL20 6DW; and
- Themis Consultancy Limited, Company Number 12691148, registered office address 20-22 Wenlock Road, London, England, N1 7GU.
These businesses provide compliance advisory services to Themis Executives Limited and are, contractually obligated to protect any personal data we share with them. Any engagement of Themis Consultancy by you, will set out the limited purposes for which personal data is used by the above third party contractors.
We may also share your personal information with the following types of third parties:
- Technical support providers, for example, assisting with our website.
- Professional advisers such as lawyers, accountants, insurance companies and business analysts.
- Providers which help us collate and organise information effectively and securely.
- Providers which assist us with marketing by, for example, helping us send marketing mailshots and providing catalogues where requested.
- Third party software hosting companies which provide us with software solutions.
- Providers which host our servers in their data centres.
We do not typically transfer your personal information outside of the EEA. Our compliance consultancy services typically relate to UK regulatory requirements and disclosing personal information, where instructed by our clients or where under a legal obligation to do so, to relevant UK regulatory authorities only.
Additional third parties that we use include:
- Wriggle Productions Limited, Company Number 07978977, registered address 103 High Street, Gosforth, Newcastle Upon Tyne, Tyne & Wear, NE3 1HA to outsource marketing activity on our behalf; and
- SMV UK Limited, Company Number 07127494, registered address registered office at Unit E5, Telford Road Telford Road, Bicester, England, OX26 4LD which provides administrative support to Themis Executives Limited.
- DATA RETENTION
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for.
We assess the appropriate retention period for different information based on the size, volume, nature and sensitivity of that information, the potential risk of harm to you from unauthorised use or disclosure of that information, the purposes for which we are using that information, applicable legal requirements for holding that information, and whether we can achieve those purpose(s) through other means.
- Where we have collected your personal information during our organisations doing business, we will keep your personal information for as long as this business relationship continues, or for as long as we have a commercial interest in holding your personal information, for example, with a view to doing business in the future.
- We will continue to provide you with regular regulatory updates until you confirm that you no longer wish to receive them.
For specific timeframes for how long we keep your personal data for, please contact us by emailing firstname.lastname@example.org
- HOW AND WHERE WE STORE YOUR PERSONAL DATA
We use Microsoft Office 365 including SharePoint and therefore electronic versions of your personal information will be stored securely on servers within the UK and/or Europe, in accordance with the terms issued by Microsoft at the relevant time.
We have implemented reasonable and appropriate security measures to protect your personal information including limiting access to key personnel and utilising usernames, passwords, encryption and anonymisation where appropriate. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee that data breaches will never occur.
- YOUR RIGHTS UNDER THE DATA PROTECTION ACT
You have various rights under law that assist you with verifying our lawful use of your personal data, including:
- Request access to your personal information, known as a data subject access request (DSAR). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request the erasure of your personal information. This enables you to ask us to delete or remove personal information when there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest and there is something about your situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
Should you wish to exercise your rights to access, correct, erase, or restrict as set out above, please contact us by emailing email@example.com. You will not have to pay a fee to exercise any of these data protection related rights however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply.
- YOUR RIGHT TO WITHDRAW CONSENT
If you have provided your consent to the collection, processing, and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us by emailing firstname.lastname@example.org.
Where we are providing you with marketing information, you can also change your marketing preferences by using the unsubscribe button at the bottom of our marketing e-mails sent to you.
Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
- YOUR RIGHT TO COMPLAIN
You may complain to your local supervisory data protection authority about us depending on where you are located. In the UK, please read: https://ico.org.uk/make-a-complaint/ for details of how to do this.