GDPR and Data Protection

Information about your data protection rights under UK law

Our Commitment to Data Protection

ThamesoroTechAI Limited is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This page explains your rights under data protection legislation and how we fulfill our obligations as a data controller.

Data Controller Information

For the purposes of data protection legislation, the data controller is:

ThamesoroTechAI Limited
42 Wellington Street
London WC2E 7BD
United Kingdom
Email: [email protected]

Your Data Protection Rights

Right of Access

You have the right to request copies of your personal data. This is commonly known as a "subject access request." We may charge a reasonable fee if your request is clearly unfounded or excessive, though we typically provide this information free of charge.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or incomplete. We will respond to your request within one month.

Right to Erasure

You have the right to request that we erase your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or when you withdraw consent.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing based on legitimate interests.

Right to Object

You have the right to object to our processing of your personal data where we are relying on legitimate interests as the legal basis for processing, and you believe your particular situation warrants an objection.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Withdraw Consent

Where we process your data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing carried out before you withdrew consent.

How to Exercise Your Rights

To exercise any of your data protection rights, please submit a request in writing via email to [email protected].

Please include the following information to help us process your request efficiently:

  • Your full name and contact details
  • A clear description of the information you are requesting or the right you wish to exercise
  • Any relevant dates or reference numbers that may help us locate your information

We will respond to your request within one month. If your request is particularly complex or we receive multiple requests from you, we may extend this period by a further two months, in which case we will notify you and explain the reason for the delay.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests.
  • Legal Obligation: Processing is necessary for us to comply with the law.

Data Security Measures

We have implemented appropriate technical and organizational security measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Access controls limiting who can view personal data
  • Regular security assessments and updates
  • Staff training on data protection principles
  • Secure disposal of data when no longer required

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also report the breach to the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it, as required by law.

International Data Transfers

We do not routinely transfer personal data outside the United Kingdom. If we need to transfer your data internationally, we will ensure appropriate safeguards are in place, such as standard contractual clauses approved by the ICO.

Automated Decision-Making

We do not use automated decision-making or profiling in our processing of your personal data. All decisions regarding our services are made by qualified professionals.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Service delivery data: Duration of our relationship plus seven years for financial records
  • Marketing consent data: Until you withdraw consent
  • Website analytics: Anonymized after 26 months

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

However, we would appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first at [email protected].

Updates to This Information

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on this page.