Thesis Technology Products Ltd. is committed to protecting and respecting your privacy. We want you to understand how we collect and use information about you. We also value your comments in this regard.
The privacy notice describes to you:
- Who we are
- What personal data we collect and store about you and how we collect it
- Why we collect personal data and what we do with it
- The categories of third parties with whom we share your personal data
- How we retain your information and keep it secure
- Your rights and how to exercise them
- How to contact us
Who we are
For the purposes of data protection law, the “controller” is Thesis Technology Products Ltd. a company incorporated and registered in England and Wales under company number 2894920. Our registered office address is: Thesis Technology Products Ltd, T/A LimbO Products, Brooks Green Farm, Brooks Lane, Bosham, West Sussex PO18 8JX, United Kingdom (from now on referred to as “Thesis Technology”, or as “we” and related words such as “us” and “our”). Our registered VAT number is GB615484241.
As controller we are responsible for, and control the processing of, your personal data. We are registered as a data controller with the Information Commissioner’s Office, which is the UK’s supervisory authority for data protection matters.
If you would like to contact us about this notice, including if you wish to receive further information about any aspect of it, our details are as follows:
- Email: firstname.lastname@example.org
- Post: Data Privacy, Thesis Technology Products Ltd, Brooks Green Farm, Brooks Lane, Bosham, West Sussex PO18 8JX, United Kingdom.
What personal data we collect and why we collect it
In the course of our business, which is the sale of CombiPod™ and ancillary products online, we collect the following personal data when you provide it to us:
Personal details, such as:
- Name and title
Contact data, such as:
- Delivery address
- Billing address
- E-mail address
- Telephone and mobile number(s)
- Any other personal information you provide
Payment card details
- Details about payments to and from you
- Details of products you have purchased from us
Technical data, such as:
- Internet protocol (IP) address
- Your login data, browser type and version
- Time-zone setting and location
- Browser plug-in types and versions
- Operating system and platform and other technology on the devices you use to access our website
Profile data, such as:
- Orders made by you
- Feedback and survey responses
- Information about how you use our website, products and services.
How do we collect personal data?
We obtain personal data from sources as follows:
Directly from you when you interact with us, for example when you:
- Buy our products online;
- Phone our customer services team (since your call may be recorded for training, fraud prevention and investigation purposes);
- Give us feedback or post comments or reviews.
From automated technologies such as cookies and tags when you use our website – for more information, please see our cookies notice to find out more.
How do we use your personal data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- To perform a contract we are about to enter into or have entered into with you;
- If it is necessary for our legitimate interests (or those of a third party) and these are not overridden by your own rights and interests;
- Where we need to comply with a legal or regulatory obligation.
We will use your personal data only for the purposes for which we collected it, unless we fairly consider that we need it for another reason that is compatible with the original purpose.
Please contact us if you would like more information on this, and on situations in which more than one lawful basis applies.
As our customer, we will process your personal data for the following purposes, on the legal basis that it is necessary for us to provide our products and services to you:
- to enable us to carry out our services;
- to identify you;
- to respond to your inquiries;
- to the extent necessary to provide you with information you have requested in relation to our products and services
- before you decide to purchase them;
- to provide our products and services, including enabling them to be delivered to you;
- to carry out billing and administration activities, including refunds and credits.
Of course, you are not obliged to provide us with any of this information, but if you chose not to, we may be unable to provide the product or service that you have requested.
We process your personal information for our legitimate business purposes, which include the following:
- to conduct and manage our business;
- to ensure our website and systems are secure (for example, by conducting security penetration tests on our website to ensure our security tools are effective);
- to allow you to review a product you have purchased;
- to analyse, improve and update our services for the benefit of our customers;
- to deal with complaints.
Whenever we process your personal data for these purposes, we ensure that your interests, rights and freedoms are carefully considered.
We may process your personal data in order to comply with applicable laws (for example, if we are required to co-operate with an investigation pursuant to a court order).
Do we share your personal data?
We may provide your personal data to the following recipients for the purposes set out in this notice:
- logistics providers, such as those who deliver our orders;
- e-mail and mail service providers;
- technical and support partners, such as the companies who host our website and who provide technical support and back-up services.
Do you have to provide personal data – and, if so, why?
To form a contract with you, we will need some or all of the personal data described above so that we can perform that contract or the steps that lead up to it: this is set out above in this notice. If we do not receive the data, the contract cannot be performed.
How long will your personal data will be kept for?
We carefully consider the personal data that we store, and we will not keep your information in a form that identifies you for longer than is necessary for the purposes set out in this notice or as required by applicable law. In some instances, we are required to hold data for minimum periods: for example, UK tax law currently specifies a six-year period for retention of some of your personal data.
Do we transfer personal data outside the EEA?
Although we are based in the United Kingdom we may transfer your personal information to a location (for example, to a secure server) outside the European Economic Area, if we consider it necessary or desirable for the purposes set out in this notice.
In such cases, to safeguard your privacy rights, transfers will be made to recipients to which a European Commission “adequacy decision” applies (this is a decision from the European Commission confirming that adequate safeguards are in place in that location for the protection of personal data), or will be carried out under standard contractual clauses that have been approved by the European Commission as providing appropriate safeguards for international personal data transfers, or by the adoption of EU-US Privacy Shield.
How do we keep your personal data secure?
Thesis Technology has security measures in place designed to prevent data loss, to preserve data integrity, and to regulate access to the data. Only authorised Thesis Technology employees and third parties processing data on our behalf have access to your personal data. All Thesis Technology employees who have access to your personal data are required to adhere to the Thesis Technology Privacy Notice and we have in place contractual safeguards with our third-party data processors to ensure that your personal data is processed only as instructed by Thesis Technology.
The security measures we have in place include:
- regular reviews of information collection, storage and processing practices to protect against unauthorised access;
- restriction of access to personal information;
- monitoring of systems storing and processing information;
- use of secure technologies (e.g. SSL, encryption);
- scenario planning and crisis-management exercises to ensure we are ready to respond to cyber security attacks and data security incidents.
We take all reasonable steps to keep your data safe and secure and to ensure the data is accessed only by those who have a legitimate interest to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us. Any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Please contact us using the details in section one of this notice if you would like more information about this.
Your information rights
We draw your attention to your following rights under data protection law:
- right to be informed about the collection and use of your personal data;
- right of access to your personal data, and the right to request a copy of the information that we hold about you and supplementary details about that information – you will be asked to provide proof of your identify and residential address, and we may ask you to provide further details to assist us in the provision of such information;
- right to have inaccurate personal data that we process about you rectified – we want to ensure that the personal information that we process and retain about you is accurate. It is your responsibility to ensure you submit true, accurate and complete information to us;
- right of erasure – in certain circumstances you have the right to have personal data that we process about you blocked, erased or destroyed;
- the right to object to, or restrict:
- processing of personal data concerning you for direct marketing
- decisions being taken by automated means which produce legal effects concerning you or that similarly significantly affect you;
- in certain other situations, to our continued processing of your personal data;
- the right of portability of your data in certain circumstances.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Please contact us using the details in section one of this notice if you would like to exercise any of these rights or know more about them.
These rights are subject to certain limitations that exist in law. Further information about your information rights is available on the ICO’s website: https://ico.org.uk/.
Changes to this privacy notice
We may change this notice from time to time. You should check this notice on our website occasionally, in order to ensure you are aware of the most recent version.
What should you do if you have a complaint?
We hope that you will be satisfied with the way in which we approach and use your personal data.
Should you find it necessary, you have a right to raise a concern with the information regulator, the Information Commissioner’s Office: https://ico.org.uk/.
However, we do hope that if you have a complaint about the way we handle your personal data, you will contact us in the first instance using the contact details in section one above, so that we have an opportunity to resolve it.