DATA PROTECTION NOTICE
Last updated: October 2022
1. Overview
This document outlines the data protection standards adopted by Thames AI (“we,” “us,” or “our”) in connection with the services and solutions we provide (the “Solutions”) and our platform (the “Platform”). Safeguarding your privacy and ensuring the security of your information is essential to delivering our services and maintaining the Platform.
Our Solutions and Platform may include links to third-party services or external websites. We are not responsible for the privacy practices of these external entities. We recommend that you review their respective privacy policies before interacting with them.
All information obtained in connection with our Solutions is treated as confidential. We apply extensive technical, organisational, and security measures to protect Personal Data (as defined below) against unauthorised processing, accidental loss, destruction, damage, theft, or disclosure.
When using our Platform, you may be asked to provide personal details such as your name, email address, telephone number, date of birth, and other identifying information. These details may be used to verify identity, manage account information, deliver technical assistance, and meet contractual or legal obligations. We may provide important updates through notifications, and—where permission is granted—share information about products and services via SMS, email, and similar channels. You may adjust your communication preferences or opt out of certain messages at any time.
2. Platform; Visitors and Users
2.1. Overview
This section summarises the data collected from various groups: Platform visitors (“Visitors”), active users (“Users”), and business partners (“Partners”). Personal Data may include IP addresses, names, contact details, and information relating to your interaction with us, in accordance with applicable data protection legislation.
2.2. Collection and Use
By accessing the Platform, you agree to the collection and processing of your Personal Data. If you do not agree with these terms, you should refrain from using the Platform. We may collect data through page-view activity, IP addresses, cookies, and information submitted through registration or enquiry forms.
2.3. Purpose of Processing Personal Data
We process Personal Data to enhance, analyse, and customise our Platform and Solutions. This includes improving accuracy, facilitating communication, providing support, meeting contractual requirements, and collaborating with Partners. Authorisation or a recognised legal basis is required for each processing activity.
The following table outlines the purposes and legal bases for processing Personal Data:
| Account registration and setup | Your consent; performance of the Solutions or contractual requirements |
| Providing and operating the Solutions | Performance of the Solutions or contractual requirements |
| Service updates and notifications | Performance of the Solutions or contractual requirements |
| Responding to enquiries and providing support | Legitimate interests or performance of the Solutions |
| Personalised services, advertising, and marketing | Legitimate interests or your consent |
| Enhancing and developing new Solutions | Consent and legitimate interests |
| Distribution of marketing and promotional materials | Your consent |
| Evaluating marketing campaign performance | Legitimate interests or consent |
| Carrying out various support activities | Legitimate interests or performance of the Solutions |
| Analytics, including statistical assessments | Legitimate interests |
| Protecting interests, rights, and assets | Legitimate interests or legal obligations |
2.4. Sharing Personal Data
We may share information with service providers, Partners, and subcontractors. For Visitors and Users within the European Data Region, data processing complies with the GDPR and all relevant Data Protection Laws and regulations.
3. Partners
3.1. Overview
To deliver our Solutions and work effectively with Partners, we collect and process specific categories of data. Partners are responsible for the information they provide, and access may be granted to us through secure channels.
3.2. Processing Partner Personal Data
We rely on Partner consent or legitimate interests when processing Personal Data. Aggregated datasets may be created to support development, performance analysis, and quality improvements.
3.3. Controller/Processor Role
Depending on the nature of the data, we may act in different capacities:
- Visitor/User Data: Data Controller
- Partner Data: Data Processor
- All data is securely hosted and maintained to the highest protection standards, using physical, technical, and organisational safeguards.
3.4. External Data Processing
If the Solutions require processing Personal Data on an external platform:
- We operate as a Processor
- We follow the instructions provided by the external party
- We implement strict security measures
- We report any data breaches
- We do not subcontract processing without explicit authorisation
- We do not process data outside the European Economic Area without authorisation
- For electronic marketing communications, consent and opt-out options are provided
4. Security
We use administrative, organisational, and technical safeguards to protect Personal Data against unauthorised access, disclosure, alteration, misuse, loss, or damage. When data is shared with third parties, we ensure that they uphold equivalent protection standards and enter into contractual agreements requiring secure and compliant processing.
If you suspect that your interaction with us has been compromised, Visitors, Users, or Partners should notify us immediately. While we take extensive precautions, we cannot guarantee absolute protection from external threats. Users acknowledge the inherent risks associated with online data transmission and storage.
5. Cookies
Please refer to our Cookie Policy for comprehensive information regarding the types of cookies and tracking technologies used on the Platform, why they are utilised, and how to accept or decline them.
6. External Links
While using the Platform, Users may encounter links to third-party websites beyond our control. We are not responsible for the content or privacy practices of these destinations. We encourage Users to review the privacy policies of any external services before providing Personal Data.
7. Data Retention and Removal
Personal Data will not be retained for longer than necessary. Visitors and Users with active accounts are responsible for removing their own data when required. Upon account closure or termination of a partnership, associated Personal Data collected through the Platform and/or Solutions will be removed in accordance with applicable law and our internal policies.
Withdrawal of consent for processing Personal Data may restrict access to some or all requested Solutions, and no claims or disputes may be raised as a result.
8. Your Rights
Users are entitled to specific rights relating to their Personal Data:
8.1. Right of Access
- Confirm whether Personal Data is being processed
- Access Personal Data and related information
- Information about processing purposes, categories, recipients, retention periods, individual rights, and the existence of profiling
8.2. Right to Rectification
- Correct inaccurate Personal Data
- Complete Personal Data that is incomplete
8.3. Right to Erasure
- Request the deletion of Personal Data under specific conditions
8.4. Right to Restrict Processing
- Request restrictions on processing in defined circumstances
8.5. Right to Data Portability
- Receive Personal Data in a structured, machine-readable format
- Transfer Personal Data to another controller
8.6. Right to Object
- Object to processing carried out on the basis of legitimate interests or direct marketing
- Cease processing unless compelling legal grounds apply
8.7. Right to Withdraw Consent
- Withdraw consent for processing Personal Data at any time
9. Advertising and Marketing Materials
Consent is obtained for the use of Personal Data and contact details to deliver promotional and marketing communications. Consent can be withdrawn at any time by providing written notice to the email address listed.
10. Acceptance of this Notice
By using the Platform and/or the Solutions, Visitors, Users, and/or Partners are deemed to have read and accepted this Notice. Anyone who disagrees with its terms should refrain from using the Platform. We reserve the right to update this Notice, and Users are encouraged to review it periodically. Continued use after any changes signifies acceptance.
11. Legal Requirement to Disclose Personal Data
Personal Data may be disclosed without prior consent if there is reasonable belief that such action is necessary to verify identity, make contact, or initiate legal proceedings against individuals suspected of violating rights or property. Disclosure may also occur where required by law.
12. Data Protection Officer
For matters regarding privacy and data protection, a designated “Data Protection Officer” can be contacted at