Information we may collect from you
ThermoSphere does not collect any personal identification data, such as names or contact details, about you unless it is voluntarily provided.
The information we may collect and process about you includes:
- identity and contact details such as your name, telephone number(s) and address that you provide by filling in forms on our Website and submitting them to us;
- identity and contact details that you provide in emails and letters you send to us, including keeping a record of that correspondence;
- financial details such as bank account details;
- details of your visits to our Website (including, but not limited to, traffic data, location data, weblogs and other communication data), and the resources that you access.
If you do not provide personal data
Where we either need to collect personal data to comply with a legal or regulatory obligation, or we request it under the terms of a contract that we have with you, if you fail to provide that data when requested we may not be able to perform the contract that we have entered, or are trying to enter, into with you. In this case we may have to cancel a service that you have requested from us, but we will notify you if this is the case at the time.
How we use the information provided to us
We will only process your personal data when legally allowed to do so. We will process your personal data most commonly under the following lawful bases:
- In order to perform the contract we have entered into, or are about to enter into, with you.
- Where the processing is required in order to comply with a legal or regulatory obligation.
- Where the processing is in our legitimate interests (or those of a third party) and these are not overridden by your fundamental rights and interests.
We do not generally rely on consent as a legal basis for processing your personal data unless it is in relation to sending direct marketing communications to you through email or text message. Where your opt in consent is given for marketing purposes, you can withdraw that consent at any time by contacting us at firstname.lastname@example.org
We use information held about you in the following ways:
- to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
- to ensure that content from our Website is presented in the most effective manner for you and for your computer;
- to enable us to improve our products and services;
- to notify you about changes to our services;
- to keep a record of the services you have subscribed to;
- for recruitment and selection purposes;
- for any other purpose which you have specifically consented to when providing the information.
Where we rely on legitimate interests as a lawful basis for processing, our legitimate interests include the following:
- to manage, collect and recover payment of fees for the services provided;
- to ask you to leave a review;
- to administer, maintain, test, support and update our website;
If you have provided us with your contact details, we may contact you using any of the contact details provided. We will not contact you for direct marketing purposes if you have not consented to such use at the time your contact details were collected.
We will only use your personal data for the purposes for which we collected that data, as set out above. If we need to use your personal data for an unrelated purpose, we will notify you of this and explain the legal basis which allows us to do so.
Disclosure of your information
We may disclose your information to third parties who act on our behalf or who assist us in relation to marketing and business development.
However, you will not be contacted by the third party directly unless you have given your express consent to do so.
In the event that the business and assets of ThermoSphere are sold or merged with a third party, we may disclose your personal information to the prospective buyer or merger partner.
We may disclose your information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of business and other agreements; or to protect the rights, property, or safety of ThermoSphere, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We require all third parties to whom we disclose personal data to respect the security of that data and to treat it in accordance with applicable law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not transfer your personal data outside of the European Economic Area.
Where we store your personal data
All information you provide is stored and processed in electronic and/or paper format. ThermoSphere ensures that all information is only processed in the United Kingdom, where our secure servers are also based. There are a number of controls to protect data stored in both electronic and hard copy formats. The staff that interact with personal data are trained to do so in a safe and secure manner. Any paper containing personal data which needs to be destroyed is shredded securely.
How long we store your personal data for
We only retain personal data for as long as is necessary to fulfil the purpose(s) for which that data was collected.
We determine the appropriate length of time to retain personal data by considering the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of that data, the purposes for which we process that data and whether or not we can achieve those purposes through other means. Any applicable legal and/or regulatory obligations will be taken into account here as well.
The transmission of information via the internet is not completely secure. Although we have appropriate security measures in place to reduce the risk of personal data from being accidentally lost, used, disclosed or accessed in an authorised way, we cannot completely guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We have procedures in place to deal with any suspected personal data breach. We will notify you and the ICO of such a breach when we are legally required to do so.
The General Data Protection Rules provide the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
To exercise any of these rights, or for further information on any of them, please email us at: email@example.com
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner Office (ICO) the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
Data Protection Officer
We have appointed a Data Protection Officer to oversee the compliance with this privacy notice. If you have any questions about this notice or how we handle your personal information, please contact Nigel Dowding, Chief Operating Officer –firstname.lastname@example.org
Our website may, from time to time, contain links to and from websites which we consider are of relevance to our customers. This can include advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to and updating of information
You have the right to access information we hold about you. Any request for information may be subject to a fee to meet our costs. Such fee will be no greater than the then current maximum figure recommended by the Information Commissioner.
If there are any changes to or you object to the information about yourself which is held by us, please contact us at: email@example.com with the changes.