Home » Privacy Policy

Privacy Policy

THM Partners LLP of 25 Watling Street, London EC4M 9BR (we, our or us) is committed to protecting and respecting your privacy.

This privacy policy (together with our Engagement Letter and Terms of Business if relevant) sets out details of the personal data we collect from you, or that you provide to us and how it will be processed by us. Please read it carefully to understand how we use your personal data.

We are the data controller of your personal data, and we are registered with the Information Commissioner’s Office (ICO) (registration number Z1494666). As data controller we are responsible for complying with data protection laws when we use your personal data.

Key Terms

personal data means information about individuals (including you), and information from which individuals could be identified.

special categories of personal data means information that is about your racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health, genetic and biometric data and criminal convictions and offences.

you means any individual whose personal data we collect and use including clients, client employees, directors and other personnel, counterparties, counterparty personnel, other professional advisers, suppliers, supplier personnel, general business contacts and users of our website.

Click on one of the links below to jump to the listed section.
Changes to our privacy policy
Information we collect from you
How is your personal data collected?
Purposes for which we will use your personal data and the legal ground
Who we share your personal data with
Cookies
International Transfers
Security
Data Retention
Third Party Links
Your Rights
Contact Us

 

 

1. Changes to our privacy policy

Any changes we make to our privacy policy in the future will be posted on this page and notified to you by e-mail. This privacy policy was last updated on 30 April 2019.

 

2. Information we collect from you

We collect, use, store and transfer the following types of personal data about you:

  • Identity Data which includes first name, last name, title, date of birth, nationality, job title and gender, identification documents such as passport or driver’s licences (needed for proof of your identity) and documents which evidence proof of address such as a utility bill and salary information.
  • Contact Data which includes postal address, email address and telephone numbers.
  • Technical Data which includes internet protocol (IP) address, browser type and version, and other technology on the devices you use to access this website.
  • Usage Data which includes information about how you use our website and services.
  • Marketing Data which includes your preferences in receiving marketing from us.

We do not collect any Special Categories of Personal Data about you.

 

3. How is your personal data collected?

We use different methods to collect personal data from and about you, including through:

  • Direct interactions. You may give us your Identity Data, Contact Data and Marketing Data when:
    • Corresponding with us by post, phone, email or otherwise;
    • Entering into a contract with us;
    • Filling in forms on our website; and
    • Asking us to provide you with a quote for our services.
  • Automated technologies or interactions. As you interact with our website, we automatically collect Technical Data and Usage Data, by using cookies. Please see our section on Cookies for further details.
  • Third parties or publicly available sources. We may receive Identity Data and Contact Data about you from various third parties including:
    • Lawyers, accountants, advisers or financial institutions; and
    • Publicly availably sources, such as Companies House and the Electoral Register. 

Information about other people: If you give us information on behalf of someone else for example names and salary information of your employees, we will also be data controller of and responsible for their personal data. 

 

4. Purposes for which we will use your personal data and the legal ground

We may use your personal information for a number of different purposes. In each case, we must have a “legal ground” to do so. The legal grounds we rely on are:

  • Legitimate Interest – we need to use your personal data for a justifiable purpose (eg, to keep a record of the decisions we make when requests are made regarding ongoing work, to keep business and accounting records, manage our business operations and to develop and improve our products and services). When using your personal data for these purposes, we will always consider your rights and interests.
  • Performance of Contract – we need to use your personal data to enter into or perform our obligations we have under a contract we have entered with you, or to take steps to enter into such a contract, for example to enter into client contracts.
  • Compliance with a legal or regulatory obligation – we have a legal or regulatory obligation that we are subject to, for example, our regulators require us to hold certain records of our dealings with you and we are legally required to carry out Know Your Client (KYC) checks on all potential clients.

Purpose

Legal Ground for using your personal information

To fulfil our contractual obligations, if you are a client (to provide our professional services) or supplier or another individual we have a contract with and to carry out our services

  • It is necessary to enter into or perform our obligations under your contract
  • We have a legitimate interest (to fulfil our contractual obligations)

To contact you if you are involved in a project we are undertaking for a client, whether in your professional or personal capacity

  • We have a legitimate interest (to communicate with you in relation to a project)
  • It is necessary to enter into or perform our obligations under the contract

To instruct third parties on behalf of our clients

  • We have a legitimate Interest (to ensure that we have instructed third parties who we need to provide our services)
  • It is necessary to enter into or perform our obligations under your contract

To provide information relating to our services or a quote

  • We have a legitimate Interest (to further our business and respond to all enquiries for a quote or information)

To carry out investigations, risk assessments and client due diligence

  • We have a legitimate Interest (to carry out appropriate investigations to ensure that we can satisfy ourselves)
  • It is necessary to enter into or perform our obligations under your contract

To keep in touch with you as part of our professional network and let you know about changes to our services or recent news about us

  • We have a legitimate Interest (to market our services and keep clients and potential clients informed)

To ensure the effective management and running of our business

  • We have a legitimate Interest (for example maintaining up to date records (eg, email correspondence) of our work undertaken for you and providing information to our suppliers and third party service providers)

To fulfil our compliance obligations and other obligations under relevant legislation or regulation

  • It is necessary to comply with a legal or regulatory obligation (for example, disclosures required to our professional advisers (legal and regulatory), auditors or other inspecting organisations from time to time including the Financial Conduct Authority (FCA))

To deal with complaints

  • It is necessary to comply with a legal or regulatory obligation
  • It is necessary to enter into or perform our obligations under your contract

To generally communicate with you

  • It is necessary to enter into or perform our obligations under your contract
  • We have a legitimate Interest (to have day to day communication with or on behalf of our clients and to respond to any individual who contacts us)

To carry out client checks for fraud prevention and money laundering purposes including KYC checks

  • We have a legitimate Interest (to carry out appropriate investigations to ensure that we can satisfy ourselves)
  • It is necessary to comply with a legal or regulatory obligation

Information we receive from other sources: We may combine information you give to us with information we collect about you, and may use the combined information for the purposes set out above (depending on the types of information we receive).

 

5. Who we share your personal data with

We will only share your personal data where it is necessary for the purposes set out above and with the following parties:

  • Business partners.
  • Third party suppliers we appoint to help us carry out our everyday business activities such as IT suppliers, subcontractors, actuaries, marketing agencies, document management providers and tax advisers.
  • Our professional advisers (legal and regulatory), auditors or other inspecting organisations from time to time (including the Financial Conduct Authority, the Institute of Chartered Accountants in England and Wales and the Institute of Chartered Accountants of Scotland).
  • Our insurers and insurance brokers.
  • Selected third parties in connection with any sale, transfer or disposal of our business.
  • Certain third parties where we have been authorised or instructed to do so by our clients and where it is necessary to provide our services and fulfil our contractual obligations.

We require all third parties to respect the security of your personal data and to treat it in accordance with our instructions and applicable laws.

 

6. Cookies

A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website.

We use cookies on our website. Cookies are small files saved to your computer’s hard drive that track, save and store information about your interactions and usage of the website.

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal data. You can read Google’s privacy policy here for further information http://www.google.com/privacy.html.

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org.

 

7. International Transfers

We do not routinely transfer your personal data outside the European Economic Area (EEA). However, depending on our relationship to you and your particular circumstances, there may be some instances where we need to transfer your personal data outside of the EEA. Where such transfers occur, we will take steps to ensure that your personal data is protected, using a number of different methods where appropriate, such as:

  • Putting in place appropriate contracts (with contract wording known as the Standard Contractual Clauses);
  • Transferring personal data only to countries which have been deemed by the European data protection authorities to have adequate levels of data protection (Adequate Countries);
  • Transferring personal data only to those companies in the United States which are certified under the Privacy Shield. The Privacy Shield is a scheme under which companies certify that they provide an adequate level of data protection.
 

8. Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

 

9. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes set out above and to comply with our legal, accounting, regulatory or reporting requirements, for example:

  • If you are a business contact, we will keep your personal information for the lifetime of our relationship and for three years after.

In some circumstances we may anonymise your personal data so that you cannot be identified. Once anonymised, the data is no longer ‘personal data’ and will not be subject to this privacy policy. In these instances, we will keep the anonymised data indefinitely.

If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out in section 12.

 

10. Third Party Links

Our website may, from time to time, contain links to and from Third Party websites. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

 

11. Your Rights

Under data protection laws you have a number of rights in relation to the personal information that we hold about you which we set out below. These rights might not apply in every circumstance. You can exercise your rights by contacting us at any time using the details in the Contact Us section below. We will not usually charge you in relation to a request.

Please note that although we take your rights seriously, there may be some circumstances where we cannot comply with your request such as where complying with it would mean that we couldn’t comply with our own legal or regulatory obligations. In these instances we will let you know why we cannot comply with your request.

  • The right of access (commonly known as a “data subject access request”). You have the right to request access to personal data held by us about you, and certain details about how we use it. We will usually provide your personal information to you in writing unless you request otherwise. Where your request has been made electronically (eg, by email), a copy of your personal information will be provided to you by electronic means where possible.
  • The right to rectification. You have the right to request that any incomplete or inaccurate personal data held by us is corrected. We may need to verify the accuracy of the new personal data you provide to us.
  • The right to erasure. In certain circumstances, you have the right to ask us to delete or remove personal data where there is no legitimate reason for us continuing to process it. Please note, however, that we may not always be able to comply with your request of erasure because we have specific legal or regulatory obligations to keep it. In such circumstances, we will inform you of this.
  • The right to object to processing of your personal data. In certain cases, you have the right to object to our processing. This arises in relation to:
    • MarketingYou have control over the extent to which we market to you and you have the right to request that we stop sending you marketing messages at any time. You can do this either by clicking on the “unsubscribe” button in any email that we send to you or by contacting us using the details set out below. Please note that even if you exercise this right because you do not want to receive marketing messages, we may still send you service-related communications where necessary.
    • Processing based on our legitimate purposeWhere we process your personal information on the basis of a legitimate interest, you can object to such processing, unless our purpose outweighs any prejudice to your privacy rights.
  • The right to request restriction of processing of your personal data. In certain circumstances, you have the right to ask us to stop processing of your personal data, for example if you think that we no longer need your personal data.
  • The right to data portability. In certain circumstances, you have the right to ask us to transfer your personal data to you or a third party directly. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
  • The right to withdraw consent. We do not rely on your consent. In the event that this changes and we do rely on your consent to use your personal data, you have the right to withdraw such consent to further use of your personal data.
  • The right to complain to the ICO. If you believe that we have breached data protection laws when using your personal data, you can visit the ICO’s website at https://ico.org.uk/ for more information. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. Please note that lodging a complaint to the ICO will not affect any other legal rights or remedies that you have.
  • Rights relating to automated decision-making. Please note that we do not carry out any automated decision-making.
 

12. Contact Us

If you would like further information about any of the matters in this notice, or if you have any questions about how we collect, store or use your personal data, you can contact us by:

THM Partners LLP is authorised and regulated by the Financial Conduct Authority