Privacy policy
Thoroughbred Communications Agency Limited
Privacy Policy & Notice
_________________________________________________________________________________
At the Thoroughbred Communications Agency, we are committed to protecting and respecting your privacy. Please read this document carefully, as it sets out the basis on which we collect data about you, and how such data will be processed and protected by us. By visiting our website, or otherwise continuing to engage with us, you are accepting and consenting to the practices described in this document – which complies with the General Data Protection Regulation ((EU) 2016/679). We welcome your questions, comments and requests regarding this document.
1. DEFINITIONS
1.1. In the Policy, the following words and phrases have the following meanings:
1.1.1. Consent means an agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear positive action, signifies agreement to the Processing of Personal Data relating to them.
1.1.2. Data Controller means Our director, employee or contractor who determines when, why and how to Process Personal Data and is responsible for establishing practices and policies in line with the GDPR.
1.1.3. Data Subject means a living, identified or identifiable individual about whom We hold Personal Data.
1.1.4. EEA means the 28 countries in the European Union, and Iceland, Liechtenstein and Norway.
1.1.5. GDPR means the General Data Protection Regulation ((EU) 2016/679).
1.1.6. Personal Data means any information identifying a Data Subject or information relating to a Data Subject that We can identify (directly or indirectly) from that data alone or in combination with other identifiers We possess or can reasonably access. Personal Data excludes anonymous data or data that has had the identity of an individual permanently removed. Personal Data can be factual or an opinion.
1.1.7. Personal Data Breach means any act or omission that compromises the security, confidentiality, integrity or availability of Personal Data or the physical, technical, administrative or organisational safeguards that We or Our third-party service providers put in place to protect it.
1.1.8. Policy means this document entitled ‘Privacy Policy & Notice’.
1.1.9. Process(ing)(ed) means any activity that involves the use of Personal Data, including obtaining, recording or holding Personal Data, or carrying out any operation or set of operations on the Personal Data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
1.1.10. We/Us/Our means Thoroughbred Communications Agency Limited, a company with registered address at Unit 3 Merchant, Evegate Business Park, Ashford, Kent, United Kingdom TN25 6SX, or of the same, as the case may be.
1.1.11. Website means WWW.thoroughbredcommunicationsagency.shop
2. DATA COLLECTED
2.1. We will collect and Process the following Personal Data:
2.1.1. Information about the Data Subject that the Data Subject gives Us by filling in forms on the Website by corresponding with Us by phone, email or otherwise, including information the Data Subject provides when the Data Subject registers to use the Website, contracts with Us for to provide a service, such as the Data Subject’s name, address, email address and phone number, financial and credit card information, and other identifying information.
2.1.2. Information We collect or receive about the Data Subject from third parties.
3. DATA USEAGE
3.1. We use Personal Data that the Data Subject gives Us in the following ways:
3.1.1. To carry out Our obligations arising from any contracts entered into between Us and the Data Subject;
3.1.2. To provide the Data Subject with the information, products and services that the Data Subject requests from Us;
3.1.3. To provide the Data Subject with information about other services We offer that are similar to those that the Data Subject has already purchased or enquired about;
3.1.4. To provide the Data Subject, or permit selected third parties to provide the Data Subject, with information about goods or services We feel may interest the Data Subject;
3.1.5. To notify the Data Subject about changes to Our service(s); and/or
3.1.6. To ensure that content from the Website is presented in the most effective manner for the Data Subject and for the Data Subject’s browsing devices.
3.2. We use Personal Data We collect or receive about the Data Subject from third parties in the following ways:
3.2.1. To administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
3.2.2. To improve the Website to ensure that content is presented in the most effective manner for the Data Subject and for the Data Subject’s electronic browsing device;
3.2.3. To allow the Data Subject to participate in interactive features of Our service when the Data Subject chooses to do so;
3.2.4. As part of Our efforts to keep the Website safe and secure;
3.2.5. To measure or understand the effectiveness of advertising We serve to the Data Subject and others, and to deliver relevant advertising to the Data Subject;
3.2.6. To make suggestions and recommendations to the Data Subject and other users of the Website about goods or services that may interest the Data Subject or them.
4. LAWFULNESS & FAIRNESS
4.1. In adherence to the principles relating to Processing of Personal Data set out in the GDPR, which require Personal Data to be Processed lawfully, fairly and in a transparent manner, We will only collect, Process and share Personal Data fairly and lawfully where such Processing is necessary for the performance of a contract with the Data Subject, to meet Our legal compliance obligations, to protect the Data Subject’s vital interests, and to pursue Our legitimate interests for purposes where they are not overridden because the Processing prejudices the interests or fundamental rights and freedoms of the Data Subject.
5. PURPOSE LIMITATION
5.1. In adherence to the principles relating to Processing of Personal Data set out in the GDPR, We will only collect Personal Data for specified, explicit and legitimate purposes and We will not Process such Personal Data in any manner incompatible with those purposes.
6. DATA MINIMISATION
6.1. When Personal Data is no longer needed for specified purposes, it will be deleted.
6.2. In adherence to the principles relating to Processing of Personal Data set out in the GDPR, We will retain only such Personal Data as is adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed.
7. DATA ACCURACY
7.1. In adherence to the principles relating to Processing of Personal Data set out in the GDPR, We will ensure that Personal Data is accurate and, where necessary, kept up-to-date, and will correct or delete the same without delay when inaccurate.
8. STORAGE LIMITATION
8.1. In adherence to the principles relating to Processing of Personal Data set out in the GDPR, We will not keep Personal Data in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the Personal Data is Processed, or for longer than needed for the legitimate business purpose or purposes for which We originally collected it including for the purpose of satisfying any legal, accounting or reporting requirements.
9. PROTECTING DATA
9.1. In adherence to the principles relating to Processing of Personal Data set out in the DPR, We will:
9.1.1. Process Personal Data in a manner that ensures its security using suitable technical and organisational measures, appropriate to Our size, scope, business, and available resources, to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage;
9.1.2. Maintain Personal Data security by protecting the confidentiality of the same, such that only people who have a need to know and are authorised to use the Personal Data can access it;
9.1.3. Maintain Personal Data security by protecting the integrity of the same, such that Personal Data is accurate and suitable for the purpose for which it is Processed; and
9.1.4. Maintain Personal Data security by protecting the availability of the same, such that authorised users are able to access the Personal Data only when they need it for authorised purposes.
9.2. Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect the Data Subject’s Personal Data, We cannot guarantee the security of the Data Subject’s Personal Data transmitted to Our site, and any transmission is at the Data Subject’s own risk.
10. REPORTING BREACHES
10.1. In case of suspected Personal Data Breach We will notify Data Subjects or any applicable regulator where We are legally required to do so.
11. TRANSFER LIMITATION
11.1. In adherence to the principles relating to Processing of Personal Data set out in the GDPR, We will not transfer Personal Data to another country outside the EEA without appropriate safeguards being in place.
12. RIGHTS & REQUESTS
12.1. In adherence to the principles relating to Processing of Personal Data set out in the GDPR, We will make Personal Data available to Data Subjects, and accede to Data Subjects’ rights in relation to their Personal Data, including rights to:
12.1.1. Withdraw Consent to Processing at any time;
12.1.2. Receive certain information about the Data Controller’s Processing activities;
12.1.3. Request access to their Personal Data that We hold;
12.1.4. Prevent Our use of their Personal Data for direct marketing purposes;
12.1.5. Ask Us to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or Processed or to rectify inaccurate Personal Data or to complete incomplete Personal Data;
12.1.6. Restrict Processing in specific circumstances;
12.1.7. Challenge Processing which has been justified on the basis of Our legitimate interests or in the public interest;
12.1.8. Prevent Processing that is likely to cause damage or distress to the Data Subject or anyone else;
12.1.9. Request a copy of an agreement under which Personal Data is transferred outside of the EEA;
12.1.10. Be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms;
12.1.11. Make a complaint to the supervisory authority; and
12.1.12. In limited circumstances, receive or ask for their Personal Data to be transferred to a third party in a structured, commonly used and machine-readable format.
13. ACCOUNTABILITY
13.1. The Data Controller has implemented appropriate technical and organisational measures in an effective manner, to ensure compliance with Personal Data protection principles with adequate resources and controls in place to ensure and to document GDPR compliance.
14. RECORD KEEPING
14.1. We will keep full and accurate records of all the Personal Data Processing activities.
15. DIRECT MARKETING
15.1. The Data Subject have the right to ask Us not to Process Personal Data for marketing purposes. We will inform the Data Subject (before collecting the Data Subject’s Personal Data) if We intend to use the Data Subject’s Personal Data for such purposes. The Data Subject can exercise the Data Subject’s right to prevent such Processing by checking certain boxes on the forms We use to collect the Data Subject’s Personal Data. The Data Subject can also exercise the right at any time by contacting Us.
15.2. The Website may, from time to time, contain links to and from the websites of Our partner networks, advertisers and affiliates. If the Data Subject follow a link to any of these websites, please note that these websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before the Data Subject submit any Personal Data to these websites.
16. SHARING DATA
16.1. We will only share Personal Data We hold with third parties where:
16.1.1. The third parties have a need to know for the purposes of providing contracted services;
16.1.2. Sharing the Personal Data complies with the Policy provided to the Data Subject and, if required, the Data Subject’s Consent has been obtained;
16.1.3. The third parties have agreed to comply with the required Personal Data security standards, policies and procedures and put adequate security measures in place;
16.1.4. The transfer complies with any applicable cross border transfer restrictions; and
16.1.5. A fully executed written contract that contains GDPR-compliant third party clauses has been obtained.
17. POLICY CHANGES
17.1. We reserve the right to change the Policy at any time without notice to the Data Subject so please check back regularly to obtain the latest copy of the Policy.
17.2. The Policy does not override any applicable national Personal Data privacy laws and regulations in countries where We operate.