Version Number: 4.0
Last Updated: 1 September 2022
privacy statement explains what personal data Threenine Consulting Limited collects from you and how we use that data.
We treat privacy and confidentiality very seriously at Threenine Consulting Limited and comply with all aspects of the UK’s data protection legislative framework, which includes the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) E.
In line with this we have developed the below privacy notice to detail exactly what personal information we collect and use.
Company Details: Threenine Consulting Limited
Registered Office: 99 Wey Hill, Haslemere, Surrey, GU27 1HT
Email Contact: hello@threenine.co.uk
Registered in England and Wales: 05608093
VAT Number: GB900383850
ICO Registration Number: ZA904076
Your privacy is important to us and it is our policy that your personal information is private and confidential. This privacy statement details what data we collect from you and how we use it.
Please read this privacy statement before using the site or providing us with any personal information.
You are encouraged to review the privacy policy on a regular basis to make sure that you understand how any personal information you provide will be used.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together in broad classifications as follows:
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy below for further details.
Third parties or publicly available sources. We may receive personal data about you from various third parties (including public sources), which we may combine with or add to personal information you have directly provided to us, as set out below:
We will only collect and use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Generally, we do not rely on consent as a legal basis for processing your personal data except where data protection or privacy law requires this. You will have the right to withdraw any such consent at any time by contacting us.
If registering interest in our services (via an enquiry for example), the personal information you provide will be stored in a Customer Relationship Management system (CRM) and made available only to the person(s) who require access to it to handle your request.
If you are a client or a representative of a client who we will be providing services to, your personal information will be stored in our CRM and will be made available only to the person(s) who require access to it to perform the contract – this may include our contractors and third parties who may be working on the same project. As applicable, these may be located outside the UK in which case the Data Export provisions below shall apply.
We may disclose your personal data to third-party technical partners that we work with to provide services to you, whether through our website or by other means of communication, for the purposes of our contract with those third-party technical partners and to best ensure we are able to perform our contract with you. Some of our third-party technical partners may be located outside the UK and the Data Export provisions below shall apply. Our contracts with specialist technical partners contain confidentiality obligations and only permit them to process any personal data as instructed by us and in accordance with UK data protection law.
Our third-party technical partners provide services to us which include our CRM platform, email deployment, advertising and marketing, security and system performance monitoring, research, data hosting and auditing. Please contact us for more details of these if you have further questions about these.
If you are registered to receive emails, your information will additionally be stored securely in an Email Marketing Service (EMS), again made available only to the person(s) who require it to respond to this registration.
If visiting Threenine Consulting at our offices, the personal information provided to our check-in service will be recorded securely in that service and delivered only to those people you are there to meet.
Personal information supplied as part of a contract signature process will be stored in a secure contracts repository and/or in an electronic signature management tool, made available only to the relevant personnel.
When you sign up to be a usability tester, your information will be securely stored and made available only to those people who require access to it to facilitate the matching of your details to suitable vacancies and your remuneration in the case of being successfully placed within a project.
If you have submitted an application for a vacancy and/or registered your interest in future vacancies, your information will be stored in a separate system, dedicated to the storage of HR information, and will only be made available to the person(s) who require access to it to handle this contact.
In all cases, personal information is not otherwise sold or shared with any third parties.
Where it is reasonable for the operation and development of our business, your personal data may be transferred and stored outside the UK jurisdictional boundaries. It may also be processed by any of our staff (including contractors), other parties who may be working on a project which your personal data is relevant to or our third-party technical partner, who may be located and operating outside the UK.
Where your personal data is to be transferred outside the UK, we will ensure that either:
If you have made an enquiry, called in or otherwise engaged with our sales team, registered for an event, or we have obtained your personal information from a third-party or publicly available source we will keep your personal information (Identity and Contact Data) for up to 36 months from the point at which you last have contact with us. After this time, this information will be anonymized to be no longer be personal to you and/or it will be deleted.
If you have provided personal information to us as part of our performance of a contract with you or a client that you represent, we will normally keep your personal information (Identity, Contact and Transaction Data) for up to 6 years from completion of the relevant project except where the limitation period in the contract is a longer period of time, in which case we will keep this personal information for that longer period of time. After this time it will be anonymized to be no longer personal to you and/or deleted.
If you have supplied personal information for marketing purposes (through registering for a newsletter for example) and you notify us that you no longer wish to receive these communications, we will only retain the personal information required to ensure that this request is complied with (typically email address).
If you have supplied your information while checking in at our offices this (and the associated information about when you were there) will be kept for a period of one month before being deleted.
Personal information supplied as part of a contract signature process will kept in line with the contract retention period, typically seven years from end of service provision.
If you have supplied personal information in signing up to be a usability tester it will be kept only for as long as is necessary to facilitate the project in question, unless you have asked to be contacted in future about additional testing opportunities. In the case of having registered for future contact, your details will be retained until such point as you notify us that you no longer wish to be registered for this service.
If you have supplied personal information in applying for a vacancy it will be kept for 6 months after the end of the recruitment process for that role unless you have asked to be contacted in future about other such vacancies. In the case of having registered for future contact, your details will be retained until such point as you notify us otherwise
If at any point you believe the information we hold about you is incorrect you can request to see this information and have it corrected, restricted or deleted by emailing us at privacy@threenine.co.uk. An unsubscribe option is additionally included in every marketing email you receive.
You may request us to provide you with any personal information we hold about you; provision of such information will be subject to
We may withhold personal information that you request to the extent permitted by law.
In certain circumstances you have the right to have personal data we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold personal data in relation to the purposes for which it was originally collected or otherwise processed; you withdraw your consent to any processing that requires consent; the processing is for direct marketing purposes; or the personal data has been unlawfully processed.
However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal or regulatory obligation; or for establishing, exercising or defending legal claims.
In certain circumstances you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; or you have objected to processing, and are waiting for that objection to be verified.
Where processing has been restricted for one of these reasons, we may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You may object to us processing your personal data on grounds relating to your particular situation, unless our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party.
If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
If you think that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint at any time to the Information Commissioner’s Office the UK regulator for data protection issues www.ico.org.uk.
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at privacy@threenine.co.uk , and we assure you that your concerns will be promptly and properly investigated.