threenine.co.uk privacy policy

Privacy Policy

Version Number: 4.0

Last Updated: 1 September 2022

privacy statement explains what personal data Threenine Consulting Limited collects from you and how we use that data.

We treat privacy and confidentiality very seriously at Threenine Consulting Limited and comply with all aspects of the UK’s data protection legislative framework, which includes the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018) E.

In line with this we have developed the below privacy notice to detail exactly what personal information we collect and use.

Company Information

Company Details: Threenine Consulting Limited

Registered Office: 99 Wey Hill, Haslemere, Surrey, GU27 1HT

Email Contact: hello@threenine.co.uk

Registered in England and Wales: 05608093

VAT Number: GB900383850

ICO Registration Number: ZA904076

Your personal Information

Your privacy is important to us and it is our policy that your personal information is private and confidential. This privacy statement details what data we collect from you and how we use it.

Please read this privacy statement before using the site or providing us with any personal information.

You are encouraged to review the privacy policy on a regular basis to make sure that you understand how any personal information you provide will be used.

Personal data & Information we collect

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together in broad classifications as follows:

  • Identity Data includes first name, maiden name, last name, social media account usernames or similar identifier, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address, social media account details and telephone numbers.
  • Experience and Education Data includes details of salary expectations, educational and professional qualifications, current and previous employment and work experience (as typically provided in a curriculum vitae).
  • Transaction Data includes details of any services we may have provided to you or a customer you may represent as well as details of your involvement in and communication with you in the course of providing those services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Usage Data includes information about how you use our website, products and services.

We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

How we collect personal information

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • enquire about our products or services;
  • interact with us as a client or on behalf of a client (when we will also collect Transaction Data);
  • apply for employment or engagement as a contractor or user experience tester with us (when we will also collect Education and Experience Data as well as information about criminal convictions)
  • give us feedback or contact us.
  • create any account on our website (as applicable);
  • subscribe to any of our services or publications;
  • request marketing to be sent to you; or
  • enter any competition, promotion or survey we may operate.

Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy below for further details.

Third parties or publicly available sources. We may receive personal data about you from various third parties (including public sources), which we may combine with or add to personal information you have directly provided to us, as set out below:

  • Identity and Contact Data from publicly available sources such as Linked In, Companies House.
  • Contact data which we obtain by working with third party technical partners such as Lead Generation services who may provide:
    • corporate (but not personal) website visitor information based upon IP Address information, in combination with publicly available sources such as LinkedIn, xing and other professional networking services .
    • Technical Data from analytics providers such as Google Analytics, who may be based outside the UK;

We will only collect and use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you (or a company you may work for or represent).
  • Where we reasonably believe it is in our legitimate interest for the efficient and proper conduct and development of our business and your interests and fundamental rights do not override those interests.
  • More specifically, where you are either a client or a representative of a client or where we are marketing our services based upon leads generated through use of third party provided information (which may be based upon use of anonymised website visitor identification in combination with publicly available contact information as set out above), we assert it is in our legitimate interest to send you marketing communications via email or to your social media accounts. All of these communications will include a facility to opt-out from receiving any further communication or your social media platform will provide a facility to block further communications from us.
  • Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data except where data protection or privacy law requires this. You will have the right to withdraw any such consent at any time by contacting us.

Who your personal information will be shared with

If registering interest in our services (via an enquiry for example), the personal information you provide will be stored in a Customer Relationship Management system (CRM) and made available only to the person(s) who require access to it to handle your request.

If you are a client or a representative of a client who we will be providing services to, your personal information will be stored in our CRM and will be made available only to the person(s) who require access to it to perform the contract – this may include our contractors and third parties who may be working on the same project. As applicable, these may be located outside the UK in which case the Data Export provisions below shall apply.

We may disclose your personal data to third-party technical partners that we work with to provide services to you, whether through our website or by other means of communication, for the purposes of our contract with those third-party technical partners and to best ensure we are able to perform our contract with you. Some of our third-party technical partners may be located outside the UK and the Data Export provisions below shall apply. Our contracts with specialist technical partners contain confidentiality obligations and only permit them to process any personal data as instructed by us and in accordance with UK data protection law.

Our third-party technical partners provide services to us which include our CRM platform, email deployment, advertising and marketing, security and system performance monitoring, research, data hosting and auditing. Please contact us for more details of these if you have further questions about these.

If you are registered to receive emails, your information will additionally be stored securely in an Email Marketing Service (EMS), again made available only to the person(s) who require it to respond to this registration.

If visiting Threenine Consulting at our offices, the personal information provided to our check-in service will be recorded securely in that service and delivered only to those people you are there to meet.

Personal information supplied as part of a contract signature process will be stored in a secure contracts repository and/or in an electronic signature management tool, made available only to the relevant personnel.

When you sign up to be a usability tester, your information will be securely stored and made available only to those people who require access to it to facilitate the matching of your details to suitable vacancies and your remuneration in the case of being successfully placed within a project.

If you have submitted an application for a vacancy and/or registered your interest in future vacancies, your information will be stored in a separate system, dedicated to the storage of HR information, and will only be made available to the person(s) who require access to it to handle this contact.

In all cases, personal information is not otherwise sold or shared with any third parties.

Data Export

Where it is reasonable for the operation and development of our business, your personal data may be transferred and stored outside the UK jurisdictional boundaries. It may also be processed by any of our staff (including contractors), other parties who may be working on a project which your personal data is relevant to or our third-party technical partner, who may be located and operating outside the UK.

Where your personal data is to be transferred outside the UK, we will ensure that either:

  1. there is an “adequacy decision” (which complies with the Data Protection Act 2018) with respect to the data
  2. protection laws of the country to which it is transferred, there are appropriate safeguards in place providing enforceable rights and effective legal remedies are available
  3. for individuals, compliant with UK GDPR; or where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield,
  4. which requires them to provide similar protection to personal data shared between the UK / Europe and the US; we have entered into a suitable data processing agreement with the third party situated in that country to ensure
  5. the adequate protection of your data. In all cases, transfers outside the UK will be protected by appropriate safeguards.

How long will your personal information be kept for

If you have made an enquiry, called in or otherwise engaged with our sales team, registered for an event, or we have obtained your personal information from a third-party or publicly available source we will keep your personal information (Identity and Contact Data) for up to 36 months from the point at which you last have contact with us. After this time, this information will be anonymized to be no longer be personal to you and/or it will be deleted.

If you have provided personal information to us as part of our performance of a contract with you or a client that you represent, we will normally keep your personal information (Identity, Contact and Transaction Data) for up to 6 years from completion of the relevant project except where the limitation period in the contract is a longer period of time, in which case we will keep this personal information for that longer period of time. After this time it will be anonymized to be no longer personal to you and/or deleted.

If you have supplied personal information for marketing purposes (through registering for a newsletter for example) and you notify us that you no longer wish to receive these communications, we will only retain the personal information required to ensure that this request is complied with (typically email address).

If you have supplied your information while checking in at our offices this (and the associated information about when you were there) will be kept for a period of one month before being deleted.

Personal information supplied as part of a contract signature process will kept in line with the contract retention period, typically seven years from end of service provision.

If you have supplied personal information in signing up to be a usability tester it will be kept only for as long as is necessary to facilitate the project in question, unless you have asked to be contacted in future about additional testing opportunities. In the case of having registered for future contact, your details will be retained until such point as you notify us that you no longer wish to be registered for this service.

If you have supplied personal information in applying for a vacancy it will be kept for 6 months after the end of the recruitment process for that role unless you have asked to be contacted in future about other such vacancies. In the case of having registered for future contact, your details will be retained until such point as you notify us otherwise

How you can update your personal information

If at any point you believe the information we hold about you is incorrect you can request to see this information and have it corrected, restricted or deleted by emailing us at privacy@threenine.co.uk. An unsubscribe option is additionally included in every marketing email you receive.

Your right to a copy of your personal information (“subject access request”)

You may request us to provide you with any personal information we hold about you; provision of such information will be subject to

  • enquire about our products or services;
  • your request not being unfounded or excessive, in which case a charge may apply
  • the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your
  • passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).

We may withhold personal information that you request to the extent permitted by law.

Your right to erasure of your personal information

In certain circumstances you have the right to have personal data we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold personal data in relation to the purposes for which it was originally collected or otherwise processed; you withdraw your consent to any processing that requires consent; the processing is for direct marketing purposes; or the personal data has been unlawfully processed.

However, there are certain general exclusions of the right to erasure, including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal or regulatory obligation; or for establishing, exercising or defending legal claims.

Your right to restrict processing of your personal information

In certain circumstances you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; or you have objected to processing, and are waiting for that objection to be verified.

Where processing has been restricted for one of these reasons, we may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

Your right to object to processing of your personal information

You may object to us processing your personal data on grounds relating to your particular situation, unless our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party.

If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.

Your right to make a complaint

If you think that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint at any time to the Information Commissioner’s Office the UK regulator for data protection issues www.ico.org.uk.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance at privacy@threenine.co.uk , and we assure you that your concerns will be promptly and properly investigated.