Privacy and Your Personal Data
All your personal Information shall be held and used in accordance with Data Protection Laws, being: (i) the Data Protection Act 1998, until the effective date of its repeal (ii) the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, for so long as the GDPR is effective in the UK, and (iii) any successor legislation to the Data Protection Act 1998 and the GDPR, in particular the Data Protection Bill 2017-2019, once it becomes law and any other legislation relating to the protection of Personal Data.
Thalarctos Intelligence Group Ltd, International House, 38 Thistle Street, Edinburgh, EH2 1EN, UK
Our Data Protection Lead can be contacted at
Thalarctos Intelligence Group is the Data Controller and responsible for your personally identifiable information as listed in clause 3 below.
What information do we collect?
We may collect, receive from you, use, store and transfer different kinds of Personal Data about you, the reader who has accessed this website, which we have grouped together follows:
a. Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
b. Contact Data includes billing address, delivery address, email address and telephone numbers.
c. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
d. Usage Data includes information about how you use our website.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal
Data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
The legal basis for processing your Personal Data
Thalarctos will only process Personal Data where there is a lawful basis as per Data Protection Laws. This lawful basis shall be one or more of the following:
a. Express consent from you;
b. In order to perform and/or complete a contract with a third party;
c. To comply with a legal obligation;
d. To protect your vital interest;
e. It is in the public interest; and
f. There is a legitimate interest.
How we share your information
In certain circumstances we will share your Information with other parties. Details of those parties are set out below along with the reasons for sharing it.
We will retain and use your Personal Data to the extent necessary to:
a. comply with our legal obligations;
b. comply with applicable laws;
c. resolve disputes and potential future litigation; and
d. enforce our legal agreements and policies.
Thalarctos will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our website or service, or we are legally obligated to retain this data for longer time periods.
If ‘consent’ is the basis for our lawful processing of your data, we will retain your data so long as both the purpose for which it was collected, and your consent, are still valid. We review the status of your consent every twelve (12) months and treat non-response to our requests for renewal of consent as if they were your request to withdraw consent. Occasionally, we might identify a legitimate interest in retaining some of your Personal Data that has been obtained by consent. If we do, we will inform you that we intend to retain it under these conditions and identify the interest specifically.
If we process your data on the basis of ‘legitimate interests’, we will retain your data for so long as the purpose for which it is processed remains active. We review the status of our legitimate interests every twelve (12) months and will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.
All categories of Personal Data that are held by us because they are essential for the performance of a contract, will be held for a period of six years, as determined by reference to the Limitations Act 1980, for the purposes of exercising or defending legal claims.
Your rights as a Data Subject
When reading this notice, it might be helpful to understand that your rights arising under Data Protection Laws include:a. The right to be informed of how your Personal Data is used (through this notice);
a. The right to access any Personal Data held about you;
b. The right to withdraw consent at any time, by emailing us using the details set out above.;
c. The right to rectify any inaccurate or incomplete Personal Data held about you;
d. The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy, or where you have withdrawn consent;
e. The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
f. The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Does your Personal Data leave the EU?
a. Your Personal Data may be transferred to our affiliated companies outside the EU.
b. We may transfer your Personal Data to third parties which are outside the EU, this will be carried out in accordance with Data Protection Laws and for the purposes of carrying out any services we provide for you.
c. Thalarctos may from time to time use overseas web and IT providers. We can disclose such details of what data is sent where, and the safeguards in place, following your written request.
If you are unhappy about our use of your Information, you can contact us at the address or email address above. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods.
Telephone: 0303 123 11113
Post: Information Commissioner’s Office