ThoughtRiver (“We” “Us” “Our”) is a trading name of ThoughtRiver Limited, a company registered in England and Wales (registered number 10007469), Tower 42, 33rd Floor, 25 Old Broad Street, London EC2N 1HQ. Our ICO registration no. is ZA221094.
ThoughtRiver provides software as a service for business users to review their contracts for risk and data insight.
We are committed to protecting and respecting your privacy. This privacy notice has been updated to reflect the changes needed under the General Data Protection Regulation (GDPR). We will continue to monitor guidance issued by our supervisory body and update our notice and practices as required.
This privacy notice explains the personal data we collect, how we use that personal data and the reasons we may need to disclose personal data to others. It also sets out how we keep personal data secure.
If you are a business user subscribing to our service this notice should be read in conjunction with our standard terms of business and related documents that you agree to when you take up our service.
Please read the following carefully to understand our views and practices regarding our use of personal data. We will update this policy from time to time so please check our website for any updates.
The role we have in relation to your personal data
Depending on the circumstances, ThoughtRiver may be a data controller of your personal data or a data processor.
In relation to personal data provided to us from customers to help manage their accounts or from prospective customers or employees who have shown interest in ThoughtRiver, we will be the data controller of that data.
In relation to personal data provided to us by our business customers that relate to the services we provide to them, the business will be the data controller and we will be the data processor. Such businesses who are data controllers for the purposes of services which we provide to them warrant in our agreement with them that they have complied with and shall continue to comply with applicable data protection laws in all respects in relation to the data they control and pass to us.
How we will use the personal data you give to us
How we use your personal data will depend on the reason you have provided it to us.
If you are a prospect customer we will use information you provide us to provide you with information about the goods and services we offer using the contact details that you provide. We will only use your personal data for the purposes you have given us specific consent for us to do so.
If you are a prospect employee, we will use information you provide us to provide you with information about the roles at ThoughtRiver in which you have expressed an interest or that we think may be of interest to you. We will only use your personal data where there is a legitimate interest in doing so (which is not overridden by your data protection interests).
We will also use the data we hold about you to:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our site safe and secure.
We may use third parties to contact you on our behalf but we will not pass your personal data to third parties for them to contact you in their own right.
If you are a business user we will tell you how we use the personal data you supply to us in your contract with us. This will include using the information you provide to us to provide the services to you, customise your use of the service and provide support in relation to the service. We will only use personal data where there is a legitimate interest in doing so (which is not overridden by the data protection interests of the individual to whom it relates).
Information you give us
If you are a prospect customer or employee, you may give us information about you by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you enter details on our site (for example, via our “Contact Us” page or “Join Us” page), request our services, register to use our site, subscribe to our service, subscribe to our emails, complete a review or demo, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number and financial information.
If you are a business user, the information you give us will depend on the services you receive from us and will be set out in your contract with us.
Information we collect about you
With regard to each of your visits to our website we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information (if applicable), browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), services and reviews you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
Information we receive from other sources
We work closely with third parties (including, for example, business partners, mailing list providers, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
How we can disclose the information you give us
We may share your personal information with any existing or future member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you including without limitation companies who manage our mailing list and/or the fulfilment of orders of our products.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If ThoughtRiver or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of sale and other agreements; or to protect the rights, property, or safety of ThoughtRiver, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where and how we store the data you give us
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. We will always ensure anyone we use to process your data complies with the GDPR and we will review their privacy notices to ensure we are satisfied with how they handle personal data.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
How long we will hold your personal data
How long we hold on to your personal data will depend on what we are using it for.
If you have given us specific consent to use your personal data then we will hold on it for a reasonable period of time relative to that consent unless you tell us you no longer want to hear from us.
If you are a business user then we will use your personal data for as long as there is a reasonable business need to do so, for example, managing our relationship or the provision of services to you.
In deciding any retention period in relation to your data we will always look to follow guidance issued by our supervisory authority.
How you can withdraw your consent
Where we are relying your consent for the processing of your personal data you have the right to withdraw this consent. You can do this by contacting us at DPO@thoughtriver.com.
How you can access the information we hold about you
You have the right to access the information we hold about you. Please email your requests to DPO@thoughtriver.com so that we can obtain this information for you.
How you can contact us about this Privacy Notice
Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to DPO@thoughtriver.com.
Data Protection Officer: Richard Moss, Chief Technology Officer.
How you can make a complaint
You have the right to make a complaint about how we process your personal data to the Information Commissioner: https://ico.org.uk/concerns/