Our privacy notice

Privacy Policy


Thought Machine Group gathers and processes personal information in accordance with this privacy policy and in compliance with the relevant data protection laws and regulations. This notice summarises what personal information we may collect and how we may use your information. Thought Machine’s commitment to data privacy reflects the value we place on earning and retaining the trust of our clients, partners, suppliers and others who share their personal data with us.


A “Data Subject” is a living individual who can be identified from the personal data or from additional information held or obtained. This can include a potential or existing client, supplier or partner.  

Personal Data” (“PD”) or “Personally identifiable information (PII) is any information that relates to an identifiable person (or “Data Subject”) and that can be used to identify the person directly, or indirectly when used with other information. It includes, but is not limited to:

  • A person’s name
  • Job title
  • Age
  • Postal or email address
  • IP address, e.g. online identifier
  • Vehicle registration number
  • Bank details

There are “Special Categories” of personal data and these include but are not limited to data revealing:

  • Race or ethnicity
  • Religious or philosophical beliefs
  • Trade union membership
  • Sexual orientation
  • Genetic or biometric data

Processing” relates to all actions or handling of personal data by manual or automated means, e.g. data collection, erasure and destruction plus everything in between including recording, use, disclosure, sharing and storage.

A “Data Controller” is an individual or organisation who:

  • decides to collect or process personal data;
  • decides what the purpose or outcome of processing is to be;
  • decides what personal data should be collected;
  • decides which individuals to collect personal data about;
  • whose data subjects are potential and existing clients, suppliers and partners of Thought Machine; and
  • has a direct relationship with the data subjects.

Thought Machine is considered a Data Controller when it processes client, supplier and partner personal data.

Data Protection Principles

Thought Machine is committed to comply with the principles of data protection enumerated in the GDPR and other data protection regulations. Thought Machine will make every effort possible to comply with these principles. Personal data must:

  1. be processed lawfully, fairly and in a transparent manner (Lawful, fair and transparent);
  2. be obtained only for a specific, lawful purpose (Purpose limitation);
  3. be adequate, relevant and limited to what is necessary (Data minimisation);
  4. be accurate and, where necessary, kept up to date (Accuracy);
  5. not be held for any longer than necessary (Storage limitation); and  

be protected and safeguarded in appropriate ways (Integrity, confidentiality and security).

Client, Supplier and Partner Personal Data

As a Data Controller, Thought Machine collects personal data for the sole purpose of contacting and maintaining relationships with its clients, suppliers and partners. The personal data mainly consists of contact details for prospective and existing clients. The type of personal data that is retained includes the following:

  • Contact information such as your name, company name, job title, and address
  • Email address
  • Contact or phone number
  • CCTV (any visitors who have entered Thought Machine offices)

Legal Basis for Processing Client, Supplier and Partner Personal Data

Thought Machine processes personal data fairly and lawfully, the data that is processed is done transparently and with consent when applicable, this generally means that Though Machine will not process personal data without consent. In the event a lawful basis cannot be determined for data collection, the data should not be collected or processed.

How Thought Machine collects client, supplier and partner personal data:

  1. The data provided to Thought Machine by clients, suppliers and partners - Thought Machine will collect this data in a number of ways for example contact through the website, post, telephone, email and any other means.
  2. The data is collected automatically - this can be done when Thought Machine engages with clients via an electronic means.  
  3. For the purposes of marketing, Thought Machine also buys contact details. The personal data obtained is under lawful basis as it is in the interest of third parties to know about Thought Machine’s product offerings and services.

How We Use Client, Supplier and Partner Personal Data

Thought Machine may use client, supplier and partner personal data to:

  • Develop and manage our relationship with potential and existing clients, suppliers and partners. This may include (i) delivering services or carrying out work that a client, supplier or partner has requested or that we are contractually obligated to do so and (ii) providing information about Thought Machine product offerings and services that may be of interest to them
  • Communicate with potential and existing clients, suppliers and partners. This may include (i) informing our clients or partners of Thought Machine product offerings and services that may be of interest to them; (ii) providing information about relevant Thought Machine products or services, including, for example, pricing information, invoices, shipping or production information; and (iii) responding to questions or inquiries from our clients, suppliers or partners.

Thought Machine may also use client, supplier and partner personal data for other uses consistent with the context in which the information was collected or with your consent.

Thought Machine may anonymize or aggregate any of the information we collect and use it for any purpose, including for research and product development purposes. Such information will not individually identify any of our clients, suppliers or partners.

Sharing and Transferring Personal Data

Thought Machine will only disclose information about its clients, suppliers and partners to third parties if we are legally obliged to do so or where we need to comply with our contractual agreements to our clients. Where we have the requirement to use an intermediary, Thought Machine will ensure that they are fully compliant with GDPR (or equivalent based on jurisdiction) before engaging with them.

Thought Machine may also share any personal data with third parties or service providers that we use or hire to support our business. These third parties are required to use the personal data we share with them only to perform services on our behalf and to treat client, supplier and partner personal data in compliance with all applicable privacy and data protection laws.

The information Thought Machine has on its clients, suppliers and partners will not be kept longer than it is needed and Thought Machine will take all reasonable steps to delete information when it is no longer required.

Data Retention

Thought Machine will store client, supplier and partner personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting, or necessary technical requirements.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Safeguarding Measures

Thought Machine takes privacy seriously and takes every reasonable measure and precaution to protect and secure client, supplier and partner personal data from unauthorised access, alteration, disclosure or destruction.

Data Subject Rights

Data Subjects have a number of rights in relation to the personal data that we hold. These rights include:

  1. The right to be informed - to know what information is being processed about the data subject.
  2. The right of access - to check what data is being held about the data subject.
  3. The right to rectification - gives the data subject the right to correct errors in the information that is held.
  4. The right to erasure - under certain circumstances the employee can ask for their personal data to be permanently erased. This is ‘the Right to be Forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for, or the data subject’s consent for the processing of that data has been withdrawn.
  5. The right to restrict processing - the data subject can stop or halt the processing of their information if they deem it’s being used illegally or the data is not correct.
  6. The right to object - the data subject can object to information being used if it is not being used in the manner for which it was collected, e,g.: profiting, automation, marketing.
  7. Rights in relation to automated decision making and profiling - Thought Machine must respect the rights of individuals in relation to automated decision making and profiling.
  8. Right to data portability - Thought Machine must provide individuals with their data so that they can reuse it for their own purposes or across different services. Thought Machine must provide it in a commonly used, machine-readable format.

If a data subject has provided consent for the processing of PII, they have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before their consent was withdrawn. For any complaints, requests or queries, data subjects should contact dpo@thoughtmachine.net.


The Data Protection Officer is entrusted with monitoring and enforcing compliance with all data protection laws so as to ensure that personal data that is collected and processed is handled appropriately.

The Data Protection Officer can be contacted via the following e-mail address: dpo@thoughtmachine.net


This website uses cookies. We use cookies to personalise content and marketing, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, marketing and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

What are Cookies?

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

How Does Thought Machine Use Cookies?

Cookies allow us to tailor the content on our website to fit the needs of our website's visitors and helps us improve the user experience. Without certain types of cookies enabled, we can't guarantee that the website and your experience of it are as we intended it to be.

We use cookies to obtain information about your visits and about the device you use to access our website. This includes where available, your IP address and pseudonymous identifiers, operating system and browser type and, depending on the cookie, also includes the reporting of statistical data about our users’ browsing actions and patterns.

What Types of Cookies are there?

1. Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

2. Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

3. Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. This data allows us to improve the website's structure and guides us to create more relevant, valuable content.

4. Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

5. Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.

How You Can Control and Delete Cookies

You can change or withdraw your consent on our website at any time, either from the cookie declaration page or by using the cookie widget on each page. Please bear in mind that deleting and blocking cookies may have an impact on your user experience.

Learn more about who we are, how you can contact us and how we process personal data in our cookie declaration page.

Sign up to our newsletter
Thank you! You will now receive some incredible content in your inbox!
Oops! Something went wrong while submitting the form.
For information about how we use your data please read our privacy policy.