Skip to content
background-banner-Aug-26-2022-07-00-47-00-AM

Last updated March 2023

 

Privacy Statement

Thistle Initiatives Limited is committed to protecting your privacy and we are committed to taking good care of the personal data that you share, or we collect about you. We therefore use secure processes to ensure your personal data is protected.  We will always have your best interests at heart and aim to be fully transparent about how we use your personal information. 

This Privacy Notice will help you understand what data we collect from you, why we collect it and what we do with it. This policy explains how we store and use your personal information when you use or interact with our website, or where we otherwise obtain or collect your personal information. This Privacy Notice applies to all services offered by us, except where otherwise noted.

You should read this privacy notice very carefully as it contains important information on the way in which we will process your personal data, in particular:

  • The personal information we collect about you
  • Our legal bases for processing your personal information
  • What we do with your personal information
  • Who your personal information may be shared with
  • Your rights as a data subject under the Data Protection Act 2018 and the UK GDPR

 

If you have any questions about this Privacy Notice, please contact: info@thistleinitiatives.co.uk.

We have done our best to present the information in this policy in clear and plain language, and we have structured it in a way to allow you to quickly find the information that is most important to you.

Changes to the Privacy Notice

We reserve the right to change our Privacy Notice from time to time. This Privacy Notice was last modified March 2023. You can view archived versions <<here>>.

Who are we?

Thistle Initiatives Limited is a company incorporated and registered in England and Wales with company registration number 07078648. Thistle Initiatives Limited is the controller of personal data relating to individuals within its client firms and prospective client firms for the purposes of providing products and services, relationship management, marketing and business development.

You may contact us via telephone, email, or post as detailed below:

Thistle Initiatives Limited

4 St Paul’s Churchyard,

London, EC4M 8A, United Kingdom.

Telephone: 0207 436 0630

Email: info@thistleinitiatives.co.uk

Website: www.thistleinitiatives.co.uk/contact

 

What information do we collect about you?

We collect your personal data typically when you register for our services or otherwise interact with us. This may include:

  • Personal information to allow us to identify and contact you, such as your name, address, personal and/or work email address, telephone number, date of birth.
  • Information about your work/profession.
  • Information about your financial position, including source of wealth/funds.
  • Details of your bank account.
  • Details of how you interact with our website and online services (see our Cookie Policy for further information).
  • Details of your interactions with our business
  • Any other information that you supply to us or that we obtain as a result of our relationship with you.

We may also collect and process special categories of personal data (sensitive data) such as data about your health or criminal convictions. Prior to processing special category data, we will gain your informed and explicit consent unless we have any other legal basis for processing. (Terms of Use)

Our legal basis for processing your personal data

We will only process your data where we have a legal basis for doing so. We use data collected to communicate with you and to offer you our products or services. We may use your data to improve or maintain the services we offer to you. We will never share your data with any other third party, other than those stated in this policy, nor use your data for any other purpose, unless we firstly gain your explicit consent to do so.

We may rely on a number of legal bases for collecting and further processing your personal data, which are:

  • Contractual Necessity
  • Legal Obligation
  • Legitimate Interest
  • Consent

Contractual Necessity

We collect personal information about you when you request our products or services.   We will ask you to provide some information about yourself.

We will also collect personal data for the purposes of the performance of a contract with you, such as:

  • Providing you with our products and services
  • Administering your contract with us
  • Communicating with you about our products and services

Legal Obligation

We may also process your personal information to allow us to comply with certain legal obligations to which we are subject, for example to comply with our obligations to the Financial Conduct Authority (FCA).   We will also work co-operatively with the national data protection authority, the ICO, in relation to any data protection matters.  

Legitimate Interest

‘Legitimate Interest’ means the interests of our company in conducting and managing our business to enable us to give you the best services and experience. For example, we have an interest in making sure our services are relevant for you, so we may process your personal data to contact you by email or telephone with discussions tailored to your interests. We may use your personal data for our legitimate business interests, whilst carefully considering and balancing any potential impact on you and your rights as a data subject under the relevant data protection regulation.  

We will always ensure that our legitimate interests will never override your rights and freedoms under the data protection regulation.

As an example, we may rely on our legitimate interest to process your personal data for the following purposes:

  • For Direct Marketing, relating to products and services that are compatible with the original purpose for which we originally gained the information
  • To communicate with you, including newsletters and marketing materials
  • To communicate important updates about our products or services, which we think may be of interest to you
  • For evidential purposes to effectively manage and maintain records of our relationships/communications with you
  • For business development related activity such as contacting you by telephone or email to arrange meetings with our experts in relation to work or knowledge sharing
  • To enhance, modify, personalise or otherwise improve our services and communications for the benefit of you
  • To determine the effectiveness of promotional campaigns to inform marketing strategy

In addition, we may use legitimate interests as a legal basis to perform statistical and other analysis on the personal data we collect, to help us understand and improve on how people use our products or services.

We may also rely on legitimate interest as a legal basis for sharing your personal data across our Group entities, but only where we believe you may benefit from the products and services they offer. The Group entities we may share your data with are:

  • Resolution Compliance Limited
  • Absolute Cover Limited
  • Compliance Star Limited
  • ATEB IT Solutions Limited


When we use your personal data for the purpose of marketing, we will take into account any preferences you have expressed to us, including any desire not to receive marketing. We will provide you with an easy method to withdraw your consent (unsubscribe) or manage your marketing preferences/ at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences.

Please note, you have the right to object to the processing of your personal data for which we rely on legitimate interest as the legal basis. You can do so, and update your marketing preferences by referring to any instructions within this policy on how to unsubscribe or manage your preferences or by contacting us at info@thistleinitiatives.co.uk.

Consent

We are required to gain your explicit consent prior to processing your data for any other purpose other than the original purpose for which it was gained.

Where we require such consent, we will provide you with sufficient information to allow you to make an informed decision. We will ensure that we only gain consent via a clear and affirmative act, freely given by you that indicates your consent to specific purposes.

You have the right to withdraw your consent at any time and can do so by referring to any instructions within this policy on how to unsubscribe or manage your preferences or by contacting us at info@thistleinitiatives.co.uk.

Profiling

We may process and use your personal data for profiling for such purposes as targeted direct marketing and improvement of our services. We may also create aggregated and statistical information based on your personal data. Profiling includes automated processing of your personal data for evaluating, analysing or predicting your personal preferences or interests in order to, for example, send you marketing messages concerning services suitable for you. In certain circumstances, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. Please refer to the ‘Your Rights’ section of this Privacy Notice for further details.

Information we collect directly from you 

Most of the information that we hold about you comes directly from you. This includes information that you provide when you:

  • Apply to use our services
  • Update the information we already hold on you
  • Speak with us during the course of business
  • Use our website (see our Cookie Policy for further details)

We may also use information that you have made public such as social media content.

 

Third Party Information

We may also collect or share your information from/with third parties. The data storage and processing systems are protected by access controls, to minimise any risk to the integrity or security of your personal data. We will ensure that any third-party processor has adequate data protection measures in place that align with the requirements of the UK GDPR and the Data Protection Act 2018.  Thistle Initiatives Limited shares your data with the following third-party service providers:

  • Veriphy (People and Company checks)
  • Credit Safe (Credit refencing agencies)
  • Former employers (references)
  • Relevant regulatory bodies
  • Professional contacts (e.g., lawyer, accountant)


In the event that you're providing information about another individual, we'll assume that you have told them that you are sharing their details and where they can find more information on how we may process their details.

How we use your information

We process and use your information so we can provide our services to you and operate our business. Examples of how we use your information include:

  • Checking your identity
  • Managing your business relationship
  • Preventing and detect fraud and financial crime.
  • Providing products and services of our group entities.
  • Enhancing your experience of our products and services
  • Sharing relevant marketing about our products and services.
  • Meeting our legal and regulatory obligations.
  • Testing our systems and processes.

How long may we retain your personal data

We aim only to keep your personal data for as long as necessary for the purposes for which it was obtained. Personal data will be retained for the purposes of direct marketing, relationship management and business development, or where we have another legal basis for processing (such as your consent or where we have a contract to provide our services to you). We will review the personal data we hold on you periodically to ensure the data remains accurate and relevant and to ensure that we continue to have a legal basis for processing. If the personal data is no longer necessary, or where we no longer have the legal basis for processing, we will delete or fully anonymise the data we hold on you, in line with our Data Processing Policy. If your data becomes inaccurate, we will update it accordingly.

Your Rights as a Data Subject

Your Right What this means
Right of access

You have the right to request:

  • Whether your personal data is being processed
  • The purpose of the processing
  • The categories of personal data being processed
  • To whom the data has been shared
  • How long it will be stored
  • The existence of the right to request rectification or erasure of personal data or restriction of processing of personal data
  • The right to lodge a complaint with the ICO
  • Where the personal data are not collected from you directly, any available information as to their source;
  • The existence of automated decision-making, including profiling.
Right to rectification   The right to obtain the rectification of inaccurate personal data and the right to have incomplete personal data completed.
Right to erasure  In certain circumstances, you have the right to ask us to delete the information we hold about you
Right to restrict processing  In certain circumstances you have the right to restrict us from processing your information where, for example, you contest the accuracy of the information, the processing is unlawful, we no longer need to process the data, or where our legitimate interests override your rights as a data subject. 
Right to Object In certain circumstances you have the right to object to the processing of your personal data where for example we are using it for direct marketing. 
Right to portability You have the right to ask us to transfer a copy of the information we hold on you to yourself or another data controller. 
Automated decision-making/profiling  You have the right to request details of where we use personal data for profiling, including the categories of data, and object to the processing of your data for these purposes. 

This right is not absolute and will only apply where we no longer have any legal basis for processing, such as for compliance with a legal obligation.

If you wish to exercise any of your rights, there are a number of ways in which you can do so.

Website: www.thistleinitiatives.co.uk/contact

By email: info@thistleinitiatives.co.uk

By Post:  Thistle Initiatives Limited, 4 St Paul’s Churchyard, London, EC4M 8AY

By Phone: 0207 436 0630

Data Processing via your consent

Consent is one of the possible legal bases we can rely on to process your personal data. Where you have given your informed consent, we will process your data in accordance with that consent. 

In certain circumstances, you have the right to withdraw your consent to Thistle Initiatives Limited processing your personal data. By withdrawing consent, it will not affect any use we may have made of your personal data before the request to withdraw consent is received. 

How to withdraw your consent

You may make a request to withdraw your consent or update your marketing preferences at any time. There are a number of ways in which you can do so. 

Online: www.thistleinitiatives.co.uk/contact

By Email: info@thistleinitiatives.co.uk

By Post:  Thistle Initiatives Limited, 4 St Paul’s Churchyard, London, EC4M 8AY

By Phone: 0207 436 0630

Once we have received your request, we will send you a confirmation of receipt and we will provide a full response within 1 month of receipt of the request. 

Other Websites

Our website may contain links to other websites which are outside the control of Thistle Initiatives Limited and are not covered by this privacy notice. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their privacy notice which may be different to the privacy notice of Thistle Initiatives Limited. You should exercise caution and look at the privacy notice applicable to the website in question.

International Transfers

Our services may be provided using resources and servers located in various countries around the world. Therefore, your personal data may be transferred outside the country where you use our services. We will transfer data in such circumstances only if the level of data protection in that jurisdiction is deemed adequate and if there are appropriate safeguards in place to protect your privacy. 

Security and Confidentiality 

We are committed to ensuring the security, confidentiality, and integrity of your personal data, ensuring that your privacy is protected and that your data is used and retained fairly, transparently, and in compliance with the data protection regulations. We will make sure that we have appropriate technical and organisational measures in place to keep your personal data secure and to protect against accidental or unlawful destruction, loss alteration, disclosure, or access. We will provide a level of security appropriate to the risk presented by the nature of the processing we do.

Help keep your personal data accurate and up-to-date

This privacy statement details the standards that we will apply when processing your personal information.  In return, it is important that you help keep your information, accurate, reliable, and up-to-date.  Any changes to your personal data, such as a new address should be notified to us without delay. 

Complaints

We will be more than happy to help should you have any complaints about the processing of your personal data. You have the right to lodge a complaint with the Supervisory Authority, the Information Commissioner Officer (ICO), who are the national authority responsible for the protection of personal data. 

A complaint can be made to the ICO via their website https://ico.org.uk or through their helpline (0303 123 1113).