Privacy Policy
For the purposes of applicable data protection laws, the data controller of this website is the Office of Theresa May Limited, a company registered in England under number 12273720 whose registered office is at 1 Chamberlain Square, Birmingham, B3 3AX. The term ‘our’ or ‘us’ or ‘we’ refers to The Office of Theresa May Limited.
We are committed to ensuring that the privacy of your personal information is protected. This Privacy Policy, together with our website’s ‘Terms of Use’ describes how we collect and use personal information about you in accordance with data protection law. Please read this Privacy Policy carefully.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
This policy is divided into the following sections:
1. What data we collect about you
2. How we collect your personal data
3. How we use your personal data
4. Disclosures of your personal data
5. International transfers
6. Data security
7. Data retention
8. Your legal rights
1. What data we collect about you
We may collect the following personal information about you: name, address, email address, company name and phone number and any other information you provide on registration forms used for registering for any function of our website; records of any correspondence between you and us; results of any surveys carried out for research purposes; invoice details in respect of companies we worth with; information about your computer, including: browser type and version, operating system, IP address, cookie information and time stamp.
We do not collect any “special categories” of information about you (this includes but is not limited to details about your race or ethnicity, religious or philosophical beliefs, political opinions, information about your health or genetic and biometric data).
If you contact us and provide us with any “special categories” of information about yourself as part of your correspondence with us, we will only use these as necessary to respond to you and answer any queries you have raised. This information will be stored as part of (and dealt with on the same basis as) your communication with us and kept for the same period of time. We do not require you to provide any “special categories” of information to us, it is entirely voluntary on your part, and so we use it in relation to your correspondence with us on the basis that you have manifestly made it public to us.
We also collect some information about your internet visits, which are not directly connected to any personally identifiable information about you. This includes traffic data, location data, weblogs, history of resources accessed on our website and information on what websites you visited before accessing our website. We share this information with Squarespace, our website analytics provider, to learn about site traffic and activity.
2. How we collect your personal data
We may collect your data either through direct interactions and/or automated technologies or interactions.
Direct interactions
You may give us your identity and contact data by filling in forms, corresponding with us by post, phone or e-mail, or communicating with us in person or otherwise. This includes personal data you provide when you enquire, request information to be sent to you, apply for a job, respond to a request for information or a survey or give us feedback.
Automated technologies or interactions
As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We may collect this personal data by using cookies, server logs and other similar technologies. For further details, please see our Cookie Policy.
3. How we use your personal data
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
where we need to perform the contract we are about to enter into or have entered into with you
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your personal information other than in relation to sending direct marketing communications to you via email.
Examples of what we do with your personal information include:
For internal record keeping
To administer and manage campaigns you may have signed up with us
We may periodically send promotional emails with information which we think you may find interesting using the email address which you have provided, where you have consented to being contacted for such purposes
To analyse and improve our website.
4. Disclosures of your personal data
We will never sell your data to third parties; however, we may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, or others or where we have another legitimate interest in doing so.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Where third parties process your personal information on our behalf as “data processors” they must do so only on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
Please note that this website is hosted by Squarespace. Squarespace collects personal data when you visit this website, including:
Information about your browser, network and device
Web pages you visited prior to coming to this website
Your IP address
5. International Transfers
The personal information we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), including the United States. This may as a result of a transfer of a third party located outside of the EEA, for the purposes of enabling us to deliver our services to you. It may also be processed by staff operating outside the EEA who work for us. Such staff may be engaged in, among other things, provision of support services. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Privacy Policy.
Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring that adequate safeguards are in place.
6. Data security
We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate physical, technical and organisational measures to safeguard and secure the personal information we collect.
We ensure that any information sent to us is encrypted (scrambled) using Secure Socket Layer (SSL) technology. This is industry standard encryption technology.
Please keep in mind that no internet transmission is 100% secure. Some email sent to or from our website may not be secure. Please consider this when sending information to us by email.
7. Data retention
Details of retention periods for different aspects of your personal data are available in our retention policy, which you can request from us by contacting us.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
For further information on retention periods, please contact us.
8. Your legal rights
Data protection law gives you a number of rights when it comes to personal information we hold about you. At any point while we are in possession of, or processing your personal data, you have the following rights:
Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing, such as direct marketing.
Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
Right to judicial review: if our office refuses your request under rights of access, we will provide you with a reason why. You have the right to complain to the ICO.
If you wish to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights described above). However, we may refuse to comply with a request if it is clearly unfounded or excessive.
We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. If we request any identification from you for this purpose, it is on the basis that it is necessary to comply with our legal obligations, and we will only keep and use this until your identity has been verified.
Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to fulfil we will let you know.