arrow back icon
get back

Privacy policy

At Thought&Function, accessible from thoughtandfunction.com, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains important information on who we are and how and why we collect, store and use and share any information relating to you (your personal data) in connection with your use of our website and/or our services. 

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us through email at admin@thoughtandfunction.com

General Data Protection Regulation (GDPR)

 We collect, use and are responsible for certain personal data about you. When we do so, we are subject to the UK general Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to services we offer to individuals in the European Economic Area (EEA). Where we transfer personal data and special category personal data outside of the UK and EEA, we will ensure such transfers are necessary for the performance of the contract between you and the controller or necessary for the conclusion or performance of a contract concluded in your interests between the controller and another natural or legal person.    Please see ‘Where your personal data is held’ below for further information. The personal data (which is any information relating to an identified or identifiable individual) we collect about you depends on the specific context in which we collect the information. 

We will collect and use the following personal data about you:

  • Your name and contact information including email address and password.
  • Your gender
  • Information on how you use our website, IT, communication and other systems
  • Your responses to our questionnaire
  • Your address

We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below. If you do not provide personal data we ask for, it may delay or prevent us from providing our services to you.

How your personal data is collected

We collect most of this personal data directly from you. However we may also collect information from cookies on our website or from a third party with your consent. More information is available below. 

How and why we use your personal data

Under data protection law, we can only use your personal data if we have a proper reason, eg:

  • We need to enter or perform a contract with you
  • You have given us permission to collect your personal data
  • Processing your personal information is in our legitimate interests or those of a third party
  • We need to comply with the law and our regulatory obligations.

The table below explains what we use your personal data for and why

What we use your personal data for
Our reasons
Providing services to you.
To perform our contract with you or to take steps at your request before entering into a contract.
To enforce legal rights or defend or undertake legal proceedings.
Depending on the circumstances:
- To comply with our legal and regulatory obligations;
- in other cases, for our legitimate interests, i.e., to protect our business, interests and rights.
Ensuring business policies are adhered to, e.g., policies covering security and internet use.
For our legitimate interests, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you.
Operational reasons, such as improving efficiency, training and quality control.
For our legitimate interests , i.e., to be as efficient as we can so we can deliver the best service to you at the best price.
Ensuring the confidentiality of commercially sensitive information.
Depending on the circumstances:
- for our legitimate interests, i.e., to protect trade secrets and other commercially valuable information;
- to comply with our legal and regulatory obligations.
Statistical analysis to help us manage our business in relation to  our financial performance, customer base, range of services or other efficiency measures.
For our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price.

Cookies and Web Beacons

Like any other website, our website uses 'cookies'. These cookies are used to store information including visitors' preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and/or other information.
Providing access to third party ad-servers or networks.
Third-party ad servers or ad networks use technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on Thought&Function.com, which are sent directly to users' browser. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.

Note that we have no access to or control over these cookies that are used by third-party advertisers.
Preventing unauthorised access and modifications to systems.
Depending on the circumstances:
- for our legitimate interests, i.e., to prevent and detect criminal activity that could be damaging for you and/or us;
- to comply with our legal and regulatory obligations.
Protecting the security of systems and data used to provide the services
To comply with our legal and regulatory obligationsWe may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e., to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.
Updating customer records.
Depending on the circumstances:
- to perform our contract with you or to take steps at your request before entering into a contract;
- to comply with our legal and regulatory obligations;
- for our legitimate interests, e.g., making sure that we can keep in touch with our customers about existing orders and new services.
Ensuring safe working practices, staff administration and assessments.
Depending on the circumstances:
- to comply with our legal and regulatory obligations;
- for our legitimate interests, e.g., to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you.
Marketing our services:
- existing and former customers;
- third parties who have previously expressed an interest in our services;
- third parties with whom we have had no previous dealings.
For our legitimate interests, i.e., to promote our business to existing and former customers.

You have the right to opt out of receiving marketing communications at any time by:
- Contacting us at:admin@thoughtandfunction.com- Using the unsubscribe link in emails or texting ‘STOP’ to texts.

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell it to other third-party organisations for marketing purposes.
To hold, store and/or host personal data for which you are the data controller with third party suppliers on your behalf i.e., personal data relating to your customers.
To perform our services to our customers, we often host websites and platforms on behalf of our customers with third party providers. We do not collect this data on behalf of our customers and we do not control how this data is used.

Log Files

We follow a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and this is a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analysing trends, administering the site, tracking users' movement on the website, and gathering demographic information.

Here is a list of our hosting partners, with whom we routinely share personal data:
https://www.heroku.comhttps://www.heroku.com
https://vercel.com/
https://cloud.google.com/gcp
https://vercel.com/https://www.heroku.com
https://vercel.com/
https://cloud.google.com/gcp
https://cloud.google.com/gcphttps://www.heroku.com
https://vercel.com/
https://cloud.google.com/gcp
Sharing your data with third party service providers.
To perform our services to our customers, we routinely share customer data with third party service providers. This could be your personal data or your customer data. These third parties may collect further data to enable us to perform our services.

Here is a list of our third-party service partners:
https://www.hubspot.com/Hubspot may collect your Name, email address, and phone number

Special category personal data


Certain personal data we collect and/or process is treated as special category to which additional protections apply under data protection law i.e., data concerning health. 

Where we process special category personal data, we will also ensure we are permitted to do so under data protection laws, e.g.,:

• we have your explicit consent;

•the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; or

•the processing is necessary to establish, exercise or defend legal claims.

We or the third parties mentioned above occasionally also share personal data with:

Sharing data with third parties

The table above contains details of the third parties we routinely share personal data with. 

We or the third parties mentioned above occasionally also share personal data with:

  1. our and their external auditors, e.g., in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;
  1. our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
  1. law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations;
  1. other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.


Where your personal data is held

Personal data may be held on our company servers and those of our third party partners, service providers, representatives and agents.

Some of these third parties may be based outside the UK/EEA. 

The EEA, UK and other countries outside the EEA and the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.

It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. In those cases, we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.

Under data protections laws, we can only transfer your personal data to a country outside the UK/EEA where:

  1. in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR. A list of countries the UK currently has adequacy regulations in relation to is available here
  2. in the case of transfers subject to EEA data protection laws, the European Commission has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the EU GDPR. A list of countries the European Commission has currently made adequacy decisions in relation to is available here
  3. there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
  4. a specific exception applies under relevant data protection law.

In the event we cannot or choose not to rely on the mechanisms above, we will not transfer your data outside the UK/EEA unless we can do so on the basis of an alternative mechanism or exception provided by UK or applicable data protection law and reflected in an update to this policy.

How long your personal data will be kept

We  will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

If you wish to be informed what Personal Information we hold about you and if you want it to be removed from our systems, please contact us at admin@thoughtandfunction.com

Your rights

In certain circumstances, you have the following data protection rights:

  • The right to access, update or to delete the information we have on you.
  • The right of rectification.
  • The right to object.
  • The right of restriction.
  • The right to data portability
  • The right to withdraw consent

For more information on each of those rights, including the circumstances in which they apply, please see the guidance from the UK Commissioner’s Office (ICO) on individual’s rights, accessible here.If you would like to exercise any of those rights, please email us on admin@thoughtandfunction.com

Third Party Privacy Policies

Thought&Function's Privacy Policy does not apply to other advertisers or websites. Thus, we always advise that you  consult the respective Privacy Policies of these third-party ad servers or providers for more detailed information. It may include their practices and instructions about how to opt-out of certain options. You will find a complete list of these Privacy Policies and their links in the table above

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites. 

Children's Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

We do not knowingly collect any personal identifiable information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

Online Privacy Policy Only

Our Privacy Policy applies only to our online activities and is valid for visitors to our website or users of our services with regards to the information that is shared with us, that we collect or transfer or we share with third parties.. 

Consent

By using our website and/or engaging our services, you hereby consent to our Privacy Policy and agree to its terms.