At ThinkMonkeys, we respect your privacy rights and take the security of your Personal Data very seriously.
Data protection laws are changing and from 25thMay 2018 when the General Data Protection Regulations (“GDPR”) comes into effect, you will have greater rights on the Personal Data or Personally Identifiable Information (“PII”) that we hold about you.
Personal Data is any information capable of identifying an individual (“Data subject”). This information may include but is not limited to: Name, address, email, telephone number, IP address.
How do we collect Personal Data
ThinkMonkeys holds Personal Data requested on our website https://www.thinkmonkeys.com for the purpose of responding to an enquiry. If you choose to withhold any Personal Data required, it may not be possible to provide a response.
ThinkMonkeys holds Personal Data for our Clients for the purpose of fulfilling a contract or service.
ThinkMonkeys may collect financial information for payment processing through a third party payment processor but retains no financial or personally identifiable information on its own systems.
It is very important that the Personal Data that we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com we will update it accordingly.
How do we use Personal Data - Lawful Basis of Processing
ThinkMonkeys will only process Personal Data where we have a legal basis to do so.
ThinkMonkeys uses Personal Data from our website for the purpose of fulfilling an enquiry, asking for consent as appropriate.
ThinkMonkeys uses Personal Data from our Clients for the purpose of fulfilling a contractual obligation. ie. Providing a service.
ThinkMonkeys may use Personal Data where it is necessary for our legitimate interests and the interests and fundamental rights of the data subject do not override those interests. These legitimate interests include:
ThinkMonkeys may use Personal Data where we need to comply with a legal obligation.
How We Protect Your Personal Data
ThinkMonkeys has put in place appropriate security measures and controls to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees and other third parties who have a business need to use such data. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
When you enter Personal Data on our website, it is encrypted in transit using TLS/SSL and transmitted over HTTPS.
We maintain appropriate administrative, technical and physical safeguards to protect Personal Data at rest on our systems. This may include password protection, access/authentication controls, pseudonymisation and encryption.
How long do we retain Personal Data
ThinkMonkeys will only retain your Personal Data for as long as is necessary to fulfil the purposes for which it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Personal Data collected from our website for the purpose of responding to an enquiry is retained by ThinkMonkeys for 30 days and then is securely deleted.
ThinkMonkeys will retain Personal Data on behalf of our Clients for as long as required to provide our services to that Client or as otherwise required to by law.
International Transfer of Data
ThinkMonkeys do not transfer Personal Data to systems outside of the EEA("European Economic Area").
Controller and Processor
ThinkMonkeys processes Personal Data both as a Controller and as a Processor as defined in the GDPR.
ThinkMonkeys does not own, control or direct the use of any of the Client data stored or processed by a Client on ThinkMonkeys servers. Only the Client is ordinarily entitled to access, retrieve and direct the use of such Client Data. ThinkMonkeys is largely unaware of what Client Data is actually being stored or made available by a Client and does not directly access such Client Data except as authorized by the Client, or as necessary to provide Services to the Client.
All Personal Data is stored securely on Dropbox, Digital Ocean or Amazon Web Services. All website hosting is performed in accordance with the highest security regulations. ThinkMonkeys has sought confirmation from its providers, ensuring compliance with the GDPR. Eg. All data is processed on servers in the European Economic Area only.
Third Party Processors
ThinkMonkeys works with a number of third party service providers including but not limited to the ones named in the ‘Controller and Processor’ section.
These third parties may have access to, or process Personal Data or Client Data as part of providing those services for us. We limit the Personal Data provided to these service providers to that which is reasonably necessary for them to perform their functions. We have sought confirmation that our third party processors and service providers are GDPR compliant, thus requiring them to maintain the confidentiality of any Personal Data provided to them.
ThinkMonkeys does not carry out business with or knowingly collect any Personal Data from anyone under the age of 13. In the event that we find out or are informed that we have collected information from a child under the age of 13, we will delete that Personal Data as quickly as possible.
Special Category Data
ThinkMonkeys does not collect any Special Category or sensitive personal data. Special Category data is defined in the GDPR as information that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We also do not collect any information about criminal convictions and offences.
Data breach or compromise of Personal Data
ThinkMonkeys have put in place procedures to deal with any suspected data breach.
In the event that Personal Data is compromised as a breach of security, ThinkMonkeys will promptly notify any affected data subjects or Clients as well as the Information Commissioner’s Office (“ICO”) in compliance with the GDPR.
From 25thMay 2018, you will have extended rights in relation to our use of your Personal Data. These are:
Right of access to your Personal Data
You are entitled to a copy of the personal information we hold about you and certain details of how we use it. You will not have to pay a fee to access your Personal Data. However, we may charge a reasonable fee if your request is manifestly unfounded, excessive or repetitive.
If your request is made electronically, we will provide the Personal Data in a commonly used electronic format, once we have verified your identity. Else it will be in writing.
Right to rectification
ThinkMonkeys takes reasonable steps to ensure that the Personal Data we hold about you is accurate and complete. However, if you do not believe that this is the case, please contact us and make a request for rectification verbally or in writing.
Please note that ThinkMonkeys can refuse to comply with a request for rectification if we believe that we are satisfied that the data is accurate or that a request is manifestly unfounded or excessive (In which case we can charge a reasonable fee before dealing with the request).
In either case we will contact you within one month of the request.
Right to erasure
This right is also known as ‘the right to be forgotten’. It is not absolute and only applies in certain circumstances, whereby you have the right to ask us to erase your personal information. An example would be where the Personal Data we collected is no longer necessary for the original purpose for which it was collected or where an individual withdraws their consent (Where consent was the lawful basis for holding the data).
Please note that a request for right to erasure also needs to be balanced against other factors, for example according to the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.
Right to restrict processing
This is not an absolute right but in certain circumstances, as an alternative to requesting the erasure of Personal Data, you are entitled to ask us to stop using your Personal Data. An example would be where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to process your personal information.
When processing is restricted, ThinkMonkeys are still permitted to store the Personal Data but not to use it.
Right to data portability
In certain circumstances, you have the right to ask that we transfer any Personal Data that you have provided to us to another organization or third party. The Personal Data will be provided free of charge and in a structured, commonly used and machine readable form such as a CSV file.
Right to object
You can ask us to stop sending you direct marketing messages at any time. ThinkMonkeys will stop processing Personal Data for direct marketing purposes as soon as we receive an objection.
Right not to be subject to automated-decision making
An individual has the right to object to their Personal Data being input into a system or computer and a decision or profile being calculated by an automatic process rather than by a human.
ThinkMonkeys do not make automated decisions or carry out profiling using Personal Data.
Right to withdraw consent
Where ThinkMonkeys has asked you for explicit consent, you have the right to withdraw your consent to further use of your Personal Data at any time. Please note we may not be able to provide you certain services if you withdraw your consent.
If you wish to exercise any of the rights set out above,you can do so by contacting us in the ‘How to Contact Us’ section below. You will not have to pay a fee. However, we may charge a reasonable fee for the administrative costs of complying with the request if your request is manifestly unfounded, excessive or repetitive.
We may also need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (Or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
Once we have confirmed your identity, we will endeavour to implement any requests within 7 days and no later than one month from the time of the original request.
Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Links to other websites
How to Contact Us
If you wish to contact ThinkMonkeys, wish to withdraw your consent or have any additional questions about ThinkMonkeys collection and storage of your Personal Data, our details are:
120 Coldbath Street
Tel: +44 (0)1293 127433
or by email at firstname.lastname@example.org
If you are not happy with any aspect of how ThinkMonkeys collect and use your data, you have the right to lodge a complaint to the Information Commissioner’s Office (“ICO”) https://ico.org.uk/, who are the UK supervisory authority for data protection issues.
However, we would be grateful if you could contact us first if you do have a complaint so that we can try to resolve it for you.
Last updated: 12/05/2018