Skip to content
Request Demo

PRIVACY STATEMENT THESIS

Thesis ("we" or the "Company") value the trust of our employees, website visitors, and users, and we are committed to protecting the privacy, security, and integrity of your personal data.

The Company will collect and process personal, confidential, and non-confidential data about you ("personal data") prior to and throughout your employment or engagement, and when you visit our website or interact with our services, as set out below. This privacy policy (the "Policy") sets out how and why we process your personal data, and for how long it will be retained. The Company is the data controller in respect of any such personal data. This means that we are responsible for deciding how we use and process your personal data. Our contact details are set out at the end of this Policy.

This policy applies to all past, current, and prospective employees, partners, workers, interns, agency workers, consultants, independent contractors, directors (together, "staff"), website visitors, and any third parties whose information you provide to us in connection with your employment, engagement, or use of our website.

Where we refer to "employment" or "engagement" in this Policy, we do so for convenience only and this should in no way be interpreted as purporting to confer employment status on non-employees to whom this Policy also applies. This Policy does not form part of any contract of employment or engagement, which is provided to you separately, and does not place any contractual obligations on us or confer any contractual rights on you.

The Company may update this Policy at any time and may also provide you with additional information when we collect personal data, where we feel it would be helpful to provide relevant and timely information.

Summary of how we use your data
We will share your data within the Thesis Group and with third-party service providers who help support our HR, personnel management functions, and website operations for the purposes set out below. Information on the recipients of your personal data, and where they are situated, is also set out below. Your data will at all times be protected by adequate safeguards in line with any applicable data protection law.

The Company may process information revealing your race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, and any disability in order to facilitate effective equal opportunities monitoring and/or to comply with legal obligations to make reasonable adjustments. The Company is obliged to process information regarding your right to work as part of its recruitment processes and compliance obligations. It may also process criminal record information as part of its recruitment processes and compliance obligations.

You have a number of rights in respect of the personal data that the Company processes, including a right to object to certain processing. Please see the section below entitled "What rights do I have in relation to my personal data?" for more information. Where we do rely on your consent for something, you are entitled to withdraw this consent at any time.

What information do we collect?
The Company collects and processes the following types of personal data about you, which you provide to the Company in the context of your employment relationship or website interaction:

  • Recruitment information, meaning information collected as part of your recruitment to the Company.

  • Personal details, such as your name, title, gender, date of birth, home address, personal email address, personal phone number, local employee ID number, work contact details (phone, email, and physical address), social security number, disability status, ethnicity (where volunteered and permissible under local law) and a work-related personal photograph.

  • Identification documents, such as citizenship, immigration status, passport data, details of residency or work permits, and copies of identity documentation, as permitted and required in order to check your right to work.

  • Payment information, such as bank account details and National Insurance Number for payment and taxation purposes.

  • Emergency contact details, such as names and contact information (which is only held for the purpose of contact such as in the event of a medical emergency or in the context of absence).

  • Beneficiaries’ details, as required in relation to life insurance or other benefits, emergency contacts, marital status, information about family members (name, date of birth, gender and national personal ID number) and where necessary for the provision of applicable benefits, guarantees or relocation assistance.

  • Professional information, such as job title, hire date, compensation information, benefits, pay grades, professional experience and past employment history, education, performance history, training records, assessment results, skills and details of manager.

  • Management records, such as details of any shares of common stock or directorships.

  • Medical information, such as ill-health, health conditions, disabilities, health status, pregnancy and so on, where applicable.

  • Expense records, such as details of out-of-pocket expenses, corporate credit cards, company cars or private cars where an allowance is claimed and mobile phone costs.

  • Technical and usage data: IP addresses, browser type, and browsing behavior on our website.

  • Other information collected from third parties, including from recruitment agencies, background check providers, or publicly available sources.

How do we use this information, and what is the legal basis for its use?
The Company processes your personal data for the following purposes, which in each case are justified by the legal basis set out in bold:

  • Where necessary for the Company to establish and perform the employment contract, to maintain or terminate the employment relationship, and to enable you to perform your job. This includes processing for the purpose of recruiting, hiring, the administration of personnel records, and the administration of payroll and benefits, absence, sickness, compensation, performance, and talent management, succession, training and leadership development, disciplinary procedures, awards/recognition, employee surveys, medical insurance, occupational health, fitness for work, references, retirement plans, stock plans, expense management, and professional travel.

  • Where necessary to enable the Company's business to function and pursue our legitimate interests (where these interests are not overridden by your data protection rights), in particular: to provide access to our offices, manage our IT systems and infrastructure, collate company directories and provide communication services such as email, telephone, and internet access; to protect the security of our premises, assets, systems, and intellectual property and enforce company policies, including those relating to equal opportunities and monitoring communications (where permitted by local law), and in accordance with the Company's IT & Communications System Policy, and to conduct necessary investigations and disciplinary actions; and in the context of discussions or decisions relating to reorganization or restructuring.

  • Where necessary to comply with applicable laws: This includes use in connection with diversity metrics, reports, legal claims, compliance, regulatory, audit, investigative and disciplinary purposes (including disclosure of such information in connection with legal process or litigation) and other ethics and compliance reporting tools (including under our Whistleblowing Policy).

  • Where necessary for the purposes of the legitimate interests pursued by the Company (where these interests are not overridden by your data protection rights), legal rights, and obligations: This may include use in connection with planning, budgeting, calibration, headcount, database administration, diversity metrics, surveys, evaluations, reports, legal claims, compliance, regulatory, audit, investigative and disciplinary purposes (including disclosure of such information in connection with legal process or litigation) and other ethics and compliance reporting tools (including under our Whistleblowing Policy).

We may process special categories of personal data relating to you. In most cases, we will do so under the exemption of necessity for the purposes of carrying out obligations in the field of employment and social protection law under applicable law: We will use information you have voluntarily disclosed about your health and disability status to consider whether we need to provide reasonable adjustments during the recruitment process (for example, during an interview, test, or other assessment). Such information would usually be processed on the grounds that such processing was necessary to comply with applicable laws.

Who will we share this data with?
The Company will disclose your personal information to members of its People & Culture Team and the relevant team managers in respect of your employment, in connection with the purposes set out above. Personal data will be transferred to the Company's relevant affiliates, both in the UK, US, and other countries, including outside the US, and will be stored and processed manually and electronically (in all cases subject to appropriate security and technical measures) through global systems and tools for the purposes set out above.

Personal data shall also be shared with third-party service providers with whom the Company contracts, who will process it on behalf of the Company for the purposes above. Such third parties will include payroll and benefit service providers, IT service providers, travel agencies and travel service providers, banks, credit card companies, brokers, medical services and medical insurance providers, occupational health providers, training providers, survey service providers, investigators and data hosting providers and custodians.

Personal data shall be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law, or if required for the legal protection of our legitimate interests in compliance with applicable laws.

In the event that a business within the Thesis group is or may be sold or integrated with another business (in part or whole), your details may be disclosed to our advisers, the prospective purchaser, and any prospective purchaser's advisers and will be passed to the new owners of the business/business unit.

Where will you send my data?
Information contained in internal directories will be accessible by any Company affiliate on a worldwide basis. Personal data will primarily be processed by employees of the HR, IT, and finance, legal, and facilities departments, where relevant and necessary. Some of these employees will be located outside of your country.

For further details, please contact us as set out below.

What rights do you have in relation to your personal data?
You have the right to ask the Company for a copy of your personal data; to correct, delete, or restrict processing of your personal data; and to obtain the personal data you provide in a structured, machine-readable format; and to ask us to share (port) this data to another data controller.

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).

In the limited circumstances in which we rely on your consent for data processing, you will always be able to withdraw such consent at any time. If you ask to withdraw your consent to the Company processing your data, this will not affect any processing which has already taken place at that time.

These rights can be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. Relevant exemptions are included in both the GDPR and in the Data Protection Act 2018. The Company will inform you of any relevant exemptions it relies upon when responding to any request you make.

Where we process your data under your consent, you can withdraw your consent at any time by contacting us as indicated in the “Contact” section of this Policy.

If you are not satisfied with our response to your concerns about how we handle your personal data, you can contact your local supervisory authority for data protection issues.

How long will we hold your data?
We will retain your personal data for no longer than is necessary to fulfil the purposes for which it was collected, including the purposes of satisfying any legal, accounting, or reporting requirements. The criteria we use to determine retention periods include the nature of the data, the purposes for which it was collected, and any legal or regulatory obligations. For further details on retention periods, please contact us.

Contact Us
If you have any questions or concerns about how we handle your personal data, or if you would like to exercise any of your rights in relation to your personal data, please contact us at privacy@thesiscloud.com.