Privacy Policy

Data Protection Terms and Conditions

These are the terms and conditions for the contract between:

  • —  us, ThorpyFX (registered in England and Wales with company number 09326701); and

  • —  you, our customer;

    for us to provide you with the services set out in the client agreement attached to these terms and conditions.

    Data Protection

  1. a)  For the purposes of the contract, you are the ‘data controller’ and we are the ‘data processor’ for personal data processed in connection with the contract (employee data), as per the meanings given to them under the General Data Protection Regulation (GDPR). In limited circumstances we may also be a ‘data controller’ regarding the methods of processing data to facilitate the contract.

  2. b)  When we process personal data for the purposes of the contract we will do the following:

    1. Do so only for the purpose of meeting our obligations under the contract, or where the law

      permits us to do so.

    2. Comply with all relevant instructions or requests you give us about processing this personal

      data.

    3. Take appropriate security measures to protect this personal data against unauthorised or

      unlawful processing, and accidental loss, destruction or damage. Those measures will take account of:

      1. the nature of the information and the harm which could arise from such processing, loss, destruction or damage; and

      2. the technology available; and

      3. the cost of taking the measures.

    4. Not allow this personal data to be transferred out of, or processed outside, the European

      Economic Area. unless we have taken such measures as are necessary to ensure the transfer

      is compliant with all applicable data protection law.

    5. Not pass this personal data to any third party (other than our sub-contractors and key service

      providers) unless there is a legal or statutory obligation to do so, or:
      1. we have your permission in writing; and
      2. we have entered into a written contract with that third party and they agree to meet

      obligations that are equivalent to those set out in this clause;

    6. Will only engage third party sub-contractors provided that:

      1. We maintain an up-to-date, and accessible, list of its sub-contractors which we shall update with details of any change in sub-contractors at least 10 days prior to any such change - consent is deemed to be given (where required) if no objection is received within 30 days of updating this list

      2. We impose data protection terms on any sub-contractors we appoint that require it to protect the Data to the standard required by Applicable Data Protection Law.

    7. Provide reasonable and timely assistance to assist you in dealing with data protection related requests relating to the data we hold, including to respond to:

      1. any request from a data subject to exercise any of its rights under Applicable Data Protection Law

      2. any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the data we hold

    8. Inform you of any high-risk activities relating to your data, and corporate, with any risk assessments required

    9. Inform you of any data breaches relating to your data without undue delay

    10. Delete or return to you any personal data provided for the purpose of this contract

    11. Make sure that all our personnel who need access to this personal data for the purposes of the contract keeps to this clause.

    12. Allow you, after you have given reasonable notice, to enter our premises or any other location where this personal data is processed so you can make sure this clause is being met. For this purpose, you will have the access you need to facilities, staff, systems, records, books, accounts and relevant information.