Privacy Policy

Last updated: 1st Feb 2025

1. Introduction

Thornacre Engineering Ltd (“we,” “us,” or “our”) is committed to protecting the privacy and security of personal data. This privacy policy explains how we collect, use, and protect personal data in accordance with the General Data Protection Regulation (GDPR) and our ISO 27001 certified information security management system.

2. Who We Are

Thornacre Engineering Ltd is a software solutions provider for public sector organisations. We are registered as a data processor under the GDPR.

Data Protection Officer contact details: support @ thornacre.com

3. How We Process Personal Data

3.1 Data Processing on Behalf of Customers

As a software solutions provider, we process personal data on behalf of our public sector customers. In these cases:

  • We act as a data processor under the direction of our customers (the data controllers)
  • We only process data according to our customers’ documented instructions
  • We do not use third-party data for our own purposes
  • We implement appropriate technical and organizational measures to ensure data security
  • We assist our customers in fulfilling their GDPR obligations

3.2 Website Analytics

We use Google Analytics on our website to understand how visitors use our site. This involves:

  • Collection of IP addresses (anonymized)
  • Cookie usage
  • Usage statistics
  • Browser information
  • Device information

You can opt out of Google Analytics by not allowing cookies in the cookie notification banner that appears..

4. Data Storage and Transfer

4.1 Data Location

  • All customer data is stored within the European Union unless requested otherwise.
  • No data transfers outside the EU occur without explicit approval from the data owner/customer
  • When approved, international transfers only occur under appropriate safeguards as required by GDPR

4.2 Data Security

We maintain ISO 27001 certification and implement appropriate technical and organizational measures including:

  • Encryption at rest and in transit
  • Access controls and authentication
  • Regular security assessments
  • Staff training
  • Incident response procedures

5. Your Rights

Under GDPR, you have the following rights:

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision making

To exercise these rights regarding data we process on behalf of our customers, please contact the relevant customer (data controller) directly.

For website analytics data, contact our Data Protection Officer at support @ thornacre.com

6. Data Retention

  • Customer data: Retained as specified in our service agreements with customers
  • Website analytics data: 2y
  • We delete or return all personal data to the controller after service completion

7. Third-Party Processors

We use the following third-party processors:

  • Google Analytics (website analytics)
  • Azure Cloud Hosting

We do not sell personal data to third parties.

8. Security Incidents

In the event of a personal data breach, we will:

  • Notify affected customers without undue delay
  • Assist customers in meeting their GDPR breach notification obligations
  • Take measures to mitigate any adverse effects

9. Changes to This Policy

We reserve the right to update this privacy policy at any time. Any changes will be posted on this page with a revised “Last updated” date.

10. Contact Us

For questions about this privacy policy or our privacy practices:

Data Protection Officer
Thornacre Engineering Ltd

support. @. thornacre.com

For data subject rights requests regarding data we process on behalf of our customers, please contact the relevant customer directly.