Privacy Policy

This policy statement is provided for Thirdway Group Ltd (Thirdway) and on behalf of Thirdway’s subsidiary companies as listed at the end of this statement.


We are Thirdway of Morelands, 5-23 Old Street, London, EC1V 9HL. Our appointed GDPR representative and data protection officer is the Technology Director of Thirdway Group Limited.

This Data Protection Policy covers the use of your information by Thirdway. We are required under data protection legislation to notify you of the information contained in this privacy notice.

As such, any references in this Privacy Policy to “we”, “our”, “us” etc. will be interpreted as a reference to Thirdway. Details of all subsidiaries of Thirdway Group are set out at the end of this policy.


Thirdway is committed to processing data in accordance with its responsibilities under the General Data Protection Regulation (GDPR) as it applies in the UK, tailored by the Data Protection Act 2018.

Article 5 of the UK GDPR requires that personal data shall be:

  • Processed lawfully, fairly and in a transparent manner in relation to individuals;
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.


The information we hold on you and how we use it will vary depending on the nature of your relationship with us.
We will collect, process and store personal information about you which will be stored within our secure internal systems. This personal information may include your:

  • name, address, contact details;
  • job tile and name of your employer;
  • IP address, browser types, device being used;
  • details of our interactions and correspondence with you (specifically our emails with you and the notes we make in relation to our telephone conversations, meetings or other personal interactions with you);

Most of the information described above comes directly from you but in some instances, we can obtain information from publicly available sources.


We only use this information for the purpose of legitimate business interests being pursued by us in relation to the services or products that we provide.

For example, we will use your information:

·       to contact you to discuss our services and products (and any changes to them); to respond to any questions or concerns you have raised;

·       to deal with administrative matters such as invoicing and renewal;

·       and to otherwise carry out our obligations arising under a contract and to enforce the same.

In particular, we use your information:

  • Where we have obtained your consent (and before any withdrawal of your consent – see below). Including to:
    • contact you via email from time to time with information we think may be of interest about our products, services and business. If you do not want to be contacted in this way, you can tell us by contacting us using the details set out at the end of the Privacy Policy.
    • Contact you via telephone with information we think may be of interest about our products, services and business. If you do not want to be contacted in this way, you can tell us by contacting us using the contact details set out in this policy.

Note: You may withdraw your consent at any time by contacting us using the contact details in this policy. For more information on your rights, please refer to the section “Your rights

  • Where it is necessary for the performance of a contract with you.
  • In line with our legitimate business interests to prevent fraud;

We will not use your information for any other purposes unless we are required to do so by law, in connection with any legal proceedings, or in order to establish, exercise or defend our legal rights.

Where we have relied on our legitimate business interests to process your personal data, you may contact us to obtain more information, including in relation to our assessment of the impact on you.


Your information will be shared internally amongst our staff and they will only use it to carry out their duties in line with the purposes set out above. We will need to share your personal information with others from time to time, including:

  • our professional advisers, such as our accounting, legal advisers where they require that information in order to provide advice to us;
  • other regulatory authorities in accordance with our legal obligations;
  • our subsidiary companies for the purposes of legitimate business interest;
  • if another entity acquires us or our assets, your information may be disclosed to that entity as part of the due diligence process and, if the acquisition goes ahead, your information will be transferred to that entity;

We will also disclose your personal information if we are required to do so by law or to a law enforcement agency.


The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. Thirdway will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.


We only keep your information for as long as is reasonably necessary for the purposes set out in this policy and to fulfil our legal obligations.


In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, ThirdWay Group will promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO.


You have the following rights regarding your information:

Rights What does this mean?
1. Right to be informed You have the right to be provided with clear, transparent, and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this policy.
2. Right of access You have the right to obtain access to your information (if we are processing it), and other certain other information (similar to that provided in this policy).
3. Right to rectification You are entitled to have your information corrected if it is inaccurate or incomplete.
4. Right to erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
5. Right to restrict processing You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
6. Right to data portability You have the right to obtain and reuse your personal data in a structured, commonly used, and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
7. Right to withdraw consent If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time. This withdrawal does not constitute anything we have done with your personal data with your consent up to that point as unlawful.


In addition to the above rights, you also have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests grounds (including processing for direct marketing).

To exercise any of these rights at any time, you can contact Thirdway using the details set out in this policy. If you are not sure which Thirdway subsidiary is your Controller, contact


This policy applies to all personal data processed by Thirdway and its subsidiary companies.
The Responsible Person shall take responsibility for Thirdway’s ongoing compliance with this policy.
This policy shall be reviewed at least annually.
Thirdway shall register with the Information Commissioner’s Office as an organisation that processes personal data.


Contact details of Thirdway are set out below. Please do contact us if you have any questions or complaints about this policy or about how we handle your information.

Thirdway Group Ltd
0207 054 1145
5-23 Old Street,

If you are not satisfied with our response or you believe our use of your information does not comply with data protection law, you can make a complaint to the UK regulator in relation to data privacy, being the Information Commissioner’s Office (ICO).
Telephone: 0303 123 1113
Textphone: 01625 545860

Signed for and on behalf of Thirdway Group Ltd
Ben Gillam
CEO and Owner

Thirdway Group’s subsidiary companies covered by this statement:

Thirdway Interiors Ltd
Tribe Furniture Ltd
Thirdway Architecture Ltd
DThree Commercial Ltd
Thirdway TX Ltd
Thirdway Pulse Ltd