At Thirdfort Limited, we are committed to protecting and respecting your privacy.
This Privacy Policy explains how we will process the data relating to you that you provide to us (or that we may collect) when you visit our website at thirdfort.com (Website).
The Website is operated by Thirdfort Limited (we, us, our, Thirdfort), a company incorporated in England & Wales with company number 10757456 and registered office at Belle House, Platform 1 Victoria Station, London SW1V 1JT.
Thirdfort provides services to facilitate the safe and secure execution of legal transactions including, for example, the sale and purchase of property via its FCA-regulated, tech-enabled escrow and payment platform and digital identity verification tools. Please note that we are an independent technology provider to legal professionals and property professionals and we do not provide, own, sell or purchase any property (or other assets relating to legal transactions we process) ourselves or act in the capacity of an agent, broker or advisor.
Where we decide the purpose or means for the processing of the personal data that you provide via our Website, we are the “data controller”. As data controller, we will comply with all applicable data protection laws.
This policy should be read together with our Website Terms of Use (where applicable).
If you choose to use our technology services in connection with a third party (e.g. an estate agency, law firm or independent financial advisor), including our identification, background and credit reference checking services, that third party’s applicable terms and conditions will apply and govern how your personal information may be used.
This Privacy Policy only applies to the processing of personal data by Thirdfort when you use the Website or our services available on or through our Website.
Our Website may contain hyperlinks to third party websites. These websites operate fully independently from us, and we cannot accept any responsibility or liability for the privacy practices of such third parties nor the availability of these external sites or resources. The appearance of such links on our Website is not an endorsement. Should you use any of these websites, such use is at your own risk and we would advise that you review their respective privacy policies.
Please read this Privacy Policy carefully as it contains important information about the following:
If you have any questions or comments about this Privacy Policy please contact us at:
Email: contact@thirdfort.com
When you visit our Website (including any of our associate mobile apps), we may collect and process information (which may include your personal information) for the purposes of processing and on the legal bases listed below, and we may sometimes share this information as follows.
Visiting our Website and General Enquires
Types of Data
We may collect and store personal information you provide when using the Website, including when you login to access your account and/or ongoing cases, or when you contact us using the Contact Us details provided on the Website.
Personal data that we may obtain includes:
Processing Purpose and Basis
We may legally process the personal information that we collect on the basis that we have a legitimate interest to do so or we are, under our legal obligation to do so or in order to provide a service under a contract:
Third Party Recipients
We keep your information confidential. We will not sell your information. We may disclose your information to our personnel and to third party suppliers or subcontractors (including our independent consultants, data analytics providers and cloud-based data processing and hosting providers). If we do share your information, we will only do so insofar as it is reasonably necessary for the purposes set out in this privacy policy, and provided that the recipients do not make independent use of the information and have agreed to adhere to the rules set out in this Privacy Policy. In some instances, this data sharing may involve the transfer of information outside the EU. Please see our section on International Data Transfers below.
Setting Up Your Account
Types of Data
When you set up your Thirdfort account, including set-up of a payment vault, we will ask you to provide some or all of the following personal information, depending on the type of transaction and which of our digital identity verification tools are being used. All account holders may be asked to provide:
We can only provide our services, including account set-up, where you have provided certain requisite personal data. We will process this information based on either our legal obligation to do so, for the performance of a contract or where we have a legitimate interest to do so in the operation of our property transaction management services business:
Third Party Recipients
We may share your personal information with third party service providers, such as external open banking data aggregators, credit reference and reporting providers, such as Onfido, Truelayer or Experian, to enable us to perform identity checks and source of funds checks which are key elements of the typical types of transactions for which our service is used that involve the processing of personal data (e.g. property transactions). Where we share your personal data with third parties, we will only do so as far as it is reasonably necessary for the purposes set out in the policy, provided that they do not make independent use of the information and have agreed to adhere to the rules set out in the Privacy Policy. In some instances, this sharing of data may involve the transfer of personal data outside of the EU. Please see our section on International Data Transfers below.
Transactions and Payments
Types of Data
To ensure the proper function of our escrow technology and that payments made into our secure payment vaults from transaction participant(s) (e.g. property buyers) are then paid to and received by the correct and genuine other transaction participant(s) (e.g. owner and seller of a property), we may ask for the following personal information:
Depending on your role in the transaction in question we may request the bank account details from which we shall extract payments or make payments to (whether personal or company account), including:
Processing purpose and basis
We collect and process your contact and financial details to provide you with our services, including the payment into and out of our insured payment vaults that are set-up to facilitate transactions such as property transactions and performing the necessary identity and source of funds checks associated with any transaction. We minimise the collection of information to the minimum required to enable us to perform of our contract with you (depending on the type of transaction and your role within it e.g. whether you are the buyer or seller in a property transaction), to provide and operate your account, to fulfil legal obligations in relation to payments and accounts record keeping, and/or where there are other lawful bases for processing.
Third Party Recipients
We engage third party payment service providers to assist us with our financial transactions, including Starling Bank and Lloyds. We will not provide further personal information to these payment service providers beyond the financial details that you have provided. As part of the service that we provide, including the maintenance and operation of your account and our Open Banking services, we will receive and hold financial information that you may provide directly to our third party service providers. We will only provide such information to other third parties where we have received your prior consent to do so or where we are legally obliged to do so.
Keeping You Updated (Mailing List)
Types of Data
Our Website does not contain third party advertising. We may collect information about you in order to send you our promotional or marketing communications, such as:
While we do not permit third party advertising (or targeted advertising) on our Website, if you do link to one of our Thirdfort social media platforms you may be subject to targeted marketing via that site.
Processing purpose and basis
Where we provide you with information about our products, services or offers via our email updates and e-newsletters, we will only use your personal information in this way in accordance with laws relating to marketing directly to individuals, and in the pursuit of our legitimate interest of marketing our business. If you have asked to be added to our mailing list, such as by submitting your details via our Website sign-up, we will provide your details to a third party company called SendGrid that helps us to produce and manage our newsletters and other marketing material. We provide these communications on the basis that you have asked to receive these. If you change your mind, you may opt-out at any time via the unsubscribe feature that appears in our emails or by emailing contact@thirdfort.com.
Third Party Recipients
We will not share with any third party the personal information that we obtain about you for the purposes of marketing, except for as stated in this policy and only where those third parties have agreed to make no independent or further use of that data and to maintain its confidentiality.
Our Approach to Objectionable Content
Types of Data
If you send us objectionable content, or behave in a disruptive manner when using our Website, we may process any personal information that you have submitted to us, including in your personal messages, to respond to and stop such behaviour.
Processing purpose and basis
We will only process personal information in this way for the following legitimate interests:
Third Party Recipients
Where we reasonably believe that you are or may be in breach of the law (i.e. the content you share on the Website amounts to harassment or is defamatory), we may use your personal information to inform relevant third parties about the content, such as:
Where we process personal information in this way, we will hold that personal information on our systems for as long as is reasonably necessary to achieve these objectives.
We will only ever share your information with third parties in the ways that are described in this Privacy Policy. If you would like to find out more about how those third parties listed in this Privacy Policy use your information, this should be set out in their respective privacy policies accessible on their websites.
Personnel, Suppliers and Subcontractors
We keep your information confidential, but may disclose it to any member of our group (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006), our personnel or independent contractors and our suppliers or service providers insofar as it is reasonably necessary for the purposes set out in this Privacy Policy. However, this is on the basis that they do not make independent use of the information, and have agreed to safeguard this information. For further detail on main third party service providers that we engage, please see below.
Change of Control
If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email, account message and/or a prominent notice on our Website of any change in ownership or uses of this information, as well as any choices you may have regarding this information.
Disclosure Required by Law or for Protection of the Business
In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies), in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
We may also disclose your personal information to third parties in order to enforce or apply the terms of agreements between us, to investigate potential breaches, or to protect the rights, property or safety of Thirdfort, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Third party service providers
In addition to the processing that we undertake ourselves, we also use third party processors to collect, export, store and otherwise process our data, include personal data, on our behalf. The processors that we engage include (without limitation):
Our Website uses cookies and other mechanisms to collect log and analytical information, to help analyse how visitors use the site, to personalise content, support our security function and to compile statistical reports on Website activity.
Cookies may be used by us to do the following:
To find out more about the use of cookies generally, please visit http://www.allaboutcookies.org/.
Our Website also uses website analytics, including Google Analytics as well as our own analytics software, to evaluate and improve our Website, personalise your experience and to offer the best, most accessible service possible to all of our customers.
To find out more about Google Analytics and to learn how to opt out, please visit:
When you visit our Website, these analytics service providers may collect the following data, which will almost always be anonymised and aggregated before reporting back to us:
We process this information to understand how visitors use our Website and to compile statistical reports regarding that activity (for example, your IP address is used to approximate the geographic locations (e.g. country, region, city) from which you access our Website, and we aggregate this information together so we know that, for example, whether most of the visitors to our Website are London-based, originate from the UK or come from elsewhere).
We may also collect and process personal data for quality assurance, regulatory compliance, training, and customer service purposes by monitoring and recording email and/or telephone communications with you or between you and third parties using our systems or those of our third party agents and service providers.
This processing is crucial to the running of our online business and we therefore undertake such monitoring in the pursuit of our legitimate interests in improving our Website to provide a better service and source of information to visitors.
This information is not used to develop a personal profile of you.
You have the following rights over the way we process personal data relating to you. We aim to comply without undue delay, and within one month at the latest:
To make a request in relation to any of the aforementioned rights, please email us at contact@thirdfort.com.
If you are unhappy with the way that we are processing your personal data, please let us know. The best way to bring this to our attention is by emailing us at contact@thirdfort.com.
If you are not 18 years or older, you must not use this Website.
We do not knowingly use the Website to solicit data from or market to anyone under the age of 18 (including, in particular, children under the age of 13) nor do we sell any of our products or services to children.
If a parent or guardian becomes aware that his or her child has provided us with information or may be receiving communications from us or has been otherwise interacting with us via our Website without consent of a parent or guardian, we ask that this be brought to our immediate attention. We will make it our priority to address this situation and delete information relating to a child as soon as practicable. In such an event, please contact us at contact@thirdfort.com.
We will take commercially reasonable, appropriate technical and organisational measures to ensure a level of security appropriate to the risk that could be encountered via the use of our Website and services, taking into account the likelihood and severity those risks might pose to the rights and freedoms of our Website visitors.
In particular, we will take precautions to protect against the accidental or unlawful destruction, loss or alteration, and unauthorised disclosure of or access to the personal information transmitted, stored or otherwise processed by us. Please be aware that, while we make the security of our Website and your personal information a high priority and devote considerable time and resources to maintain robust IT security, no security system can prevent all security breaches. When you choose to share your personal information with us, you accept the aforesaid and provide your information at your own risk.
In accordance with data protection laws and good commercial practice, we do not retain data in a form that permits identification of the person(s) to whom it relates for any longer than is necessary. Once the purpose for which information has been collected has been fulfilled, we will either permanently delete your personal information or remove all identifiers within it so that it is no longer personal data. We may use such anonymised data for research and/or business analysis purposes.
Where you have provided us with personal information to set up an account with us, we will retain those details for as long as your account remains active.
Where you have signed up to our mailing list, we will retain your details for as long as you remain on that list. If you unsubscribe, we will remove your details from the list.
Where we obtain your personal data in relation to the use or purchase of our services, including VAT or invoicing information, we are obligated by law to keep this for a minimum of 6 years.
If you would like us to stop using your personal information or restrict its use, please email us at contact@thirdfort.com.
Our servers are located in the European Union and the information that we collect directly from you will be stored in these servers. We may also transfer your personal data to our third party service providers, many of whom may be located outside of the EU, operate from multiple locations including non-EU based operations or engage sub-processors located outside the EU.
There are agreements in place to ensure that any international transfers of personal data to our affiliates or third party service providers have appropriate safeguards that meet the requirements of EU data protection laws.
Such appropriate safeguards may include standard data protection clauses adopted by a data protection regulator and approved by the European Commission, such as the European Commission’s standard contractual clauses. Alternatively, where personal data is transferred to the US, many of those US third party service providers are certified under the EU-US Privacy Shield framework approved by the European Commission.
To find out more about the standard contractual clauses, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
To find out more about the EU-US Privacy Shield certification, please visit: https://www.privacyshield.gov/Program-Overview
If you would like to find out more about these safeguards or about our international transfer of data, please let us know by emailing us at contact@thirdfort.com].
This Privacy Policy may be updated from time to time. We will notify you of any changes to this policy by posting the updated policy on our Website. You are advised to consult this Privacy Policy webpage regularly for any changes.
Questions, comments and requests in relation to this Privacy Policy are welcome and should be addressed to contact@thirdfort.com.