Welcome to Thirdfort's Privacy Policy

We take privacy seriously and want to make it easy for you to understand what we do with your data. This privacy policy explains what information we collect, what we do with that information, who we share it with, and how long we keep it.

OverviewProspects and visitorsConsumersLawyers and professionals

Privacy Policy overview

This Privacy Policy explains what personal and other information is collected by us, Thirdfort Limited (a company registered in England and Wales with number 10757456 and its registered office at Belle House, Platform 1 VictoriaStation, London SW1V 1JT (“Thirdfort”, “we”, “us”, “our”) as part of our activities, and how we use that information.

Thirdfort recognises that your privacy is important to you and that it is your right to control your personal information. We recommend that you read this Privacy Policy in full to ensure that you understand what information we collect, what we do with that information, who we share it with, and how long we keep it.

To make it easier for you to review those parts of the Privacy Policy which apply to you, we have divided it up into the following sections:

Section 1 – General: This Section applies to everyone who visits the Thirdfort Website, uses the Thirdfort Portal or the Thirdfort App, or otherwise interacts with us.

Section 2 – Consumer: This Section applies if you are an individual who has registered as a consumer via the Thirdfort App.

Section 3 – Thirdfort Clients: This Section applies if you are a solicitor, estate agent or other professional user who purchases Thirdfort Services.

Please take the time to read Section 1 (General) and, depending on whether you are a Consumer or a Thirdfort Client, the Section which applies to you. Note that if you are a solicitor, estate agent or other professional who uses Thirdfort’s services that have been purchased from one of our third party resellers (listed here), then personal information that you provide in the course of accessing or using our services will be subject to that reseller’s privacy policy, and not this one.

If you have any questions or comments about this Privacy Policy, then don’t hesitate to contact us by email at [email protected] or by writing to us at Belle House, Platform 1 Victoria Station, London SW1V 1JT.

In this Privacy Policy, the following words have the following meanings:

"Agreement" means an agreement between Thirdfort and a Thirdfort Client for the provision of Thirdfort Services.

“Consumer” means an individual who has registered as a consumer via the Thirdfort App and set up a Thirdfort Consumer Account.

“Data Protection Laws” means all data protection and privacy legislation, regulation and guidance applicable from time to time in force in the UK and the EU/EEA including (but not limited to) Regulation (EU) 2016/679 (GDPR) and the Retained Regulation (EU) 2016/679 (UK GDPR).

“Personal Information” means information relating to an identified or identifiable individual, including all information that is considered to be “personal data” under Data Protection Laws.

“Thirdfort App” means Thirdfort’s proprietary mobile app that enables consumers to:

(i) upload, store and share personal ID, financial and other information;

(ii) communicate with Thirdfort Clients;

(iii) E-sign documents; and

(iv) use and benefit from such additional features and functionality that may from time be made available byThirdfort.

"Thirdfort Client" means a client of Thirdfort which has purchased Thirdfort Services.

“Thirdfort Client Account” means an account created by a Thirdfort Client (or created by Thirdfort for the benefit of the Thirdfort Client) to enable the Thirdfort Client to purchase, access and use the Thirdfort Services.

“Thirdfort Consumer Account” means an account created by a Consumer via the Thirdfort App.

“Thirdfort Portal” means Thirdfort’s web platform that may be accessed by Thirdfort Clients
at https://app.thirdfort.io/, or such other URL as Thirdfort may from time to time designate.

“Thirdfort Services” means the provision by Thirdfort of access to proprietary web applications via the Thirdfort Portal to enable Thirdfort Clients to:

(i) request and obtain ID verification reports;

(ii) request address searches on individuals’ credit files for Know Your Client (KYC) and Anti Money Laundering (AML) purposes;

(iii) collect and analyse open banking data and other financial data to create source of funds reports;

(iv) communicate with Consumers;

(v) E-sign documents; and

(vi)benefit from such additional services that may from time be made available by Thirdfort.

“Thirdfort Website” means Thirdfort’s website at https://www.thirdfort.com, or such other URL as Thirdfort may from time to time designate.

Privacy for prospects and visitors

This section applies to everyone who visits, or otherwise interacts, with the Thirdfort Website, the Thirdfort Portal or the Thirdfort App.

What Personal Information does Thirdfort collect when you visit the Thirdfort Website, the Thirdfort Portal or the Thirdfort App?‍

When you visit the Thirdfort Website, or use the Thirdfort Portal or the Thirdfort App, we may collect and process the following information (which may include your Personal Information):

  • your name

  • your email address and/or postal address

  • IP address

  • any additional personal information you provide in a message you send us

We process your Personal Information on the basis that we have a legitimate interest:

  • to respond to your enquiries

  • to provide you with information about Thirdfort Services

  • to manage risk or prevent other illegal or prohibited activities

  • to resolve issues or fix problems on the Thirdfort Website, the Thirdfort Portal or the Thirdfort App.

We may disclose Personal Information that we collect when you visit the Thirdfort Website, the Thirdfort Portal or the Thirdfort App to our personnel and to third party suppliers or subcontractors (including our independent consultants, data analytics providers and cloud-based data processing and hosting providers). If we share this Personal Information, we will only do so insofar as it is reasonably necessary for the purposes for which we have collected it.

If you are a Consumer or Thirdfort Client, we collect and process additional personal Information about you. Please see Sections 2 and 3 of this Privacy Policy.

Legal basis for processing Personal Information

Our legal basis for collecting and using the Personal Information will depend on the Personal Information concerned and the specific context in which we collect it.

However, we will normally collect Personal Information from you only where:

  • we have your consent to do so

  • where we need the Personal Information to perform a contract with you

  • where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.

In some cases, we may also have a legal obligation to collect Personal Information from you. If we ask you to provide Personal Information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information).

If you are a Consumer or Thirdfort Client, please refer to Consumers section and/or Lawyers and professionals section of this Privacy Policy for additional information about the bases on which we process your Personal Information.

Who do we share your Personal Information with?‍

We may disclose your Personal Information to the following categories of recipients:

  • to our third party services providers who provide services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of, the Thirdfort Website, the Thirdfort Portal or the Thirdfort App), or process Personal Information for content customisation, personalisation, ad selection and ad delivery and reporting, measurement purposes, or who otherwise process Personal Information for purposes that are described in this Privacy Policy or notified to you when we collect your Personal Information. Our third party service providers, as well as details about what types of information we share with them, can be accessed here

  • to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your interests or those of any other person;

  • to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Information only for the purposes disclosed in this Privacy Policy;

  • in order to enforce or defend our rights under an Agreement, or to protect the rights, property, or safety of Thirdfort, our customers, or others. This includes exchanging information with other companies and organisations for the purpose of fraud protection and credit risk reduction.

If you are a Consumer or Thirdfort Client, we may share your Personal Information with other third parties. Please refer to Sections 2 and 3 of this Privacy Policy.

How do we keep your Personal Information secure?‍

We will take commercially reasonable, appropriate technical and organisational measures to ensure a level of security appropriate to the risk that could be encountered via the use of the Thirdfort Website, the Thirdfort Portal or the Thirdfort App, taking into account the likelihood and severity those risks might pose to your rights and freedoms.

In particular, we will take precautions to protect against the accidental or unlawful destruction, loss or alteration, and unauthorised disclosure of or access to the Personal Information transmitted, stored or otherwise processed by us. Please be aware that, while we make the security of the Thirdfort Website, the Thirdfort Portal and the Thirdfort App and your Personal Information a high priority and devote considerable time and resources to maintain robust IT security, no security system can prevent all security breaches. When you choose to share your Personal Information with us, you accept the aforesaid and provide your information at your own risk.

Your data protection rights‍

You have the following data protection rights:

  1. You have the right at any time to withdraw your consent to our processing of your Personal Information.

  2. You have the right to be told what Personal Information we hold about you on our database and how we process that data.

  3. You have the right to request that we provide you with a copy (in a commonly used electronic format) of all the Personal Information that we hold about you. Unless you make repeated requests, we will not charge a fee for providing you with a copy of this data.

  4. You have the right to request that we correct any inaccurate or incomplete Personal Information that we hold about you.

  5. You have the right to request that we irretrievably delete all Personal Information that we hold about you (the so-called “right to be forgotten”). Note that there are limited circumstances in which we are legally entitled to refuse to comply with this request.

  6. You have the right to request that we transmit all the Personal Information that we hold about you (in a structured, commonly used and machine-readable form) to another organisation’s IT environment. Note that we are only legally obliged to comply with this request if it is technically feasible for us to do so.

  7. You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you, or by replying to any marketing text messages with the word “STOP”.

  8. You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact the UK Information Commissioner’s Office at: https://ico.org.uk/concerns.

If you wish to exercise any of the rights set out in 1 – 7 above you can do so at any time by sending us an email at [email protected] or by writing to us at Belle House, Platform 1 Victoria Station, London SW1V 1JT. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with Data Protection Laws.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with Data Protection Laws.

Changes to this Privacy Policy

‍We may update this Privacy Policy from time to time in response to changing legal, technical or business developments, so please review it frequently. If we update our Privacy Policy and the amendments involve a material change to the way we collect, use, share, store or otherwise process your Personal Information then we will take appropriate measures to inform you, consistent with the significance of the changes we make.

Contacting Thirdfort

‍We may update this Privacy Policy from time to time in response to changing legal, technical or business developments, so please review it frequently. If we update our Privacy Policy and the amendments involve a material change to the way we collect, use, share, store or otherwise process your Personal Information then we will take appropriate measures to inform you, consistent with the significance of the changes we make.

Thirdfort Limited
Belle House,
Platform 1 Victoria Station
London SW1V 1JT.

Data Protection Service

You can obtain further information about data protection and privacy laws by visiting the Information Commissioner’s website at: https://ico.org.uk/your-data-matters.

Privacy for consumers

This section describes what information is collected by Thirdfort from Consumers, how that information is used by Thirdfort, and for how long Thirdfort keeps the information.

What Personal Information do we collect from Consumers?

When you set up your Thirdfort Consumer Account we will ask you to provide some or all of the following Personal Information, depending on the type of transaction that your solicitor, estate agent or other adviser (ie the Thirdfort Client) has asked us to provide:

  • your full name

  • your email address

  • your username and password (which you create)

  • your address

  • your telephone number(s)

  • your date of birth

  • information specific to your transaction (e.g. details of the property you are buying or selling)

  • employment information (e.g. employer, occupation, how long you have worked there)

  • contact details of additional third parties that you might want to share your information with (e.g. your adviser’s full name, your employer’s name, their addresses, email addresses, telephone numbers)

  • photographic proof of identity (e.g. passport, driving licence or identity card)

  • financial personal details (e.g. bank details, transaction details, account balance information)

We may also collect and process Personal Information that you provide in response to requests from your solicitor, estate agent or other adviser, including information relating to the transaction or other activities that you are involved with.

What do we do with the Personal Information that we collect from Consumers?

We will process the information that we have collected for the following purposes:

  • to create and maintain your Thirdfort Consumer Account

  • to perform our contract with Thirdfort Clients for the provision of ID verification and transaction management services

  • to ensure that certain legal requirements are met, such as Know Your Client (KYC) and Anti-Money Laundering (AML) checks.

  • to perform identity verification for the purposes of the prevention or detection of fraud and to assist in preventing money laundering.

  • to conduct source of funds checks using open banking data technology to access and analyse your financial and banking information

  • to cross reference your banking information and salary payments with your employer and employment history

  • to enable you to share your personal information with any third parties that you designate, e.g. if you instruct a solicitor to write your will then you may choose to provide the solicitor with access to your information via your Thirdfort Consumer Account

  • to manage risk or prevent other illegal or prohibited activities, including in relation to anti-money laundering and prevention of fraud

  • to respond to your enquiries and provide assistance

Who do we share Consumers’ Personal Information with?

We will share your Personal Information with your solicitor, estate agent or other adviser, who has purchased Thirdfort Services from us, this is the Thirdfort Client. The Thirdfort Client is likely to be the solicitor, estate agent or other adviser who requested that you download the Thirdfort App and will be named in SMS invite messages from Thirdfort. Within the Thirdfort App it is clearly indicated at the top of your tasks list which Thirdfort Client your Personal Information will be shared with. If you are sharing data with multiple Thirdfort Clients, you will see multiple task lists within the Thirdfort App giving you full control of what Personal Information is shared with each Thirdfort Client.

If your solicitor, estate agent or other adviser has purchased Thirdfort Services via one of the Thirdfort Partners listed here, then we may share your Personal Information with that Thirdfort Partner to the extent reasonably necessary in order for us to provide the Thirdfort Services.

We may also share your Personal Information with third party service providers, such as external open banking data aggregators, credit reference and reporting providers, to enable us to perform the Thirdfort Services (including but not necessarily limited to identity verification checks and source of funds checks)for your solicitor, estate agent or other adviser. Where we share your Personal Information with third parties, we will only do so as far as it is reasonably necessary for the purposes described in this Privacy Policy. Our third party service providers, as well as details about what types of information we share with them, can be accessed here.

Third party service providers may check your Personal Information against databases that they have access to in order to verify your identity, and may also keep a record of the search. Where the third party service provider is Onfido Limited, then Onfido’s collection and use of your Personal Information for identity verification purposes is described in the Onfido Privacy Policy which can be accessed here.

Note that where we share your Personal Information with a credit reference agency for the purpose of carrying out an identity or credit check, the credit reference agency may keep a record of the search being made but this should not impact your credit score.

If you decide to contact us via a social media platform such as Facebook, LinkedIn or Twitter then you should be aware that you will be sharing your personal data and any information contained in your message via that social media platform. We interact with social media messaging platforms for inbound enquiries only and do not proactively share personal information with them. We endeavour to respond to social media enquiries via our other channels, typically email or over the phone.

Your data protection rights

Our servers are located in the European Union and the Personal Information that we collect directly from you will be stored on these servers. We may also transfer your Personal Information to one or more of our third party service providers listed here, some of which may be located outside of the EU, or operate from multiple locations (including non-EU locations). If your lawyer or other adviser is located outside the EU then we may also transfer your Personal Information to them.

There are agreements in place to ensure that any international transfers of Personal Information to our third party service providers have appropriate safeguards that meet the requirements of Data Protection Laws.

Such appropriate safeguards may include standard data protection clauses adopted by a data protection regulator and approved by the European Commission, such as the European Commission’s standard contractual clauses.

To find out more about the standard contractual clauses, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

If you would like to find out more about these safeguards or about our international transfer of data, please let us know by emailing us at [email protected] .

How long do we keep Consumers’ Personal Information?

‍In order to create and maintain your Thirdfort Consumer Account we retain your mobile number as a unique identifier for up to two years after you use the App. Please see the Maintaining your Thirdfort Consumer Account section below for further detail.

We will store your other Personal Information only for the period of time that is necessary to conduct the relevant checks and provide the services (the Thirdfort Services) requested by your solicitor, estate agent or other adviser(the Thirdfort Client). This period is usually less than one month. As soon as we have provided the Thirdfort Services we will within 30 days delete all your information(or remove all identifiers from the information so that it no longer contains any Personal Information) other than your mobile number.

If the process takes longer than usual and we hold any of your Personal Information (other than your mobile number) for six months from the date on which you provided the data, we will notify you and ask for your permission via the Thirdfort App to hold the information for a further six months in order to continue providing the Thirdfort Services to the Thirdfort Client.

Maintaining your Thirdfort Consumer Account

We retain your mobile number so that we can identify you if you decide to use the Thirdfort App for another property transaction or other legal matter after you have completed your initial transaction and we have deleted all your other Personal Information. If you do not use the Thirdfort App for a period of two years following the deletion of all your other Personal Information, we will also delete your mobile number and stop maintaining your Thirdfort Consumer Account.

Local device storage feature

After‍ we have provided the Thirdfort Services to the Thirdfort Client and deleted all your data (apart from your mobile number) on our systems, the Thirdfort App automatically continues to store the data on your mobile device. Note that the data stored on your device is not accessible by Thirdfort. This enables you to reuse this data via the Thirdfort app if you need to provide it to another solicitor, agent or other adviser in relation to a different transaction or other legal matter. In practice this means that you do not have to rekey the data the next time you need it.

In order for us to enable you to reuse your data this way we must maintain your Thirdfort Consumer Account, for which we need to retain your mobile number to use as a unique identifier or username. To access data stored on your device via the Thirdfort App you must use the same mobile number (user-ID) and device (device-ID)as when the data was originally saved. We then combine your user-ID and device-ID to create a unique encryption key which can access and upload the data stored on your device. This is a security feature to prevent someone else borrowing your mobile device and logging into another Thirdfort account via your app and thereby accessing your data.

If you do not want to use this local device storage feature, you can delete your Thirdfort Consumer Account at any time. We will then stop maintaining your Thirdfort Consumer Account and within 30 days permanently delete your mobile number. You can also uninstall the Thirdfort App (and delete the associated app data) to delete the data stored on your device. If we delete your mobile number and you then wish to create a new Thirdfort Consumer Account with the same mobile number, we will generate a new user-ID. We will not recognise your previous user-ID which means you will not have the unique encryption key to be able to reuse the data stored on your device.

Privacy for lawyers and professionals

This section describes what information is collected by Thirdfort from Thirdfort Clients, how that information is used by Thirdfort, and for how long Thirdfort retains the information.

What Personal Information do we collect from Thirdfort Clients?

During the on-boarding process we will collect the following Personal Information:

  • names and contact details of Thirdfort Client personnel who will be using the Thirdfort Services

  • usernames and passwords

We will also collect Personal Information that you provide to us in connection with the Thirdfort Services. For all Thirdfort Services other than Lite ID this will typically be your client’s name and mobile phone number and a brief transaction description for us to use as an identifier. For Lite ID, we will collect your client’s name, address and date of birth.

What do we do with the Personal Information that we collect from Thirdfort Clients?

We will use the information that you provide during the on-boarding process for the following purposes:

  • to create and maintain your Thirdfort Client Account

  • to provide the Thirdfort Services and otherwise perform Agreement with you

  • to respond to your enquiries and provide assistance

If you provide us with Personal Information relating to your client in connection with the Thirdfort Services:

  • For all Thirdfort Services other than Lite ID, we will only use this information for the purpose of inviting your client to download and register as a user of the Thirdfort App. Once your client has completed the necessary steps in the Thirdfort App and we have completed the Thirdfort Services requested via the Thirdfort Portal, we will delete the Personal Information that you originally provided

  • For Lite ID, we will use the Personal Information you provide for the purpose of providing the Lite ID services in accordance with our Terms of Use, following which we will delete the Personal Information.

Note that where we provide you with ID verification reports or other outputs as part of the Thirdfort Services, you are the controller of the Personal Information contained in such reports or other outputs (including report names and titles), and we will at all times process that Personal Information in accordance with the data processing terms set out in our Terms of Use.

Who do we share Thirdfort Clients’ Personal Information with?

Third party service providers that we engage for the purposes of collecting, exporting, storing and otherwise processing our data, including your Personal Information, are listed here.

How long do we keep your Personal Information?

As stated above, Personal Information relating to your client that you provide to us in connection with the Thirdfort Services is deleted on completion of those relevant Thirdfort Services. With regard to information held in your Thirdfort Client Account we will store this information (including Personal Information) in accordance with this Privacy Policy and our Terms of Use, until you request us to close your Thirdfort Client Account, following which we will within 30 days either delete all your information or remove all identifiers from the information so that it no longer contains any Personal Information.