GDPR Compliance Statement

Effective Date: August 1, 2024

At Threems Agency, we take data privacy and security seriously. As a company operating in the United Kingdom, Turkey, and the Netherlands, we fully comply with the General Data Protection Regulation (GDPR) (EU) 2016/679, as well as applicable national data protection laws, including the UK Data Protection Act 2018. This GDPR Compliance Statement explains our commitment to protecting personal data, the measures we implement to ensure compliance, and the rights of individuals interacting with our services.

For inquiries regarding data protection, you may contact our compliance team at compliance@threems.co.uk

1. Who We Are & What This Covers

Threems Agency specializes in:

  • Digital Marketing – Running advertising campaigns, social media management, and performance marketing.
  • Brand Development – Creating visual identities, branding materials, and brand positioning strategies.
  • Web Development – Designing, developing, and maintaining websites, web applications, and mobile apps.
  • Public Relations – Managing media outreach, reputation management, and crisis communication.
  • Digital Transformation – Helping businesses implement automation, AI-driven marketing, and digital tools.
  • Localization & Translation – Adapting content for international audiences while ensuring cultural accuracy.
Since we collect and process personal data while providing these services, we operate in full compliance with GDPR and other applicable privacy laws.

2. Principles We Follow Under GDPR

Threems Agency adheres to the core principles of data protection by design and by default:

  1. Lawfulness, Fairness & Transparency – We only process data in a legal and transparent manner, informing individuals about our data practices.
  2. Purpose Limitation – We only collect personal data for specific, legitimate purposes and do not use it beyond those purposes.
  3. Data Minimization – We collect only the data necessary for service delivery and do not request excessive information.
  4. Accuracy – We take steps to ensure all personal data remains accurate and up to date.
  5. Storage Limitation – We retain personal data only as long as necessary and securely delete it afterward.
  6. Integrity & Confidentiality – We use security measures to prevent unauthorized access, disclosure, or loss of personal data.
  7. Accountability – We maintain records of our data processing activities and ensure continuous compliance with GDPR.

3. What Personal Data We Collect & Why

We process different types of personal data depending on our service engagements:

A. Digital Marketing & PR Clients

  • Collected Data: Names, contact details, business information, audience analytics, advertising metrics.
  • Purpose: Managing campaigns, tracking performance, and optimizing marketing strategies.
  • Legal Basis: Consent (for tracking), contract fulfillment, and legitimate business interest.

B. Web Development & Hosting Clients

  • Collected Data: Website user data, login credentials (if provided), IP addresses, usage analytics.
  • Purpose: Developing websites, ensuring security, and hosting support.
  • Legal Basis: Contractual necessity and legitimate business interest.

C. Localization & Translation Clients

  • Collected Data: Texts, documents, user-specific content (which may contain personal or sensitive data).
  • Purpose: Accurate translation, cultural adaptation, and ensuring compliance with industry standards.
  • Legal Basis: Contractual necessity.

D. General Visitors & Users of Our Website

  • Collected Data: IP addresses, cookies, website browsing behavior.
  • Purpose: Improving website functionality, user experience, and marketing analytics.
  • Legal Basis: Consent (cookie tracking), legitimate interest (website optimization).

4. How We Protect Your Data

We implement robust security measures, including:

  • Encryption – Data is encrypted in transit and at rest.
  • Access Controls – Access to personal data is restricted to authorized personnel only.
  • Secure Storage – We store data on GDPR-compliant servers in the UK, the Netherlands, or the EU.
  • Data Anonymization – Where possible, we anonymize personal data to enhance security.
  • Regular Audits – We conduct compliance audits to ensure continued adherence to data protection laws.

5. Data Subject Rights Under GDPR

Under GDPR, individuals have the right to:

  • Access Data – Request a copy of personal data we hold.
  • Rectify Data – Correct inaccurate or outdated information.
  • Erase Data (“Right to Be Forgotten”) – Request deletion of personal data unless legally required to retain it.
  • Restrict Processing – Request limitations on how we use personal data.
  • Object to Processing – Opt out of direct marketing or automated profiling.
  • Data Portability – Receive a copy of data in a machine-readable format for transfer to another service provider.
  • Withdraw Consent – Withdraw marketing or cookie consent at any time.
To exercise any of these rights, please contact compliance@threems.co.uk.

6. How We Handle International Data Transfers

As a multinational agency, we may transfer data between our offices in the UK, Turkey, and the Netherlands. When doing so, we ensure:

  • GDPR-compliant data transfer mechanisms (e.g., Standard Contractual Clauses for non-EU transfers).
  • Adequate protections to secure personal data during transfer.
  • Strict access policies to limit data exposure.
We do not sell or share personal data with unauthorized third parties.

7. Our Data Processing Agreements (DPA)

For business clients requiring legal assurance of GDPR compliance, we provide Data Processing Agreements (DPA) outlining:

  • Our obligations as a data processor.
  • Security measures we implement.
  • Responsibilities of the client as a data controller.
If you require a DPA, contact compliance@threems.co.uk.

8. Data Retention Policy

  • Client Data – Retained for 5 years after project completion unless otherwise requested.
  • Website & Marketing Analytics Data – Retained for 2 years before anonymization.
  • Financial & Billing Records – Retained for 7 years (as required by tax laws).
  • HR & Employment Data – Retained per employment law requirements.
When data is no longer needed, we securely delete or anonymize it.

9. Breach Notification Policy

In the event of a data breach:

  • We will assess the impact and take immediate action to contain it.
  • If the breach poses a high risk to individuals' rights, we will notify affected users and report it to authorities within 72 hours (as required under GDPR).
  • Clients will be informed of any data breaches affecting their accounts.

10. Changes to This GDPR Compliance Statement

We may update this statement periodically to reflect legal or operational changes. If significant updates occur, we will notify users via email or website notices.

For questions or concerns regarding GDPR compliance, email compliance@threems.co.uk