Privacy Policy

 At Thornrose Ltd (hereafter referred to as “Shaun Leane”), we are dedicated to keeping your information private. This privacy statement will explain how we handle your personal information when you use our Platform or visit our website.

Additionally, it informs you of your legal protections and rights to privacy. In order to completely understand how and why we are using your data, it is crucial that you read this privacy statement as well as any other privacy statements or fair processing statements we may provide on occasion when we are collecting or processing personal data about you.

We are committed to being responsible custodians of the personal information that we collect in the course of operating our business.

This Privacy Policy ("Policy") explains in full how, in our capacity as a data controller, we collect, use, disclose, or otherwise process and safeguard personal information as part of running our business and providing services to our clients and customers.

Information that identifies, relates to, characterises, or may reasonably be linked, directly or indirectly, to a specific natural person is referred to in this Policy as "personal information." It excludes data that is regarded under applicable law as anonymous, de-identified, or aggregated. Please refer to our Data Privacy Notice on our web site for applicable definitions.

Who We Are

Shaun Leane is the data controller (collectively referred to as "we", "us" or "our" in this privacy policy) and responsible for the processing of your personal data also referred to as personal identifiable (PI) data.

If you have any questions about this privacy policy or our privacy practices, please contact us in the following ways:

Email address:

Postal address: 18 Woodstock Street, London W1C 2AL

Contact number: +44 203 984 4433

Contact Person: Office Administrator

Shaun Leane Ltd. are registered with the ICO under the Data Protection Register, our registration number is: 05540750. Our data protection officer is the ‘Office Administrator’ and can be contacted on

Any information relating to an identified or identifiable individual is referred to as "Personal Data," "Personal Information," or "information about you" as used in this privacy statement. This includes, but is not limited to, your name, last name, company name, email address, phone number, date of birth, card type (credit or debit), card number, expiration date, postal code, as well as information about your past purchases and payments. 

The purpose of this privacy statement is to ensure that you are aware of the Personal Data we gather about you, its uses, and its disclosures. To summarise, we want to let you know how we respect your privacy and what rights you have in relation to the Personal Data we gather and use about you.

For further clarifications on this Privacy Policy, questions, or concerns, please do not hesitate to contact us.

1. Personal Data we collect from you

When do we collect your Personal Information?

We may collect data, including your personal data, through our interactions with you, and when you undertake one or more of the following:

Online data about you may also come through cookies and other similar technologies (such pixel tags and device identifiers) used on our site or other websites. Please refer to our Cookie Policy for more details on cookies and related technologies.

We may collect now and, in the future, the following categories of personal information listed below from consumers, for commercial and/or business purposes under the GDPR and other applicable jurisdictions:

2. Personal Data we collect automatically

Our website automatically collects certain data, through automatic data collection tools such as cookies, beacons, among others. These tools automatically collect the following information:

Technical Information:

Technical data, such as, but not limited to, browser type, operating system, device details, online identifiers like cookie data and Internet Protocol address (IP), domain name, referral URL, time zone setting, and/or visit time stamp.

Usage Data:

Usage Data is the information we collect about how the Website is accessed and used by our visitors. It may comprise your computer's Internet Protocol address (IP address), browser version, list of pages you have viewed on our website, the time spent on those pages, the date and duration of your visit, and other analytical data.

3. How do we use your Personal Data

Such business purposes may be:

We do not gather additional categories of personal data, nor do we use the data we have acquired for purposes other than those listed in this privacy statement. The Personal Information we gather enables us to send you periodic emails about our products and/or services and to keep you updated on Shaun Leane’s most recent product announcements, software updates, and upcoming events. It also enables us to tailor the content you see on our website, making it more applicable for you and enabling us to deliver the kind of information and product offerings in which you are most interested where appropriate and applicable.

4. Legal Basis for processing your Personal Data

We rely on the following legal bases to collect and process your Personal Data under applicable GDPR Data Laws and other Jurisdictions:

5. Cookies

Cookies are small files that a site or its service provider transfers to a user’s computer’s hard drive through your web browser that enables the website or service provider’s systems to recognise your browser and capture and remember certain information.

For full details on our cookie controls and process, please refer to our Cookie Policy

According to the laws and regulations, we are permitted to keep cookies on your computer if they are essential for the functioning of our website. We will ask for your consent for all other types of cookies.

6. Your Rights

Under current privacy laws and regulations, GDPR Data Laws and other Jurisdictions you possess certain rights in relation to your Personal Data, as follows:

  1. Right of access: you have the right to be informed and request access to the Personal Data we have collected and process about you
  2. Right to rectification: you have the right to request the rectification of inaccurate Personal Data concerning you, which must be duly amended or updated without undue delay.
  3. Right to erasure: you have the right to request we delete your Personal Data.
  4. Right to restriction of processing: you have the right to request us to stop processing either all or some of your Personal Data, temporarily or permanently
  5. Right to data portability: you have the right to request a copy of your Personal Data in electronic format and the right to transmit your data to another controller
  6. Right to object: you have the right, at any time, to object to us processing your Personal Data on grounds relating to your particular situation, and the right to object to your Personal Data being processed for direct marketing purposes.
  7. Right not to be subject to automated decision making: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.


You have the right to know the specific pieces of information we collect, use, disclose or sell, and have collected, used, disclosed, or sold, covering the 12-month period preceding our receipt of your information request. In particular, you ask us to disclose:

  1. The specific pieces of your Personal Information we collect or have collected
  2. The categories of Personal Information we have to collect or have collected about you
  3. The categories of sources from which we collect or have collected your Personal Information
  4. The categories of your Personal Information that we sell, or have sold, disclose, or have disclosed for a business purpose
  5. The categories of third parties to whom we sell or have sold, disclose, or have disclosed your Personal Information
  6. Commercial purpose for which we have to collect, sell, or have collected or sold your Personal Information


ou also have the right to request that we delete Personal Information, subject to certain exceptions according to applicable law. You may exercise your right by using emailing us at


You have the right to request a copy of the Personal Information we have collected about you. You may exercise your right by using emailing us at


If you exercise any of your consumer rights under the GDPR Data Laws, or other jurisdictions, you have the right not to be subjected to discrimination by us, including denial of goods or services or charging you a different price or rate for them.

7. How to exercise your Rights

You might exercise any of your rights under the GDPR Data Laws, or other jurisdictions by submitting your request for information required to be disclosed and/or deleted by contacting us at the following e-mail address: We shall confirm the consumer making a request to know or to delete is the consumer about whom we have collected the Personal Information when we receive a verifiable consumer request. In general, we won't ask for more details from customers just to verify their identity. However, if we are unable to confirm the consumer's identification using the data we already hold, we may ask for more information. This information will only be used to confirm the consumer's identity.

8. Who has access to your Personal Information?

Being your Data Controller, we may acquire, store, process, and analyse your Personal Data in the manner and within the constraints set out above.

We do not disclose your information to third parties for personal use unless you authorise it. However, we may share it under special circumstances, including cases when:

We may collect aggregate data about our users which is not personally identifiable and share this information with our partners, Service Providers, advertisers, and other third parties for marketing or promotional purposes.

With third parties based in nations other than your own, we might share personal data or outsource processing to them. As a result, the Personal Data we gather may be gathered, transferred to, processed, and/or stored anywhere its affiliates, or service providers. Your Personal Data may therefore be covered by privacy regulations from nations other than your own.

9. Website Functionality

We might work with Service Providers, such as people and outside companies, to run our website, offer the website on our behalf, provide website-related services, and collect analytics data. Depending on the Personal Information they have about you, Service Providers might also assist us in tailoring your experience on the website. These third parties are only entitled to use your Personal Data to do these tasks; they are not allowed to share it with anyone else or use it in any other way.

10. Marketing Tools

Service Providers help us improve our marketing operations which are intended to engage our website’s visitors with tailored and relevant information based on previous interaction with our website. You may ask us to stop using your information for marketing reasons by contacting us via the methods provided above.

11. Google Analytics

Google Analytics is a web analytics tool that records and analyses website traffic on our website to monitor how it is used. This information is made available to other Google services. Google may use it to contextualise and customise advertisements on its own network.

In addition to information on how you use this website, Google Analytics may store your IP address. We, however, do not have access to your IP address since it is protected by Google.

Visit the Google Privacy Terms web page to find out more about Google’s data privacy directive and practices.

12. Links to Third-Party Websites

Our website may contain links to websites that are not owned or managed by us. When you follow a third-party link, you will leave our website and be sent to the third party's website. We have no supervision over and do not accept responsibility for any of the third party's practices, content, or services provided on their website.

13. Data retention and deletion

Your Personal Data will be retained for as long as is required to achieve the purposes outlined in this Policy. If you ask us to do so, we will remove your personal information unless we are legally forced to do otherwise, such as to comply with a court order, settle a legal dispute, etc.

Please keep in mind that we may require you to confirm your identity before we reply to your requests to amend, delete, or restrict the usage of your Personal Data. If we are unable to offer access within a sensible time frame, we will advise you of a date when the information will be made available. We will provide an explanation if access is restricted for any reason. If you wish to know what Personal Information, we store about you or would like it to be removed, please contact us using the methods provided in this Privacy Policy. If you have any concerns about how we process your personal data, we ask that you contact us to resolve the issue. (see Part 17 of this Policy for further details concerning the erasure of personal information).

14. Keeping Your Personal Data Safe

We are firmly committed to the security of your Personal Data. We will make our best efforts to protect your Personal Data, by implementing adequate technical, physical, administrative, and organisational measures, in order to guarantee the security of your information.

We put in place administrative, technical, and physical precautions that are economically feasible in order to abide by applicable legal obligations and protect the data we collect. This includes requesting written guarantees from third parties who may have access to your personal information that they will safeguard it with measures meant to offer a level of protection comparable to those taken by our Business, where necessary or relevant and practical. No information system, however, can be completely safe. Your information's complete security is not something we can guarantee. Furthermore, we are not liable for the security of data that you send to us across networks that are not under our control, such as wireless networks and the Internet.

We have put in place a number of things, like (encryption, pseudonymisation, amongst other measures to protect your information). Additionally, we advise you to choose a secure password, avoid sharing it with anybody, and log out of your account as soon as your session is over in order to protect your personal data.

The information we gather may be kept on file in the US or other nations where we or our service providers have locations. We may transfer information to nations other than your home country, including the United States, which may have different data protection laws and regulations than your nation.

15. Data Subject Access

Data subjects may make subject access requests (“SARs”) at any time to find out more about the personal data which Shaun Leane holds about them, what it is doing with that personal data, and why.

Data subjects wishing to make a SAR may do so in writing, using Shaun Leane’s Subject Access Request Form, or other written communication.

Responses to SARs shall normally be made within one month of receipt, however this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the data subject shall be informed.

All SARs received shall be handled by Shaun Leane’s management team.

Shaun Leane does not charge a fee for the handling of normal SARs. Shaun Leane reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.

16. Rectification of Personal Data

Data subjects have the right to require Shaun Leane to rectify any of their personal data that is inaccurate or incomplete.

Shaun Leane shall rectify the personal data in question, and inform the data subject of that rectification, within one month of the data subject informing Shaun Leane of the issue. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.

In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of any rectification that must be made to that personal data.

17. Erasure of Personal Data

Data subjects have the right to request that Shaun Leane erases the personal data it holds about them in the following circumstances:

Unless Shaun Leane has reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and the data subject informed of the erasure, within one month of receipt of the data subject’s request. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.

In the event that any personal data that is to be erased in response to a data subject’s request has been disclosed to third parties, those parties shall be informed of the erasure (unless it is impossible or would require disproportionate effort to do so).

18. Restriction of Personal Data Processing

Data subjects may request that Shaun Leane ceases processing the personal data it holds about them. If a data subject makes such a request, Shaun Leane shall retain only the amount of personal data concerning that data subject (if any) that is necessary to ensure that the personal data in question is not processed further.
In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of the applicable restrictions on processing it (unless it is impossible or would require disproportionate effort to do so).

19. Data Portability

Where data subjects have given their consent to Shaun Leane to process their personal data (whether in an automated manner or any other such processing means) or the processing is otherwise required for the performance of a contract between Shaun Leane and the data subject, data subjects have the right, under the GDPR and other Jurisdictions, to receive a copy of their personal data and to use it for other purposes (namely transmitting it to other data controllers).

To facilitate the right of data portability, Shaun Leane shall make available all applicable personal data to data subjects in plain text format.

All requests for copies of personal data shall be complied with within one month of the data subject’s request. The period can be extended by up to two months in the case of complex or numerous requests. If such additional time is required, the data subject shall be informed.

(see Part 10 of this Policy for further details concerning Subject Access Requests (SARs))

20. Objections to Personal Data Processing

Data subjects have the right to object to Shaun Leane processing their personal data based on legitimate interests, direct marketing (including profiling), and processing for scientific and/or historical research and statistics purposes.

Where a data subject objects to Shaun Leane processing their personal data based on its legitimate interests, Shaun Leane shall cease such processing immediately, unless it can be demonstrated that Shaun Leane’s legitimate grounds for such processing override the data subject’s interests, rights, and freedoms, or that the processing is necessary for the conduct of legal claims.

Where a data subject objects to Shaun Leane processing their personal data for direct marketing purposes, Shaun Leane shall cease such processing immediately.

Where a data subject objects to Shaun Leane processing their personal data for scientific and/or historical research and statistics purposes, the data subject must, under the GDPR, “demonstrate grounds relating to his or her particular situation”. Shaun Leane is not required to comply if the research is necessary for the performance of a task carried out for reasons of public interest.

21. Data Breaches

Despite our best efforts to secure your information if we suffer a data breach, we will do our best to reduce its effects and will follow the applicable notification provision of the GDPR and any other applicable laws within other Jurisdictions.

22. Changes to this Privacy Notice

Shaun Leane may update this Notice periodically and will revise the date at the top of this Notice to reflect the date when such update occurred. If we make any material changes in the way we collect, use, and/or share the personal information that you have provided, we will endeavour to provide you with notice before such changes take effect, such as by posting prominent notice on our website.