Privacy & Cookie Policy

Who we are

This website is operated by Tom & Co. Ltd. whose registered address is 38 Shad Thames, London SE1 2YD and company number 07557895, trading as Tom&Co.

We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the Data Protection Act 2018 and the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as 'controller' of that personal information for the purposes of those laws.

Our website

This privacy policy relates only to your use of our website. Our website may contain links to other websites not operated or controlled by us. The links are provided for your convenience only and we are not responsible for the content of those sites or the privacy practices of their operators.

Our collection and use of your personal information

What personal information we collect

We may collect the following personal information:

• Contact information such as name, email address, telephone number, and postal address
• Company information and job title
• Information about your project requirements and business needs
• Website usage data and analytics information
• Communication preferences

How we use your personal information

We use your personal information for the following purposes:

• To respond to your inquiries and provide information about our services
• To deliver our services and maintain our client relationships
• To send you marketing communications (with your consent)
• To improve our website and services
• To comply with legal obligations

Legal basis for processing

We process your personal information on the following legal bases:

• Legitimate interests: For business development and improving our services
• Consent: For marketing communications and non-essential cookies
• Contract: To fulfill our obligations when providing services to you
• Legal obligation: To comply with applicable laws and regulations

Transfer of your information out of the EEA

We may transfer and store your personal information outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

This may include using standard contractual clauses approved by the European Commission or transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

Cookies and similar technologies

What are cookies?

Cookies are small text files that are placed on your computer or mobile device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners.

How we use cookies

We use cookies for the following purposes:

• Essential cookies: These are necessary for the website to function properly
• Analytics cookies: To understand how visitors use our website and improve user experience
• Marketing cookies: To deliver relevant advertisements and track campaign effectiveness
• Preference cookies: To remember your settings and preferences

Managing cookies

You can control and manage cookies through your browser settings. However, please note that removing or blocking cookies may affect the functionality of our website and your user experience.

Marketing

We may use your personal information to send you marketing communications about our services, industry insights, and company updates that we believe may be of interest to you.

We will only send you marketing communications if you have given us your consent to do so, or where we have another lawful basis to do so.

You can opt out of receiving marketing communications at any time by clicking the unsubscribe link in any marketing email, contacting us directly, or updating your preferences through your account settings.

Your rights

Under data protection law, you have rights including:

• Right of access: To request a copy of the personal information we hold about you
• Right to rectification: To correct any inaccurate or incomplete personal information
• Right to erasure: To request deletion of your personal information in certain circumstances
• Right to restrict processing: To limit how we use your personal information
• Right to data portability: To receive your personal information in a portable format
• Right to object: To object to processing based on legitimate interests or for marketing purposes
• Right to withdraw consent: Where processing is based on consent

To exercise any of these rights, please contact us using the details provided in the "How to contact us" section below.

Keeping your personal information secure

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

These measures include encryption of data in transit and at rest, regular security assessments, access controls, and staff training on data protection practices.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

How to complain

If you have any concerns about our use of your personal information, please contact us first using the details below. We will do our best to resolve your concern.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO at ico.org.ukor by calling their helpline on 0303 123 1113.

Changes to this privacy policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

How to contact us

If you have any questions about this privacy policy or how we handle your personal information, please contact us: