1. Who We Are
Our website address is: https://firmthinking.com
2. Data Collection We do not actively collect personal data through our website. However, when you visit our site, certain information may be automatically collected through server logs, such as your IP address and browser type. This information is used solely to improve website functionality and ensure security.
3. Embedded Content from Other Websites Our website may include embedded content (e.g., videos, articles). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These external sites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with the embedded content, including tracking your interaction if you have an account and are logged in to that website.
4. Diagnostic and Client Data Collection In addition to the website data mentioned above, Firm Thinking collects organisational data through private diagnostic forms for commissioned clients only. This includes organisational insights such as governance structures, strategic priorities, marketing strategy, and risk management. We do not actively collect sensitive personal information unless explicitly required by the engagement.
5. How We Use Diagnostic Data
- To generate strategic reports for commissioned clients using AI-powered tools.
- To provide board-level insights, recommendations, and governance reviews.
- Data is processed via secure cloud services including Google Drive and OpenAI API with client consent.
- AI processing occurs via OpenAI API with data handling in accordance with OpenAI’s privacy and security terms.
6. Legal Basis for Processing We process diagnostic data under:
- Contractual necessity: fulfilling consulting engagements.
- Legitimate interest: providing strategic insights to client organisations.
7. How Long We Retain Your Data Since we do not actively collect personal data through forms, cookies, or user accounts from the public website, there is no user data to retain on our servers. However, any incidental data (such as server logs) is retained for the minimum period necessary for security and operational purposes.
For commissioned diagnostics:
- Data is stored securely in private Google Drive folders controlled by Firm Thinking.
- Diagnostic reports are retained for up to 12 months post-engagement unless otherwise agreed with the client.
8. Your Rights Website visitors and organisational representatives providing diagnostic data may request:
- Access to data provided.
- Correction or deletion of that data.
- These requests should be sent to [email protected]
9. Data Transfers
- AI processing is handled via OpenAI’s servers, which may be located outside the EEA.
- We ensure compliance with international data transfer provisions under GDPR.
10. Data Security We take reasonable steps to ensure diagnostic data is securely stored and only accessible by authorised personnel. This includes using private Google Drive folders, account access controls, and client-specific storage. Our website employs standard security measures to protect against the unauthorised access, alteration, or destruction of any information that might be collected.
11. Changes to This Privacy Notice We may update this Privacy Notice from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page, with an updated revision date.
12. Contact Us For questions or concerns about this Privacy Notice or our data practices, please contact:
Firm Thinking
Email: [email protected]
Address: Unit E12, Calmount Business Park, Dublin 12, Ireland.