GDPR privacy policy

Third City is committed to protecting your privacy and maintaining the trust and confidence of visitors to our website, subscribers to our newsletters, and our clients’ and contacts’ data. 

We comply with the Data Protection Act 1998 and General Data Protection Regulation (GDPR), and are not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes.

In this Privacy Policy, we provide information on when and why we collect personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it confidential and secure.  

1. Information we may collect from you

We may directly collect personal data from you through one or more of the following:

• When you email or call us with an enquiry (e.g. new business, recruitment, media request)

• When you visit or enter your details through our website

• When you sign up to our newsletter

• When you register for one of our events

• By being an existing client and sharing your information

We may indirectly collect personal data about you in one or more of the following ways:

• Data is given to us by our partners, but only with your knowledge and, if legally required, where you have consented to this (e.g. via our new business lead, David)

• Subscriptions to Media Databases (e.g. Gorkana)

• If you are one of our followers on LinkedIn or Instagram

2. Personal data we may collect

Across our clients, contacts, suppliers and the media we may collect some or all of the following:

• Name, email address and telephone numbers

• Company address and/or other professional details

• Any information which we require to enter and / or to fulfil a contract at your request

• Any other personal information you wish to provide (e.g. birthdays)

3. Visitors to our website and Cookies

When someone visits  we use Google Analytics, a third party service, to collect standard internet log information and details of visitor behaviour patterns. Visitors remain anonymous and it is not possible, nor are attempts ever made, to find out the identities of those visiting our website.

Cookies may be used to collect more detailed information about your visits to our website, such as: geographical location, operating system, referral source, browser type, length of visit and number of page views. These are small text files sent by our website to the browser on the computer or device you’re using to access our website (e.g. Internet Explorer, Safari, Google Chrome or Firefox). We may use this information to:

• Estimate our audience size and usage pattern

• Remember your preferences and improve the user experience

• Allow you to navigate between pages more efficiently

• Recognise you when you return to our Website

You always have the option to decline cookies by closing the web browser or via the settings on your browser. You can find more information about cookies at  and

4. Our newsletter

As part of the registration process for our e-newsletter, we collect personal information as outlined above. We use a third party provider, MailChimp, to deliver our newsletter and gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve it. For more information, please see MailChimp’s privacy notice.

You can unsubscribe at any time by clicking the unsubscribe link at the bottom of any of our emails or by emailing our Data Protection Team at

5. How we will use your data and for how long

We may use your data in the following ways:

• Administering, managing and developing our businesses and activities as a provider of public relations and communications services

• Providing information about us, our range of services and our clients

• Identifying clients/contacts with similar needs

• Keeping a record of communications from you or agreements with you that we hold

• Contacting you on behalf of our clients

• Inviting you to relevant events

• Sending you an ecard or gift e.g. Christmas

• Complying with applicable laws and regulations

• Journalist details (name, publication and remit) may be shared with our clients to ensure journalists receive relevant invitations, information and news

Personal data will be retained for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, a relationship with a business contact), or unless we need to keep data for a longer period to comply with any legal requirements. Personal data that we no longer need to hold is securely disposed of and/or anonymised so you can no longer be identified from it.

6. Who we disclose information to

We will only pass on information about you to third parties to enable us to perform services requested by you or with your prior consent. Any third party data controllers external to us with whom we deal will handle your personal data in accordance with their own chosen procedures and you should check the relevant privacy policies of these companies or organisations to understand how they may use your personal data. Since these controller organisations are acting outside of our control, we have no responsibility for their data processing practices.

7. How we store and process personal information

We take every precaution to ensure that your personal information is kept safely, securely and privately.  This means that it’s stored on our secure pCloud, in a locked, password protected file only accessible by the relevant contact / team at Third City. Our servers and systems are protected by antivirus and security programmed to ensure they’re as secure as possible.

8. Data Protection and Security

Third City is registered with the Information Commissioner in the UK as a ‘data controller’ in accordance with the provisions of GDPR. Further details of the registration are available at

Keeping information about you secure is very important to us. However, no data transmission over the Internet can be guaranteed to be totally secure. As a result, while we strive to protect your personal information, we cannot ensure or warrant the security of any information, which you deliberately send to us, and you do so at your own risk.

9. Your rights as a data subject

Under General Data Protection Regulation (GDPR) data subjects (you) have a number of rights

The right to be informed – about the collection and use of individual’s personal data, including: our purposes for processing personal data, our retention periods for that personal data, and who it will be shared with

The right of access – Individuals have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing

The right to rectification – individuals to have inaccurate personal data rectified, or completed if it is incomplete. You can make a request for rectification verbally or in writing. We have one calendar month to respond to any request

The right to erasure – individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete. You can make a request for rectification verbally or in writing. We have one calendar month to respond to any request

The right to restrict processing – Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, you are permitted to store the personal data, but not use it. An individual can make a request for restriction verbally or in writing. We have one calendar month to respond to a request

The right to data portability – Individuals have the right to receive copies of the data we hold upon request. We have one calendar month to respond to any request

The right to object – Individuals have a right to object to processing based on legitimate interests or the performance of a task in the public interest, or direct marketing

10. Access to your data

You are entitled to view, amend, update or delete the personal information that we hold. Please email your request to our Data Protection Team at who will ensure your data request is handled in accordance with GDPR.

Any other comments or concerns may also be sent to

11. Changes to this privacy notice

We keep this privacy notice under regular review to ensure the effectiveness of the above measures.   It was last updated on 12 October 2022.