ThoughtRiver (“We” “Us” “Our”) is a trading name of ThoughtRiver Limited, a company registered in England and Wales (registered number 10007469). Our address is Building 1000, Cambridge Research Park, CB25 9PD. Our ICO registration no. is ZA221094.

ThoughtRiver provides software as a service for business users to review their contracts for risk and data insight.

This privacy notice explains the personal data we collect, how we use that personal data and the reasons we may need to disclose personal data to others. We will update this policy from time to time so please check our website for any updates.

The Role We Have in Relation to Your Personal Data

Depending on the circumstances, ThoughtRiver may be a data controller of your personal data or a data processor.

If you are a customer or prospective customer/employee, we are the data controller. If your data is processed on behalf of a customer through our service, they are the controller, and we are the processor.

How We Use Your Personal Data

• Prospective customers: To promote our services under our legitimate interests.
• Prospective employees: To update you on roles you’ve shown interest in, under our legitimate interests.
• Site operations: Troubleshooting, testing, analytics, and experience optimisation.
• Interactive features: If you choose to engage with features or demos, we may process relevant data with your consent.
• Business users: We use your personal data to fulfil our service contract with you.

Information We Collect Automatically

We collect the following data automatically during site visits:

• Technical data (e.g., IP address, browser, OS, plugins)
• Usage data (e.g., pages viewed, clickstreams, errors, interactions)

Cookies

We use cookies to improve your experience and analyse traffic. Non-essential cookies are used only with your consent.

Cookie	Purpose	Duration
__cfduid	Cloudflare security identification	30 days
__cfruid	Cloudflare rate limiting	30 days
_ga	Google Analytics – user/session tracking	2 years
_gid	Google Analytics – usage stats	24 hours
_gat	Google Analytics – throttling	1 minute
_fbp	Facebook ads delivery	1 day
_hjTLDTest	Hotjar cookie path test	Session
_hjid	Hotjar user ID persistence	365 days
_hjFirstSeen	Hotjar first session detection	1 day
fr	Facebook ad performance	3 months
li_sugr	LinkedIn identity match	3 months
lang	LinkedIn language preferences	Session
bcookie	LinkedIn device ID	2 years
lissc	LinkedIn cookie compliance	365 days
lidc	LinkedIn data centre selection	24 hours
_hjIncludedInPageviewSample	Hotjar pageview sample inclusion	30 minutes
_hjAbsoluteSessionInProgress	Hotjar session flag	30 minutes
test_cookie	Google – cookie support test	1 day
UserMatchHistory	LinkedIn ad sync	30 days
bscookie	LinkedIn 2FA state	2 years

Disclosures of Your Information

We may share data with:

• Group companies
• Service providers and contractors
• Buyers in a business sale
• Legal and fraud-prevention authorities

Where and How We Store Your Data

Your data may be stored and processed outside the EEA. We ensure GDPR-compliant safeguards for international transfers. All data is stored securely.

How Long We Keep Your Data

We retain your data only as long as necessary. For more detail on retention periods, contact DPO@thoughtriver.com.

Your Data Rights

You have the right to:

• Access your data (Subject Access Request)
• Request correction, deletion or restriction
• Object to processing
• Request data portability
• Withdraw consent
• Lodge a complaint with the ICO or your local authority

NDATriage Free Trial

Data uploaded via email during the NDATriage free trial is stored temporarily and purged every 24 hours.

Happierleads

We use Happierleads to collect usage and visitor data (e.g., browser, device, IP, pages visited). This helps us improve the website experience.

To opt out, visit: happierleads.com/opt-out

Contact

Questions about this notice? Email DPO@thoughtriver.com

Data Protection Officer: Kirsty Alderton, Chief Operating Officer

Date last updated: November 2024