work
WorkServicesThinkingContact

Third Party Privacy Notice

In this document, “we”, “our”, or “us” refers to: Jones Knowles Ritchie Limited Company no: 03205490 Registered Address: The Tea Building G01 101 56 Shoreditch High Street E1 6JJ and Jones Knowles Ritchie Inc Company no: 4047988 (Department of State ID Number, New York) Registered Address: 5th Floor, 85 Spring Street, New York, NY 10012 This privacy notice sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and, in the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on. This notice applies to all external individuals who interact with us, including prospective, current and former clients, client representatives, suppliers, creative service providers, their personnel or representatives, and other relevant third parties. Unless otherwise stated, references to "personal information", "processing", or other legal terms shall be interpreted in accordance with the applicable data protection laws of your jurisdiction.’

What information we collect and use, and why

WHAT. We may collect or use the following information from you:

  • Name and contact details
  • Bank account details and payment information
  • Occupation/title
  • Information relating to compliments or complaints
  • Video recordings – e.g. from meetings (i.e Zoom/Teams calls) or via security CCTV at our studios
  • Visitor access records relevant to your representatives attending our premises
  • Audio recordings – e.g. calls/meetings
  • Written records of meetings and decisions - including dictation from Zoom AI/Teams.
  • Records relating to onboarding, due diligence and compliance checks
  • Information relating to supplier or creative service provider selection, engagement and performance
  • Correspondence relating to client or supplier contracts or services

WHY. We may collect the above information for the following reasons:

  • To provide and improve our services
  • To process onboarding and payments for your or our services
  • For the operation of your account
  • For information updates or marketing purposes
  • To comply with the legal requirements applicable to us
  • For dealing with queries, complaints or claims
  • To manage and administer our relationship with you
  • To carry out due diligence, risk management and compliance checks (including anti-bribery, anti-corruption, sanctions and modern slavery compliance)
  • To facilitate communication and contract performance
  • To assess, monitor and evaluate our performance and your performance

Lawful bases and data protection rights

Our lawful basis for processing your personal information will depend on the laws applicable in your jurisdiction. This may include, where relevant, your consent, the performance of a contract, compliance with legal obligations, or our legitimate interests—each as defined by the relevant data protection law applicable to you. Where local law requires a specific basis or condition for processing, we shall comply accordingly.

Where we get personal information from

We tend to collect personal information directly from you, as shared by you in correspondence, enquiries, RFPs or contractual documents, third party introductions or recommendations, or via publicly available sources such as online, PearlFinder or LinkedIn.

How long we keep information

We will only keep your personal information for as long as is necessary for us to:

  • fulfil our obligations under our contract with you, and for a reasonable period thereafter in accordance with legal, regulatory and accounting requirements;
  • support a claim or defence in court;
  • research, feedback and report on our service,

or as is otherwise required by law or governmental/regulatory bodies.

Who we share information with

The following data processors may have access to your information as is necessary for us to fulfil our obligations to you under our contract/s, namely:

  • File server platforms which store personal information found in quotes, invoices and contractual documentation;
  • Cloud and archive back-up providers for files and emails;
  • Email hosting providers;
  • Creative workspace/workflow providers – for your access;
  • Finance and accounting platforms for onboarding, quotes, POs, invoices and payments;
  • Corporate messaging platforms for correspondence;
  • Video conference platforms for virtual meetings;
  • Collaborative interface design tools as is required for you to view and collaborate on digital content;
  • Email protection filter software;
  • Survey coordinators and providers; and
  • Our internal project planning and resource tools.

The above data processors are bound by contract to protect your data, and we remain responsible for their actions.

We may also share your personal information with:

  • Government or regulatory authorities;
  • Insurance companies, brokers or other intermediaries;
  • Professional or legal advisors;
  • External auditors;
  • Suppliers and service providers; and
  • Professional consultants,

as is strictly necessary.

Security

We ensure that we have in place appropriate technical controls to protect any personal information you provide. For example,

  1. access to your data is restricted to a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality;
  2. we ensure that all our staff complete training on the key principles of data protection;
  3. as detailed above, we make limited use from time to time of external companies to collect or process personal information on our behalf, and when we do so, we carry out checks on these companies and put in place contracts to make sure our requirements are clear; and
  4. we store your data on secure encrypted servers.

Technical and organisational measures also include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your data, please let us know immediately by contacting us via this e-mail address: privacy@jkrglobal.com.

As detailed above, we make limited use from time to time of external companies to collect or process personal information on our behalf. When we do so, we carry out checks on these companies and put in place contracts to make sure our requirements are clear.

International transfers

As detailed above, we use cloud-based systems to process data and therefore data may be processed outside of the EEA.

In addition, where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: Jones Knowles Ritchie Inc

Category of recipient: Affiliate

Country the personal information is sent to: USA

How the transfer complies with UK data protection law: Intra-group International Data Transfer Agreement in place, incorporating the EU SCCs and the UK Addendum to same.

Your data protection rights

You may have certain rights over your personal data, which can vary by jurisdiction and are subject to applicable law, exemptions, and our need to retain information for legal or legitimate business purposes. Subject to verification and applicability, you may have the right to:

  1. access your data;
  2. rectify inaccurate or incomplete data;
  3. request erasure;
  4. restrict or object to processing;
  5. request data portability; and
  6. object to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

These rights may be limited where requests are manifestly unfounded or excessive, where disclosure would adversely affect the rights and freedoms of others, or where we must retain data to comply with legal obligations, establish or defend legal claims, or for overriding legitimate interests.

Where applicable law requires a legal basis for processing (for example, in the UK and EU/EEA), your rights may differ depending on whether processing is based on consent, contract, legal obligation, vital interests, public task, or legitimate interests. For example, you may withdraw consent at any time without affecting prior processing, and you may have a stronger right to object to processing based on legitimate interests or direct marketing.

Regional Information:

UK and EU/EEA: Rights generally include access, rectification, erasure, restriction, objection (including to direct marketing), portability, and rights relating to automated decision-making. You may also have the right to complain to a supervisory authority in your country of residence, place of work, or place of alleged infringement.

United States: Rights vary by state. Depending on your state of residence, you may have rights to access, correct, delete, opt out of certain processing (such as targeted advertising, sale, or profiling), and to appeal our decision on your request. We do not discriminate against you for exercising your rights where prohibited by law.

Other jurisdictions: Equivalent or similar rights may apply under local law, which we will honour where required.

Exercising your rights:

To make a request or ask a question about your rights, please contact us at privacy@jkrglobal.com. Please include your name, contact details, the nature of your request, and relevant jurisdiction. We may need to verify your identity and, where permitted, request additional information to process your request. If you are authorised to act on behalf of another individual, please provide proof of authority.

We will respond within the timeframes required by applicable law and will inform you if we need additional time. Where permitted, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details at the top of this privacy notice. Additionally, depending on the laws of your country or region, you may be able to complain to your local data protection or privacy authority. Please refer to the guidance issued by the relevant supervisory authority in your jurisdiction for further details on exercising your rights or submitting a complaint. Where no local authority exists, you may contact us directly as set out above, and we shall seek to address your concern in line with applicable local law. Details of your local authority (where relevant) are available on request.

Changes to this privacy notice

We may amend this notice from time to time to take account of changes to our processes, or changes to data protection or other legislation. If we make any significant changes, we will show this clearly on our website or will write to you directly. By continuing to use our services, you will be deemed to have accepted these changes.

Last updated: 24 April 2026

Find
Follow
Connect
London

Tea Building, 56 Shoreditch High Street,
London, E1 6JJ

+44 (0) 20 7428 8000

New York

85 Spring Street, 5th Floor,
New York, NY 10012

+1 347 205 8200

careers
instagram
linkedin

©2026 Jones Knowles Ritchie

Privacy PolicyModern SlaveryThird Party Privacy