Legal & Compliance
How ThiaraX Limited and its group subsidiaries collect, process, store and protect personal data, in compliance with the UK General Data Protection Regulation and the Data Protection Act 2018.
ThiaraX Limited and its group subsidiaries (together, the Group) are committed to protecting the personal data of all individuals with whom we interact, including clients, candidates, suppliers, partners and employees, in a manner that is lawful, transparent and respectful of individual rights.
This policy sets out the Group's approach to data protection and privacy in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all personal data processed by any entity within the ThiaraX Group, regardless of the format in which that data is held.
This policy applies to:
For the purposes of this policy:
The Group is committed to processing personal data in accordance with the following principles, as set out in Article 5 of the UK GDPR:
The Group will only process personal data where a lawful basis exists. The lawful bases relied upon by the Group include:
Where special category data is processed, the Group will identify and document an additional condition for processing as required under Article 9 of the UK GDPR.
The Group respects and upholds the rights of data subjects under UK GDPR. These rights include:
Requests in relation to any of the above rights should be submitted in writing to the Data Protection Officer. The Group will respond within one calendar month of receipt.
The Group appoints a Data Protection Officer (DPO) to oversee compliance with this policy and applicable data protection law. The DPO is responsible for:
The DPO may be an internal appointment or an external specialist engaged for this purpose. The identity and contact details of the current DPO will be maintained on the Group's internal policy register and communicated to all relevant individuals. Where the Group does not yet meet the threshold for a mandatory DPO appointment under UK GDPR, the Chief Executive assumes this function until a formal appointment is made.
In accordance with Article 30 of the UK GDPR, the Group maintains a formal Record of Processing Activities (ROPA). The ROPA documents all personal data processing activities carried out by the Group and each subsidiary, and includes the following information for each processing activity:
The ROPA is maintained by the DPO and reviewed on a quarterly basis, or immediately upon any material change to processing activities. It is available for inspection by the Information Commissioner's Office upon request.
The Group will conduct a Data Protection Impact Assessment (DPIA) prior to commencing any processing activity that is likely to result in a high risk to the rights and freedoms of individuals. A DPIA is required where processing involves:
Where a DPIA identifies a residual high risk that cannot be mitigated, the Group will consult with the Information Commissioner's Office prior to commencing processing. All DPIAs will be documented and retained as part of the Group's compliance records.
The Group maintains appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or disclosure. These measures include:
All individuals working for or on behalf of the Group are required to handle personal data in accordance with this policy and any supporting guidelines issued by the DPO.
In the event of a personal data breach, the Group will:
Any individual who becomes aware of a suspected or actual data breach must report it to the DPO immediately.
Where the Group engages third parties to process personal data on its behalf, it will ensure that:
The Group will not transfer personal data outside the United Kingdom unless one of the following conditions is met:
Personal data will not be retained for longer than is necessary for the purpose for which it was collected. The Group maintains a Data Retention Schedule which sets out the applicable retention periods for each category of personal data processed across the Group.
At the end of the applicable retention period, personal data will be securely deleted or anonymised in a manner that prevents reconstruction.
All individuals working for or on behalf of the Group will receive appropriate data protection training commensurate with their role and access to personal data. Training will be provided upon commencement of work with the Group and refreshed on an annual basis. The DPO will maintain records of training completed across the Group.
Any individual who believes that the Group has not handled their personal data in accordance with this policy or applicable law has the right to raise a complaint. Complaints should be submitted in writing to the DPO in the first instance.
Individuals also have the right to lodge a complaint directly with the Information Commissioner's Office at any time:
Information Commissioner's OfficeThis policy will be reviewed annually by the DPO and Chief Executive, or sooner in the event of material changes to applicable law, regulatory guidance, or the Group's business activities. Any material amendments will be communicated to all relevant individuals and the version history updated accordingly.
This policy has been approved by Cameron Thiara, Chief Executive and Director of ThiaraX Limited, and applies across all entities within the ThiaraX Group.
ThiaraX Limited and its group subsidiaries (together, "the Group", "we", "us" or "our") use cookies and similar tracking technologies across our digital properties. This Cookies Policy explains what cookies are, how we use them, and how you can manage your preferences.
This policy should be read alongside our Privacy and Data Protection Policy, which sets out the broader framework governing how we handle personal data.
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites function correctly, improve user experience, and provide information to site owners.
Similar technologies include web beacons, pixel tags, local storage objects and device fingerprinting. References to "cookies" in this policy include all such comparable technologies unless stated otherwise.
Some pages may include content or functionality delivered by third parties such as embedded maps, video players or font services. These third parties may set their own cookies. We do not control these cookies and recommend reviewing the relevant third party's privacy or cookie policy.
In accordance with UK PECR, we only deploy non-essential cookies with your prior, informed and freely given consent, sought via a clearly visible banner on your first visit.
You may withdraw consent at any time by adjusting your preferences through the cookie settings tool or directly through your browser settings. Withdrawal does not affect the lawfulness of prior processing.
Most browsers allow you to view, block, delete and receive notifications about cookies through their settings. Note that blocking cookies may affect website functionality. For guidance, visit www.allaboutcookies.org.
Where cookies facilitate data transfers outside the United Kingdom or EEA, we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V, including adequacy decisions or Standard Contractual Clauses.
To the extent cookies process personal data, you have rights under UK GDPR including access, rectification, erasure and the right to object. Please refer to our Privacy and Data Protection Policy for a full description of your rights.
Questions about our use of cookies should be directed to:
ThiaraX LimitedThis policy is reviewed at least annually or whenever there is a material change to our use of cookies or relevant law. Current version effective 20 May 2026, approved by Cameron Thiara, Chief Executive and Director of ThiaraX Limited, and applies across all entities within the ThiaraX Group.
ThiaraX Limited and its group subsidiaries (together, "the Group") are committed to acting with integrity in all business dealings. We adopt a zero-tolerance approach to modern slavery and human trafficking in all its forms, including forced labour, bonded labour, child labour and any other form of exploitation.
This statement is published pursuant to section 54 of the Modern Slavery Act 2015 and constitutes the Group's statement for the financial year ending 31 December 2025.
This policy applies to all entities within the ThiaraX Group, all employees, contractors, consultants, officers and directors, and all suppliers, business partners and third parties acting on the Group's behalf.
The Group operates as a professional services holding company spanning executive search, management consulting, financial services, insurance, legal services, talent representation and media, headquartered in the United Kingdom with offices across North America, Europe, the Middle East, Africa and Asia-Pacific.
The Group is committed to maintaining fair, safe and dignified working conditions, ensuring all workers are employed freely and paid at least the applicable minimum or living wage, prohibiting child labour, respecting freedom of association, and never facilitating any form of human trafficking or forced labour.
As a professional services group, our direct operations carry relatively low inherent risk. However, risk may exist in indirect supply chains, particularly in facilities management, technology hardware procurement, hospitality and events services, and international talent placement in regions with weaker labour protections. We conduct periodic risk assessments reviewed annually.
We expect all suppliers and partners to operate in accordance with this statement and hold their own suppliers to equivalent standards. Due diligence activities include pre-engagement screening, modern slavery contractual obligations in key agreements, periodic relationship reviews, and the right to audit where warranted. Persistent or serious breaches may result in termination.
This statement should be read alongside the Group's Employee Code of Conduct, Whistleblowing Policy, Anti-Bribery and Corruption Policy, Supplier Code of Conduct, and Equality, Diversity and Inclusion Policy. All apply across all subsidiaries.
All Group employees receive modern slavery training at induction with periodic refreshers. Enhanced training is provided to those in procurement, recruitment or supplier management roles. Senior leadership receives additional training to support oversight and escalation.
Anyone who suspects modern slavery or human trafficking in connection with the Group is encouraged to report it promptly through our confidential whistleblowing channel without fear of retaliation:
ThiaraX LimitedWhere there is an immediate risk, concerns should be reported to law enforcement directly. The UK Modern Slavery Helpline can be reached on 08000 121 700.
We monitor effectiveness through: percentage of employees completing awareness training; supplier due diligence assessments in higher-risk categories; concerns raised via whistleblowing and their outcomes; and supplier contracts containing modern slavery obligations. Reviewed annually by Group Compliance and reported to the Board.
This statement is reviewed and updated annually, approved by the Board of Directors of ThiaraX Limited and signed on behalf of the Group by:
Cameron ThiaraThis statement applies across all entities within the ThiaraX Group.
These Terms of Use ("Terms") govern your access to and use of the websites, digital properties and client portals operated by ThiaraX Limited and its group subsidiaries (together, "the Group", "we", "us" or "our"). ThiaraX Limited is a company registered in England and Wales.
By accessing any of our digital properties, you confirm that you accept these Terms and agree to be bound by them. These Terms should be read alongside our Privacy and Data Protection Policy and Cookies Policy.
Our websites are made available free of charge for informational purposes. We do not guarantee availability or uninterrupted access. Access may be suspended, withdrawn or restricted at any time without notice. You are responsible for ensuring all persons accessing our websites through your connection comply with these Terms.
All content on our digital properties including text, graphics, logos, trademarks, images, audio, video and software is owned by or licensed to the Group and protected by applicable intellectual property laws.
You may access and print content for personal, non-commercial use only, retaining all copyright notices. You must not reproduce, distribute, modify or exploit any content without our prior written consent. Our names, logos and trademarks may not be used without permission.
You must not use our digital properties to breach any applicable law, transmit unsolicited promotional material, send harmful code, attempt unauthorised access to any system, scrape content by automated means, or impersonate the Group or any individual.
Access to restricted areas including TX Concierge and TX CoLab requires credentials issued by the Group, provided solely for legitimate business purposes. You are responsible for maintaining the confidentiality of your credentials and must notify us immediately if they are compromised. The Group reserves the right to disable access at its absolute discretion.
Links to third-party websites are provided for convenience only. We do not endorse or accept responsibility for external content, privacy practices or availability. You access them at your own risk.
Our websites are provided on an "as is" and "as available" basis without any representation or warranty, express or implied. Content is for general informational purposes only and does not constitute professional advice. You should take independent advice appropriate to your circumstances before acting on any content.
To the fullest extent permitted by law, the Group shall not be liable for any direct, indirect, incidental, consequential, special or exemplary damages arising from use of our websites. Nothing in these Terms limits liability for death or personal injury caused by negligence, fraud, or any liability that cannot be excluded under applicable law.
You agree to indemnify and hold harmless the Group and its officers, directors, employees and agents from any claims, liabilities, damages or expenses arising from your use of our websites, violation of these Terms, or violation of any third-party rights.
Your use of our websites may involve the processing of personal data. Our Privacy and Data Protection Policy and Cookies Policy explain how we collect, use, store and protect your data and your rights in relation to it.
These Terms are governed by the laws of England and Wales. You agree to submit to the exclusive jurisdiction of the courts of England and Wales in relation to any dispute arising from these Terms or your use of our digital properties.
We may revise these Terms at any time by updating this page. You are expected to review periodically. Material changes will, where practicable, be notified via a notice on the relevant website. Current version effective 20 May 2026.
Questions about these Terms should be directed to:
ThiaraX LimitedThese Terms apply across all entities within the ThiaraX Group.