Please read this Policy carefully and contact us if you have any questions about our privacy practices or your personal information choices.
It is important that you check back often for updates to this Policy. If we make changes we consider to be important, we will let you know by placing a notice on the relevant Services and/or contact you using other methods such as email.
PURPOSE OF PROCESSING, LEGAL BASIS AND RETENTION PERIODS
We will collect and store personal information including contact details of our customers and their employees so that we can provide our Services in accordance with our contract with you. For those customers who pay for the services, we will also retain that information and any information relating to the contract between us for a period of seven years following completion or termination of the contract(s) between us so that we can review our performance if any complaints or issues arise after completion or termination of the contract. For those customers that request information, but do not use our services, we will retain your personal information and any information relating to the enquiry for a period of seven years following completion of the trial and will only retain your information for a longer period where we consider we have a legitimate interest to do so.
We will also collect and store personal information about employees of the customer for whom we are providing our services. This information may include email addresses, user names and passwords for the IT systems which we support. We are processing this information on behalf of your employer (our customer) in order to provide them with the Services. You should therefore contact your employer for further information about how we process your information on their behalf.
Unless you request us not to do so, we may also contact you on an individual basis in relation to additional features and add-ons to our services, as well as new products and updates. We may also contact you about similar services which we offer. We will only do this if we believe that it is in our legitimate interests to keep you informed of our products and services and if we believe that you would reasonably expect us to contact you in this way. We will not send you general marketing information as part of a group e-mailing campaign unless you have consented to being contacted in this way.
We will collect and store personal information including contact details of third parties with whom we are in contact during the delivery of Services to our customers or discussions relating to Services to prospective customers. We may receive that information from you, a customer, a supplier, an introducer or otherwise as a result of an interaction between you and our supplier or customers. We process that information because it is in our legitimate interests to do so in order for us to be able to perform our contracts for our customers or pitch for work from prospective customers. We believe that you would reasonably expect us to process your personal information in this way and that such processing does not an impact on you in a way that would make this processing unfair.
Where your personal information is kept as part of a file relating to the performance of a contract with one of our customers, we will also retain that information and any information relating to that contract for a period of seven years following completion or termination of that contract(s) so that we can review the file if any complaints or issues arise after completion or termination of the contract. Where your information is stored in our contacts database but is not kept in a customer or supplier file, we carry out a review of our contacts database every three years when we consider whether or not we still have a legitimate interest to keep your contact information. Where we consider that we no longer have a legitimate interest to keep your contact information we will delete it.
We may also contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We are processing your personal information in this way because it is our legitimate interests to grow our business and explore new business opportunities with you. We will only do this if we believe that you would reasonably expect us to contact you in this way and that such processing does not have an impact on you in a way that would make this processing unfair.
WHERE YOU PROVIDE US WITH PERSONAL INFORMATION ABOUT ANOTHER PERSON
If you give us personal information about another person, you must ensure that:
(a) you are legally entitled to give us that information;
(b) the disclosure is in accordance with any applicable data protection or privacy laws; and
PERSONAL INFORMATION WE HOLD
The information we collect about you depends on the products and services you use. It includes (but isn’t limited to):
• Your name, address, contact details and date of birth
• Who you work for
• Details that we need to check your identity, process an application and perform credit referencing
• Financial details, including credit, debit card and bank details to process payments only
• Your communications with us, including notes or recordings of calls, emails or letters you send to us
• Marketing preferences
We would not normally process sensitive information, for example, relating to your health, religious belief or sexuality. If that information is relevant to the services we are providing or receiving from you, then we will agree with you at the time whether we can process that information.
Some of our services provide data and document storage as an integral part of the product or solution offering. Documents and data stored by our customers may contain personal information in business and personal tax forms, payroll and financial data, and legal and litigation-related documents, for example. Any information stored by or on behalf of our customers is controlled and managed by and only made accessible to those customers or others our customers may authorise from time to time. Our access to this information is limited to the Company personnel who require access in order to provide our Services or for any other critical business reason.
What are cookies? Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computer’s hard drive they should take all necessary steps within their web browser’s security settings to block all cookies from our website.
We use tracking software to monitor site visitors to better understand how they use the website. The software will save a cookie to your computer’s hard drive to track and monitor your engagement and usage of the website.
WHEN WE SHARE YOUR PERSONAL INFORMATION
The Company shares or discloses personal information when necessary to provide Services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements. We do not sell any personal information to third parties. We may occasionally share non-personal, anonymised, and statistical data with third parties. Below are the parties with whom we may share personal information and why.
• Within the Company’s group: Our business is supported by a variety of people who are part of the Company’s teams and functions, and personal information will be made available to them if necessary for the provision of Services, account administration, sales and marketing, customer and technical support, and business and product development, for instance. All of our employees and contractors are required to follow our data privacy and security policies when handling personal information.
• Our business partners: We occasionally partner with other organisations to deliver co-branded Services, provide content, or to host events, conferences, and seminars. As part of these arrangements, you may be a customer of both the Company and our partners, and we and our partners may collect and share information about you. The Company will handle personal information in accordance with this Policy, and we encourage you to review the privacy policies of our partners to learn more about how they collect, use, and share personal information.
• Our third-party service providers: We partner with and are supported by service providers around the UK/world. Personal information will be made available to these parties only when necessary to fulfil the services they provide to us, including (without limitation) software, system, and platform support; payment providers, direct marketing services; cloud hosting services; advertising; data analytics; and order fulfilment and delivery. Our third-party service providers are not permitted to share or use the personal information we make available to them for any other purpose than to provide services to us.
• Third parties for legal reasons: We will share personal information when we believe it is required, such as:
• To comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities;
• In the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings);
• To protect our rights, users, systems, and Services.
Where we store and process personal information
We take steps to ensure that the information we collect is processed according to this Policy and the requirements of applicable law wherever the data is located.
We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within the Company or to third parties in the provision of services to you.
HOW WE SECURE YOUR PERSONAL INFORMATION
The Company takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
How long we keep personal information
We retain personal information for as long as we reasonably require it for legal or business purposes. In determining data retention periods, the Company takes into consideration local laws, contractual obligations, and the expectations and requirements of our customers and suppliers. When we no longer need personal information, or when you request us to delete your information, where this is legal, we will securely delete or destroy it. See section “Purpose of the processing, legal basis and retention periods” for further information on our retention periods.
YOUR LEGAL RIGHTS
We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or safely delete your personal information.
• Access to personal information: You have the right to request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. If you request access to your personal information, we will gladly comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data.
• Object to processing: of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request restriction of processing: of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer: of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Correction of your data: You have the right to request that we correct your personal information if it is inaccurate or requires updating or complete your personal information if the information we hold is incomplete.
• Withdrawal of consent: If we are processing your personal information on the basis that you have given your consent to us processing that personal information, you have a right to withdraw your consent at any time by using the Preference Centre on our website or let us know in writing, by email or by telephone.
• Marketing preferences: To opt out of email marketing, you can use the unsubscribe link found in the email communication you receive from us or you can use the Preference Centre on our website or let us know in writing, by email or by telephone.
• Filing a complaint: If you are not satisfied with how the Company manages your personal data, you have the right to make a complaint to the Information Commissioner’s Office (https://ico.org.uk).
CHNAGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please let us know by using the “Contact Us” option on our website or let us know in writing, by email or by telephone.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Our website has links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Our Services are not directed to children under 13. If you learn that a child under 13 has provided us with personal information without consent, please contact us.
HOW TO CONTACT US
Please contact us with any requests related to your personal information. We understand that you may have questions or concerns about this Policy or our privacy practices or may wish to file a complaint. Please feel free to contact us in one of the following ways:
Address: Attn: Emma Vidler, Tredilion Park Ltd. 117-120 Bute Street, Cardiff Bay, Cardiff CF10 5AE
Telephone: +44 (0) 2920 489 000