General Data Protection Regulation
GDPR is a new European Union legislation that comes into force on the 25th May 2018 to regulate the use and storage of personal data by private and public sector organisations within member states of the European Union. The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.
Our customers can trust that The Identity Organisation has made GDPR a priority and has devoted significant and strategic resources toward our efforts to comply with GDPR. This post outlines our approach and progress to date.
TIO GDPR Statement
The Identity Organisation Ltd is committed to protecting all its customers, suppliers and team members by maintaining best practice data protection processes in line with all UK and EU law including GDPR.
TIO is engaged in selling goods and services to corporate and public sector enterprises and all marketing activity is directed at these enterprises. In the legitimate pursuit of this business TIO may hold data on individuals working in these organisations. This data is limited to name, job title, organization email address and telephone numbers. We do not hold personal data such as home addresses or any personal credit card or bank details.
TIO has undertaken a review of its data protection policy and implemented the following;
• Reviewed what data we hold
• Identified how this data was collected
• Reviewed how we communicate that this data is only used for the legitimate pursuit of business to business activity
• Reviewed our processes for responding to requests to delete, amend or restrict data.
• Reviewed our processes for providing access to data when legitimate requests are made
• Reviewed our legitimate use of data for business to business activity
• Reviewed our consent mechanism. TIO has interpreted that the GDPR consent guidelines do not wholly apply to B2B activity and that our Unsubscribe policy meets best practice and legislative guidelines.
• Reviewed our security and ability to prevent, detect and report data breaches in line with GDPR
• Reviewed the need for a Data Protection Impact Assessment
IP Addresses and Cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration.
A cookie is a piece of information that is stored on your computer’s hard drive which records how you have used a website. This means that when you go back to that website, it can give you tailored options based on the information it has stored about your last visit.
For information about how to disable cookies in your browser please visit the www.aboutcookies.org website.
Most browsers automatically accept cookies. You can prevent cookies from being stored on your computer or device by setting your browser to not accept cookies. Some browsers provide a mode where cookies are always deleted after a visit.
How we use Personal Data
TIO will only process your data where it has a legal basis for doing so. TIO uses the data collected to communicate with you and to offer you our identity validation consultancy services and/or services related to our partner company, Engeneum Limited which offers technology systems and services that are complimentary to the services provided by TIO. We will also use your data to improve or maintain the services we offer to you and our website. We will never share your data with any other third party, other than those stated in this policy, nor use your data for any other purpose, unless we firstly gain your consent to do so.
We may use your data for profiling in the context of segmentation and targeting for marketing purposes. We may use personal data such as job title, sector, company and your previous activity on our website or with our marketing communications. This enables us to provide you with information and promotions that are likely to be relevant to you. We may also use data such as your name and job title to personalise communications you receive from TIO and our website.
You have the right to access rectify, erase, object and restrict the processing of your personal data, with the ability to choose which promotional communications you wish to receive and how you would like to receive them. You also have the right to opt-out of receiving our marketing communications at any time.
Our legal basis for processing personal data
Our legal basis for processing your personal data may rely upon our Legitimate Interest.
‘Legitimate Interest’ means the interests of our company in conducting and managing our business to enable us to give you the best services and experience. For example, we have an interest in making sure our services are relevant for you, so we may process your personal data to contact you by telephone with discussions tailored to your interests.
When we process your personal information for our legitimate interests, we make sure to consider the balance and any potential impact on you (both positive and negative) and your rights under the data protection regulation. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Our legitimate business interests may include some or all of the following:
- For evidential purposes to effectively manage and maintain records of our relationships/communications with you;
- For business development related activity such as contacting you by telephone or email to arrange meetings with our experts in relation to work or knowledge sharing;
- To enhance, modify, personalise or otherwise improve our services and communications for the benefit of you;
- To better understand how you interact with our website and content in order to enhance your customer experience;
- To determine the effectiveness of promotional campaigns to inform marketing strategy.
TIO will only keep your personal data for as long as necessary for the purposes for which it was gained. Personal data will be retained for the purposes of direct marketing, relationship management and business development, or where we have another legal basis for processing (such as your consent or a contract with you). TIO will review the personal data we hold on you every 12 months to check for accuracy and relevancy and to ensure that we continue to have a legal basis for processing. If the personal data is no longer necessary, or where we no longer have the legal basis for processing, we will delete or fully anonymise the data we hold on you, in line with our GDPR Policy. If your data becomes inaccurate, we will update it accordingly.
The exception is information collected from surveys, feedback and questionnaires, which are held only for the duration of its usefulness i.e. the duration of a campaign. The data is then anonymised and retained for internal evidential purposes, or deleted.
TIO will be more than happy to help you should you have any complaints about the processing of your personal data. Under the GDPR, you have the right to lodge a complaint with the Supervisory Authority, the Information Commissioner’s Office (ICO), who are the national authority responsible for the protection of personal data. A complaint can be made to the ICO via their website: ico.org.uk or through their helpline: 0303 123 1113.
Changes to this Privacy Statement
We reserve the right to change this statement. Changes will be published on our website www.tidorg.com/privacy-statement/. We will notify you of any material changes to this statement via email (where possible) but recommend that you also check this statement regularly, so that you are informed of any changes.