Why and how would TSIP capture personal data?
In all instances where we retain personal data, such as email addresses or identities of data subjects, we will have a legitimate interest such as keeping you informed about our work as you have requested, delivering a contract which involves handling or gathering data or maintaining an ongoing business relationship.
TSIP may collect personal identification information from data subjects in a variety of ways: when you visit our website, fill out a form at an event we host, or in connection with other activities, services, features or resources we make available on our website. We will always establish consent and comply with relevant legislation.
On our projects any personal data will have been collected with explicit consent and the project will be governed by the terms of our contract and this policy. TSIP’s status as determined by relevant legislation differs depending on our role in our projects. On most of our projects we are recognised as a Data Processor under the European Union’s General Data Protection Regulation. On the projects where we may be recognised as a Data Controller and are capturing data directly we will establish consent for any data we capture, why we are capturing it and how it will be retained. If working with partners, we will look to establish a specific Data Sharing Agreement that will govern how those data will be captured, retained, accessed, shared and deleted along with specific routes of contact for users to get in touch with us to understand more about any of these issues. We will explicitly nominate a Data Protection Officer if necessary.
How long will TSIP keep personal data?
We will keep your data for no longer than necessary. This will vary. The length of time will depend on any legal obligations we have (such as tax recording purposes), the nature of any contracts that we have in place, the existence of your consent or our legitimate interest as a business.
When you purchase anything from us, for example services, we retain that information for a period of six years following the end of our financial year during which you purchase from us ceased. It is our legal obligation to keep these records for tax purposes.
If you express an interest in TSIP’s work we may retain data such as your contact details or name to be able to keep you informed. We do not send out newsletters or project updates so there is a likelihood that you will not receive anything from us. If you wish for your data to be deleted at any point see Your rights as a data subject below.
How is my data shared?
TSIP never sells any of personal data. On certain projects we might share personal data with a project partner, but in these instances this will be made clear at the point of collection and will be supported by the explicit prior permission of the person whom the data belongs.
Where is my data saved?
TSIP uses Dropbox and Salesforce as storage systems both of which adhere to the EU’s GDPR. There are no reasons that Data being held by TSIP would be transferred to a third party country but if this is in likelihood of occurring the Adequacy Framework of the European Commission will determine acceptability.
Your rights as a data subject
Under GDPR you have rights as a data subject. These rights are:
The right to be informed.
The right of access.
You have the right to access your personal data that we hold. This is called a subject access request. We must respond to your request within one month. To request access to your data, please send us this email. This will auto-generate an email with the subject line ‘Subject Access Request’ to the email address email@example.com. It is very helpful if you tell us what of your personal data you are seeking.
The right to rectification.
If you think the data we hold on you is incorrect, tell us so we can put it right. You can do this by emailing firstname.lastname@example.org with the correction that you wish to make.
The right to erasure.
You have the right to request that we delete your data. We think our work is pretty interesting, but if, now having read this message or at any point in the future, you want to be removed from our GDPR-compliant database you can let us know by sending us this email. This will autogenerate a message to the address email@example.com including the subject line ‘Remove me from your database’. We will do so, provided that we do not have a compelling reason for keeping it.
You also have rights to restrict processing, concerning data portability, to object and in relation to automated decision making. These are unlikely to be relevant given the very limited ways in which TSIP retain and process data. However if you wish to exercise any of your rights under Chapter 3 of GDPR you can let us know by sending us this email which will autogenerate an email message to the address firstname.lastname@example.org including the subject line ‘GDPR rights request’.
I want to complain about TSIP
You can make a complaint direct to TSIP by sending us this email which will autogenerate an email message to the address email@example.com including the subject line ‘Privacy/Data complaint about TSIP’.
Complaints via the Information Commissioner’s Office
TSIP has been registered with the UK’s Information Commissioner’s Office since 4 April 2013. Our reference number is Z3625333
The ICO’s contact details are:
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
I want to know more
Last updated : 2019-02-26