TLK may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy was last updated on 1st June 2021.
How we use your information
This notice tells you what to expect when TLK collects personal information. It applies to any information we collect about:
- Our Customers
- Visitors to our website
- Individuals in relation to data protection or freedom of information complaint or enquiry
Why we collect your information
TLK is committed to ensuring that your privacy is protected. The information which you may provide to us, along with other information relating to you, will be held by TLK and used for the following purposes, and under specific lawful basis.
- Where processing is necessary for the performance of a contract with you or your employer, or to take steps to enter into a contract
- Where processing is necessary for compliance with a legal obligation (such as filing at HMRC)
- Where it is necessary for the purposes of TLK’s legitimate business interests, except where such interests are overridden by the interests, rights or freedoms of the data subject.
- IF we process special categories of data, we do so only with the explicit consent of the data subject, unless reliance on consent is prohibited by EU or Member State law, or where processing is necessary for carrying out obligations under employment, or a collective agreement.
- Where none of the above applies, or it is deemed necessary, we shall only process your data with your explicit consent which has been positively and freely given.
Types of data
We may collect the following information:
- Name and/or other personal information required in order fulfil your order with us
- Financial information (specific to your order)
- contact information, including email address
- demographic information, such as postcode
- other information relevant to our Customers
Our Customers information and data remains confidential at all times and is only dealt with in the strictest of confidence and security in accordance with TLK’s standard terms and conditions, and only for the purpose of performing the services detailed in our contract and fulfilling your order with us.
Our client’s information shall only ever be accessed internally on a “need-to-know” basis by authorised personnel.
We retain personal information only for as long as necessary to manage our orders with our Customers and in line with our retention schedule or as required by law. This means that information may be retained for up to 7 years.
The legal basis for processing this data is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
USE OF THIRD PARTIES
As part of our services to our Customers, we may use some third-party support or software. Before contracting with any supplier, we request detailed information on their data protection policies and processes in order to ensure that your data will be suitably protected when processed by them, and where their data is stored.
The legal basis for processing this data is both our legitimate business interests, namely the proper administration of our business, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We use Xero for our own accounting software, as well as for many of our Customers . Xero take their responsibilities under GDPR seriously. That’s why they’ve embarked on a programme to identify which measures they need to implement to be compliant with GDPR. You can read more about their privacy processes here:
https://www.xero.com/uk/about/terms/privacy/ and https://www.xero.com/uk/gdpr/
Stripe is used for processing payments from our Customers for our products. They are a global business and as such, Personal Data may be stored and processed in any country where they do business or their service providers do business. They may transfer your Personal Data to countries other than the United Kingdom, including to the United States. These countries may have data protection rules that are different from ours. When transferring data across borders, they take measures to comply with applicable data protection laws related to such transfer. Officials (such as law enforcement or security authorities) in those other countries may be entitled to access your Personal Data.
If you are located in the European Economic Area (“EEA”), the UK or Switzerland, they comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to the US. Where applicable law requires that a data transfer legal mechanism, they use one or more of the following: EU Standard Contractual Clauses with a data recipient outside the EEA or the UK, verification that the recipient has implemented Binding Corporate Rules, or other legal method available to us under applicable law.
While Stripe Inc. remains self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, it is not currently relying on these frameworks for the transfer of personal data to the U.S.
Visitors to our website
If you browse, read pages, or download information from our website, we will gather and store certain limited information about your visit. This information collected or stored is used by us only for the purpose of improving the content of our web services and to help us understand how people are using our services.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. If you do not wish for your data to be processed this way, please do not enter our website.
Google Analytics automatically collects and stores the following information about your visit:
- The Internet Protocol (IP) address and domain name used. The IP address is a numerical identifier assigned either to your internet service or directly to your computer. We use the IP address to direct internet traffic to you. This address can be translated to determine the domain name of your service provider (e.g. abccompany.com, xyz-school.edu, and so on)
- The type of browser and operating system you used
- The date and time you visited this site
- The web pages or services you accessed at this site; and
- The website you visited prior to coming to this site.
The legal basis for processing this data is both our legitimate business interests, namely monitoring and improving our website and services.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
People who use our services
We hold the details of the people who have requested our services (i.e. ordered our products) in order to provide them. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have purchased our products to carry out a survey to find out if they are happy with the level of service or quality of the product they received. If people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this.
To those who subscribe to our mailing list (including our Customers), we send out regular e-newsletters, details of upcoming events, and other useful local updates and information.
We may process the information contained in any enquiry submitted to us regarding our services, and may use that data for the purpose of offering relevant services to you. The legal basis for this processing is consent, and taking steps, at your request, to enter into a contract.
People who contact us via social media
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People of contact us via our website’s contact / order form
We use a third-party provider, Mailgun, to manage our email traffic from our website. Mailgun is an American organisation, but Mailgun participates and has certified its compliance with the EU-U.S. Privacy Shield Framework.
We may gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletters. For more information, visit https://www.mailgun.com/privacy-policy/
If you send us a direct message via the website, the message will be stored by Mailgun temporarily. It will not be shared with any other organisations or third parties.
Security and performance
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and in completing our services to our Customers.
We may process any personal data identified in this Policy where it is deemed necessary for the purposes of maintaining insurance coverage, managing risks, obtaining professional advice, or establishing, exercising or defending legal claims, we do this for the proper protection of our business. We may also process such data where processing is required in order to comply with a legal obligation in order to protect your or another person’s vital interests.
Complaints and queries
TLK tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of TLK’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
PEOPLE WHO MAKE A COMPLAINT TO US
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
Access to personal information
TLK tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 2018 and subsequent legislation. If we do hold information about you, we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To make a request to the TLK for any personal information we may hold you need to put the request in writing addressing it to our Data Protection Officer at our registered office or emailing it to the address provided below.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
You have specific rights under data protection legislation; these are:
- The right to be informed
- The right of access
- The right to rectification
- The right to erase
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Controlling your personal information
- We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
- You may request details of personal information which we hold about you under the Data Protection Act 2018.
- If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 1st June 2021.
How to contact us
- Data Protection Officer
- Top Lip Kit Ltd
- 75 Bedford Place, Ground Floor
- Hampshire, SO15 2DF
- United Kingdom
Or, email our data protection officer directly (with the subject as Data Protection): email@example.com/toplipkit