Data Privacy Statement and Protection Policy
Test Triangle Data Privacy Statement and Protection Policy
Test Triangle Limited respects your right to privacy and we comply with our obligations under the General Data Protection Regulation 2016/679. The purpose of this Website Privacy Statement is to outline how we deal with any personal data you provide to us while visiting this website (the “site”). By visiting this site, you are accepting the terms of this Website Privacy Statement. Any external links to other websites are clearly identifiable as such, and we are not responsible for the content or the privacy policies of these other websites.
- Types of information collected
- 2.1 “Non-personal data”
Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our site. This non-personal data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our site.
- 2.2 “Personal data”
This is data that identifies you or can be used to identify or contact you and may include your name, address, email address, user IP addresses in circumstances where they have not been deleted, clipped or anonymised, telephone number and banking details. Such information is only collected from you if you voluntarily submit it to us, e.g. by sending us an email.
- 2.3 “Cookies”
- 2.1 “Non-personal data”
- Purposes for which we hold your information
- 3.1 Non-personal data:
We use the non-personal data gathered from visitors to our site in an aggregate form to get a better understanding of where our visitors come from and to help us better design and organise our site.
- 3.2 Personal data
We will process any personal data you provide to us for the following purposes:
(a) to carry out business with you,
(b) to contact you if required in connection with your communication and/or order or to respond to any communications you might send to us.
- 3.1 Non-personal data:
- Disclosure of information to third parties
We may provide non-personal data to third parties, where such information is combined with similar information of other users of our site. For example, we might inform third parties regarding the number of unique users who visit our site, the demographic breakdown of our community users of our site, or the activities that visitors to our site engage in while on our site. The third parties to whom we may provide this information may include, potential or actual advertisers, providers of advertising services (including website tracking services), commercial partners, sponsors, licensees, researchers and other similar parties.
We will not disclose your personal data to third parties, outside of Test Triangle Limited unless you have consented to this disclosure or unless the third party is required to fulfil your order (in such circumstances, the third party is bound by similar data protection requirements). We will disclose your personal data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.
- Sale of business
We reserve the right to transfer information (including your personal data) to a third party in the event of a sale, merger, liquidation, receivership or transfer of all or substantially all of the assets of our company provided that the third party agrees to adhere to the terms of the Website Privacy Statement and provided that the third party only uses your personal data for the purposes that you provided it to us. You will be notified in the event of any such transfer and you will be afforded an opportunity to opt-out.
Your personal data is held on secure servers hosted by [name of server hosts]. The nature of the Internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the internet. No data transmission over the internet can be guaranteed to be 100% secure. However, we will take all reasonable steps (including appropriate technical and organisational measures) to protect your personal data.
- Rectifying, verifying, objecting to the use of, requesting the deletion of and requesting access to your personal data
You may invoke your rights as a Data Subject in accordance with the General Data Protection Regulation 2016/679. Please contact us at firstname.lastname@example.org
- Changes to the Website Privacy Statement
Any changes to this Website Privacy Statement will be posted on this site so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use personal data in a manner significantly different from that stated in this Website Privacy Statement, or otherwise disclosed to you at the time it was collected, we will notify you by email, and you will have a choice as to whether or not we use your information in the new manner.
Data Protection Policy
This Data Protection Policy (the “Policy”) sets forth Test Triangles Limited commitment to protect the rights and privacy of individuals in accordance with the General Data Protection Regulation 2016/679 (the “GDPR”).
The purpose of this statement is to:
- synopsise the main tenets of the GDPR;
- provide definitions of key terms and define the principles that Test Triangle Limited will apply; and
- detail how Test Triangle Limited will comply with its obligations under the GDPR.
In performing its functions and day-to-day activities, Test Triangle Limited is required to process significant amounts of “Personal Data” within the meaning of the GDPR.
Test Triangle Limited respects the privacy rights of those whose Personal Data it processes and is conscious of its obligations under the GDPR.
In order to ensure a compliant and consistent approach to Test Triangle Limited’s obligations under the GDPR, this Policy shall set out the steps Test Triangle Limited takes to comply with the GDPR.
Test Triangle Limited not only intends to comply with its obligations under the GDPR, but also wishes to assure customers, suppliers, employees and ex-employees, including pensioners about whom it retains Personal Data, that this Personal Data will be processed in compliance with the GDPR and will be stored in a secure, confidential and appropriate manner. In addition, Personal Data will only be retained and stored by Test Triangle Limited while relevant. [For more information on this point, please refer to Test Triangle Limited Data Retention and Management Policy.]
Finally, Test Triangle Limited, within the limits of its authority, takes security measures to ensure the safeguarding of any Personal Data it holds.
Under the GDPR Test Triangle Limited is considered a data controller [and a data processor] and all personal data will be maintained in accordance with the obligations of that Act. Employees of Test Triangle may, in the course of their employment, be required to access the Personal Data of third parties such as other employees or customers/suppliers of Test Triangle Limited.
Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The GDPR lays down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed.
The GDPR also permits individuals to access their personal data on request and confer on individuals the right to have their personal data rectified, deleted, transferred, to object to the processing of their personal data and the right not to be subject to a decision based on automatic decision-making, including profiling.
This statement outlines Test Triangle Limited’s policy to help ensure that it complies with the GDPR.
In order to appreciate Test Triangle Limited obligations under the GDPR, it is necessary to first set out some explanations of key terms used in the GDPR.
Personal Data: It is important to remember that the GDPR apply only to Personal Data as defined in Section 1 of the GDPR: Personal Data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller. The GDPR applies to Personal Data held in a computerised or a manual (paper) form.
Sensitive Personal Data: There is a second sub-category of Personal Data referred to as Sensitive Personal Data. Sensitive Personal Data means Personal Data as to racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical/mental health; sexual life; commission or alleged commission of offences; or criminal convictions/proceedings. There are enhanced compliance requirements under the GDPR on data controllers, such as Test Triangle Limited, when they process Sensitive Personal Data.
Data Subject: A Data Subject is the individual who is the subject of the Personal Data. Only a Data Subject is entitled to make a Data Subject Access Request.
Data Subject Request: This is a request made in writing to Test Triangle Limited by a Data Subject pursuant to Articles 15-22 of the GDPR.
- Types of Personal Data held by Test Triangle Limited
Test Triangle Limited would typically retain the following types of Personal Data.
- Information about job applicants, employees, ex-employees and pensioners: name, address, email address, pps numbers, date of birth, union membership
- Information about customers, potential customers, potential suppliers : name, address, email address
For the purposes of the GDPR, Test Triangle Limited is a “data controller” of certain Personal Data relating to its customers and employees as it controls the contents and use of such Personal Data provided to us or requested by us.
Consequently, Test Triangle Limited are obliged to comply with the data protection principles set out in Article 5 of the GDPR. These obligations mean the Personal Data we hold:
(a) must be obtained and processed fairly;
(b) must be accurate, complete and kept up to date;
(c) must have been obtained only for one or more specified, explicit and lawful purposes;
(d) must not be further processed for incompatible purposes;
(e) must be adequate, relevant and not excessive for those purposes;
(f) must be kept for no longer than is necessary; and
(g) must be kept secure against unauthorised access, alteration or destruction.
- What we do with Personal Data?
Test Triangle Limited processes Personal Data provided to us only for the purposes of fulfilling our commercial objectives and complying with our statutory obligations. These obligations include:
- making corporate discounts available to employees;
- distributing company announcements;
- providing information on all Test Triangle Limited products;
- tax returns;
- offers/discounts to customers; and
- any other business related purposes.
Test Triangle Limited will not disclose Personal Data to third parties unless the Data Subject has consented to this disclosure or unless the disclosure to the third party is required to manage a customer order or employee relationship (and in such circumstances, the third party is bound by similar data protection requirements). However Test Triangle Limited will disclose Personal Data to third parties if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.
In compliance with the provisions of the GDPR, all Personal Data held, collected or furnished by Test Triangle Limited will be kept only for lawful purposes.
Test Triangle Limited will use Personal Data relating to customers, suppliers and employees, through whichever medium it is collected, for the purpose for which it was collected, including the performance of obligations or rights under any commercial or employment agreement which Test Triangle Limited may enter into with an employee, supplier or customer.
Personal Data must not be disclosed for any reason incompatible with the purpose for which it is obtained.
Test Triangle Limited must be accountable for its compliance with the GDPR, and be capable of demonstrating such compliance through having appropriate policies and procedures.
Overall responsibility for ensuring compliance with GDPR rests with Test Triangle Limited. However, Test Triangle Limited responsibility varies depending upon whether it is acting as either a data controller or a data processor.
All employees and contractors of Test Triangle Limited who separately collect, control or process the content and use of personal data are considered data processors for the purposes of the GDPR and are individually responsible for compliance with the data processor’s obligations under the GDPR. Test Triangle Limited Data Protection Officer co-ordinates the provision of support, assistance, advice, and training within Test Triangle Limited to ensure that the company is in a position to comply with the legislation.
- Direct Marketing
As a general rule, parties should not receive unsolicited direct marketing of any nature unless they have indicated that they consent, or at least that they do not object, to such uses of their Personal Data. The GDPR and, in particular, the European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003 (the “Regulations”) contain strict rules on the use of personal data for direct marketing purposes. The essential point is that Test Triangle Limited should be clear and up-front about the use of individual’s (including customers and potential customers) Personal Data, and not be underhanded or cavalier about obtaining the individual’s consent. For instance, the capture of Personal Data will only be deemed fair where a data controller, such as Test Triangle Limited, provides the Data Subject with full information about:
(a) the data controllers identity;
(b) its purpose(s) for processing the personal data;
(c) the categories of persons to whom the data may be disclosed; and
(d) any other information that is appropriate to the specific circumstances and that is required in the interests of fairness.
This is an area in particular where the government body charged with overseeing compliance with the GDPR, the Data Protection Commissioner, is very keen to ensure compliance with the law. For this reason, and given the complexity of the law in this sector, advice should be sought from Test Triangle Limited’s legal department before using any Personal Data for direct marketing purposes.
- Third Party Processors
Any third parties engaged by Test Triangle Limited to carry out services on Test Triangle Limited’s behalf, which involve the use of personal data in the possession of Test Triangle Limited, should be party to Test Triangle Limited’s standard Third Party Processor Agreement. The legal department in Test Triangle Limited should be contacted for advice before engaging any third party processors. The strength of the data security measures of the proposed third party processor should be a deciding factor in their engagement.
- Transfers outside the EEA
Chapter 5 of the GDPR specifies conditions that must be met before personal data may be transferred to third countries. The Data Protection Officer should be informed of any instances where data is being transferred outside of the EEA, to ensure that the GDPR’s specific conditions are met.
- Procedures and Guidelines
Test Triangle Limited is firmly committed to ensuring personal privacy and compliance with the GDPR, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.
Main responsibilities and data breach guidelines attached as Appendix .1
This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments.
This Data Protection policy is available on the Intranet.