Our Privacy Notice
Who we are: We are TrustQuay Limited (“TrustQuay”) registered in England and Wales under number 12003494 with registered office Sentinel House, Harvest Crescent, Fleet, England, GU51 2UZ. TrustQuay Group (“TrustQuay Group”) comprises TrustQuay any entity that directly or indirectly controls, is controlled by or is under common control with TrustQuay. In this Privacy Notice “us”, “our”, “we” refers to TrustQuay Group.
About Our Privacy Notice: Our Privacy Notice (our “Privacy Notice”) describes our collection, use, disclosure, retention and protection of your personal information. Our Privacy Notice applies to any website, application or service which references it and to all applications and services offered by TrustQuay that do not have a separate privacy notice for which we are responsible for controlling or processing personal data.
Data Controller/ Data Processors: Trustquay is the Data Controller within TrustQuay Group. When handling personal data, Trustquay subsidiary companies act as a Data Processor to Trustquay.
When we collect personal information: TrustQuay collects information from or about individuals when:
- they are an actual or potential customer, consultant, supplier, advisor or business partner or associate of us;
- they are an employee, employee equivalent or prospective employee interested in joining us;
- they visit our websites, sign up to our news notifications via any registration form on our website, or they engage with us on social media;
- they contact us by any means with queries, interests or concerns or complete our surveys whether we have sent such surveys to them directly;
- they have a meeting or appointment with us or attend any of our events including in person at a venue or online;
- they visit one of our offices where there identification details and image may be recorded;
- they elect to provide us with personal information during business encounters, for example by email or business card.
We collect personal information from individuals directly, from public sources or from third parties, such as business associates or recruitment agents.
Personal Data we collect and the Purpose:
The category labels we use for personal are as follows:
Category of Personal Data | Examples |
General Data | Phone numbers, business and private, work addresses, location. electronic signatures, correspondence, job title, line manager, employer name, functional division in the employer, biographies, career history, bought in data, username and similar data that might identify a person. |
Sensitive Data | Sensitive personal data relating to confidential, private and medial details, details of protected characteristics e.g. hand written signatures, gender, family information, beneficiaries, marital status, salary data. |
Identity Verification | Passport/ drivers licence, residential addresses, proof of address nationality, age, date of birth and other details required for Know Your Customer, anti-money laundering, references, background checks and other similar checks. |
Financial Data | Bank account and payment details, bank details, data on transactions with us, credit reports, financial reports, national insurance and tax codes, timesheets etc that identify or are information pertaining to an Individual. |
Visual Data | Photos, videos and meeting recordings and sound recordings. |
Preferences | Dietary requirements, opt-in and opt-out consents, and other information individuals provide to us relevant to the services we provide. |
Cookie Data | Cookies collected automatically by visiting our websites including domain name, IP address, operating system and browser. |
Device Data | Device identification number and type, location information and connection information such as statistics on page views, traffic to and from the sites, referral URL, ad data, IP address, MAC Address, Device Name, location, browsing history and web log information |
HR Data | Personal data in addition to above collected by our Human Resources related to individuals working with us. |
Anonymised Data | Any of the above where personal identifiable data has been redacted or encrypted to leave date that is not identifiable with an individual.The types of data mentioned in the table above may include: |
The category of personal information that we collect depends on the legitimate purposes for which it is collected as follows:
Activity/ person | Category of Personal Data we collect or use | Purpose | Lawful basis for processing |
Customers of our applications and services | General Data Preferences | To provide software and services under contract. If required by customers, we will use their handwritten signature (Sensitive Data) and may charge for this as an additional service. | Contract Legitimate Interest |
Prospective customers | General Data, Preferences, Visual Data | To provide product demonstrations to customers, typically working under an NDA. | Consent |
Customer Clients | Anonymised Data | To fulfil specific contract obligation directed by customers. | Contract |
Users of our applications and services | General Data, Preferences, Cookie Data, Device Data, | To provide software and services under contract. | Contract Legitimate Interest |
Technical bulletins to customers on licenced software and software feedback surveys | General Data Preference Data | To provide software and services under contract. We will respect opt-outs. | Legitimate Interest Contract |
Marketing activities such as market bulletins, online surveys, new letters, and event invitations | General Data, Preference Data Cookie Data, Device Data, | To provide information on our software and services to develop our business. | Consent |
Events such as product launches and technical updates | General Data, Preferences, Visual Data | To provide information on our software and services to develop our business. | Consent |
Dialogue arising from contacting us offline by telephone, email, post etc | General Data Preferences | To provide individuals with support and assistance in order to develop our business. | Consent |
Analysis of website usage, marketing and business performance data | Anonymised Data | To help us to monitor and improve our business and the services and software we provide. | Legitimate Interest |
Browsing our websites | Cookie Data, Device Data | To help us understand the use of our website and interest in our products. To enable monitoring and improvement of our website. | Consent |
Interacting with us using social media. | General Data, Cookie Data, Device Data, | To provide individuals with support and assistance in order to develop our business | Consent |
Our suppliers | General Data, Financial Data, Cookie Data, Device Data, | To purchase products and services from suppliers and to monitor the performance of suppliers | Contract Legitimate Interest |
Our employees and people applying to work for us | General Data, Sensitive Data, Identity Verification, Visual Data, Preferences, Cookie Data, Device Data, HR Data, Anonymised Data | To fulfil our legal and contractual obligations for employees and our business. | Consent Contract Legal Obligation Legitimate Interest |
The lawful bases for processing used in the table above are set out in Article 6 of the UK GDPR and are
(a) Consent: the individual has given clear consent to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract that we have with the individual, or because they have asked us to take specific steps before entering into a contract.
(c) Legal Obligation: the processing is necessary for us to comply with the law (not including contractual obligations) such as compliance with legal and regulatory obligations; requests for disclosures from a court, tribunal, authority, regulator or supervisory or governmental body.
(d) Legitimate Interests: the processing is necessary for TrustQuay Group’s legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
If you would like further information on how we have balanced our and others’ legitimate interests against your privacy interests, please contact data@hgcapital.com.
We may use personal information for the purposes of the following legitimate interests:
Activity/ person | Legitimate Interest |
Business operations: |
|
Customer relationship management and business development |
|
Employees and Candidates |
|
We may enhance personal information we collect from you with information we obtain from third parties that are entitled to share that information; for example, information from sanction lists, credit agencies, search information providers or public sources (e.g. for customer due diligence purposes), but in each case as permitted by applicable laws.
We may monitor and record our communications with you.
Cookies
For further information about our use of cookies, please see our Cookies Notice.
You may be able to configure your browser or our website, application or service to restrict cookies or block all cookies, but you may find this affects your ability to use certain parts of our website, applications or services. If you would prefer to block cookies please refer to the instructions or help service on your internet browser.
Who we share personal information with
TrustQuay Group: TrustQuay Group entities, acting for TrustQuay as Data Controller, share personal information within other TrustQuay Group entities.
Third-party providers: We may share personal information with third parties, including independent contractors or subcontractors (such as individuals who are engaged to assist TrustQuay Group on specific projects), agents (such as recruitment agents and corporate secretarial services agents) and service providers (such as legal, consultancy and background screening providers) who need to receive the personal information in order to provide services for and on behalf of us for the purposes specified in this Privacy Notice.
We engage trusted third-party IT service and software providers to host, store and process data, e.g. information relating to employees is stored in payroll and HR software systems; information about employment candidates and event attendees is recorded on a HR systems; supplier and customer information is retained on accounting, reporting, project management and other software systems.
We may share personal information in accordance with a Data Processing Agreement or where an Individual has consented for their data to be shared.
Information will only be transferred or provided to third-party providers where reasonably necessary to enable us to fulfil the purposes set out in this Privacy Notice. We will ensure that each such provider has agreed to protect and maintain the confidentiality and security of information we shares with them.
Our ownership: We may share personal information with an actual or potential buyer, seller, co-investor or joint venture partner and our and their advisers in connection with any actual or potential acquisition, sale, co-investment, joint venture or similar transactions in connection with TrustQuay Group.
Authorities as required or permitted by law
We may disclose personal information: (a) as required or permitted by, or to comply with, applicable law, regulation, court or tribunal processes or other statutory requirements; (b) to respond to requests from or disclosures required by any court, tribunal, authority, regulator or supervisory or governmental body or (c) to comply with Know Your Customer and anti-money laundering requirements and references, background and other similar checks on or conducted by TrustQuay Group.
Providing us with information about others
If you provide us with personal information about someone else, you are responsible for ensuring that you comply with any obligation and consent obligations under applicable data protection laws in relation to such disclosure. In so far as required by applicable data protection laws, you must ensure that you have provided the required notices and have obtained the individual’s explicit consent to provide us with the information and that you explain to them how we collect, use, disclose and retain their personal information or direct them to read our Privacy Notice.
Standard retention period
The personal data we collect will only be retained for as long as it is needed to fulfil the purposes set out in this privacy statement. This period is maximum 10 years, subject to certain variations described below.
Deletions will be carried out in accordance with TrustQuay’s retention policy. Any information stored in hard copy format (in paper form) is treated as confidential and will be shredded when we no longer have a legitimate interest in retaining it and may not seek your permission to destroy it.
Variations to retention period
We will retain your information for longer than the standard retention period where permitted or required by law, including to comply with the duration of any statutory or contractual limitation periods. For example, we will retain copies of contracts with customers for as long as permitted by law.
In relation to data collected about visitors to the website, data is retained for 50 weeks.
In relation to personal data collected about potential employment candidates who we do not hire the data may be retained for up to six years in case such candidates are suitable for other employment opportunities which arise at with us.
Data privacy rights of Individuals
Data protection laws in some countries provide data subjects with various rights. In the European Union and United Kingdom, data protection laws provide rights to:
Rights in relation to automated decision making and profilingIndividuals have rights for: (i) automated individual decision-making (making a decision solely by automated means without any human involvement); and (ii) profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
We use profiling for market analysis and for prioritising and filtering prospective customers for our sales activities, but decisions are made by human intervention.
Data Subject Rights | |
The right to be informed | Individuals have the right to be informed about the collection and use of their personal data. This is commonly referred to as a subject access request or ‘SAR’. |
The right of access | Individuals have the right to access and receive a copy of their personal data, and other supplementary information. |
The right to rectification | Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete. Individuals may ask us to correct the information that we hold about them. |
The right to erasure | Individuals have the right to have personal data erased. The right to erasure is also known as ‘the right to be forgotten’. Individuals may require us to remove them from our marketing lists or change your marketing preferences by contacting privacy@trustquay.com; |
The right to restrict processing | Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we may store the personal data, but not use it. |
The right to data portability | Individuals have the right to data portability so that they can obtain and reuse their personal data for their own purposes across different services. Individuals may request a copy of the information we hold about them by email toprivacy@trustquay.com; |
The right to object | Individuals have the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing.We may enhance personal information we collect from you with information we obtain from third parties that are entitled to share that information; for example, information from sanction lists, credit agencies, search information providers or public sources (e.g. for customer due diligence purposes), but in each case as permitted by applicable laws. | Rights in relation to automated decision making and profiling | Individuals have rights for: (i) automated individual decision-making (making a decision solely by automated means without any human involvement); and (ii) profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process. We use profiling for market analysis and for prioritising and filtering prospective customers for our sales activities, but decisions are made by human intervention. |
These rights are not absolute: they do not always apply and exemptions may be engaged. We may, in response to a request, ask you to verify your identity and to provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.
To exercise any of these rights, or if you have any other questions about our use of your information, please contact us at privacy@trustquay.com.
Transferring information internationally
We are a global business and have offices in various countries (see here: https://trustquay.com/contact-us/), use global systems and interact with other parties globally. For example, we engage third-party IT service and software providers which host, store and process data in and outside of the European Economic Area (the “EEA”) and the United Kingdom (the “UK“). This means that your information may be transferred to a country outside the EEA – such as the US and other non-EEA countries or to a country outside the UK. These countries may not offer the same level of data protection as in an Individuals home country, and may not be deemed as providing an adequate level of data protection under applicable data protection laws (“Non-Adequate Countries”). Where personal information is transferred from within the EEA or from within the UK to a Non-Adequate Country, care is taken to ensure that the transfer is subject to appropriate safeguards in accordance with applicable data protection laws. To obtain a copy of these safeguards, please contact privacy@trustquay.com.
Security
We are committed to ensuring that personal information is secure. We have physical, electronic and managerial procedures to safeguard and secure personal information we collect that should prevent unauthorised access or disclosure. We will take reasonable steps to protect personal information, but we cannot guarantee the security of information which is transmitted to our website, applications or services or to other website, applications and services via an internet or similar connection.
Changes to Our Privacy Notice
We may change Our Privacy Notice from time to time by updating it on our website.
Other sites and social media
If you follow a link from our website, application or service to another site or service, Our Privacy Notice will no longer apply. We are not responsible for the information handling practices of third-party sites or services.
Further information and contacting us
If you have any queries about how we treat your information, the contents of this Privacy Notice, your rights, how to update your records or how to obtain a copy of the information that we hold about you, please email privacy@trustquay.com or write to Company Secretary and Compliance Officer, TrustQuay Limited, Sentinel House, Harvest Crescent, Ancells Business Park, Fleet, GU51 2UZ. Our Data Protection Officer is the Company Secretary and Compliance Officer.
February 2023