May 25th, 2018
b. TROWBRIDGE are the “controller” (as such term is defined in the GDPR) of any Personal Information collected via the Website and our contact details are set out below in Section 7 below.
2. What information does TROWBRIDGE collect?
We collect the types of information below.
a. Information you provide to us
i. Your Personal Information: As a visitor, you do not have to submit any personal information in order to use the Website. This Website only collects personal information that is specifically and voluntarily provided by visitors. Such information may consist of, but is not limited to, your name, company name, email address, and telephone numbers.
We also collect information from you to administer events, surveys and the newsletter. We may also store and maintain any content that you provide, including but not limited to social media applications and services that we may provide.
b. Information collected automatically
c. E-mail, marketing and other communications
We may use your Personal Information to contact you, by email about your use of the Website or the Services. If you provide us with your consent to subscribe to our newsletter or marketing emails, we will use your name and email address to send the newsletter to you via email. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails. Please note that if you do not want to receive newsletter or marketing emails from us, we may still send you legal notices which will govern your use of the Website and you are responsible for reviewing such legal notices for any changes.
3. Where do we store your personal information?
a. Whether or not, you are a British or EU citizen and have informed us as such, your Personal Data will be processed on Tier 3 secure servers based in Canada that which comply with the European Commission’s adequacy decisions.
b. TROWBRIDGE uses various cloud-based systems and tools, including certain customer relationship management and marketing automation services to allow us to provide TROWBRIDGE services to our clients. As part of our services, certain limited client and user profile information is sent to the providers of the services, some of whom are based outside the EEA. Where clients Personal Information is sent by TROWBRIDGE service providers based outside the EEA, we ensure such transfers are conducted in accordance with TROWBRIDGE’s obligations under GDPR May 25th, 2018.
4. Will TROWBRIDGE share any of the Personal Information it receives?
a. We do not rent nor sell your Personal Information to anyone. However, we may share such Personal Information with third parties for the purposes described below.
i. To assist us in providing the Services and/or the Website
ii. Service Providers
If we are using a service provider who has signed agreements as one of our partners (e.g., their staff who act as accountant or bookkeeper), then all Personal Information uploaded by such users will be available to that partner and its authorized employees and agents who have access to the relevant partner portal site, with parameters set by us.
iii. Business sale or transfer
We may choose to buy or sell assets. In these types of transactions, customer information (including Personal Information) is typically one of the business assets that is transferred. Also, if we (or substantially all of our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information would be one of the assets transferred to or acquired by a third party. You will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
vi. Protection of TROWBRIDGE and others
We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or a court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of TROWBRIDGE, our employees, our clients, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. We also may be required to disclose Personal Information in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.
v. With your consent
5. Is your Personal Information secure?
a. Your portal account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by protecting your password appropriately and limiting access to your computer or device and browser.
6. What happens if there is a data breach?
a. If we become aware of a data breach or are notified of a data breach, we shall notify the Information Commissioner’s Office (ICO) and provide details to them of the data breach where we are required to do so. In most cases we are not required to provide any Personal Information on our clients, however the ICO may request contact details for clients who are or may be affected. If we encounter a data breach clients will be notified where there is likely to be a high risk of any harm or damage to them as a result of the data breach. Should we be requested to provide Personal Information as part of the data breach process we will notify those clients who we believe are affected.
7. What data subject rights do I have?
a. Under the GDPR May 25th 2018 individuals have a number of rights in relation to the processing of their Personal Information. Brief details of these rights are set out below and where these rights only apply from May 25th 2018 this has been stated under each section and further details can be obtained from the sources set out in Section 7.2.
i. Right of access
You have the right to apply for a copy of the Personal Information we hold about you. This is called a data subject access request and you can make a request by writing to us at 1201 -1 1King St W Toronto, ON M5H 1A1 Canada or emailing email@example.com . We may require you to verify your identity before we can disclose any Personal Information to you.
ii. Right to rectification
You have the right to have any Personal Information which is inaccurate that TROWBRIDGE hold rectified, or any incomplete Personal Information which TROWBRIDGE hold completed. Alternatively, through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us:
name and password
mailing or physical address
credit card information
The information you can view, update, and delete may change as the Website changes. If you have any questions about viewing or updating information we have on file about you, please contact us at firstname.lastname@example.org. We will respond to your request to access.
iii. Right to be forgotten
From GDPR May 25th 2018, you have the right to require TROWBRIDGE to delete all Personal Information held about you in certain circumstances, for example, where TROWBRIDGE no longer requires the Personal Information for the purposes for which it was collected.
iv. Right to restrict processing
From GDPR May 25th 2018, you have the right to request TROWBRIDGE restrict or block the Processing of your Personal Information in certain circumstances. If you exercise this right we will cease processing your Personal Information however we will still retain a copy of your Personal Information whilst we process your request. Once we have processed your request we will only retain the minimum amount of Personal Information to ensure we comply with our obligations under the GDPR, and to satisfy legal requirements within government regulations.
v. Right to data portability
From GDPR May 25th 2018, you have the right to request that TROWBRIDGE transfers certain Personal Information which you have provided to us where the Processing is based on consent it is necessary for the Performance of a Contract or where the Processing is carried out by automated means.
vi. Right to object
You have the right to object to the processing of your Personal Information by TROWBRIDGE where the Processing is based on TROWBRIDGE’s legitimate interests, direct marketing or if TROWRIDGE is processing Personal Information based on research or statistical purposes.
vii. Right relating to Profiling and automated decision making
From GDPR May 25th 2018, you have the right to not be subject to a decision if that decision is based on automated processing and it produces a legal effect or significantly affects you. This is not an absolute right and the right will not apply if the decision is necessary for TROWBRIDGE entering into a contract with you, is authorized by law or is based on your explicit consent.
b. You can find out more information about your rights under the GDPR by emailing: email@example.com.
c. You also have the right to apply or a copy of the information we hold about you. This is called a data subject access request and you can make a request by writing to us using the contact details above. We may require you to verify your identify before we can disclose any Personal Information to you. If your request is repetitive or excessive you may be required to pay a reasonable fee for this service.
8. Special categories of data
a. We ask that clients do not send us, and that clients do not disclose, or upload any special categories of data about themselves (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the portals or Services.
a. We post customer testimonials/comments/reviews on our Website which may contain Personal Information. We will use the reviews that you have posted on review websites in relation to our Services and by using the Services you consent to this usage. Alternatively, we will post the comments that you have supplied to us after we have obtained your consent in order for us to do the same. To request removal of your Personal Information from Testimonials or comments please contact us at firstname.lastname@example.org with the subject ‘Data Protection’.
10. What choices do you have?
a. You can always choose not to disclose Personal Information to us, but keep in mind some Personal Information may be needed to engage with us or allow us to provide services to you.
b. You may be able to add, update, or delete information (including Personal Information) as explained in Section 7 above. When you update information, however, we may maintain a copy of the unrevised information in our records.
c. Except as set out in Section 7 above, we will retain your information (including Personal Information) for as long as your account is active or as needed to provide you Services or as required by government regulations.
d. You may request deletion of your account and Personal Information by contacting us at email@example.com . Please note that some Personal Information may remain in our private records after your deletion of such information (including Personal Information) from your account due to our disaster recovery and backup purposes, and as per government regulations. We will retain and use your information and Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements but barring legal requirements, we will delete your Personal Information within 90 days.
e. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally.
12. Questions or concerns
b. You also have the right to complain to the:
GDPR (EU) - Information Commissioner’s Office in relation to the Processing of Personal Information. You can do this by visiting www.ICO.org.uk or calling 0303 123 1113.
PIPEDA (Canada) – Office of The Privacy Commissioner. You can do this by visiting https://www.priv.gc.ca/en or calling 1-819-994-5444.