Privacy Policy

TRECCO LTD- PRIVACY POLICY

TRECCO LTD PRIVACY POLICY – YOUR INFORMATION AND DATA PROTECTION

 

This is an initial draft because we have not yet seen your data flow or your website. We need to tie this in with your Business Associate Agreement.

 

1              WHO ARE WE AND HOW DO I CONTACT YOU?  

(1) Who are we?

We are Trecco Ltd, a company registered in England and Wales, company Registration Number 12366434. Our Registered Office is at 20 Swan Street, Manchester, United Kingdom, M4 5JW.

 

(2) Who do I contact about personal data or change my mind about how you can use it?

The person responsible for our data protection is Hossein Sheykhpoor whom you can contact. if you need any help or information about this policy or about how we collect and use personal data, please contact us.

By Post/mail: Hossein Sheykhpoor, Data Protection Officer, 20 Swan Street, Manchester, United Kingdom, M4 5JW

By Email: hossein@trecco.co.uk

 

2              ABOUT OUR PRIVACY POLICY

(1) Why we have a privacy policy

Your individual privacy is important to us and this Privacy Policy is an overview to explain how we process (collect, use and hold) personal data (any information that identifies, or could reasonably be used to identify you) and comply with our legal obligations. Please read through the policy carefully and if you have any queries, email  info@trecco.co.uk or look at section 1 above to find alternative ways to contact us.

 

We also use cookies on our website – see our separate Cookie Policy.

 

(2) Making changes to this Privacy Policy

The policy applies when you use our Website and our services. It was last updated on 25/11/2020.

 

We may make changes to the policy (for example to keep up with changes in the law) so we advise you to check the policy as you use the Website and our Services, although we will let you know about material changes.  However, if we make a significant change (for example use your personal data in a way which you wouldn’t expect) then we will actively let you know, for example, by emailing you.

 

(3) Personal Data and Special Category Data

(a) Personal data”, which means information which relates to a living person who can be identified from that data (a “data subject”) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us, or others, in respect of that person. It does not include anonymised data. Examples of personal data include:

  • Contact details (particularly name, address, telephone number and email address)
  • Identification information (including passport details, visa and immigration status, date and place of birth)
  • Billing information (particularly bank account numbers and information and tax information)

 

(b) “Special Category personal data” refers to more sensitive types of personal data about an individual including their:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic or biometric data (where it is used for ID purposes)
  • Health
  • Sex life and sexual orientation
  • Any criminal convictions and offences

(c) Non-personal information – will not identify a person but just helps us to use the information to improve our services by identifying, for example, information collected using our website by recording pages accessed and files downloaded to record how visitors to the website use it.

 

We may aggregate information which is anonymous and does not identify an individual. For example, we may aggregate information about where people live and their ages for marketing purposes.

 

This policy is primarily concerned with personal (including special category) information

 

3              COLLECTING PERSONAL DATA

Personal data is any information which could identify you, including your name, address and email address and IP address. Special category data is more sensitive, such as information about your health or ethnic origin.

 

Depending on how you use the Website and our business, we collect a range of personal data from you, including your name and contact information (such as your address, telephone number and email) as well as other information which you choose to give us as you use the Website and our services. You may also choose (consent) to give us special category personal information so that we can provide services to you as you require.

 

(1) What personal data do you collect?

We collect different types of personal data (any information that could identify you) but on the basis that we collect the minimum amount of data that we need. We may collect your personal data from you in the following ways:

  • Identification and contact information – such as your name and contact details (address, email, telephone number), date of birth, gender, and information when you register with us (this may include on the website, apply for a job with us or start to work with us. Sometimes this may be provided by another person on your behalf, provided that this complies with the law. For example,
  • Optional Information which you choose (consent) to give us and allow us to use so we can provide you with our products and/or services. This may include Special Categories of personal data (such as health information
  • Additional information you give to us, such as, for example, you subscribe to a newsletter or take part in a survey or competition. This could be using the website directly or through social media, for example, if we run a Facebook survey (when the social media own’s privacy policy will also apply).
  • Customer Service Information you give to us when you ask us for any help and support.
  • Accounting and transaction data relating to what you buy from us and the running of our business and paying taxes (financial information is often anonymised – for example, we do not receive card details when you use one to pay us).
  • Information from others which you ask or authorise them to provide to us. For example, from your employer where we provide services to your organisation or referrals from our clients and suppliers.
  • Marketing information and preferences.
  • Technical and website use information such as IP (Internet Protocol) address, log-in data, browser information (type and version), location and time-zone settings, operating system and platform data, as well as data on how you use our website and access partner websites, products, and services and error reporting. Please also see our Cookie Policy.
  • Statistical information such as information that forms part of the aggregate information. So, for example, we may combine (aggregate) information about how you use the website and use it to share with our partners so we can bring the best discounts and offers to our website.
  • Publicly available data such as information you share on social media.

If you choose not to provide us with personal data, we may be unable to provide some services to you. For example, without your email address we will not be able to email you.

 

(2) How do you collect personal data?

We may collect your personal data from you in the following ways: –

  • Information you provide to us when you buy from us or ask us to provide products and/or services to you.
  • Forms you complete, such as when you register with us.
  • The information you provide when you communicate with us such as during a meeting or session or by email or telephone.
  • Information that you authorise someone else to provide us with on your behalf. For example, you may consent and authorise your Doctor or Medical Advisor to provide us with your personal data so that we can provide products them with which relate to you and your health.
  • Information you provide when using our website (such as when you ask us to help or provide support or give us feedback) or social media (for example, you may comment on one of our blogs or social media posts). 
  • Any surveys or feedback requests which you choose to complete or competitions which you choose to enter.
  • Information we receive when you visit our website from another website or from social media (such as LinkedIn or Twitter).
  • If one of the people who work for us give us your contact details as their referee or emergency contact.
  • Automated information about your visits to our Website which will include (but are not limited to) your IP address, online tracking such as location, browser and type of device you use, as well as automated technology which collects technical information about your equipment and internet use  

4              USING (PROCESSING) AND SHARING PERSONAL DATA

(1) How do you use personal data?

We collect and use personal information in a variety of ways, including when we:

  • Supply you, or someone who you have authorised on your behalf (such as a Doctor or Medical Advisor) with products and/or services you have asked us for and to fulfil our contractual obligations to you.
  • Send you any information you have asked for or which may interest you, where you have consented to this happening, or information we need to tell you about.
  • Manage our relationship and communicate with you, including letting you know about important changes.
  • Deal with any request for help or answer your queries and customer support generally.
  • Interact and respond to you on social media.
  • Give you the best user experience and to enable you to participate in any interactive features of our Website.
  • Ask third parties to provide services to us including products, professional advisors, IT (including cloud providers), marketing, and outsourced services to help run our business properly and efficiently.
  • Have your consent where applicable (for example, any marketing where your consent is required).
  • Fulfil our contractual obligations to suppliers and other third parties.
  • Assess your ability and suitability if you wish to work with or for us.
  • Comply with regulations and legislation.
  • To analyse and monitor how our Website is used and to help us to administer it (including security and fraud detection) and to run our business generally.
  • Manage our business properly and efficiently.
  • Have other legitimate interests to do so.

(2) What is the lawful basis for processing my personal data?

The law says that we cannot process (collect, use or store) your information unless we have a lawful basis for doing so. There are several lawful bases which we rely on, including: –

  • Consent – when you agree that we can use your personal data in a particular way. You can withdraw your consent at any time by emailing info@trecco.co.uk if you change your mind).
  • Contractual obligations – to fulfil our contractual obligations to you or because you have asked us to do something before we enter into a contract together.
  • Legal obligation – when the law says that we must, such as for tax reasons.
  • Legitimate Interest – Sometimes we will process your data when, for example,
  • It is in our legitimate interests to do this and
  • These interests are not overridden by your data protection rights.

For special categories of personal data, the lawful bases are: 

  • Explicit consent – the individual data subject has given their explicit consent for the processing of their personal data (unless relying on that consent is prohibited by law)
  • Employment, social security or social protection laws – processing is necessary for carrying out those obligations
  • Vital interests – processing is necessary to protect the vital interests of the data subject or another person where the data subject is either physically or legally incapable of giving consent
  • Public health
  • Archiving, research or statistical purposesprocessing is necessary for archiving purposes in the public interest and provided criteria are met

 

(3) Who do you share personal data with?

There may be times when we must share your personal data with others, for example, where the law requires us or to enforce our rights or protect others. We may also share your data to: –  

  • Allow authorised third parties who are providing products and/or services to us. For example, organisations who host our websites, so they stay online and are secure and organisations who provide us with email services so we can send and receive emails. If you want to know who we share data with, please email  hossein@trecco.co.uk or look at section 1 above to find alternative ways to contact us.
  • Meet our legal and regulatory obligations such as to HMRC for taxation purposes.
  • When selling our business or carrying out associated business activities.

Otherwise we will only share your personal information if you have consented to this.

 

(4) Special Category Data or Protected Health Information

We will only use and disclose Special Category Data or Protected Health Information in the following ways

  • to perform our obligations under any agreement with you and/or the Doctor or Medical Advisor when you have consented and authorised them to provide us with your personal data so that we can provide products them with which relate to you and your health
  • when it is allowed by law

5              YOUR PERSONAL DATA RIGHTS

(1) Your Rights

The law gives you certain rights in relation to your personal data and to exercise or discuss these rights contact Hossein Sheykhpoor,  by email  hossein@trecco.co.uk or look at section 1 above to find alternative ways to contact us.

 

Your rights depend on our reason for processing your information but may include the following:

  • Access your personal data
  • Rectify your personal data if it is inaccurate or incomplete
  • Ask us to erase your personal data and prevent processing in specific circumstances
  • Restrict processing of your personal data in certain circumstances
  • Data Portability – obtain and reuse your personal data for your own purposes across different services
  • Object to processing your personal data in certain circumstances

For more information about your rights you can visit the  Information Commissioner’s website visit  where you can find detailed information about each of those rights https://ico.org.uk/your-data-matters/

 

(2) Exercising Your Rights

We will deal with all personal data requests as soon as we are able and usually within one month of receipt. If there is going to be a delay (which could be up to 3 months) in dealing with your request or there is a reason why we can’t comply with your request, we will let you know and explain why within one month of receiving your request.

 

We will ask you for some information first (primarily identification and clarification).

 

You also have the right to lodge any data protection complaints with the Information Commissioner’s Office (ICO), the UK’s supervisory authority. Visit www.ico.org.uk for more information including how to access their helpline.

 

6              DATA RETENTION – HOW LONG DO WE KEEP PERSONAL DATA FOR?

Unless you have specifically agreed otherwise, we will only keep your personal data for as long as it is

  • Necessary for the purposes for which the personal data are processed
  • To enable us to comply with our legal obligations, for example for tax purposes

Retention depends on our relationship with you and please see below:

 

Data Subject

How long personal information/data is retained

 

Potential Buyers and their patients

We will retain personal information for 12 months from the date of our last communication. 

 

Buyers and their patients

We will retain personal information for 7 years from the date that you ceased to be a client.

Potential employees who are not placed in employment using our services

We will retain personal information for 12 months from the date of our last communication, unless you agree otherwise.

Employees / workers

We will retain personal information for 7 years from the date that you ceased to be an employee/worked with us.

Potential Suppliers

We will retain personal information for 12 months from the date of our last communication. 

 

Suppliers

We will retain personal information for 7 years from the date that you ceased to be a supplier.

7              PERSONAL DATA SECURITY

(1) What we do

We have implemented appropriate technology and operational security, including policies and measures to protect personal information under our control including from unauthorised access, improper use, alteration, unlawful or accidental destruction, and accidental loss on a “privacy by design and default” basis. This includes

  • Using VPN Security
  • Encrypting data where possible
  • Anonymising or pseudonymising data wherever this is possible
  • Storing personal data in our internal systems (such as CRM (client relationship management) software) on secure servers that are not accessible by third parties without our express permission
  • Adhering to safeguards if personal data is transferred from the European Union to – see the Transferring Personal Data Outside the EU section
  • Providing internal policies, procedures and training about data protection to, as relevant, our employees and those who work with us
  • Regularly reviewing how we process
  • Restricting access to personal data to those who need it
  • Physical security of our premises and our equipment

 

(2) Your Role

Please ensure that

  • your personal data is accurate and up to date
  • you take reasonable care and safety when using your devices and the internet
  • you contact us immediately if you think or know your personal data has been used, compromised, or accessed without your express permission or if you have any other such concerns

For more information please contact hossein@trecco.co.uk

 

8              TRANSFERRING PERSONAL DATA OUTSIDE THE EU

We may transfer some data outside the EU (which may not have the same data protection), but, if we do this, we ensure that we have procedural and technical safeguards to protect the privacy of your data and to comply with the law and our own obligations, including under GDPR.

 

9              EXTERNAL WEBSITE LINKS AND SOCIAL MEDIA

You may visit or leave our Website by clicking a link to or from another website or platform operated by others (third parties) and we are not responsible for those websites or platforms – for example, you may use social media icons (such as Twitter, LinkedIn). If you do this, please also take the time to read the relevant privacy information provided by other websites/platforms because they may be different. Your information will only be shared where you have agreed to allow this.

 

10           NON-PERSONAL INFORMATION

We also collect information which does not identify you (non-personal information). This includes the type of internet browser you use or the website from which you linked to our website.

 

We may also aggregate information which you have submitted to us (for example, your age and the town where you live) which is anonymous – you cannot be identified from this information. We share this aggregate information with third parties to help us run our Website and business effectively.

 

12           COMPLAINTS AND DISPUTE RESOLUTION

(1) Contacting us 

If you have a complaint, please contact Hossein Sheykhpoor

By Post/mail: : Hossein Sheykhpoor, Data Protection Officer, 20 Swan Street, Manchester, United Kingdom, M4 5JW

By Email: hossein@trecco.co.uk

 

(2) Contacting the Information Commissioner’s Office

You can also lodge any data protection complaints with the Information Commissioner’s Office (ICO) who is the UK’s supervisory authority. You can visit https://ico.org.uk/ for more information including the best ways to contact them.