Enterprise customers use Trustopia’s intelligent platform to in-house enable the digitisation of their people screening process workflows and support the people decisions they alone may wish to make about the people they employ or the customers they serve.
Privacy is critically important to Trustopia and it is committed to protecting the rights and freedoms of data subjects and to safely and securely process personal data in accordance with all of its legal obligations.
Trustopia values a data subject’s right to control what personal information is collected about them and how this information is used.
Trustopia believes that responsible stewardship of the information entrusted to it is crucial in developing and maintaining the public trust essential for the continued success of the processes it digitally enables.
Trustopia is committed to ensuring it always does the right thing for its enterprise platform users and the individuals they may take through an intelligent screening process using the Trustopia platform to support their digital processing workflows.
To this end, Trustopia is committed not only to the letter of the law but also to the spirit of the law and places the highest possible premium on its correct, lawful and fair handling of all Personal Data provided through its platform; respecting the legal rights, privacy and trust of every individual with whom its enterprise customers choose to engage by consent.
Because what Trustopia does as a digital enabler is built on trust, it cannot ever afford to get privacy wrong.
Trustopia defines Personal Data as the broader of the definitions contained in the GDPR.
While some data will always relate to an individual, other data may not, on its own, relate to an individual. Such data would not constitute Personal Data unless it is associated with, or made to relate to, a particular individual.
Generic information that does not relate to a particular individual may also form part of an individual’s Personal Data when combined with Personal Data or other information to enable an individual to be identified.
Trustopia defines Sensitive Personal Data as the broader of the definitions contained in the GDPR.
Any use of sensitive Personal Data is strictly controlled in accordance with this privacy statement.
In seeking to protect personal data and ensure Trustopia personnel understand the rules governing its use of the personal data to which they have access in the course of their work; staff are required to ensure the Trustopia Data Protection Officer (DPO) is consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.
All information supplied to or through Trustopia’s intelligent platform by individuals in response to an invitation to share their data issued by an enterprise using the Trustopia platform and with whom both the enterprise and the individual have engaged for their mutual purpose and to whom the individual has given consent to the enterprise, is processed and protected by Trustopia in accordance with the current applicable data protection laws and security best practice.
The data protection principles we work to
In the EU, Trustopia seeks to comply with the principles of data protection (the Principles) enumerated in the General Data Protection Regulation and makes every effort possible in all that we do to do so.
The Principles are:
- Lawful, fair and transparent – data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used.
- Limited for its purpose – data will only be collected for a specific purpose.
- Data minimisation – any data collected must be necessary and not excessive for its purpose.
- Accurate – the data we hold must be accurate and kept up to date.
- Retention – we will not store data longer than necessary.
- Integrity and confidentiality – the data we hold will be kept safe and secure.
What we do with data
We aim to put data on our users side. We use it for good, to help individuals and enterprises achieve their mutual goals.
We help enterprises understand and know their people better by enabling the people screening processes they run with digital intelligence.
User data rights
It’s important that people and enterprises understand their rights when it comes to the processing of their data.
We make sure users can see what data we may hold and that they can correct anything that’s wrong. In some cases users can control how Trustopia may use their data.
What data might we hold and why might we have it?
We process a range of data about Trustopia users for a variety of legitimate reasons and only ever does so with the data owners explicit consent.
If we hold or process data about a user it’s because of one or more of the following:
- The individual has been invited by an enterprise user to provide personal information as part of its intelligent screening process, utilising the Trustopia platform to digitally enable their interaction by appropriate mutual consent.
- They’re a business using Trustopia’s intelligent screening platform.
- Data relating to an individual is shared by an external trusted data source where appropriate consent has been given by the individual for the passing of information about them
Trustopia may also obtain personal data about users from publicly available sources.
How we safeguard user data
Trustopia takes all reasonable and appropriate steps to protect the personal information that it may process or hold from misuse, loss, or unauthorised access.
Trustopia does this by having in place a range of appropriate robust technical and organisational measures. These include appropriate measures to deal with any suspected data breach.
If you suspect any misuse or loss of or unauthorised access to your personal information as a Trustopia user, please let us know immediately. Details of how to contact Trustopia can be found on this website.
How users can access, amend, or take back the personal data they have provided using Trustopia
Our legal bases for processing user data
Trustopia also has its own obligations under the law, which it is a legitimate interest of ours to insist on meeting. If Trustopia believes in good faith that it is necessary to do so, it may share your data in connection with crime detection, tax collection or actual or anticipated litigation.
How to contact Trustopia
- wish to access, amend or take back the personal data that you have given to an enterprise through us as a user;
- suspect any misuse or loss of or unauthorised access to personal information;
- wish to withdraw user consent to the processing of personal data (where consent is the legal basis on which we have processed that personal data);
- have any comments or suggestions concerning privacy; or
- want to make a complaint on how Trustopia may have handled personal user data.
You can write to us at: Trust Systems Software (UK) Limited, Devonshire House, Goswell Road, London, EC1M 7AD, UK or email us at: firstname.lastname@example.org.
Trustopia will deal with your request without undue delay and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that Trustopia may keep a record of your communications to help it resolve any issues that you raise.
Unless otherwise stated: Trust Systems Software (UK) Limited – whose trading style is Trustopia – is a data controller for the personal data enterprise users may process through the Trustopia platform to which this statement applies.
In certain circumstances, Trustopia may be required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what the Trustopia platform may do with that information, this consent will be opt-in consent or soft opt-in consent.
Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
In plain language, this means that:
- you have to give your consent freely to the enterprise that has invited you to provide information, without it putting you under any type of pressure;
- you have to know what you are consenting to – so Trustopia will make sure enterprise users and Trustopia give you enough information both where it is required and where it is appropriate;
- you should have control over which processing activities you are consenting to and which you don’t. Trustopia enables these finer controls within its privacy preference centre; and
- you need to take positive and affirmative action in giving your consent – Trustopia is likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
Trustopia will keep records of the consents you have given in this way.
In some cases, Trustopia will be able to rely on soft opt-in consent. Trustopia may be allowed to market products or services to you which are related to the services it provides as long as you do not actively opt-out from these communications.
Please note that in certain of the jurisdictions in which we may operate, Trustopia will comply with additional local law requirements regarding consenting to receive marketing materials.
You have the right to withdraw your consent to these activities. You can do so at any time by contacting us.
How to contact your local supervisory authority
If you are not satisfied with Trustopia’s response or believe it has not processed your personal data in accordance with UK law and the requirements of GDPR; you can complain directly to:
The UK Information Commissioner’s Office
(which can be contacted in any of the following ways):