Thank you for trusting TruCorp Limited (we, us or TruCorp) to be responsible for your personal data, which we want you to know that we take seriously.
· our TruVent® virtual ventilation management training solution (TruVent), which you may access and use on a software as a service basis (being the TruVent Services);
· our TruMonitor® patient monitor application (TruMonitor), which you may access and use on a software as a service basis (being the TruMonitor Services);
· our TruAED® CPR/AED performance feedback training application (TruAED), which you may access and use on a software as a service basis (being the TruAED Services);
· our Smart Airway application which allows for smart sensorization in respect of our Airsim Product Range to provide objective and quantitative feedback on the users techniques (Smart Airway); which you may access and use on a software as a service basis (being the Smart Airway Services); and
· our Interactive Remote Learning software (IRL), which may be integrated into TruVent, TruMonitor, TruAED and Smart Airway (being the IRL Services).
The TruVent Services, TruMonitor Services, TruAED Services, Smart Airway Services and IRL Services are together the Cloud Services. TruVent, TruMonitor, TruAED and SmartAirway are together the Products.
Any data that we collect through the Cloud Services or generally when providing you with our other paid services (the Services) shall be known as the Customer Data, any data collected specifically through TruVent (other than account administration data) known as the TruVent Data, any data collected specifically through TruMonitor (other than account administration data) known as the TruMonitor Data, any data collected specifically through TruAED (other than account administration data) known as the TruAED Data, and any data collected specifically through Smart Airway (other than account administration data) known as Smart Airway Data and any data collected through IRL Services (other than account administration data) known as the IRL Data.
The TruVent Data, TruMonitor Data, TruAED Data, Smart Airway Data and IRL Data are together the Cloud Data.
It also informs you how we will look after your personal data when, and about your privacy rights and how the law protects you. It does not cover any third party website you have used to access our websites or the Cloud Services or any third party websites that you access from them.
It applies to all processing of personal data undertaken by TruCorp other than processing of personal information in the context of recruitment and employment, which is dealt with under separate internal policies.
It is important that you read this policy so that you are fully aware of how and why we are using your data.
Before using the Services, you individually, or acting on behalf of the company who has paid for access to the Services, will need to have agreed to our standard customer terms.
1. WHO WE ARE
Full Name of Legal Entity: TruCorp Limited, a company incorporated in Northern Ireland under registered company number NI042894
ICO Registration Number: ZA201554 (this is the number under which we are registered with the UK Information Commissioner’s Office as a fee paying data controller).
1.2 Under the UK General Data Protection Regulation or the EU General Data Protection Regulation (collectively GDPR) and other relevant data protection legislation, we act as both a data controller (i.e. where we make decisions) in relation to your personal data that we collect, as well as a data processor (i.e. process data broadly in accordance with your instructions.
When we act as a Data Processor: When as a user you use the Cloud Services to process personal data, or we process personal data on your behalf, whether through our provision of the Services to you or otherwise, we act as a data processor. Under these circumstances, you may act as a data controller or data processor yourself, and we will act as either a processor or a sub-processor. Whenever we act as a processor, or a sub-processor, we will be restricted in the manner and purpose for which we can use personal data (including where applicable in the manner outlined in this policy) and we will also be subject to other obligations under data protection legislation.
When we act as a Data Controller: By contrast, when we collect personal data and determine the purposes and means of processing that personal data – for example, when we store account information for TruVent, TruMonitor, and IRL users collected through account registration, administration or services access processes, or contact information as explained below – we act as a data controller.
2. WHAT KIND OF PERSONAL DATA DO TRUCORP PROCESS?
INFORMATION YOU SUPPLY TO US
2.1 General personal data – This is personal information about you that you share with us by online forms on our website, through email, through the post, on the telephone, when you register to use the Cloud Services, when you complete customer surveys, engage with our customer services team, engage TruCorp to provide Services or by any other means.
Typically, when you generally interact with TruCorp you may provide information about yourself, as well as other data about your business, including your full name, job title, billing address, business name, personal and/or business email address, telephone and/or mobile phone number and other contact details. You may provide similar information where you contact us, sign up to events or sign up to our newsletter.
Cloud Services Data:
When you sign up to use any of the Cloud Services you will be required to provide your name and email address, alongside other non-personal details (such as user display name). Optionally, you may be asked to provide a mobile telephone number if required for account verification or login.
When using the Cloud Services you may also (but are not required to) upload other personal data relating to yourself or others, and will provide personal data when you report any technical or service issues in relation to our websites or Cloud Services, including relevant notes about any issues and how we responded to resolve these, as well as details of any payments you have made through our websites.
IRL Data (IMPORTANT – PLEASE NOTE): When using the IRL Services, we will record the session, including your video and audio recording, record any instructor entered data (including notes of the session, checklist results and feedback) as part of the interaction between users, any user entered feedback data, technical data around your interaction with the IRL Services or feedback generated by the physical training device with which they are associated (e.g. compression or ventilation data)
2.2 Employment Data: If you contact us in connection with a job application (or agree for a third party to contact us on your behalf) you may provide us with your contact details, name, academic and professional skills, employment history, title, date of birth and other information (including monitoring information) (Employment Data).
2.3 Feedback Data: If you take part in any product feedback sessions, or make a suggestion for an event, content, feature, discussion, this will also be shared among the development team to feed into our roadmap if applicable.
2.4 Financial Details: Where you are a supplier and provide us with your financial details in order to facilitate payments by us to you or a customer contacting us to provide your financial details in the context of any returns or overpayment, we will collect these financial details. All such details will be kept securely.
Where you are a customer and make payments for the Cloud Services, we use a third party payment processor (currently Stripe) to facilitate such payments and may collect or generate financial information (for example, invoices including your details) as part of that process. As is normal, credit card details are not accessed or stored by TruCorp.
2.5 Verbal Information: If you provide verbal personal information that you give us consent to use you will have such consent confirmed back to you in writing.
2.6 Marketing Information: You may also communicate your preferences in receiving marketing from us and our third parties and your communication preferences (including details you provide when you opt-in to receive marketing communications, such as our newsletter, from us).
2.7 Third Party Data: Where you are sharing personal data that does not directly relate to you (e.g. your representatives that legally act on your behalf), you must ensure you have the consent to do so and have shared this policy with that person/those people, including where you are acting to register other individuals on their behalf.
2.8 Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products). In this case, we may not be able to fulfil any order you place with us, but we will notify you if this is the case at the time.
PERSONAL DATA WE COLLECT
2.9 CCTV Footage – We may use CCTV cameras on our premises and may record footage of you where you attend our premises in person, and use such footage as required in our legitimate interests, including to ensure the safety and well-being of our staff.
2.10 Technical Data from the Cloud Services: We use certain technical services to gather certain technical and usage data whenever you use the Cloud Services, as detailed
[Note: I probably need more information on
Technical Data from Our Websites
We use certain technical services to gather technical data online whenever you use our websites including information about your device and your visits to our websites such as your IP address, geographical location, browser type, referral source, length of visit and pages viewed.
We collect this data using cookies and other similar technologies. There is (currently) no login functionality on our other websites, so you will not be personally identifiable from such data.
Please see our cookie and similar technologies policy in relation to our websites for further details available here.
PERSONAL DATA WE RECEIVE FROM THIRD-PARTIES
2.11 Partners: We may receive your name and contact details (such as address, contact number or email address) where you have expressed an interest in any of our products or Services through our commercial partners, the Laerdal Medical group or the Limbs and Things group. They may also provide further information in connection with support tickets where we provide second or third level support in resolving issues connected with any of our products or Services.
2.12 Device Data: analytics providers such as Plausible Analytics or Google Analytics (in respect of our other websites) based inside the EU.
2.13 Social Media: publicly available information through social media sites, such as Facebook, LinkedIn, Twitter and Google. This includes where you have responded to a promotional item or offer from us through social media facilities, in which case we may receive profile information about you which can include your name, address, telephone number(s) and/or your business contact details. This information would be used to respond to your interest, to fulfil a request from you and/or to send you future information and offers, where you have given clear consent to do so.
2.14 Publicly Available Information: As a general TruCorp customer, we may collect personal information about you from other publicly available sources. This can include your name, address and other publicly available information. As far as passible, we ensure that where any third-parties are involved in suppling such information, that they are compliant to do so.
2.15 Service Providers: Other services providers such as recruitment agencies, payment and delivery service providers and others.
2.16 Your Employer / Organisation: Customer organisations, suppliers, universities or academic institutions and business partners in instances when you work for them or they have paid for your licence or access to the Cloud Services.
2.17 Cloud Services: Users of the Cloud Services may collect, store and process personal data about you when using the platform, for example, you may record the name of your instructor or student through the IRL Services. As detailed below we have requested that no sensitive or special category data is collected through the Cloud Services, but we have no obligation to enforce this provision, and we do not control users’ use or processing of personal data through the Cloud Services.
IMPORTANT – PLEASE NOTE: Our relevant end user licence terms for the App and Cloud Services at https://app.trucorp.com/eula.html require users to refrain from uploading or processing any data using the App or Cloud Services in violation of applicable laws, including not to process any personal data without valid legal grounds, not to process any sensitive or special categories of data (such as financial information, medical data, information about religious or political affiliations etc) and not to infringe any third party’s other rights using the Cloud Services. We require all users to agree to adhere to these terms at all times, but do not actively monitor content uploaded or processed using the Cloud Services and are not responsible for enforcing the relevant terms. If you are reviewing this policy because you believe your or your organisation’s data has been used in violation of the relevant terms for either product, please contact us.
2.18 Other: from time to time, we may receive personal information from other sources. We will always endeavour to ensure such information is provided from reputable sources, who are GDPR compliant to do so.
KEEPING YOUR PERSONAL DATA UP TO DATE
2.19 It is important that the data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
3. WHAT INFORMATION IS NOT COLLECTED?
3.2 If you’re a child under the age of 16 (or are otherwise younger than the legal age limit required in the country in which you reside), you may not have a user account for the Cloud Services or provide personal information to us via our other websites. TruCorp does not knowingly collect information from or direct any of our content specifically to children under relevant ages.
If you are a child aged between 16 and 18 using our Services or websites from the UK or European Union, you must have informed your parents or guardians of this, of the terms of this policy, and have their consent to do so.
4. HOW IS INFORMATION USED?
4.1 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data (other than Cloud Data) in the following circumstances:
4.1.2 Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
4.1.3 Where we need to comply with a legal or regulatory obligation.
4.2 We only use the Cloud Data in the following circumstances:
4.2.1 To operate, maintain and improve the relevant application or IRL and its related features (as applicable).
4.2.2 Where necessary to give you to access the relevant application or IRL and related features, engage with the content or otherwise interact with the relevant application or IRL (as applicable).
4.2.3 To provide technical support or customer service.
4.2.4 To administer and protect our business and websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
4.2.5 To promote security and prevent abuse of our websites and Services (in order to ensure a high level of security in all of our Services and websites as well to prevent abuse and fraud in use of the Services and websites;
4.2.6 To provide you or your employer / organisation help associated with the Services including training, competence records and certificates.
4.2.7 To communicate with you about the relevant application or IRL and any relevant updates.
4.2.8 For the purposes of detection and prevention of fraud or other security or legal incidents.
4.2.9 Where we need to comply with a legal or regulatory obligation.
4.2.10 For the purposes of providing, enhancing or improving the Cloud Services.
4.3 Generally, we do not rely on consent as a legal basis for processing your personal data other as set out below in relation to marketing and testimonials. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
4.4 Where you use the Services at the request of your employer, and we provide Services to your employer, we collect, use and share your personal information for the above purposes at the request of, and in accordance with the directions of your employer. Your employer is the data controller of your personal information for such purposes, and we are the data processor. Your employer has personal information protection policies and processes that may differ from the privacy statement you are currently reading, and we recommend that you read such policies before accessing or using the Cloud Services. If you have yourself individually subscribed to the Services as a controller, we collect, use and share your personal information for the above purposes for and on your behalf and we are the processor of your personal information for such purposes.
4.5 Our Standard Business Operations:
4.5.1 To provide the services and any other responsibilities that we contract to do so with you;
4.5.2 To provide you with information that you request from us;
4.5.3 To register you as a new customer or as a user of our Services or to register your business as a supplier to us;
4.5.4 To evaluate you or your employer as a supplier or service provider and make steps necessary for entering into the contract with you or your employer;
4.5.5 To confirm your identity as a natural living person;
4.5.6 To establish, exercise or defend legal claims; and
4.5.7 As part of our billing, payments and recovery processes.
We may also use contact information to notify you of any issues which might impact the provision of our Services to you or your use of the Cloud Services.
We may contact you to respond to requests that you make, notify you of changes to the Services, for marketing purposes, or to otherwise inform you of information related to our business.
You will only receive marketing communications from us if you have opted to receive them. This includes where you have consented to being contacted by us by email or telephone. You can opt in over the phone, by email, or online. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us, as appropriate, at any time.
We will never sell your personal data to any third party (as noted below).
We may post customer testimonials and comments on our websites or other platforms, which may contain personal data. We obtain each customer’s consent via email prior to posting the customer’s name and testimonial.
4.8 Employment Data
We will use the Employment Data provided to us in our legitimate interests in contacting you for potential job interviews and deciding whether to hire you assess your skills, qualifications and suitability for any job that you may seek with us and to communicate with you during the recruitment process and keep records of our hiring process.
Please note that this Policy only describes how we handle your information during the recruitment period and ceases to apply after you become employed by us (if successful), i.e., it does not apply to Trucorp employees or consultants in the context of their employment / engagement by Trucorp.
4.9 Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4.10 Legal Requirements
We will keep and use your data in terms of any legal or regulatory requirements that we have and can use your data to protect our legal position, if legal action is required, including the recovery of any outstanding debts.
By way of further example, we will share your personal data with the relevant agencies and without notice, where we are requested to or suspect fraudulent activities, money laundering, terrorist related activities.
4.11 Website Administration and Customisation
We may use the information we collect about you (with the exception of Cloud Data) for a variety of website administration purposes, and customisation purposes. For example, we use your information to process your registration request, provide you with services and communications that you have requested, send you email updates and other communications, customise features and advertising that appear on our websites, deliver our websites content to you, measure Website traffic, measure user interests and traffic patterns, and improve our websites and the services and features offered via our websites.
4.12 Aggregated or Non-Identifying Information
Non-identifying information includes information collected from or about you that does not personally identify you – including aggregated information. TruCorp treats IP addresses, log file information, anonymised feedback, user agent strings, computer IDs, and related information as non-identifying information, except if applicable law suggest us to do otherwise. TruCorp may use non-identifying information for any purpose.
Certain jurisdictions, including the European Union, may deem IP addresses and/or Unique IDs, to be personal data. Accordingly, for persons in such jurisdictions, our use of Non-Identifying Information as described in this policy should be assumed to include IP address and Unique ID data.
5. WHAT INFORMATION IS SHARED?
5.1 We do not disclose personal data outside TruCorp, except in the situations listed in this section or in the section below on Compelled Disclosure, but may have to share your personal data with the categories of data processors or data controllers set out below for the purposes set out in in above or otherwise below:
5.1.1 with HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom, EEA (or other jurisdictions as required under applicable law, including pursuant to medical device regulations) who require reporting of processing activities in certain circumstances (excluding private Customer Data and Cloud Data – unless we are subject to a Compelled Disclosure);
5.1.3 with professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services, where they have a need to know same for any of the purposes set out above (excluding private Customer Data and Cloud Data);
5.1.4 with, in respect of our TruAED Data, TruMonitor Data and TruVent Data, and any associated IRL Data, (i.e. data collected by our software application only training products) our commercial partner / reseller Laerdal Medical group, who process such data in accordance with their privacy statement available here;
5.1.5 with, in respect of our Smart Airway Data, and any associated IRL Data (i.e. data collected by our physical training products with integrated software functionality) our commercial partner / reseller the Limbs and Things group, who process such data in accordance with their privacy statement available here;
5.1.6 with reputable and trusted third-parties where we have asked them to contact you on our behalf, where you have given us consent, it is part of our contractual agreement, is a legal requirement or there is clear legitimate interest between us (these services may include sending you email, calling you by telephone, sending you information or orders through the post etc.) (excluding Cloud Data);
5.1.7 where you use the Cloud Services at the request of your employer or a third party organisation who has paid for your access, and we provide Services to your employer / that organisation, we share your personal information with your employer / organisation for certain purposes as data processor of your employer. This also includes other employees / users of your employer / organisation (for example instructors or students), or third party instructors at their request;
5.1.8 with specific selected third parties, determined by us, if you breach any agreement with us, including so as to enforce our rights against you, including credit-reference agencies, debt-collection firms or service providers, solicitors or barristers and law enforcement agencies (if applicable) (excluding private Customer Data and Cloud Data); and
5.1.9 with service providers acting as processors who may be based outside the European Union or United Kingdom who provide IT and system administration services, including for the performance of our contract with you, as set out below, including where their products and services are integrated into our websites and Cloud Services in order to deliver desired functionalities. When we transfer your data to our service providers, we remain responsible for it:
● with email marketing services to send marketing emails where you have opted in to receiving them. You can unsubscribe directly from any mailing list using the unsubscribe links provided within emails (excluding Cloud Data);
● with analytical service providers in order to analyse our website’ traffic to improve products and services (excluding Cloud Data);
● with processors offering software tools, or EU or UK based external servers (including externally provided original and backup servers), that are used to store personal data provided by you on our behalf (such as Google Firebase whose privacy policies are available at https://firebase.google.com/support/privacy).
5.2 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process the minimal personal data required for the specified purposes, in accordance with our instructions, where they have agreed to privacy restrictions similar to our own policy.
5.3 We do not share, sell, rent, or trade personal data with third parties for their commercial purposes. We may also share personal data with your permission, so we can perform services you have requested.
6. IS SHARED INFORMATION TREATED DIFFERENTLY?
6.1 Cloud Data may be viewed or downloaded by third parties where you have made it publicly accessible via the Cloud Services, including where you share it with a third party user specifically. If you do not want your any personal data comprised in such Cloud Data to be utilised by third parties, please do not make the relevant Cloud Data available to them.
6.2 In respect of the IRL Services, the nature of the IRL Services is such that your lecturer, supervisor or other third party with whom you are training is able to view access the IRL Services Data, including in real-time, and to access recordings of all training sessions delivered via the IRL Services after the fact. They can also export that IRL Services Data and share it with third parties via the IRL Services.
Whilst TruCorp accepts no responsibility for how other users may use information stored on your user account you choose to share with them, we do ask our users to agree that if they would like to use other users’ data, they may only use it for the purposes authorised by the relevant user.
For example, where a TruVent user has made an email address available for the purpose of identification and attribution, or engaged in training through the IRL Services, we request that you do not use their email address or IRL Services Data for advertising.
We expect you users who have access to third parties’ data to reasonably secure such Cloud Data you have gathered from other users, and to respond promptly to complaints, removal requests, and “do not contact” requests from TruCorp or other Cloud Services’ users.
7. HOW IS MY INFORMATION SECURED?
7.1 TruCorp takes all measures reasonably necessary to protect personal data from unauthorised access, alteration, or destruction, maintain data accuracy and help ensure the appropriate use of personal data. We follow generally accepted industry standards to protect the personal data we hold, both during transmission and once we receive it.
7.3 In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to duties of confidentiality.
7.4 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7.5 No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
8. HOW IS INFORMATION COLLECTED AND STORED GLOBALLY?
8.1 Trucorp has operations around the world and our services providers operate in countries across the world. To facilitate global operations, your personal information may be transferred, disclosed, stored or processed in countries other than your own.
8.2 Those countries may have different privacy and data protection laws from the country where personal information was originally provided. One way in which this may occur is where your personal information is stored in a controlled access repository in the cloud. “In the cloud” refers to servers in a data centre that are managed by a third party and accessible through the Internet, and that data centre may be in a country other than your own.
8.3 Whenever we transfer your personal information to other countries, we have taken appropriate safeguards to ensure that your personal information remains protected in accordance with this policy, and that any transfers to countries other than the country of your location are carried out in compliance with applicable legal requirements. If your personal information is transferred outside the UK or EEA we will rely on the European Commission’s Standard Contractual Clauses, the UK’s International Data Transfer Agreement, or relevant adequacy decisions to permit such transfers. If you would like to obtain a copy of the data sharing mechanisms we use to transfer personal information outside of your jurisdiction please contact us.
8.4 We provide the same standard of privacy protection to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard to comply with the applicable data privacy laws wherever we do business. Additionally, we require that if our vendors or affiliates have access to personal data, they must comply with applicable data privacy laws.
8.5 In particular:
8.5.1 we provide clear methods of unambiguous, informed consent at the time of data collection, when we do collect your personal data and if applicable. Where consent is not the applicable ground for processing, we will ensure that it has an appropriate ground for processing any personal data (including but not limited to contractual obligation or legitimate interest);
8.5.2 we collect only the minimum amount of personal data necessary, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing;
8.5.3 we offer you simple methods of accessing, correcting, or deleting the data we have collected; and
8.5.4 we provide our users notice, choice, accountability, security, and access, and we limit the purpose for processing. We also provide our users a method of recourse and enforcement.
9. WHAT HAPPENS IF I HAVE A COMPLAINT?
9.1 If you have concerns about the way TruCorp is handling your personal data, please let us know immediately. We want to help and there are several ways available that you can contact us. You may also email us directly at email@example.com with the subject line “Data Privacy”. We will respond within 21 days at the latest, unless required to respond earlier under relevant law.
9.2 If you are a data subject based in the UK or European Union, you may have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk), or other competent supervisory authority of an EU member state if the Services are accessed outside the UK. We would appreciate the chance to deal with your concerns before you approach such bodies so would ask that you please contact us in the first instance.
10. LINKS TO OTHER WEBSITES
10.1 Our websites or Cloud Services may contain links to other websites and social media services, such as Facebook and Twitter. In addition, our websites or Cloud Services may contain certain features that are provided by third parties and platforms.
10.2 If you already use these platforms, their cookies may be set on your device when using our websites or Cloud Services and they may already have certain information about you which they may combine with information collected on our websites or Cloud Services. These features may enable integration and/or access to your social media accounts. We do not control those websites and social media services, your profiles on those services, modify your privacy settings on those services or establish rules about how your information on those services will be used. You and the social media service providers are in control of those issues.
10.3 Those websites and social media services are independent parties that do not share the same privacy practices as us, and we are not responsible for their processing of your personal information. You are encouraged to familiarize with their policies and notices on the relevant websites and social media services to learn more about how they handle your information before using any such features made available to you on our websites or Cloud Services.
11. HOW DO YOU RESPOND TO COMPELLED DISCLOSURE REQUIREMENTS?
11.1 TruCorp may disclose personal data or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar governmental order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.
11.2 In complying with court orders and similar legal processes, TruCorp strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.
12. HOW CAN I ACCESS MY OWN PERSONAL INFORMATION?
If you’re already a user, you may access, update, alter, or delete your basic user profile information by editing your user profile or contacting us.
Under certain circumstances, where you are a citizen of the European Union or UK, you have rights under data protection laws in relation to your personal data under GDPR.
You have the right to:
● Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
● Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
● Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
● Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
● Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
● Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
● Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
● Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Where you exercise one of your rights, we may need to request specific information from you to help us confirm your identity and ensure your right to exercise such rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
13. DATA RETENTION AND DELETION
Personal Data Generally
13.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
13.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
13.3 We will keep your personal data for the term you have consented to, the contracted term between us where there is a legitimate interest for us to remain in contact with you, or for the legally required period, whichever is the longest.
13.4 By law we have to keep basic information about any of our customers (including contact, identity, financial and transaction data) for six years after you cease being a customer for tax purposes. For the purposes of contract administration, we will also store all data as long as the contract you have placed through us endures and for the six year limitation period thereafter in case you raise any claims in relation to any Services you have purchased from us. This section does not apply to Cloud Data.
13.5 If we rely on consent for processing your personal information, we will stop processing when the consent is withdrawn, or the processing purpose is exhausted, whatever comes first. Please note that withdrawing consent will not affect lawfulness of the processing based on consent before withdrawal. Where you have withdrawn your consent, in some cases personal information cannot be deleted, due to the technical reasons, from our systems and backups. Where this is the case, we will ensure that appropriate measures that prevent further use of such personal information are in place.
13.6 In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
13.7 If you would like to cancel your user account for any of our Products, you may do so by following the steps set out on the Cloud Services. However, we will continue to retain any Cloud Data for as long as the organisation on whose behalf you are accessing the Cloud Services continues to use them. That organisation is known as the controller of your personal information, and you should refer to their personal information protection policies and processes for information about the relevant retention period(s).
13.8 Otherwise, we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, maintain security, and enforce our agreements. The timeframes for deletion of your organisation’s Cloud Data generally are specified in our customer terms, or our agreement with them.
14. HOW DO YOU COMMUNICATE WITH USERS?
14.1 We will use your email address to communicate with you, if you’ve given us the OK, and only for the reasons you’ve permitted. Emails by default are not disclosed with other users. This will not change how we contact you, as we always utilise your primary email address.
14.2 Depending on your email settings, TruCorp may occasionally send notification emails about new features, requests for feedback, important policy changes, or to offer customer support. We also send marketing emails, including ones featuring, services and products offered by our commercial partners, but only with your consent. There’s an unsubscribe link located at the bottom of each of the emails we send you.
14.3 Our emails might contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email. If you prefer not to receive pixel tags, please opt out of marketing emails.
If there are material changes to this policy or in how we use your personal data, we will prominently post such changes prior to implementing the change. We encourage you to periodically review this policy to be informed of how we are collecting and using your information.
We keep this policy under regular review, for example, to reflect changing business circumstances and legal developments.
Although most changes are likely to be minor, it may change and if it does, these changes will be posted on this page and, where appropriate, notified to you when you next log on to use the applicable Cloud Services. Otherwise, any changes shall be applicable without further notice.
This version one of this policy was last updated on [May 2023] and historic versions can be obtained by contacting us.
16. HOW CAN I CONTACT TRUCORP?
17. INFORMATION FOR USERS IN CERTAIN JURISDICTIONS
Additional information for California residents only:
With regard to personal information of California residents, in addition to the information already provided in the sections above, the following additional section of this Privacy Statement also applies to you.
This section of the Privacy Statement does not address or apply to:
· Our handling of personal information which is exempt under section 1798.145 of the California Consumer Privacy Act 2018 (CCPA); or
· Personal information we collect about employees, contractors or job applicants or other individuals who are not California residents; or
· Personal information we collect about persons acting in their capacity as representatives (B2B contacts) of our customers, prospective customers, suppliers and other businesses we conduct business with to the extent that we use this personal information only in the context of conducting our business relationship with their respective business.
Under the CCPAyou have the right to:
· request that we disclose the categories of your personal information that we have collected, used, disclosed and sold (if applicable) in the 12 months prior to your request as well as the categories of sources of such personal information within the last 12 months prior to your request
· request that we delete your personal information and we will respond to verifiable requests to do so;
· non-discriminatory treatment for the exercise of any of your data protection rights;
· access your personal information in a portable and to the extent, technically feasible, readily usable format that allows you to transmit this information to others without hindrance;
· opt-out of the sale of your personal information.
Please note that we do not sell Personal Information collected about you as defined by the California Consumer Privacy Act. However, we will provide the “Do Not Sell” link that will allow you to instantly submit an opt-out request in all instances where we may sell your personal information. We may share or disclose Personal Information to third parties, service providers and business partners or allow them to collect Personal Information from our Websites and Services. This might occur only in in case that third parties, service providers and business partners have entered into a contractual relationship with us that ensures high level of Personal Information protection and facilitates compliance with applicable laws and regulations. If you would like to learn about “business purposes” for which we disclose personal information as well as categories of personal information disclosed, please refer to the other sections of this policy.
California residents may submit a request to disclose or a request to delete by contacting us in the method described in the “How can I contact TruCorp” section. Please note that we may need to verify your identity and place of residence before complying with your request.
Additional information for Canadian residents
In addition to the methods mentioned in “How can I contact TruCorp” section above, you can also subscribe, manage your email settings and unsubscribe from marketing communications by using the unsubscribe link in any marketing communications we send you.
This policy shall be governed by and interpreted in accordance with the laws of Northern Ireland and you irrevocably agree that the courts of Northern Ireland shall have exclusive jurisdiction to settle any dispute which may arise out of, under, or in connection with this policy.