TSP Privacy Policy
1. Interpretation
This privacy policy governs how The Services People Limited and Partners of the TSP Connect scheme shall interact from a data protection perspective. Please read this document carefully to ensure that you have understood your obligations are able to comply with them. By becoming a Partner you are deemed to have accepted the obligations placed upon you in this Privacy Policy.
1.1 Definitions:
Company name: The Services People Limited.
Consent: agreement which must be freely given, specific, informed and be an unambiguous indication of the Data Subject's wishes by which they, by a statement or by a clear positive action, signify agreement to the Processing of Personal Data relating to them.
Customers: customers, clients or contacts of each Partner whether past or current.
Data Subject: a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
General Data Protection Regulation (GDPR): the General Data Protection Regulation ((EU) 2016/679). Personal Data is subject to the legal safeguards specified in the GDPR.
Personal Data: any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Special Categories of Personal Data and Pseudonymised Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person's actions or behaviour.
Processing or Process: any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
Partner: A member of the TSP Connect scheme as updated from time to time.
Purpose: providing services to and on behalf of Partners.
Special Categories of Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.
2. Introduction
This Privacy Policy sets out how The Services People Limited ("we", "our", "us", "the Company") and Partners ("you", "your") shall handle the Personal Data of Customers.
You must read, understand and comply with this Privacy Policy when Processing Personal Data on our behalf or when providing Personal Data to us. This Privacy Policy sets out what we expect from you for the Company to comply with applicable law. Your compliance with this Privacy Policy is mandatory.
3. Scope
We recognise that the correct and lawful treatment of Personal Data will maintain confidence in our organisation and will provide for successful business operations. Protecting the confidentiality and integrity of Personal Data is a critical responsibility that we take seriously at all times.
4. Personal data protection principles
We are responsible for and must be able to demonstrate compliance with data protection law. We are not responsible for your compliance with the law, but by agreeing to work with us you warrant that you have met the standards described in this document.
5. Lawfulness, fairness, transparency
5.1 Lawfulness and fairness
Personal data must be Processed lawfully, fairly and in a transparent manner in relation to the Data Subject.
You may only collect, process and share Personal Data fairly and lawfully and for specified purposes. The GDPR restricts our actions regarding Personal Data to specified lawful purposes. These restrictions are not intended to prevent Processing but ensure that we Process Personal Data fairly and without adversely affecting the Data Subject.
The GDPR allows Processing for specific purposes. We have determined that we are only able to process the Personal Data of Customers where the Data Subject has given his or her Consent. Before providing any Personal Data about Customers to us, you must document that you have Consent to do so.
6. Consent
A Controller must only process Personal Data on the basis of one or more of the lawful bases set out in the GDPR, which include Consent.
A Data Subject consents to Processing of their Personal Data if they indicate agreement clearly either by a statement or positive action to the Processing. Consent requires affirmative action so silence, pre-ticked boxes or inactivity are unlikely to be sufficient. If Consent is given in a document which deals with other matters, then the Consent must be kept separate from those other matters.
Data Subjects must be easily able to withdraw Consent to Processing at any time and withdrawal must be promptly honoured. Consent may need to be refreshed if you intend to Process Personal Data for a different and incompatible purpose which was not disclosed when the Data Subject first consented.
We do not expect that you will ever need to provide us with Special Category Data. You should therefore ensure that any Personal Data you provide to us does not include Special Category Data.
You will need to evidence that Consent has been obtained and keep records of all Consents. You shall provide evidence of consent having been obtained if we request it in writing.
7. Purpose limitation
Personal Data must be collected only for specified, explicit and legitimate purposes. It must not be further Processed in any manner incompatible with those purposes.
We cannot use Personal Data for new, different or incompatible purposes from that disclosed when it was first obtained unless you have informed the Data Subject of the new purposes and they have Consented where necessary. When obtained the consent of Data Subjects to share their personal data with us, please make them aware that the consent is sought so that we may contact them about the Purpose.
8. Data minimisation
Personal Data must be adequate, relevant and limited to what is necessary in relation to the Purpose. You shall therefore only provide us with the Personal Data which we need in order to fulfil the Purpose.
9. Accuracy
Personal Data must be accurate and, where necessary, kept up to date. It must be corrected or deleted without delay when inaccurate.
You shall ensure that the Personal Data you provide to us is accurate, complete, kept up to date and relevant to the Purpose. You must check the accuracy of any Personal Data at the point of collection and at regular intervals afterwards.
10. Storage limitation
Personal Data must not be kept in an identifiable form for longer than is necessary for the purposes for which the data is processed.
The Company shall maintain retention policies and procedures to ensure Personal Data is deleted after a reasonable time for the purposes for which it was being held, unless a law requires that data to be kept for a minimum time.
11. Protecting Personal Data
The Company shall ensure Personal Data is secured by appropriate technical and organisational measures against unauthorised or unlawful Processing, and against accidental loss, destruction or damage.
12. Reporting a Personal Data Breach
The GDPR requires Controllers to notify any Personal Data Breach to the applicable regulator and, in certain instances, the Data Subject.
We have put in place procedures to deal with any suspected Personal Data Breach and will notify Data Subjects or any applicable regulator where we are legally required to do so.
13. Transfer limitation
The GDPR restricts data transfers to countries outside the European Economic Areas (EEA) to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. We do not intend to transfer the Personal Data of Customers outside the EEA.
14. Data Subject's rights and requests
You should be aware that Data Subjects have rights when it comes to how we handle their Personal Data. These rights include, but are not limited to:
(a) withdraw Consent to Processing at any time;
(b) receive certain information about the Controller's Processing activities;
(c) request access to their Personal Data that we hold;
(d) prevent our use of their Personal Data for direct marketing purposes;
(e) ask us to erase Personal Data if it is no longer necessary in relation to the purposes for which it was collected or Processed or to rectify inaccurate data or to complete incomplete data;
(f) make a complaint to the supervisory authority;
Therefore, even where Consent has been provided for us to contact the Data Subject, that Consent may be altered or withdrawn and we shall not be able to continue to Process Personal Data for the Purpose in that circumstance.
15. Record keeping
The GDPR requires us to keep full and accurate records of all our data Processing activities.
You must therefore ensure that we can fulfil our obligations by keeping and maintaining accurate corporate records reflecting Data Subjects' Consents and procedures for obtaining Consents.
16. Sharing Personal Data
Generally we are not allowed to share Personal Data with third parties unless certain safeguards and contractual arrangements have been put in place. That is why we ask you to obtain Consent before sharing the Personal Data of Customers with us. In order that we are able to share the Personal Data of Customers with other Partners, we shall similarly be required to obtain Consent from Customers.
17. Changes to this Privacy Policy
We keep this Privacy Policy under regular review.
This Privacy Policy does not override any applicable national data privacy laws and regulations.
18. Company Policies
Copies of company policies available upon request.
I'm a paragraph. Click here to add your own text and edit me. It's easy.