Privacy Policy

1. Purpose of this privacy policy

StarTraq Ltd is committed to protecting the privacy and security of your personal information. This privacy policy describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR). It applies to all clients, employees, suppliers, partners and prospects of StarTraq Ltd. StarTraq Limited is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy policy. It is important that you read this policy, together with any other privacy policy we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

2. Data protection principles

We will comply with data protection law. This says that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
3. Relevant to the purposes we have told you about and limited only to those purposes
4. Accurate and kept up to date
5. Kept only as long as is necessary for the purposes we have told you about
6. Kept securely

3. The information we hold about you

Personal data can be any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are “special categories” of more sensitive personal data which require a higher level of protection.

Although StarTraq only process very limited special category data, they understand the need to identify both a lawful basis for processing AND one of the following additional conditions for processing special category data :

✓ Explicit consent from the data subject

✓ For the purposes of carrying out specific obligations and rights in the field of employment and social protection law

✓ To protect the vital interests of an individual who is incapable of giving consent

✓ The personal data has been manifestly made public by the data subject

✓ To support legal claims or courts acting in their judicial capacity

✓ For reasons of substantial public interest

✓ For medical assessment and treatment purposes

✓ For reasons of public interest regarding public health

Unless both a legal basis for processing AND one of the above conditions is identified, processing of special category data is prohibited.

4. How we collect your personal information

Generally, information would be collected soon after signing a contract to provide services or through marketing channels where there is a legitimate interest or consent has been given. Data is then kept up to date at certain intervals.

We would contact a client soon after signing a new contract to provide services and rarely later in the business relationship. Personal data would thereafter be collected directly and would be specifically required to fulfil our obligations under the contract.

5. How we will use Information about you

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

1. Where we need to perform the contract we have entered into with you
2. Where we need to comply with a legal obligation
3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

6. The situations in which we will use your personal information

We need all the categories of information in the list above (see ‘The information we hold about you’) primarily to allow us to perform our contract with you and to enable us to comply with legal obligations.

The situations in which we will process your personal information are:

• To enable services detailed in the contract with you to be delivered
• Administering the contract we have entered into with you
• Business management and planning activities
• Liaising with selected third parties on your behalf
• Making arrangements for the termination of our working relationship

7. If you fail to provide personal information when requested by us

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations.

8. Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

9. Do we need your consent?

Consent is not required when we need to process a person’s personal data to comply with contractual obligations. As processing is necessary for a contract with an individual, then processing is lawful on this basis and we do not need to get separate written consent. Please also refer to the following section on the lawful basis.

10. The lawful basis for processing data

StarTraq must always have a justifiable legal basis for processing each type of personal data that it handles. At least one of the 6 legal bases will apply whenever StarTraq processes personal data.

• Consent The data subject has given informed consent to the processing of their personal data for one or more specific purposes.
• Contract Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
• Legal obligation The processing is necessary for StarTraq to comply with the law (not including contractual obligations)
• Vital interests Processing is necessary to protect the vital interests of the data subject or of another person (for example, to protect someone’s life)
• Public task Processing is necessary for StarTraq to perform a task carried out in the public interest or for the exercise of official authority
• Legitimate interests Processing is necessary for the purposes of the legitimate interests pursued by StarTraq or a third party, unless overridden by a need to protect the rights of the data subject (in particular, where the data subject is a child).

11. Sharing your data with third parties

We may have to share your data with third parties, including third-party service providers. Generally, StarTraq Ltd will only share your data with a third party where it is necessary to fulfil our contractual obligations with you.

We require third parties to respect the security of your data and to treat it in accordance with the law. All third parties that we deal with are required to take appropriate steps to protect your personal data. Third parties are only permitted to process data for the specified purpose and are not allowed to use data provided to them for any other purpose.

12. Security of personal data

StarTraq Ltd takes the security of all data seriously and we have put in place specific security measures to ensure personal information is kept secure. All information systems in use have appropriate security measures in place and access is limited to only those that require it. StarTraq Ltd uses encryption and the use of secure data transfer systems to transmit any data outside of the company. Third party systems are all required to be GDPR compliant, which includes the requirement to ensure all data is secure.

Appropriate security measures are in place to ensure your personal data is not accessed in an unauthorised manner, lost, stolen or accidentally disclosed to an unauthorised third party.

In the event of a suspected data security breach, there are processes in place to notify you and the Information Commissioner’s Office of the event.

13. Retention of data

StarTraq Limited’s data retention policy is driven by requirements which stipulate retention periods for retaining data. StarTraq Ltd will only retain your personal data for as long as necessary to comply with retention periods.

14. Your rights with regard to the personal data we hold

In line with StarTraq’s fundamental principle of giving back control of personal data to the individual, they will uphold the following rights of a data subject:

✓ Right to be informed StarTraq has an obligation to provide fair and transparent information on how personal data is processed, typically through a privacy notice.

✓ Right of access StarTraq allows data subjects to access their personal data.

✓ Right to rectification StarTraq will amend personal data if the data subject reports that it is inaccurate or incomplete.

✓ Right to erasure (or ‘be forgotten’) StarTraq will fulfil an individual’s request for deletion or removal of personal data where there is no compelling reason for its continued processing.

✓ Right to restrict processing StarTraq will ‘block’ or suppress processing of an individual’s personal data upon request, where there is no compelling reason for its continued processing.

✓ Right to data portability Upon request, StarTraq will consider any request to provide a secure method of moving, copying or transferring useable personal data to another IT environment.

✓ Right to object Unless there is a compelling legitimate reason for continuing to process data, StarTraq will stop processing personal data where an individual has raised an objection.

✓ Rights in relation to automated decision making and profiling StarTraq will only carry out this type of decision-making when the decision is either necessary for entering or performing a contract, when StarTraq has legal authorisation or when StarTraq has obtained the individual’s explicit consent.

15. Data Protection Lead

We have appointed a Data Protection Lead (DPL) to oversee compliance with this privacy policy. If you have any questions about this privacy policy or how we handle your personal information, please contact the DPL at:

Data Protection Lead
StarTraq Limited
StarTraq House
Banbury Office Village
Noral Way
Banbury
OXON
OX16 2SB

If you want to make a complaint about the way we have processed your personal information, you can contact us at the above address.

StarTraq Ltd are registered with the ICO as a controller and processor of personal information.

16. Updates to this privacy policy

We reserve the right to update this privacy policy at any time, and we will provide you with a revised privacy policy when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

17. Google Analytics and cookies

When a visitor visits the StarTraq Ltd website, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

18. Search engine

Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either StarTraq or any third party.

19. Email campaigns

We use our Customer Relationship Management system to deliver our e-mail campaigns. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-mail campaigns.

20. Online demo request forms

We collect information volunteered by potential customers via our website. This is then sent directly to us via e-mail. This information is then stored in our Customer Relationship Management system. This is not shared with any third party.

21. People who contact us via social media

If you send us a private or direct message via social media the message will be stored on that social media platform. We may save a copy of that message against our Customer Relationship Management software if it applicable to do so. It will not be shared with any other organisations.