2. Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:
3. The information we hold about you
Personal data can be any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
There are “special categories” of more sensitive personal data which require a higher level of protection.
Although StarTraq only process very limited special category data, they understand the need to identify both a lawful basis for processing AND one of the following additional conditions for processing special category data :
✓ Explicit consent from the data subject
✓ For the purposes of carrying out specific obligations and rights in the field of employment and social protection law
✓ To protect the vital interests of an individual who is incapable of giving consent
✓ The personal data has been manifestly made public by the data subject
✓ To support legal claims or courts acting in their judicial capacity
✓ For reasons of substantial public interest
✓ For medical assessment and treatment purposes
✓ For reasons of public interest regarding public health
Unless both a legal basis for processing AND one of the above conditions is identified, processing of special category data is prohibited.
4. How we collect your personal information
Generally, information would be collected soon after signing a contract to provide services or through marketing channels where there is a legitimate interest or consent has been given. Data is then kept up to date at certain intervals.
We would contact a client soon after signing a new contract to provide services and rarely later in the business relationship. Personal data would thereafter be collected directly and would be specifically required to fulfil our obligations under the contract.
5. How we will use Information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
6. The situations in which we will use your personal information
We need all the categories of information in the list above (see ‘The information we hold about you’) primarily to allow us to perform our contract with you and to enable us to comply with legal obligations.
The situations in which we will process your personal information are:
7. If you fail to provide personal information when requested by us
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations.
8. Change of Purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
9. Do we need your consent?
Consent is not required when we need to process a person’s personal data to comply with contractual obligations. As processing is necessary for a contract with an individual, then processing is lawful on this basis and we do not need to get separate written consent. Please also refer to the following section on the lawful basis.
10. The lawful basis for processing data
StarTraq must always have a justifiable legal basis for processing each type of personal data that it handles. At least one of the 6 legal bases will apply whenever StarTraq processes personal data.
11. Sharing your data with third parties
We may have to share your data with third parties, including third-party service providers. Generally, StarTraq Ltd will only share your data with a third party where it is necessary to fulfil our contractual obligations with you.
We require third parties to respect the security of your data and to treat it in accordance with the law. All third parties that we deal with are required to take appropriate steps to protect your personal data. Third parties are only permitted to process data for the specified purpose and are not allowed to use data provided to them for any other purpose.
12. Security of personal data
StarTraq Ltd takes the security of all data seriously and we have put in place specific security measures to ensure personal information is kept secure. All information systems in use have appropriate security measures in place and access is limited to only those that require it. StarTraq Ltd uses encryption and the use of secure data transfer systems to transmit any data outside of the company. Third party systems are all required to be GDPR compliant, which includes the requirement to ensure all data is secure.
Appropriate security measures are in place to ensure your personal data is not accessed in an unauthorised manner, lost, stolen or accidentally disclosed to an unauthorised third party.
In the event of a suspected data security breach, there are processes in place to notify you and the Information Commissioner’s Office of the event.
13. Retention of data
StarTraq Limited’s data retention policy is driven by requirements which stipulate retention periods for retaining data. StarTraq Ltd will only retain your personal data for as long as necessary to comply with retention periods.
14. Your rights with regard to the personal data we hold
In line with StarTraq’s fundamental principle of giving back control of personal data to the individual, they will uphold the following rights of a data subject:
✓ Right to be informed StarTraq has an obligation to provide fair and transparent information on how personal data is processed, typically through a privacy notice.
✓ Right of access StarTraq allows data subjects to access their personal data.
✓ Right to rectification StarTraq will amend personal data if the data subject reports that it is inaccurate or incomplete.
✓ Right to erasure (or ‘be forgotten’) StarTraq will fulfil an individual’s request for deletion or removal of personal data where there is no compelling reason for its continued processing.
✓ Right to restrict processing StarTraq will ‘block’ or suppress processing of an individual’s personal data upon request, where there is no compelling reason for its continued processing.
✓ Right to data portability Upon request, StarTraq will consider any request to provide a secure method of moving, copying or transferring useable personal data to another IT environment.
✓ Right to object Unless there is a compelling legitimate reason for continuing to process data, StarTraq will stop processing personal data where an individual has raised an objection.
✓ Rights in relation to automated decision making and profiling StarTraq will only carry out this type of decision-making when the decision is either necessary for entering or performing a contract, when StarTraq has legal authorisation or when StarTraq has obtained the individual’s explicit consent.
15. Data Protection Lead
Data Protection Lead
Banbury Office Village
If you want to make a complaint about the way we have processed your personal information, you can contact us at the above address.
StarTraq Ltd are registered with the ICO as a controller and processor of personal information.
17. Google Analytics and cookies
When a visitor visits the StarTraq Ltd website, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
18. Search engine
Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either StarTraq or any third party.
19. Email campaigns
We use our Customer Relationship Management system to deliver our e-mail campaigns. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-mail campaigns.
20. Online demo request forms
We collect information volunteered by potential customers via our website. This is then sent directly to us via e-mail. This information is then stored in our Customer Relationship Management system. This is not shared with any third party.
21. People who contact us via social media
If you send us a private or direct message via social media the message will be stored on that social media platform. We may save a copy of that message against our Customer Relationship Management software if it applicable to do so. It will not be shared with any other organisations.
Sign up to receive news from StarTraq