At Trustmarque, we are committed to protecting and respecting your privacy.
This privacy notice explains when and why we collect personal information, how we use it, when we may disclose it to others and how we keep it secure. We may change this notice from time to time, so please check this page occasionally, to ensure that you’re happy with any changes.
Trustmarque is both a data controller and a data processor. We decide what personal information is needed, and how it should be processed. We carry out processing activities as part of our business operations.
Who are we?
We are Trustmarque Solutions Limited (Part of Capita plc). Our head office contact details are:
Trustmarque Solutions Limited
National Agri-Food Innovation Campus
Telephone: 0845 2101 500
Trustmarque is a company registered in England and Wales, company number 02183240. The address of our registered office is:
Trustmarque Solutions Limited
17 Rochester Row
What if I need more information?
If you have any questions regarding this notice and how we use personal information, please email our data protection team at firstname.lastname@example.org
Alternatively, you should contact the Capita Data Protection Officer at:
71 Victoria Street
This notice covers the following topics:
- Who are we?
- What if I need more information?
- What personal information is being collected?
- Is sensitive personal information being collected?
- Why are we collecting this information?
- What legal reasons are used to justify personal information processing?
- What processing is carried out?
- Do we process any children’s personal data?
- How is personal information processed?
- Will you process any information for purposes I may not be aware of?
- Who will personal information be shared with?
- What if I choose not to give you my personal information?
- How can I opt out of receiving marketing information?
- What rights do I have?
- When is personal information processed outside of the UK?
- How long do we keep personal information?
- How can I lodge a complaint?
What personal information is being collected?
To sell product and services, we only collect contact information (name, office address, telephone number(s), email address).
When we collect personal information for marketing purposes, we will always ask you to opt-in to one or more marketing channels. There will always be an option to opt-out or unsubscribe.
When you are using one of our websites, we may collect personal information that we refer to as behavioural data. This information is related to the device you are using and how you interact with our website. We may collect your IP address, web browser type, web browser version, operating system your device is using, and information related to the webpages that you view.
Our marketing team may collect your personal information from a small number of telemarketing agencies. We have contracts with these agencies which impose strict requirements to keep your information confidential and secure. Your personal information will only be provided to us with your consent.
Is sensitive personal information being collected?
No, we don’t collect any sensitive personal data from our business contacts.
Why are we collecting this information?
We collect contact information to carry out sales and marketing activities, to provide you with IT products and services.
Where we collect behavioural data, this is collected to help us improve our websites and online services. Some of our websites use digital analytics tools, provided by Google Analytics, to improve the customer experience.
What legal reasons are used to justify personal information processing?
When negotiating a sale, or during product or service delivery, we will use legitimate interest as our legal reason to process your personal information. Your personal information will be required to create a contract and to deliver products and services to you.
When sending you marketing information, we will use consent as our legal reason to process your personal information. If we don’t have your consent, we won’t send you any marketing information.
If you opt out of receiving marketing information, which you can do at any time, we will cease marketing to you immediately (or as soon as practically possible).
Trustmarque provides business to business products and services. We don’t carry out sales and marketing to consumers, sole traders or partnerships.
What processing is carried out?
We use personal data to carry out sales and marketing, to sell products and services and to deliver products and services.
We will always comply with the EU General Data Protection Regulation 2016 (GDPR) and the Privacy and Electronic Communications Regulations 2003 (PECR).
Do we process any children’s personal data?
No. We don’t collect personal data from children and we don’t process any personal data related to children.
How is personal information processed?
Your personal information is likely to be stored in several different IT systems, depending on which department within Trustmarque you are working with.
Where possible, data is automatically encrypted to increase the security of personal information.
Many of our IT Systems are based on Microsoft Cloud Services, where information is stored in one or more Microsoft Cloud Datacentres. All personal data is stored in European datacentres.
We store your personal information so that we can do business with you, providing you with Trustmarque products and services.
Personal Information is used to contact you, we don’t use it to carry out automated decision-making or profiling.
Will you process my information for purposes I may not be aware of?
No, all personal data is processed lawfully, fairly and in a transparent manner.
Who will personal information be shared with?
Most of our departments don’t share any personal information.
Occasionally, we will share personal information with one of our sister companies:
Beovax, ComputerLand, Cyber, S3, Technology Products
Occasionally, we will share personal information with other Capita businesses.
Some of our websites share behavioural data with Google, to generate Google Analytics reports. We don’t not share any personal data with Google, since all personal data is anonymised before it is shared.
Our sales team may share your personal information with a vendor or supplier when booking a deal registration, or when obtaining a quotation. They will also share your personal information with a delivery company when we have a physical product that we need to send to you.
Our sales team may also share your personal information with one of our services partners when we are negotiating the sale of services that will be delivered by a services partner (on behalf of Trustmarque).
Our marketing team may share your personal information with a vendor, distributor or partner, as part of demonstrating proof of performance when submitting a claim for Market Development Funds (MDF). Many vendors, distributors and partners provide MDF, or growth funding, to help their partner companies sell their products or to increase brand awareness.
When sending bulk emails, our marketing department share personal information with email marketing, digital marketing and marketing automation companies. To protect your personal information, these activities will be carried out under contract.
We will only share personal information if required for the performance of a contract, when we have a GDPR compliant contract with a vendor, partner or supplier.
We do not share any personal data with any Capita offshore teams.
We will never sell personal information.
What if I choose not to give you my personal information?
As part of our sales and delivery activities, we need your personal information to deliver products and services to you. If you choose not to give us your personal information we will be unable to provide you with sales information on our products and services. Also, we will be unable to deliver products and services to you. In short, we will be unable to carry out any business with you. You will need to find an alternative supplier for your end-to-end IT services.
How can I opt out of receiving marketing information?
If you wish to opt out of receiving marketing information from Trustmarque, you should contact our data protection team at email@example.com, stating that you no longer wish to receive marketing information. Alternatively, you can use any of the contact details within the ‘Who are we’ section of this privacy notice to opt out of receiving marketing information.
What rights do I have?
None of the processing we carry out will have any impact on your rights. Similarly, when we share personal information with third-parties, this won’t affect your rights.
We want to ensure you remain in control of your personal information and make sure you understand your legal rights, which are as follows:
The right to be informed
We will be fair and honest with you. We will be transparent with you, using this privacy notice. Our contact information is shown at the top of this document.
The right to gain access to your personal information
You have the right to obtain confirmation that your personal information is being processed and the right obtain access to your personal information. We can provide a copy of your personal information using our data subject access request policy.
The right to rectification of any errors in your personal information we hold
You have the right to request that we rectify any inaccurate or incomplete personal information we hold about you. If we have shared your personal information with any third-parties, we will ask them to rectify their records too.
The right to erasure
You have the right to request deletion of your personal information when there is no compelling reason for us to continue processing.
The right to restrict processing
You have the right to suppress or block the processing of your personal information. When processing is restricted, Trustmarque can store your personal information, but not further process it. Trustmarque can retain just enough information about you to ensure that your wishes are respected.
If we have shared your personal information with any other companies, we will ask them to restrict processing.
As a matter of good practice, we may choose to restrict processing of your personal information whilst verifying its accuracy (even when you haven’t asked us to restrict processing).
If the restriction is only temporary, we may decide to lift the restriction. In this case, we will inform you of our intention before we lift the restriction.
The right to data portability
You have the right to obtain a copy of your personal information that can be used for your own purposes. You can move, copy or transfer your personal information from one IT environment to another, in a safe and secure manner.
This right only applies when you have given us consent to process your personal information, or when your personal information is used in the performance of a contract, or when processing is carried out by automated means.
The right to object
You have the right to object to: processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). You also have the right to object to the use of your personal information for direct marketing (including profiling) and scientific/historical research and statistics.
Rights related to automated decision-making including profiling
You have the right not to be subject to a decision when it is: based on automated processing (where there is no human involvement), or it produces a legal effect or similarly significant effect on you.
You have the right not be subject to profiling in any material sense, solely based on automated processing of your personal information to evaluate certain things about you.
Profiling can be part of an automated decision-making process.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
When is personal information processed outside of the UK?
All IT systems that store your information are based in the UK or the European Economic Area. If we need to transfer your personal data to countries outside the European Economic Area, we will ensure that such transfers are compliant with the GDPR. Appropriate measures will be put in place to keep your personal data secure.
How long do we keep personal information?
We have data retention policies that provide information on how long personal data is kept in our IT systems. Retention periods are determined by legislation and business requirements. All information is held securely on our systems and only in accordance with our retention policies.
Where we collect behavioural data, we reserve the right to retain this data in an anonymised form when we no longer provide a service to a user or when an account has been closed.
How can I lodge a complaint?
If you feel that Trustmarque is acting unfairly or illegally, you can lodge a complaint with the UK Information Commissioner’s Office (ICO):
Tel. 0303 123 1113 or 01625 545745
Published: 30/05/2018 Version:1.3
Copyright © 2018 Trustmarque Solutions Limited. All rights reserved.