Our privacy promise
WHO WE ARE
“We” are Trace Data Ltd, based in St. Andrew’s Square, Edinburgh. We are registered with the Information Commissioner's Office (ICO); our registration number is ZA452015 and our Data Protection Officer (DPO) is Sorcha Lorimer.
Our PRIVACY ETHOS
We will always protect and respect your privacy, and we are committed to security when it comes to your information, and we are driven by Privacy by Design in everything we do with personal data. We promise that if we ever collect, process, store and share your data we will do so safely and securely.
WHAT PERSONAL DATA DO WE COLLECT, AND HOW DO WE USE IT?
When you contact us via our website or sign up to our updates, we may use personal information (such as your name and email address) to enable us to respond to you and keep in touch with you about relevant promotions, updates on Trace and services based on consent or legitimate interests (to enable us to legitimately communicate with you about relevant offers) using G-Suite or HubSpot. You can ask us to stop sending you marketing messages by contacting us at any time.
When communicating with our clients or suppliers or handling operations, we use G-Suite and FreeAgent as data processors, on the basis of contract or Legitimate Interests. Additionally, we use Squarespace Analytics to review how visitors use our site, but we do not retain data logs.
All of our processors and cloud services are carefully vetted and assured where personal data is handled; at Trace we take compliance and data protection seriously and only work with trusted services and third parties.
TRANSFERS OUTSIDE OF THE EUROPEAN ECONOMIC AREA (EEA)
If we ever transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. To do this, we will ensure certain safeguards are in place, for example:
Only transfer it to a non-EEA country with privacy laws that give the same protection as the EEA, as deemed by the European Commission
Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries.
HOW TO ACCESS AND CONTROL YOUR PERSONAL DATA
You have certain rights in relation to personal information we hold about you; details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
Right of Access: You have the right at any time to ask us for a copy of the Information about you that we hold, and to confirm the nature of the Information and how it is used
Right of Correction or Completion: If Information we hold about you is not accurate, or is out of date or incomplete, and requires amendment or correction you have a right to have the data rectified, updated or completed
Right of Erasure In certain circumstances, you have the right to request that Information we hold about you is erased e.g. if the Information is no longer necessary for the purposes for which it was collected or processed or our processing of the Information is based on your consent and there are no other legal grounds on which we may process the Information
Right to Object to or Restrict Processing:. In certain circumstances, you have the right to object to our processing of your Information by contacting us at the address or email address set out below. For example, if we are processing your Information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your Information for direct marketing purposes.
Right of Data Portability: In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used and machine-readable format.
We are also unable to comply with requests that relate to Information of others without their consent. You can exercise any of the above rights by contacting us at the address or email address set out below. Most of the above rights are subject to limitations and exceptions; we will provide reasons if we are unable to comply with any request for the exercise of your rights.
All your personal Information shall be held and used in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and national laws implementing GDPR and any legislation that replaces it in whole or in part and any other legislation relating to the protection of personal data.
HOW TO GET IN TOUCH
If you want to know what information we collect and hold about you, or to exercise any of your rights as set out in section, please write to us at our company address or via email at email@example.com.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), who are the UK’s supervisory authority; their address is: Wycliffe House, Water Lane, Wilmslow SK9 5AF.