Last update: 17th April 2020
1. Introduction and applicability
In light of the European legislation on the protection of personal data (the “General Data Protection Regulation”, known as the “GDPR” 2016/679 and Data Protection Act 2018), we would like to disclose, in a transparent manner, our data processing operations with respect to the personal data collected by your use of our Services.
We are committed to ensuring that your personal data is kept confidential, and that it is only collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. For any question regarding the collection or processing of your personal data, or for any request to exercise your rights in relation to your personal data, you can contact us in writing at any time to firstname.lastname@example.org.
2. Who is responsible for the data processing?
TAAP Ltd, having its registered office at Kinetic Centre, Theobald Street, Borehamwood, Hertfordshire WD6 4PJ under company number 04962797 is the data controller for the processing of your personal data collected via the Website and for the processing carried out when you subscribe to and/or use our Services and so enter information when creating your account. TAAP Visitor Book is one of many products incubated and built in the United Kingdom by TAAP Ltd.
On downloading the TAAP Visitor Book application and submitting your data, you are giving your consent to the processing of your personal data by TAAP Ltd and by other parties that use the TAAP Visitor Book Product. Such parties may include single or multi-locations displaying the TAAP Visitor Book QR code for sign in/out at a location.
3. What is personal data?
Personal data (which should be understood to include personally identifiable information, or PII for short) is any information relating to an identified or identifiable natural person. It is sufficient that the data shall allow us to establish a (direct or indirect) link between one or more data-pieces and a natural person.
Personal data does not include anonymous or non-personal data (i.e. information that cannot be associated with or tracked back to a specific individual) or personal data that has been independently anonymised. By your use of our Services, you in any case consent to the processing and using of anonymous and non-personal data that is no longer associated with any natural person.
4. Description of processing
What information will we collect?
- Account registration for use of the TAAP Visitor Book Product
When registering for an account, details that you provide us with are required to create a user and provide you with access to the Website. The registration requires you to provide us with;
- Admin User Email Address – Needed to provide access to the Website for account setup
- TAAP Visitor Book Portal Your administrator will setup users of the system which will include the following data
- Display Name – Needed to Identify who has logged in
- Email address – required as a username to be able to log into the Portal for security and identification purposes
- TAAP Visitor Book app
If you are a Visitor that has signed into our TAAP Visitor Book application, you will be required to complete your personal details that will be sent to the Website to indicate you have signed in and out of a location. The information provided will include;
- Name – (mandatory) so the reception, security, admin, at a location, can view a Visitor Book log of who has signed in and out.
- Phone Number – (optional or mandatory depending on location). Used to contact you for security and/or health and safety purposes when signed into a particular location
- Email - (optional or mandatory depending on location). Used to contact you for security and health and safety purposes when signed into a particular location
- Vehicle Registration – (optional). Used to identify owners of motor vehicles in case of accessibility issues at a location. E.g blocking another person’s vehicle or emergency services accessibility.
- Photo - (optional or mandatory depending on location). Used for identification and security purposes when signing into and out of a location.
5. For what purpose will we process your data? Will my personal data be shared?
Your data will be processed for specified, explicit and legitimate purposes as described in section .
We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in section 10.
We may, from time to time, use your personal data for reporting and for making improvements to our Services; in such instances we will always ensure an individual cannot be identified.
Your personal data may be transferred to our trusted third-party processors, this will be for purposes such as: hosting of our servers, project management tools and customer relationship management system.
Our trusted third-party processors are contractually bound by us to keep your information confidential and used only for specified, explicit, and legitimate purposes as specified in section .
Some messages from us are service-related and necessary for customers. You agree that we can send you non-marketing emails or messages, such as those related to transactions, your account, security, or product changes/updates.
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.
If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:
Send an email to: email@example.com or write to us at: Unsubscribe, c/o Data Protection Officer, Kinetic Centre, Theobald Street, Borehamwood, Hertfordshire WD6 4PJ.
We will never lease, distribute or sell your personal data to a third party without requesting your prior permission. We will not transfer your data to other third parties without informing you separately beforehand in the exceptional cases where we are either legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims.
6. Legal Basis for processing personal data
Our legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which we collect it. However, we will generally only collect personal information from you where:;
- We need the personal information to perform a contract with you upon signup and acceptance of our End User License Agreement (EULA);
- The processing is in our legitimate interest and not overridden by your right
- You have given your consent to do so
We have a legitimate interest in operating our services, for example when responding to your queries, improving our services, undertaking marketing.
In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the GDPR and your legal rights.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not.
7. Security of your data
Protecting personal data from access, loss or alteration is of the utmost importance to us. All visitor records, photos, account data, configuration data and contact information are stored in the Cloud, data centres within the United Kingdom.
Servers are updated with the latest security patches during scheduled routine maintenance.
The TAAP Visitor Book app and Website (referred to as our Services) access data using our secure API (short for: application program interface - how software components interact with each other forming the basis of software applications). The API uses encryption for data in transit, and every request must include a time-limited authentication token generated by the authentication system. Visitor data is encrypted at rest. For support purposes, a limited number of senior engineers can access client data via a virtual private network secure tunnel, controlled by private key-based secrets and multi-factor authentication.
As a Website user, you will log in with an email address and password, managed by your Admin as specified in . User passwords are hashed at all times and cannot be accessed or intercepted as we use Secure Socket Layer (SSL) technology.
There are two user levels that can be set, controlling access to user management and configuration options. For accounts with multiple sites, there is also the option to restrict individual users to only view data for a single site.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Where will your personal data be processed?
Visitor data collected via our Services is only stored and/or processed within the United Kingdom or the European Economic Area (EEA.
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA). This will be for purposes such as: Technical Support, Project Management Tools and our Customer Relationship Management system.
Where your personal data is transferred outside the EEA, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or where approved transfer mechanisms are in place to protect your personal data, i.e., by ensuring the entity is Privacy Shield certified (for transfers to US-based third parties). If you wish for more information about this, please contact firstname.lastname@example.org
9. How long will we hold your data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected or to comply with applicable legal, tax or accounting requirements in accordance with our data retention policy. Following that period, we’ll make sure it’s deleted or anonymised.
For the TAAP Visitors data submitted by the TAAP Visitor Book app into the Website, the data will be held for a period of 30 days only and will be deleted on day 31. Should you wish to see a copy of our Data Retention Policy, this can be requested by email to email@example.com.
10. Data subject rights
It’s your personal data and you, as a data subject, have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time. Follow the unsubscribe instructions contained in the marketing communication, or send your request to firstname.lastname@example.org.
Under data protection law, you have rights including:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
- You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
You can exercise these rights at any time by sending an email to email@example.com
If you’re not happy with how we are processing your personal data, please let us know by sending an email to firstname.lastname@example.org. We will review and investigate your complaint and get back to you within a reasonable time frame.
You may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner’s Office (ICO).
Information Commissioner’s Office
Cheshire SK9 5AF
Helpline number: 0303 123 1113
This privacy statement was last updated: 17th April 2020 under version 1.4.