Effective date: 20 November 2018
In this document, we are collectively referred to as “Touch Projects” (or “us”, “we”, “our”, or “TPL”).
We respect your privacy and understand that your privacy and personal data is important to you.
If you have any questions regarding this Policy, you should contact the Touch Projects Privacy Officer (see ‘Contact us’).
While different jurisdictions have different privacy laws and standards, our global privacy and data protection arrangements are based on compliance with:
Collectively, we consider the above legislation to be “Privacy Legislation”.
First, let’s define some key terms to help us explain how we manage your privacy and data…
“Controller”: the natural person or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes of and means for the Processing of Personal data.
“Data Subject”: the natural person to whom the Personal Data relates.
“Personal Data”: any information relating to an identified or identifiable natural person (‘Data Subject’) that is processed in the context of the Main Agreement; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Personal Data Breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“Processing”: any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Processor”: a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of a Controller.
We will never collect more Personal Data than the minimum we need in order to conduct core business operations.
We collect your Personal Data to allow us to conduct our business functions and to market and sell our products and services, as well as the specific purposes set out in the section entitled “Using your Personal Data” below.
Be aware that if you do not provide certain Personal Data, we may not be able to provide certain services to you.
When you register with us, re-register with us, amend your existing details, acquire services, visit our website(s) (see below), visit affiliated websites worldwide, request information about us or our products, or otherwise contact us (via our website(s) or otherwise), we may collect Personal Data about you including (but not limited to) your full name, email address, telephone number, country of residence, and date of birth.
We may also log IP addresses (i.e. the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users’ movements on the website, and gather broad demographic information for aggregate use for advertising and business purposes.
We may also collect information on our websites that cannot be used by itself to identify you personally. In certain cases, especially when combined with other data, this information can nonetheless be considered Personal Data as defined in the GDPR. We may also collect information on our websites that does not allow us to identify you, either directly or indirectly; this includes, for example, aggregated information about all users of this website.
In compliance with data protection regulations, we process your Personal Data only if permitted by law or if you have given explicit consent. This also applies to our processing of Personal Data for advertising and marketing purposes.
We use your Personal Data to:
You consent to us using your Personal Data in the above ways.
We may not collect or use your Personal Data for purposes not listed above. If we do, we will advise you at the time and delete that information permanently.
We will not use Personal Data in a manner inconsistent with Privacy Legislation.
We will keep your Personal Data strictly confidential, and it will only be shared internally within the Touch Projects team, as well as with our related bodies for the purpose of running, managing, administering, improving, and upgrading our services.
Within the Touch projects group we ensure that Personal Data is strictly ‘compartmentalised’, and is only shared between entities, teams, systems, and services where there is a legitimate need consistent with the data and the consent provided for its use and disclosure.
We will not provide your Personal Data to any third-party unless we absolutely have to, and we have a practical and legal basis to do so.
We may provide your Personal Data on a confidential basis to third parties on an “as needed” basis, in the course of delivering products and services to you and to achieve the purposes specified in “Using your Personal Data”.
These parties may include:
We may also disclose your Personal Data to our website host(s) or information technology service providers in certain limited circumstances, for example when our website experiences a technical problem or to ensure that it operates in an effective and secure manner.
We’ll only disclose your Personal Data to third-parties:
Notwithstanding the above, it is our firm commitment that your Personal Data will be kept, to the maximum extent reasonably possible, strictly confidential.
Some of your Personal Data may be processed or stored overseas by us or by our third-party service providers acting on our behalf.
In particular, as at the date of this Policy, your Personal Data may be stored on a Microsoft Office365 SharePoint cloud service. We take all reasonable precautions (inc. stringent access and permissions management, and multi-factor authentication (‘MFA’) to secure and safeguard this data).
You consent to us using your Personal Data from time to time to send you information regarding special offers or promotions about us or our products and services, as well as the products and services of our related entities and our business partners.
You also consent to us sending you such information by means of direct mail, telemarketing, email, and SMS messages.
We will only do this if we believe this will be of interest to you.
If you do not want us to send you any of this material or if you want to stop receiving direct marketing, you can let us know by using the ‘Contact us’ information specified below.
Additionally, wherever possible, any contact from us will come with an “opt out” or “unsubscribe” option.
We will take all reasonable steps to preserve the security and confidentiality of your Personal Data and other information or data collected by us or on our behalf.
This includes technological, organisational, and contractual steps designed to maximise security and minimise risk.
In the event of a Personal Data Breach we will notify you by email or telephone as soon as possible (and within the notification requirements required by legislation, inc. the GDPR).
You are entitled to access all the Personal Data that we hold on you.
If you request access to your Personal Data, we will give you full access as quickly as we can.
If you believe that some or all of the Personal Data we hold about you is incorrect, incomplete or inaccurate, then you may request amendment of it, and we will process that as quickly as we can.
In principle, we store your Personal Data as long as we have a legitimate interest in its storage, and we do not consider our importance to outweigh your interests in the non-continuation of the storage.
Even without a legitimate interest, we can continue to store the data if we are legally obligated to do so (for example, to fulfil record-keeping obligations).
We also delete your Personal Data without your involvement as soon as its retention is no longer necessary to fulfil the purpose for which it was processed, or in cases where storing your data is otherwise legally inadmissible.
Any Personal Data we need to keep in order to fulfil our retention obligations will be kept until the end of the respective retention obligation.
Any Personal Data kept solely for the purpose of fulfilling retention requirements are generally blocked so that they can only be accessed (if necessary) with respect to the purpose of the retention obligation.
You have the right, at any time, to object to our processing of your Personal Data.
In the event of your objection, we will no longer process the Personal Data concerning you, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or if the processing is for the purpose of asserting, exercising, or defending legal claims.
If we process Personal Data relating to you for the purpose of direct marketing, you have the right to object at any time. If you object to the processing for purposes of direct marketing, the personal data related to you will no longer be processed for these purposes.
If you have given us consent (for example, in connection with information by email), you may revoke such consent at any time with future effect.
In marketing communications, we always provide a link to “opt-out” or “unsubscribe”.
As the Data Subject, you have the right:
We will investigate your queries and complaints as quickly as possible and within a reasonable period of time and will notify you of the outcome of our investigation.