You can exercise your right to access personal data held about you by emailing email@example.com with the subject line: “Subject Access Request”. When you submit a ‘subject access request’, you will need to provide confirmation of your identity by contacting us using the email address associated with your profile. This is provided free of charge and our response will be made within thirty (30) days, unless our Data Protection Lead deems your request as being excessive or unfounded. If this is the case, we will inform you of our reasonable administration costs in advance and/or any associated delays, giving you the opportunity to choose whether you would like to pursue your request. If you believe we have made a mistake in evaluating your request, please see the section ‘Who can you complain to?’.
If you have questions about any of the rights mentioned in this section, please contact our Data Protection Lead at firstname.lastname@example.org.
Under Data Protection Legislation, there must be a ‘lawful basis’ for the use of personal data. The lawful bases are outlined in Article 6, Section 1 of the GDPR. They are sub-sections:
Legitimate interests are a flexible basis upon which the law permits the processing of an individual’s personal data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by our Data Protection Lead. You are able to object to our processing and we shall consider the extent to which this affects whether we have a legitimate interest. If you would like to find out more about our legitimate interests, please contact email@example.com.
We might collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
Identity Data such as names, usernames or similar; marital status; title; date of birth; sex and gender.
Contact Data such as addresses; email addresses and telephone numbers.
Financial Data such as bank account and payment card information.
Transaction Data such as information about payments and details of purchases you have made.
Technical Data such as IP addresses; login data; browser info; time zone; location; browser plug-ins; operating systems; platforms and other technology on the device used to access this website.
Profile Data such as usernames; passwords; security answers; purchases/orders; interests; preferences; feedback and responses to surveys, blogs and messages.
Usage Data such as analytics relating to how you use the website.
Marketing and Communications Data such as your preferences about receiving communications from us or third parties.
Special Categories of Data such as details about race or ethnic origins, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic or biometric data.
We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data can be derived from your Personal Data but is not itself Personal Data as it cannot be used to reveal your identity. If Aggregated Data is ever used in combination with your Personal Data and becomes identifiable, it will be treated in accordance with this notice.
TIMBERLAKE CONSULTANTS LIMITED does not collect any Special Categories of Personal Data about you or any information about criminal convictions/offences.
|Reference||What categories of information about you do we
|Why are we processing your data?||Where did we get your personal data from?|
|License Sales||Identity Data
|We process the personal,data of our customers to provide software licenses, including confirming named,users have a right to access and making sure customers receive their products.
This processing is conducted lawfully on the basis of 'performance of a contract'.
|Directly obtained, or,obtained from your license provider.|
|License Support||Identity Data
|We support individual,customers to help troubleshoot issues relating to their licenses. This
processing is conducted lawfully on the basis of 'performance,of a contract'.
|Directly obtained, or,obtained from your license provider.|
|Training and,Consultancy||Identity Data
|As part of our training and,consultancy services we arrange for the providing of services and pass certain,data to our contractors as required to deliver the services. This
processing is conducted lawfully on the basis of 'performance of a contract'.
|Student Deployment,Platform||Identity Data
|We process the details of,student users on behalf of some of our customers to manage the effective,deployment of software. This processing is conducted lawfully on the
basis of 'performance of a,contract'.
|Obtained from your license provider.|
Marketing and Communications Data
|We send digital marketing messages to named customers who have purchased from us, as well as business users who we believe could benefit from our services. This processing
is conducted lawfully on the basis of 'our legitimate interests'.
The information about you that we have collected for the performance of our contracts is required in order for us to successfully fulfil our obligations to you. If you choose not to provide the personal data requested, we will not be able to enter into a contract with you to provide the services we offer. If we are already processing your personal information under a contract, you must end our contractual relationship (as/where permitted) in order to exercise some of your rights. We process some personal information as part of a contractual relationship with a Data Controller. Any requests to restrict this type of processing should be forwarded to the Data Controller; they will be responsible for discussing your concerns and making any decisions.
We may obtain information about your general internet usage and the usage of our website by using a cookie file which is stored on your device. Cookies help us to improve our website and to deliver a better and more personalised service to you, and some of the cookies we use are essential for our website to operate.
We might develop a marketing profile for you based on your current licenses or purchases in order to provide you with relevant information about our other products/services that we think you might be interested in based on past behaviour.
TIMBERLAKE CONSULTANTS LIMITED holds different categories of personal data for different periods of time. Wherever possible, we will endeavour to minimise the amount of personal data that we hold and the length of time for which it is held. We retain data in accordance with legislative requirements, or six years where no legislative requirements exist. This is to ensure that we can support all customers for the full period for which we support legacy software (six years).
TIMBERLAKE CONSULTANTS LIMITED passes your data to the third parties listed in the section ‘Third Party Interests’ below.
Yes. Details are included in the section ‘Third Party Interests’ below.
|Name/Category of Third Party Controller||What processing are we performing for them?||If applicable - who is their representative within the EU?|
|HMRC, regulatory authorities or other authorities||We are joint Controller with these authorities who require reporting of processing in some situations.||N/A|
|Your license provider (if applicable)||If you have received your license from your employer or educational establishment, we are joint Controller with them for the purposes of providing you with the license.||N/A|
|Our IT Support Services||We are joint Controller with IT Support services, who might require access to our systems (with our strict supervision) in order to remedy faults with our technology.||N/A|
|Name/Category of Third Party Processor||Purposes for carrying out processing||If applicable – where does data leaving the EEA go and what safeguards are in place?|
|Web hosting providers||Website hosting, including the storage of data forming the website content and processing your Technical Data (and Profile Data, where applicable) in order to provide you with access to our websites.||In the interests of providing a quality service, we use providers located in the United States. These providers are either Privacy Shield certified or bound by the contractual provisions of the EU Commissions model clauses.|
|Internal technology providers||CRM software providers, whose services we use in order to manage our business with you.
Office software providers, such as email clients.
Online training service providers, allowing us to conduct webinars.
|In the interests of providing a quality service, we use providers located in the United States. These providers are either Privacy Shield certified or bound by the contractual provisions of the EU Commissions model clauses.|
|Marketing technology providers||Providers who enable us to send you our marketing emails||In the interests of providing a quality service, we use providers located in the United States. These providers are either Privacy Shield certified or bound by the contractual provisions of the EU Commissions model clauses.|
|Payment Services Providers||We use these processors so that we can take electronic or card payments securely and without the requirement for you to disclose this data to us.|
In addition to sending us your complaints directly to firstname.lastname@example.org, you can send complaints to our supervisory authority. As TIMBERLAKE CONSULTANTS LIMITED predominantly handles the personal data of UK nationals, our supervisory authority is the Information Commissioner’s Office. If you believe that we have failed in our compliance with data protection legislation, complaints to this authority can be made by visiting https://ico.org.uk/concerns/.