This policy describes how Trusted Technology collect and use personal data in accordance with the UK General Protection Regulation (GDPR) and the Data Protection Act 2018.

Trusted Technology collect basic personal data about you which does not include any special categories of personal information (known as Special Category Data).

This includes:

• Name

• Business address

• Organisational Job role

• Business e-mail address

• Business telephone number

• Business IP address

Trusted Technology collect the above categories of data in the following ways:

• Provided by NHS organisations for contractual purposes

• Provided by the data subject

• Collected from publicly available sources (NHS organisations websites)

• our websites (cookies)

• voice recordings associated with calls made to our support desks

We need to know your basic personal data to provide goods and services to you and to, including:

• meet our contractual obligations

• monitor and analyse our provision of contractual goods and services provisions

• provide service communications and updates

• process your orders

• inform you about our products and services

• to provide best practice sharing

• inform you of our organisation’s latest developments

We only collect personal data necessary to provide and oversee the services delivered.

We only ever use your personal data where it is necessary to:

• to enter or perform duties under a contract with you or a parent organisation

• to comply with NHS or public sector regulations

• monitor and analyse contractually provided goods and services

• to comply with a legal duty

• to protect your vital interests

• for our own (or a third party’s) legitimate interests, provided your rights do not override these

In any event, we will only use your information for the purpose or purposes it was collected for (or for closely related purposes).

We may process personal information for certain legitimate business purposes, which include some or all of the following:

• where the processing enables us to enhance, modify, personalise, or otherwise improve our services/communications for the benefit of our customers

• to identify and prevent fraud

• to enhance the security of our network and information systems

• to better understand how people interact with our websites (cookies)

• to provide email communications which we think will be of interest to you

• to determine the effectiveness of promotional campaigns and advertising

• to monitor and analyse the quality of contractually provided goods and or services

Whenever we process data for these purposes, we will ensure that we always keep your personal data rights in high regard and take account of these rights at all times.

When we process your personal data for our legitimate interests, we will make sure that we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You have the right to object to this processing if you wish, and if you wish to do so, please contact our data protection manager. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.

We may also need to share some of the above categories of personal information with other parties, such as external sub-contractors or NHS organisations to perform a service or meet contractual obligations. The recipient of the information will be bound by confidentiality obligations.

We are based in the UK, and we store our data within the EU. Some organisations which provide services to us may transfer personal data outside of the EU, but we will only allow them to do if your data is adequately protected.

For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we will allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the USA’s Privacy Shield scheme).

We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing e-mails, we will stop storing your e-mails for marketing purposes (though we’ll keep a record of your preference not to be e-mailed).

We continually review what information we hold and delete what is no longer required, but we may need to retain your personal data to meet contractual, legal, and regulatory requirements.

We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:

• the right to confirmation as to whether we have your personal data and, if we do, to obtain a copy of the personal information we hold (your right of access)

• the right to have your data erased (your right to erasure - though this will not apply where it is necessary for us to continue to use the data for a lawful reason)

• the right to have inaccurate data rectified (your right of rectification)

• the right to ask us to restrict the processing of your information in certain circumstances (your right to restriction of processing)

• the right to object to the processing of your personal data in certain circumstances (your right to object to processing)

• the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances (your right to data portability)

Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

If you wish to raise a complaint on how we have handled your personal data, you can contact our data protection manager who will investigate the matter.

Data Compliance Manager
Email: HR@trusted-technology.co.uk
Trusted Technology Partnership Ltd
Unit G1-G2 Platinum Jubilee Business Park
Hopclover Way
Ringwood
Hampshire
BH24 3FW

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113