At Trustmarque, we are committed to protecting and respecting your privacy.
This privacy notice explains when and why we collect personal information, how we use it, when we may disclose it to others and how we keep it secure. We may change this notice from time to time, so please check this page occasionally to ensure that you’re happy with any changes.
Trustmarque is both a data controller and a data processor. We decide what personal information is needed, and how it should be processed. We carry out processing activities as part of our business operations.
Who are we?
We are Trustmarque Solutions Limited. Our head office contact details are:
Trustmarque Solutions Limited
Marlborough House
Westminster Place, York Business Park
York
YO26 6RW
Telephone: 0845 2101 500 (4p p/m plus access charge)
Website: https://trustmarque.com/
Trustmarque is a company registered in England and Wales, company number 02183240. The address of our registered office is:
Trustmarque Solutions Limited
Marlborough House
Westminster Place, York Business Park
York
YO26 6RW
What if I need more information?
If you have any questions regarding this notice, or how we use personal information, please email our data protection team at [email protected]
This policy covers the following topics:
- Who are we?
- What if I need more information?
- What personal information is being collected?
- Is sensitive personal information being collected?
- Why are we collecting this information?
- What legal reasons are used to justify personal information processing?
- What processing is carried out?
- Do we process any children’s personal data?
- How is personal information processed?
- Will you process any information for purposes I may not be aware of?
- Who will personal information be shared with?
- What if I choose not to give you my personal information?
- How can I opt out of receiving marketing information?
- What rights do I have?
- When is personal information processed outside of the UK?
- How long do we keep personal information?
- How can I lodge a complaint?
What personal information is being collected?
To sell products and services, we only collect contact information (name, office address, telephone number(s), email address, invoice address, delivery address).
When we collect personal information for marketing purposes, we will always ask you to opt-in to one or more marketing channels. There will always be an option to opt-out or unsubscribe.
When you are using one of our websites, we may collect personal information that we refer to as behavioural data. This information is related to the device you are using and how you interact with our website. We may collect your IP address, web browser type, web browser version, operating system your device is using, and information related to the webpages that you view.
Our Marketing team may collect your personal information from a small number of telemarketing agencies. We have contracts with these agencies which impose strict requirements to keep your information confidential and secure. Your personal information will only be provided to us with your consent.
We also use CCTV to monitor the outside of our offices, to protect our staff and our assets. If you visit any of our offices, we will capture an image of you that will be stored for up to 90 days.
If CCTV is used inside an office, there will be notices displayed to explain why and where we are monitoring people’s movements.
Is sensitive personal information being collected?
No, we don’t collect any sensitive personal data from our business contacts.
Why are we collecting this information?
We collect contact information to carry out sales and marketing activities, to provide you with IT products and services.
Where we collect behavioural data, this is collected to help us improve our websites and online services. Some of our websites use digital analytics tools, provided by Google Analytics, to improve the customer experience.
What legal reasons are used to justify personal information processing?
When negotiating a sale, or during product or service delivery, we will use legitimate interest as our legal reason to process your personal information. Your personal information will be required to create a contract and to deliver products and services to you.
When sending you marketing information, we will again use legitimate interest as our legal reason to process your personal information.
If you opt out of receiving marketing information, which you can do at any time, we will cease marketing to you immediately (or as soon as practically possible).
Trustmarque provides business to business products and services. We don’t carry out sales and marketing to consumers, sole traders or partnerships (unless they are a limited liability partnership).
What processing is carried out?
We use personal data to carry out sales and marketing, to sell products and services and to deliver products and services.
We will always comply with the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations 2003 (PECR).
Do we process any children’s personal data?
No. We don’t collect personal data from children, and we don’t process any personal data related to children.
How is personal information processed?
Your personal information is likely to be stored in several different IT systems, depending on which department within Trustmarque you are working with.
Data is automatically encrypted, to increase the security of personal information.
Many of our IT systems are provided using Microsoft cloud services, where information is stored in one or more Microsoft UK cloud datacentres.
We store your personal information so that we can do business with you, providing you with IT products and services.
Personal Information is used to contact you, we don’t use it to carry out automated decision-making or profiling.
Will you process my information for purposes I may not be aware of?
No, all personal data is processed lawfully, fairly and in a transparent manner.
Who will personal information be shared with?
We share customer personal data with the following partners and sub-processors:
- Arrow ECS
- Customer Thermometer
- HubSpot
- Microsoft
- Mint
- Nettailer
- Redstor
Arrow ECS are a sub-processor for customers who purchase Cloud Solution Provider (CSP) services. Arrow provide the ArrowSphere cloud delivery and management platform that simplifies the complexity of delivering cloud services.
Customer Thermometer are a sub-processor for customers who purchase a managed service. The customer thermometer tool is used to provide feedback on customer experience.
HubSpot is a cloud service that is used to manage sales opportunities and send promotional emails.
Microsoft is a business partner. Personal data is stored in Microsoft 365, Microsoft Dynamics 365 and Microsoft Azure, as part of Trustmarque’s normal business activities. Personal data is stored within tenants owned by Trustmarque and all data is encrypted. Microsoft employees don’t have access to any personal data processed by Trustmarque.
Mint provide support for the Trustmarque finance system. This is based on Microsoft Dynamics 365.
Nettailer provide support for the Trustmarque online shop (the Webstore).
Redstor are a business partner for cloud backups of data stored within Microsoft 365 applications.
We also share customer personal data with a courier when we deliver IT hardware products directly from our warehouse.
If we share personal data to provide a particular service, we will notify you before any data is shared and ensure that this is part of a contractual agreement.
Some of our websites share behavioural data with Google, to generate Google Analytics reports. We do not share any personal data with Google, since all personal data is anonymised before it is shared.
Our Sales team may share your personal information with a vendor or supplier when booking a deal registration, or when obtaining a quotation. The vendor or distributor will also share your personal information with their delivery team when there is an IT hardware product we need to send to you.
Our Sales team may also share your personal information with one of our services partners when we are negotiating the sale of services that will be delivered by a services partner (on behalf of Trustmarque).
Our Marketing team may share your personal information with a vendor, distributor, or partner, as part of demonstrating proof of performance when submitting a claim for Market Development Funds (MDF). Many vendors, distributors and partners provide MDF, or growth funding, to help their partner companies sell their products or to increase brand awareness.
When sending bulk emails, our marketing department share personal information with email marketing, digital marketing, and marketing automation companies. To protect your personal information, these activities will be carried out under contract.
We will never sell personal information.
What if I choose not to give you my personal information?
As part of our sales and delivery activities, we need your personal information to deliver products and services to you. If you choose not to give us your personal information, we will be unable to provide you with sales information on our products and services. Also, we will be unable to deliver products and services to you. In short, we will be unable to carry out any business with you. You will need to find an alternative supplier for your IT products and services.
How can I opt out of receiving marketing information?
If you wish to opt out of receiving marketing information from Trustmarque, you should contact our data protection team at [email protected], stating that you no longer wish to receive marketing information. Alternatively, you can use any of the contact details within the ‘Who are we’ section of this privacy notice to opt out of receiving marketing information.
What rights do I have?
None of the processing we carry out will have any impact on your data protection rights. Similarly, when we share personal information with third parties, this won’t affect your rights.
We want to ensure you remain in control of your personal data and make sure you understand your legal rights, which are as follows:
The right to be informed
We will be fair and honest with you. We will be transparent with you, using this privacy notice. Our contact information is shown at the top of this document.
The right to gain access to your personal information
You have the right to obtain confirmation that your personal information is being processed and the right to obtain access to your personal information. We can provide a copy of your personal information using our data subject access request policy.
The right to rectification of any errors in your personal information we hold
You have the right to request that we rectify any inaccurate or incomplete personal information we hold about you. If we have shared your personal information with any third parties, we will ask them to rectify their records too.
The right to erasure
You have the right to request deletion of your personal information when there is no compelling reason for us to continue processing.
The right to restrict processing
You have the right to suppress or block the processing of your personal information. When processing is restricted, Trustmarque can store your personal information, but not further process it. Trustmarque can retain just enough information about you to ensure that your wishes are respected.
If we have shared your personal information with any other companies, we will ask them to restrict processing.
As a matter of good practice, we may choose to restrict processing of your personal information whilst verifying its accuracy (even when you haven’t asked us to restrict processing).
If the restriction is only temporary, we may decide to lift the restriction. In this case, we will inform you of our intention before we lift the restriction.
The right to data portability
You have the right to obtain a copy of your personal information that can be used for your own purposes. You can move, copy, or transfer your personal information from one IT environment to another, in a safe and secure manner.
This right only applies when you have given us consent to process your personal information, or when your personal information is used in the performance of a contract, or when processing is carried out by automated means.
The right to object
You have the right to object to: processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). You also have the right to object to the use of your personal information for direct marketing (including profiling) and scientific/historical research and statistics.
Rights related to automated decision-making including profiling
You have the right not to be subject to a decision when it is: based on automated processing (where there is no human involvement), or it produces a legal effect or similarly significant effect on you.
You have the right not to be subject to profiling in any material sense, solely based on automated processing of your personal information to evaluate certain things about you.
Profiling can be part of an automated decision-making process.
Please keep in mind that there are exceptions to the rights above and, although we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
When is personal information processed outside of the UK?
Where possible, Trustmarque uses IT systems that processes all personal data within the UK.
The exceptions to this are:
- ArrowSphere – All personal data is stored in Ireland or Sweden, and some of the support staff are based in India
- HubSpot – All personal data is stored in Germany
Ireland, Germany and Sweden are part of the EU. There is a data protection adequacy decision between the EU and the UK so there are no legal restrictions on personal data transfers between the UK and the EU.
When transferring data to a country without an adequacy decision, such as India, we will make use of an International Data Transfer Agreement.
We will always ensure that such transfers are compliant with UK GDPR using the latest guidance from the Information Commissioner’s Office (ICO). Appropriate measures will be put in place to keep your personal data protected at all times.
How long do we keep personal information?
We have data retention policies and schedules that provide information on how long personal data is kept in our IT systems. Retention periods are determined by legislation and business requirements. All information is held securely within our IT systems and only in accordance with our retention policies.
Where we collect behavioural data, we reserve the right to retain this data in an anonymised form when we no longer provide a service to a user or when an account has been closed.
How can I lodge a complaint?
If you feel that Trustmarque is acting unfairly or illegally, you can lodge a complaint with the ICO:
ICO
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel. 0303 123 1113 or 01625 545745
Published: 23/01/2024 Version:1.6
Copyright © 2024 Trustmarque Solutions Limited. All rights reserved.