T4 Communications UK Ltd T/A Rightcheck (“We”) are committed to protecting and respecting your privacy.
The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
Data controller: A controller determines the purposes and means of processing personal data.
Data processor: A processor is responsible for processing personal data on behalf of a controller.
Data subject: Natural person
Categories of data: Personal data and special categories of personal data
Personal data: The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data: The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Rightcheck is the data controller. This means we decide how your personal data is processed and for what purposes. For all data matters, please email firstname.lastname@example.org
We use your personal data for the following purposes:
We use your information to support you in your use of our products and services. This includes the use of personal information to diagnose product problems, rectify erroneous transactions and provide other customer support related services.
Customer engagement and communication
We use your information to communicate with you via email, SMS text or other electronic media for instance on service‐related matters, such as invoices. Other instances where we engage with you include confirming the opening of an account, resolving complaints, and asking you to take part in one of our surveys.
We would like to send you information which may be of interest to you, about our products and services and those of other companies (in so far as you have consented to this) that may be of interest to you. We communicate with you via email, SMS text or other electronic media. You have the right at any time to stop us from contacting you for marketing related purposes. Depending on your preferences, you can unsubscribe, or email email@example.com
Improving and personalising our products and services. We use your personal information to improve our products and services. Clicking behaviour and search results on our website can for instance help us to prioritise or identify new product features.
With reference to the categories of personal data described in the definitions section, we process the following categories of your data:
Email address, Full Name, Organisation, Job Title, and Phone Number
We have obtained your data either through a form on our website (you gave us your data and supplied explicit consent), obtained through a third-party mailing list provider, or collected at some point in the past as a result of our various marketing initiatives.
Consent will have been given when filling out one of our online forms, such as a contact form, blog subscription, or newsletter subscription. You will have been required to tick a box giving explicit consent for us to store and process your data for the purposes of contacting you regarding sales and marketing materials.
All employers, irrespective of size or sector are required to prevent the employment of illegal workers by undertaking right to work checks. Rightcheck provides organisations with a mechanism to enable these checks to be undertaken with ease across the entire recruitment activity of the organisation and in the process establish a statutory excuse from any potential prosecution. Therefore, we process data for the purposes of legitimate interests. As we provide a business solution (B2B), we believe that businesses have a legitimate interest in the services that we provide. We process your personal data as a contact point for your business. We will always provide the option to opt-out on each of our electronic communications.
Your personal data will be treated as strictly confidential and will only be shared with employees within Rightcheck for the purposes explained above. We do not share/sell/store your personal data outside of Rightcheck.
We keep your personal data for no longer than reasonably necessary using the following criteria:
You are under no statutory or contractual requirement or obligation to provide us with your personal data. If you choose not to provide your personal data:
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
We do not transfer personal data outside of the EEA.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
If you would like more information about how we use and store your data, or would like to complaint, please email firstname.lastname@example.org
If this does not resolve your issue, you can contact the Information Commissioner’s Office (ICO).
Crowe UK LLP ("Crowe", "we" or "us"), is a Limited Liability Partnership incorporated in England and Wales with registered number OC360767. The Registered Office is at St Bride’s House, 10 Salisbury Square, London EC4Y 8EH.
Crowe Track my Trip is dedicated to protecting the confidentiality and privacy of information entrusted to it and complies with the Data Protection Act 1998. By downloading the App and submitting information to us you are agreeing to the collection and use of your personal information as described in this Privacy Statement.
To use the App, you will need to set up a user account which allows you secure access. To create this account, you will need to provide your first name, surname, and email address. During the use of the App we will collect information about your location and limited data confirming the nature of any tracked trip.
Currently we do not collect any personal information from you when you install this App, including information about your Device.
We will use your personal data only for the purpose for which it was collected (so that you can download and use the App) or as may reasonably be expected. The system uses location data that is captured by your cell phone as you change location. This information is used by TmT to store information about your journeys which, combined with limited data that you are asked to enter or confirm by the app, is used to help you and Crowe manage their and sometimes your obligations under the applicable tax, social security and immigration legislation and regulations around the world. We will obtain your specific consent to other uses, or unless otherwise required or permitted by law or professional standards.
We may share personal data that you submit to us through the installation or use of this App to other member firms in the Crowe network of firms or to subcontractors working on our behalf (including transfers across geographical borders) in accordance with our data protection obligations.
We do not disclose your personal data except as required and permitted by applicable law.
We do not sell your personal data or provide it to third parties for their direct marketing use.
We may use anonymised data to review how the App is being used and how it can be improved.
Crowe Track my Trip has appropriate technical and organisational security policies and procedures in place to protect personal data and information from loss, misuse, alteration, or destruction. Any information you provide will be stored on the Amazon Web Services cloud environment in Ireland within its own private network (usually referred to as a 'Virtual Private Cloud') which is wholly managed by Crowe Track my Trip.
Additionally, we aim to ensure that access to your personal data is limited to those who need to access it, in this case a limited amount of Crowe Track my Trip employees who manage the App and database or provide technical support. Those individuals who have access to the data are required to maintain the confidentiality of such information.
Please be aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data which is transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
As described above, the personal information we hold is limited to your first name, surname, email address and information about your home location and overseas trips you have made. You may request a copy of this personal data (as defined in the Data Protection Act 1998) that we keep about you, and to have any inaccurate information about you corrected. If you wish to make such a request or you are concerned that any of the information we possess about you is incorrect, please contact us at email@example.com
Crowe Track my Trip keeps this Privacy Statement under regular review and will place any updates to it on the page from where you downloaded the App. This Privacy Statement was prepared in October 2019.
If you have questions, comments or complaints about our handling or protection of your personal data, please contact us at firstname.lastname@example.org
This addendum reflects the processor obligations contained in the GDPR and forms an integral part of the contract between Crowe Track my Trip and the Subscriber (you).
1.1. In this policy, the following words and phrases will have the following meanings:
1.2. Any reference to an “Article” or to “Articles” is a reference to an Article or to Articles of the GDPR.
1.3. The terms ‘personal data’, ‘data subject’, ‘processor’, ‘controller’, ‘processing’, ‘personal data breach’ ‘pseudonymisation’ ‘special categories of data’ and ‘supervisory authority’ have the meanings set out in Article 4.
2.1. Whenever CROWE TRACK MY TRIP processes personal data on the Subscriber’s behalf: (a) the Subscriber shall be the controller and CROWE TRACK MY TRIP shall be the processor in respect of such personal data; and (b) CROWE TRACK MY TRIP shall only process such personal data on the documented instructions from the Subscriber and in full compliance with this policy and any obligations imposed on CROWE TRACK MY TRIP by applicable Data Protection Law.
2.2. The Subscriber warrants that to the extent of its reasonable knowledge and belief, any disclosure of personal data to CROWE TRACK MY TRIP for processing in connection with the Services complies with all relevant Data Protection Law, and that that all instructions given by it to CROWE TRACK MY TRIP in respect of personal data shall at all times be in accordance with Data Protection Law.
2.3. CROWE TRACK MY TRIP shall inform the Subscriber on becoming aware of any instruction from the Subscriber in relation to the processing of personal data which, in CROWE TRACK MY TRIP’s reasonable opinion, infringes Data Protection Law.
3.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk to the rights and freedoms of natural persons, CROWE TRACK MY TRIP shall implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to the risk including, but not limited to, the following (as appropriate):
3.2. In assessing the appropriate level of security measures to be taken under paragraph 3.1, CROWE TRACK MY TRIP shall take account of the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
3.3. CROWE TRACK MY TRIP shall ensure that its employees and any other persons with access to personal data CROWE TRACK MY TRIP processes on behalf of the Subscriber are made aware of their data protection and security obligations and do not process such personal data except in accordance with the Subscriber’s instruction
4.2. Where CROWE TRACK MY TRIP engages a sub-processor to carry out specific processing activities on behalf of the Subscriber, CROWE TRACK MY TRIP shall ensure that that sub-processor only does so on terms equivalent to those to which CROWE TRACK MY TRIP is itself subject under this policy (and any other agreement between CROWE TRACK MY TRIP and the Subscriber). In particular, CROWE TRACK MY TRIP shall ensure the any sub-processor provides sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR (including the requirements relating to security, integrity and confidentiality). Where that other processor fails to fulfil its data protection obligations, CROWE TRACK MY TRIP shall remain fully liable to the Subscriber for the performance of those obligations.
5.1. If a data subject makes a request relating to the exercise of his or her legal rights in relation to personal data, CROWE TRACK MY TRIP shall provide the Subscriber with any information and assistance reasonably required by the Subscriber in order to:
5.2. Information and assistance provided by CROWE TRACK MY TRIP under paragraph 5.1 of this policy shall be given without undue delay and in such time as the Subscriber reasonably requires in order to comply with its obligations under Data Protection Law.
5.3. CROWE TRACK MY TRIP shall also cooperate with any requests by a supervisory authority.
6.1. If CROWE TRACK MY TRIP becomes aware of a personal data breach relating to any personal data processed on behalf of the Subscriber, CROWE TRACK MY TRIP shall:
7.1. CROWE TRACK MY TRIP shall ensure that before processing personal data on behalf of the Subscriber it communicates details of its data protection officer to the Subscriber.
7.2. Taking into account the nature of the processing and the information available to CROWE TRACK MY TRIP, CROWE TRACK MY TRIP shall provide the Subscriber with such information and assistance as the Subscriber reasonably requires in order to:
At end of contract between CROWE TRACK MY TRIP and the Subscriber, CROWE TRACK MY TRIP shall (at the Subscriber’s option) delete or return all personal data CROWE TRACK MY TRIP has processed on its behalf, and any copies of such personal data, unless CROWE TRACK MY TRIP is required to store such copies to comply with a legal requirement (in which case CROWE TRACK MY TRIP may store such copies to the extent necessary to comply with applicable law).
9.1. CROWE TRACK MY TRIP shall maintain a written record of all categories of processing activities carried out on behalf of the Subscriber, containing:
9.2. CROWE TRACK MY TRIP shall make the records referred to in paragraph 9.1 available to the supervisory authority on request.
10.1. CROWE TRACK MY TRIP shall not transfer any of the Subscriber’s personal data to a third country or international organisation without the Subscriber’s prior written consent and: