Dated: 1 May 2019
PLEASE READ THIS POLICY CAREFULLY
Protecting your personal information is very important to Trint Limited (“Trint Limited” “our”, “us” or “we”).
Our Platform may contain links to third party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third-party websites.
Identity and contact information of the Data Controller
For the purposes of data protection legislation in the European Union, the data controller (i.e. the person that determines the purposes and manner in which your personal data are processed) is:
Personal information we may process about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
A breakdown of the personal data we may process is set out in the table below. Please note that third parties may collect personal data from you directly. For example, payment processors such as Stripe Inc. collect financial data (such as your payment card details) when you make payment to us on the Platform.
|Why are personal data processed?||Personal data||Legal basis for processing||Period for which your data will be stored||Will your personal data be shared with third parties?||Transfers outside the European Economica Area|
|1.||To register you as a new customer.||Identity Data, Contact Data and Profile Data.||Performance of a contract with you.||Until such time as you delete your account.||We share this data with organizations such as ObjectLabs Corp. (t/a Mlab), to help store user account information.||ObjectLabs Corp. stores this data in the USA. To ensure this transfer is lawful, we rely on the fact that we have a contract in place with ObjectLabs Corp. (i.e. the Standard Contractual Clauses) which is approved by the European Commission and gives personal data the same protection it has in Europe.|
|2.||To process users’ access to the Platform, including ensuring secure access to the Platform||Identity Data, Contact Data and Profile Data.||Performance of a contract with you. Necessary to comply with a legal obligation.||Until such time as you delete your account.||We share this data with organizations such as Auth0, Inc., to ensure secure access to the Platform.||Auth0 Inc. stores this data in the USA. To ensure this transfer is lawful, we rely on the fact that Auth0, Inc. is certified as complying with the EU-US Privacy Shield regime.|
|3.||To manage payments, fees / charges and to collect / recover money owed to us.||Identity Data, Contact Data and Transaction Data.||Performance of a contract with you. Processing is necessary for our legitimate interests (i.e. to recover debts due to us).||For as long as debts remain outstanding.||We will share your email address with Stripe Inc. so that payment receipts can be sent to you by email.||Stripe Inc. stores this data in the USA. To ensure this transfer is lawful, we rely on the fact that Stripe Inc. is certified as complying with the EU-US Privacy Shield regime.|
|4.||To transcribe audio or video files.||Content Data.||Performance of a contract with you. Necessary to comply with a legal obligation.||Until such time as you delete the transcription or your account.||To help us store transcriptions, we share this data with organisations such as ObjectLabs Corp. (t/a Mlab), Transloadit Limited and Amazon Web Services, Inc. or its affiliates.||ObjectLabs Corp. stores this data in the USA. To ensure this transfer is lawful, we rely on the fact that we have a contract in place with ObjectLabs Corp. (i.e. the Standard Contractual Clauses) which is approved by the European Commission and gives personal data the same protection it has in Europe. Amazon Web Services, Inc. or its affiliates store this data in the USA. To ensure this transfer is lawful, we rely on the fact that Stripe Inc. is certified as complying with the EU-US Privacy Shield regime.|
|6.||To administer and protect our business and the Platform (e.g. making users aware of new features or system issues, troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).||Identity Data, Contact Data and Technical Data.||Necessary for our legitimate interests (i.e. for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). Necessary to comply with a legal obligation.||Until such time as you delete your account and a reasonable period thereafter.||We may share this data with organisations such as:||Functional Software, Inc. (t/a Sentry) and Mixpanel Inc. may store this data in the USA. To ensure this transfer is lawful, we rely on the fact that Functional Software, Inc. (t/a Sentry) and Mixpanel Inc. are certified as complying with the EU-US Privacy Shield regime.|
Trint has executed a GDPR-compliant DPA with LogRocket, Inc.
|7.||To use data analytics to improve our Platform, services, marketing, customer relationships and experiences.||Technical Data and Usage Data.||Necessary for our legitimate interests (i.e. to define types of customers for our services, to keep our Platform updated and relevant, to develop our business and to inform our marketing strategy).||As there is an annual seasonality in our business, we will retain data for analytics purposes for 3 years.||We may share this data with organizations such as Functional Software, Inc. (t/a Sentry) and Mixpanel Inc. for analytics and error tracking purposes. This helps us improve our Platform.||Functional Software, Inc. (t/a Sentry) and Mixpanel Inc. may store this data in the USA. To ensure this transfer is lawful, we rely on the fact that Functional Software, Inc. (t/a Sentry) and Mixpanel Inc. are certified as complying with the EU-US Privacy Shield regime.|
|8.||Asking you to leave a review or take a survey.||Identity Data, Contact Data, Technical Data and Profile Data.||Processing is necessary for our legitimate interests (i.e. to understand the requirements of our clients).||For as long as we are using such data to improve our services and for a reasonable period afterwards.||We may use third parties to help us conduct surveys.||We may use services which store your personal information in the USA or elsewhere. Where we do so, we will ensure that the transfer is lawful.|
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
How personal data are collected
We may obtain personal data about you in two main ways:
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Platform). In this case, we may have to cancel the service you have with us but we will notify you if this is the case at the time.
Where we store your personal information
The personal data that we collect from you will be transferred to and stored at a destination outside of the European Economic Area (“EEA”). This data may also be processed by staff operating outside of the EEA who work for us or for one of our business partners or service providers. Further information is provided in the table above. Please contact us at firstname.lastname@example.org if you would like further details on the specific safeguards applied to the export of your personal data outside the EEA.
Disclosure of your information
We may also disclose your personal information to third parties in the following circumstances:
|Purpose of disclosure and third party(s) to which disclosure might be made||Use justification|
|If you request we do so||You have provided your consent|
|If Trint Limited or substantially all of its assets are acquired by a third party, personal information about our customers will be one of the transferred assets.||Legitimate interests (i.e. to dispose of our business).|
|If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of Trint Limited, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.||Processing is necessary for compliance with a legal obligation, or processing is necessary in order to protect the vital interests of a natural person.|
|We may disclose your personal information to third parties, the courts and/or regulators or law enforcement agencies in connection with proceedings or investigations anywhere in the world where we are compelled or believe it is reasonable to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.||Processing is necessary for compliance with a legal obligation, or processing is necessary in order to protect the vital interests of a natural person. Alternatively, legitimate interests (i.e. to cooperate with law enforcement and regulatory authorities).|
Under the General Data Protection Regulation (EU) 2017/676, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at email@example.com.
You have the following rights in relation to your personal data:
|Rights of Access||You have the right to obtain from us confirmation as to whether your personal data are being processed, and, where that is the case, access to such personal data.|
|Right to Rectification||We will use reasonable endeavors to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by sending us a request to rectify your personal data where you believe the personal data we have is inaccurate or incomplete.|
|Right to erasure / ‘Right to be forgotten’||Asking us to delete all of your personal data will result in us deleting your personal data without undue delay (unless there is a legitimate and legal reason why we are unable to delete certain of your personal data, in which case we will inform you of this in writing).|
|Right to restriction of processing||You have the right to ask us to stop processing your personal data at any time.|
|Right to data portability||You have the right to request that we provide you with a copy of all of your personal data and to transmit your personal data to another data controller in a structured, commonly used and machine-readable format, where it is technically feasible for us to do so.|
|Right to complain||You have the right to lodge a complaint to a supervisory authority such as the Information Commissioner’s Office in the UK (see www.ico.org.uk). Although we encourage our customers to engage with us in the event they have any concerns or complaints.|
We will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above; however, if you make excessive, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.
Where you request us to rectify or erase your personal data or restrict any processing of such personal data, we may notify third parties to whom such personal data has been disclosed of such request. However, such third party may have the right to retain and continue to process such personal data in its own right, for example to comply with its legal obligations.
Children under the age of 16
The Platform is not aimed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are under 16, please do not use our services or provide any information to us through the Platform. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at firstname.lastname@example.org.
Changes to this policy