Toro Risk Solutions - Global Limited (09465940) with registered office at First Floor 103 Mount Street, Mayfair, London, England, W1K 2TJ (“we” or “us”) is committed to working in accordance with the General Data Protection Regulation as enacted by the Data Protection Act 2018 (GDPR) and with the highest standards of ethical conduct.
This Privacy Notice describes how we collect and use Personal Data about you during the period in which we are engaging with you on a business to business basis.
In relation to your Personal Data, we shall be acting as a Data Controller for Personal Data we collect about you.
Capitalised words not defined herein shall bear the meanings associated with them under the GDPR.
We have appointed a Data Protection Officer to inform and direct our use of your Personal Data who may be contacted by email at email@example.com. Please use “Privacy” as the message subject.
Data Protection Principles
In adhering to the GDPR we are committed to protecting Personal Data in accordance with the following:
1. Data must be processed lawfully, fairly and in a transparent manner.
2. Data must be obtained for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
3. Data processed must be adequate, relevant and limited to what is necessary.
4. Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure data that are inaccurate, are erased or rectified without delay.
5. Data must not be kept for longer than is necessary for the purposes for which the data are processed.
6. Data must be processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, using appropriate technical or organisational measures.
The Personal Data, as defined under the GDPR, which we process includes certain information which can be used to identify the person in question (“Data Subject”, or “you”).
Although we don’t currently collect and/or process Sensitive Personal Data, we shall inform you should this change, as well as the further protections that we would implement.
The Personal Data we collect and Process about you is as follows:
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey.
Raising awareness of our brand;
Generating sales leads;
Following up on sales leads;
Generating inbound sales enquiries.
To use data analytics to improve our products/services, marketing, customer relationships and experiences.
To make suggestions and recommendations to you about goods or services that may be of interest to you and are related to the information or services we have previously provided.
Type of Data
Email Address (Contact / Profile), Job Title (Identity), Forename (Identity), Surname (Identity), Telephone Numbers (Contact), IP Address (Identity).
When and how data is collected
Data is collected from you directly.
Unless otherwise instructed by you, we retain Personal Data for a period of 12 months from when you last contacted us or used our services.
Following the above 12 month period, the Personal Data is anonymised.
We may provide links to third-party websites or resources. We do not control these third-party websites and we are not responsible for their privacy statements. We encourage you to read the privacy notice of every website visited.
Other Non-Personal Data
This is data where your identity has been removed (anonymised data). We use such data for our own purposes.
Keeping in touch with you
Where we have reason under legitimate interest to update you about our services we may reasonably do so. You may opt out at any time.
Where you request us to add you to a subscription list to receive certain information we will do so and communicate with you in your chosen method as applicable. You may request to be removed from such lists at any time.
We will not share your Personal Data with other companies.
Rights of Data Subjects
You have the following rights under the GDPR:
1. the right to be informed, which encompasses the obligation to provide transparency as to how Personal Data will be used;
2. the right of access;
3. the right to rectification of data that is inaccurate or incomplete;
4. the right to be forgotten under certain circumstances;
5. the right to block or suppress processing of Personal Data; and
6. the right to data portability which allows parties to obtain and reuse their Personal Data for their own purposes across different services under certain circumstances.
Where you wish to exercise any of the above rights, you should contact us, the Data Controller, at firstname.lastname@example.org.
Security of Data
We are committed to taking steps to ensure that Personal Data is protected, and to prevent any unauthorised access, unauthorised changes, accidental loss, destruction, unlawful processing, equipment failure or human error, and will do this through the continual monitoring of our security systems and by regular training and awareness raising.
Any data breaches will be managed according to the Company’s procedures documented in its Incident Management Policy and Procedures.
Unless otherwise directed by legal obligation, any requests from a governmental body shall be referred to the Data Controller.
Third party Data Processors
In providing the Services, we currently engage some parties, all of whom we have assessed to ensure GDPR compliance.
Transferring Personal Data to a Country Outside the EEA
Other than as set out above, we do not transfer Personal Data outside the European Economic Area (EEA) if you yourself are based within the EEA.
If you are based outside of the EEA we shall be obliged to send your Personal Data outside of the EEA, in order to provide our services and to reach you.
Whenever we transfer your Personal Data to a third-party data processor outside of the EEA, we have ensured that appropriate measures, as allowed for by the GDPR, are in place to continue the ongoing protection of your Personal Data.
Data Protection Measures
The Company is committed to ensuring the security of Personal Data and to processing it in line with the Data Protection rules. As such, the Company will:
1. Ensure that all staff are aware of their responsibilities and the Company’s obligations and responsibilities in relation to data protection.
2. Ensure that all staff and individuals/organisations who handle data on behalf of the Company are appropriately trained and receive refresher training on a regular basis.
3. Ensure that all staff and individuals/organisations who handle data on our behalf are regularly monitored, assessed and reviewed.
4. Ensure that all organisations who handle data on our behalf are carrying out data processing in line with the Data Protection rules.
5. Regularly review the Company’s methods of data collection, handling, processing and storage.
We are committed to monitoring this Privacy Notice and will update it as appropriate, on an annual basis or more frequently if necessary.
We try to meet the highest standards when processing your Personal Data. For this reason, we take any complaints we receive about our services seriously. We encourage you to bring any issues, in relation to data privacy, to our attention if you think that our processing of your Personal Data is unfair, misleading or inappropriate by email at email@example.com.
You may also contact the Supervisory Authority in the UK, the Information Commissioner’s Office, by selecting the appropriate option at https://ico.org.uk/concerns
The Toro website and marketing utilises "cookies". A cookie is a small text file that is stored on your computer for record-keeping purposes. A cookie does not identify you personally or contain any other information about you but it does identify your computer.
We and some third-party service providers may use a combination of “persistent cookies” (cookies that remain on your hard drive for an extended period of time) and “session cookies” (cookies that expire when you close your browser) on the website to, for example, track overall site usage, and track and report on your use and interaction with ad impressions and ad services.
You can set your browser to notify you when you receive a cookie so that you will have an opportunity to either accept or reject it in each instance. However, you should note that refusing cookies may have a negative impact on the functionality and usability of the website.
1 January 2019