Data collected from data subject (Articles 13 and 14):

This table does not apply to trust-hub employees that are subject to other conflicting legislations such as those covering UK employment and tax.

GDPR Article 13 Para. 1(a) The Controller:  The contact details of the person who decides how and why your personal data is used (the ‘Controller’) are:

Simon Loopuit trust-hub Limited 450 Brook Drive Green Park Reading RG2 6UU United Kingdom +44 (0)20 3582 5055
GDPR Article 13 Para. 1(b) The Data Protection Officer:  The contact details of the person responsible for ensuring that trust-hub understand how to provide adequate protection over your personal data is David Nunn.  Address, email and telephone number are the same as for the ‘Controller’, above.
GDPR Article 13 Para. 1(c) Processing Purpose and Legal Basis:  Your personal data was provided to trust-hub, by yourself, for the purpose of learning more about our products and services.  The reason we are legally able to use your personal data is that you gave us your consent for this sole purpose.
GDPR Article 13 Para. 1(d) Legitimate Interests of the Controller:  After a Right to Erasure instruction. trust-hub will retain your basic identity in the event that you tell us you no longer wish to be contacted (your Right to Erasure), so that we know not to contact you in future in the case where your identity finds its way back onto our contacts database from another legally-compliant source. If you do not wish us to retain this basic identity for this ‘Legitimate Interest’ purpose, please contact our controller (contact details above) to instruct us to carry out a full deletion.
GDPR Article 14 Para 1(d) Categories of personal data:  The only category of personal data stored about you is your ‘Personally Identifiable Information’ (sometimes referred to as PII) – generally speaking, this means your name or online identifier and your contact details.
GDPR Article 13 Para. 1(e) Categories of recipients:  Representatives of potential business-to-business customers. This personal data is gathered specifically for identifying any business that may be interested in our products and services (direct marketing to businesses).
GDPR Article 13 Para. 1(f) Transfer of your personal data to non-EU countries:  trust-hub do not transfer your personal data outside of the EU.  Your personal data, whilst under our care, shall be fully protected by the requirements of GDPR.
GDPR Article 13 Para. 2(a) Personal Data storage period:  Your personal data shall be stored until you inform us that you no longer have an interest in our products and services, in which case your personal data shall be blocked from further use within one calendar month, or erased, if you have notified us that you wish your personal data to be erased.  Where we have not heard from you or your employer for a period of up to 6 months, we shall assume you are not interested in our products or services, and block your personal data from further use until such time as you notify us otherwise.
GDPR Article 13 Para. 2(b) Your rights:  Your rights with regard to your personal data are listed below: (i) View/correct:  You have the right to request from our controller – see 1(a) above – a copy of the personal data we store about you, as well as the right to have your personal data corrected where it is wrong or has changed.(ii)  Block/Erase:  If you do not wish to be contacted again, you can request us to (1) block your data from future use, or (2) erase your data entirely.  Our default is blocking from future use, as this ensures we will not accidentally contact you again if your name somehow appears on our list of direct business contacts.  If you ask us to erase your data, we will totally erase all records we have about you, from all of our systems, backups and archives, including paper copies.  Therefore, there is a possibility that we may obtain your personal details from another source in future, and try to contact you again, in error, so we recommend blocking instead of total erasure.  You also have the right to request that we restrict the use to which we put your personal data – for instance, you may want us to contact you solely for the product or service you have expressed an interest in, not any other or future products or services we may think of interest to you, that fall under a similar interest area.(iii)  Objection:  You have the right to object to our processing of your personal data, in which case we will review the personal data we store about you, and the processing that was carried out on your personal data, and we shall aim to resolve your objection to mutual satisfaction as a priority.(iv)  Data Portability:  You have the right, under ‘data portability’ rules, to ask us for an electronic copy of any personal data we obtained from you.
GDPR Article 13 Para. 2(c) Withdrawal of consent:  Where you have given us your consent to process your personal data, you may withdraw this consent at any time, verbally or in writing.  We prefer in writing, for our records.  When you withdraw your consent, we shall not use your personal data again without you providing your consent to do so. Withdrawal of your consent does not affect the legality of our processing of your consented personal data in the past.
GDPR Article 13 Para. 2(d) Right to complain:  If at any time, you are unhappy with the way we have processed your personal data, please feel free to contact us and we will do our best to make things right.  However, you have the right to raise a complaint with the UK Supervisory Authority.  At the time of writing (2017), the equivalent of the UK Supervisory Authority is the Information Commissioners Office.
GDPR Article 13 Para. 2(e) Statutory or contractual requirement:  Your personal data is not required for any statutory or contractual requirement.
GDPR Article 14 Para 2(f) Source from which we obtained your personal data:  Your personal data was obtained from a direct communication from you, as a request for information about our products and services.  We do not use purchased marketing lists, and our online tracking technology is only used to identify interest from the company that you work for, not you as an individual – i.e. a business-to-business marketing lead.
GDPR Article 13 Para. 2(f) Automated individual decision-making, including profiling: trust-hub do not carry out any form of automated individual decision-making about you (“making a decision solely by automated means without any human involvement”). Also, trust-hub do not carry out any form of profiling about you (“automated processing of personal data to evaluate certain things about an individual”).
GDPR Article 14 Para 3 When you should receive this notification. trust-hub shall provide a link to our privacy policy in all emails sent to you. Also, this information is freely available via an easily visible Privacy Policy hyperlink from our main web site page.
GDPR Article 13 Para. 3 Further processing.  trust-hub shall not further process any of your personal data, outside of the purpose for which it was provided.
GDPR Article 13 Para. 4 Information already provided.  Where trust-hub has already provided you with this information (directly or via our web site Privacy Policy), we shall not be obliged to provide it again, so please take care of these details.  However, if you lose this information, please remember it is freely available via our web site Privacy Policy, and do contact us if you have any questions, concerns or problems.
GDPR Pre-amble (39) GDPR Categories of Personal Data, and Pre-amble (75) The risks to you if your personal data is stolen (breached) from our ultra-secure servers: The risks associated with sharing the Personally Identifiable Information (PII) that we hold about you (in the unlikely event that your personal data were stolen from our ultra-secure servers) are listed below. Note that the probabilities stated are generalised; you should always consider your own circumstances in relation to the risks stated, as there are always circumstances that would put your personal risk outside the ones generalised below. Also, consider whether the Personally Identifiable Information we store about you is already freely available on the internet, for instance on business social media such as your LinkedIn pages, and hence whether the breach of this personal data from trust-hub has added any personal risk to you.

  • Illegal direct marketing.  Probability: High. The thieves could use your personally identifiable information (PII) to carry out direct marketing to you, and (being criminals) they probably won’t stop if you ask them to.  We recommend you change any leaked details where feasible, such as your email address, any online account user IDs, social media account IDs, etc.
  • Financial gain/fraud/identity theft.  Probability:  Medium. Knowing who you are and how to contact you could open you up to receiving emails with fake internet links so they could pretend to be your bank, and steal your bank login details. Or they could apply for a credit card in your name. Whilst your natural caution against such suspicious emails may protect you, the leaking of your PII to criminals is not desirable, of course. Again, we recommend that you change your email address or implement a white list filter on your incoming emails, and remain extra vigilant for at least 12 months.
  • Terrorism.  Probability:  Very Low to Low. A risk of terrorism directed towards you would be unlikely to apply unless other categories of personal data also leaked, maybe affiliating you with radical beliefs, or targeting you as having extreme wealth.  Unless you are already famous, then the leakage of your PII is unlikely to result in terrorism.  If you have any concerns over this risk, we recommend you discuss them at your earliest opportunity with the Police.
  • Industrial espionage. Probability:  Low to Medium (see wording below). Industrial espionage is where a competitor to your employer tries to gain access to your employer’s company secrets. This could be achieved by the criminal pretending to be you. This risk is more likely where you are a key member of staff for your employer, that has access to valuable trade secrets, and where your role in your employer organisation is known outside of the company. If you believe that this risk applies to you, then we would advise that you discuss this with the employers’ physical and IT security team(s).