This privacy notice tells you about the information we collect from you when you engage with one of our websites or services. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.
Changes to the data protection law
From the 25th of May 2018, we will be processing your personal data in accordance with the General Data Protection Regulations (GDPR).
Who are we?
We are GTI Media, a company which is part of our parent company Group GTI. Our main address is:
The Fountain Building, Howbery Park Benson Lane Wallingford Oxfordshire OX10 8BA, UK
You can contact us by post at the above address, or by via email at firstname.lastname@example.org or by telephone on +44 (0)1491 826262.
We are not required to have a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details above asking for the person responsible for data protection.
What personal data do we collect?
Through our client portal, we request certain personal information from you in order to identify you for the purposes of authenticating your access.
This will include your personal contact details, the organisation and department you work for, and your specific role in the organisation.
The personal data requested does require “special category data” to be collected as part of the process.
Where else may we get your data from?
We may receive you details via you employer as part of a bulk registration process but this would be very rare requests are generally managed individually via the registration page on the targetconnect.net client portal.
Why do we collect this information?
We collect information in order to be able to provide you access to the materials about the operations of the TARGETconnect system, this includes training material and other information pertinent to you, are a client of GTI, but would be commercially sensitive.
Where is my information stored?
Your information is stored in systems within the European Union (specifically the UK).
What do we do with your information?
The personal information you provide helps us assess your registration request and help in our communications with you.
To be more specific your information may be used in one or more of the following ways:
- communicate with you about the TARGETconnect system
- notify you of any changes to terms and conditions or policy changes
- help us improve our services and it’s delivery to you
- carry out our obligations in relation to any contracts between your organisation and GTI
- in an aggregated and anonymised form, use the data to manage our relationship with our clients, and also improve delivery of the scheme
- resolve complaints and data access requests in accordance with data protection law
- for the facilitation of any legal obligations or defend any court actions that we may have.
Who we might share your data with?
Government, legal or regulatory authorities
GTI may be required to share your personal information with certain public or legal authorities where there is a legislative obligation to do so.
Automated processing and profiling
There are no automated decision making processes that would impact you as a result of any automated processing.
Legal basis for processing your data
The legal basis for processing under both the DPA and GDPR across our sites are outlined in the table below:
– This table will scroll horizontally on smaller devices
|Data category||Description||Legal basis|
|Organisation related personal details||These are contact details associated with a person that has been supplied as part of an application for system access||Contractual necessity (Article 6(1)(b)) and legitimate interest (Article 6(1)(f))|
It may be necessary for GTI to process your data in order to fulfil a contract with your organisation through the provision of training materials, updates, and other relevant communications.
GTI may also process your data when it is in our legitimate interest to do so and in doing so it does not override any of your data protection rights. Our legitimate interests include:
- ensuring the security and integrity of our services and ensuring that our systems work properly;
- protecting clients, employees and other individuals (including yourself) and maintaining their safety, health and welfare;
- understanding our client’s and your behaviour, activities, preferences, and needs to deliver a better quality and custom experience;
- improving the delivery of the service;
- the handling of client and your contacts, queries, complaints or disputes; and
- fulfilling our duties to our clients, yourself, colleagues, shareholders and other stakeholders.
You have the right to object to the processing of your data under legitimate interest should you feel that such legal basis is not warranted or feel that it overrides any of the rights that you may have.
How long do we keep your information for?
– This table will scroll horizontally on smaller devices
|Organisation related personal details||For the length of your organisation’s contractual relationship with us. Your information will be removed once your organisation is no longer a user of the TARGETconnect system.|
Your rights over your information
By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate.
You can also ask us to give you a copy of the information and to stop using your information for a period of time if you believe we are not doing so lawfully.
To submit a request by email, post or telephone, please use the contact information provided above.
In addition to the above you have the following rights under GDPR:
- The right to ask what personal data is held without charge from the 25th May 2018.
- The right to ask to update and correct any out of date or incorrect personal data that we hold free of charge.
- The right to erasure of personal data where consent is the only legal basis for processing and that consent has been withdrawn.
- The right to data portability in the sense that personal data provided directly by the data subject is exportable in an open format like CSV where the legal basis for processing is based on either contract or consent.
- The right to restrict or object to the processing of your personal data where:
- You contest the accuracy of the personal data and the accuracy needs to be verified;
- You object to the processing under legitimate interest ground and consideration needs to be made whether GTI’s legitimate interest overrides that of the individuals;
- The processing was unlawful and you request restricted processing over erasure;
You can withdraw consent at any time where consent has been relied upon. If consent is the sole legal basis for processing, we will stop processing the data after the consent is withdrawn. The data will then be placed in a restricted processing mode until you have asked to exercise your right to erasure or the personal data falls outside stated retention period (whichever comes first).
Our communications with you
We will periodically communicate with you by email, post, telephone or device notifications for the purposes of delivering our services to you. The legal purpose for which is under the legitimate interest provision under both GDPR and the Privacy and Electronic Communications Regulations (PECR).
However, should you be concerned about the content of these communications (such as unwanted marketing communications or simply want to change the way we communicate with you please contact us by telephone or letter at the details provided above.
Changes to this privacy notice
From time to time we may need to make changes to this notice. We will attempt to inform you of any changes that are made either through both email notifications or through associated websites. You can obtain the most recent version of this notice from https://groupgti.com/privacy/targetconnect or by contacting us directly. This privacy notice was last updated on the 1st October 2018.
Your right to complain
If you have a complaint about our use of your information you can do so with the relevant supervisory authority within the EU to which you are a resident, whom may refer the complaint to the UK supervisory authority.
Complaints in the UK can be made to the Information Commissioner’s Office via their website at www.ico.org/concerns or write to them at:
Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF