1 Overview
At TopHat Corporate Limited, we take the privacy of our customers, and contacts seriously. We are committed to safeguarding privacy and to complying with the UK Data Protection Act 1998, the General Data Protection Regulation 2018, and the Privacy and Electronic Communications Regulations 2011.
This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our procedures and processes regarding your personal data and how we will treat it. By visiting and exchanging details with us you are accepting and giving consent to the practices described in this policy.
For the General Data Protection Regulation (GDPR), the data controller is TopHat Corporate Limited which can be contacted using the following contact details:
Data Protection Officer
Unit 3000
Park Avenue
Foston
Derby
DE65 5BT
Email: dataprotection@tophat.io
TopHat Corporate Limited has an appointed Data Protection Officer. Our Customer Service team will be your initial point of contact if you wish to exercise your rights; our DPO can be reached here: dataprotection@tophat.io
2 Information Collection
We will collect and process the following data about you:
2.1 Information you give us
This is the information about you that you give us by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our website / mobile site, subscribe to our service, place an order on our website / mobile site, participate in discussion boards or other social media functions on our website / mobile site, enter a competition, promotion or survey, complete a call-back form and when you report a problem with our website / mobile site. The information you give us may include your name, company name, postal address, e-mail address, phone number, and credit card information.
2.2 Information we collect about you
About each of your visits to our website / mobile site or use of our service we will automatically collect the following information:
Technical information, including, but not limited to, the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, Customer Identification Numbers, Usernames, time zone setting, device, operating system, and platform.
Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, downloads, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
2.3 Information we receive from other sources
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our website. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.
3 Use of the Information
Except where we use your personal data for marketing purposes based on prior consent and subject to any opt out preferences you notify to us in respect of electronic direct marketing communications, we process personal data as necessary for the purpose of our legitimate interests in promoting our products and services.
We use information held about you in the following ways:
3.1 Information you give to us
We will use this information in accordance with our selected lawful basis of processing:
To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
To provide you with information about other goods and services we offer that are like those that you have already purchased or enquired about;
To provide you with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by e-mail, telephone or direct mail with information about goods and services like those which were the subject of a previous sale or negotiations of a sale to you.
To notify you about changes to our service;
To ensure that content from our website / mobile site is presented in the most effective manner to you.
3.2 Information we collect about you
The legitimate interests that we will rely upon to process this information are:
⦁ To administer our website / mobile site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
⦁ To improve our website / mobile site to ensure that the content is presented in the most effective manner to you;
⦁ To allow you to participate in interactive features of our service, when you choose to do so;
⦁ As part of our efforts to keep our website / mobile site safe and secure;
⦁ To measure or understand the effectiveness of marketing we serve to you and to deliver relevant marketing to you;
⦁ To make suggestions and recommendations to you of our website / mobile site about goods or services that may interest you.
In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please contact our DPO at the contact details stated above. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose you originally agreed to, unless we have another legal basis for processing.
4 Change of Purpose
We will only use your personal information for the purposes for which we collected it. If we need to use your personal information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose, we will explain the legal basis which allows us to process your personal information for the new purpose and we will provide you with any relevant further information. We may also issue a new privacy notice to you.
5 Disclosure of Information
You agree that we have the right to share your personal information with:
5.1 Selected Companies
Your personal information will be made available to the following companies on need basis:
⦁ TopHat Labs Limited
⦁ TopHat Industries Limited
⦁ TopHat Communities Limited
⦁ TopHat Technologies Limited
The information will also be shared with other subsidiaries and branch offices, if any, based on legitimate interest for the purposes of HR, payroll, tax, insurance & immigration related activities, in case you are made an offer for employment.
5.2 Selected Third Parties
⦁ Suppliers and sub-contractors for the performance of any contract, or to take steps to enter into a contract;
⦁ Analytics and search engine providers that assist us in the improvement and optimisation of our website / mobile site;
We will disclose your personal information to third parties:
⦁ if TopHat Corporate Limited or substantially all its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
⦁ if we are under a duty to disclose or share your personal data to comply with any legal obligation.
6 Where we store your personal data
It may sometimes be necessary to transfer personal information outside of the EEA. This may include transfers to the US-based servers. The European Commission has determined, based on article 45 of Regulation (EU) 2016/679 as well as the EU-US Privacy Shield Framework, that the United States of America offers an adequate level of data protection, both by its domestic legislation and by the international commitments it has entered into.
Additionally, securing data transfers to third countries which don’t fall under the purview of the adequacy decision will be enforced via ICO specified binding corporate rules, certification mechanisms, codes of conduct, model contractual rules, and derogations (articles 46 through 50 of Chapter 5 of Regulation (EU) 2016/679). Such transfers will be made only to servers / companies with strong data protection practices, stringent safeguards on government access to data, and provisions to effective protection and redress for EU residents.
Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website / mobile site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
7 Retention of data
We keep your personal information for no longer than necessary for the purposes for which the personal information is used or otherwise processed. The length of time we retain personal information depends on the purposes for which we collect and use it and / or as required to comply with applicable laws. Your data is retained and cleansed in accordance with our Data Retention Policy which can be obtained by contacting our DPO via email: dataprotection@tophat.io
8 Your Rights
We will only process your data for marketing purposes where you have given express consent to us to do so or where there is a legitimate interest for us to do so. The legitimate interests that we will rely on are as listed above under “Use of the Information – Information that we collect about you”. In any event, we will only rely on legitimate interest as a ground for processing your data where we have established a legitimate interest and where an assessment supports the use of such data processing.
You have the right to object to our use of your personal data which is processed based on our legitimate interests. However, we may continue to process your personal data, despite your objection, where there are compelling legitimate grounds to do so or we need to process your personal data in connection with any contract or legal requirement.
At any time, even if you have previously consented, you have the right to ask us not to process your personal data for marketing purposes and/or not to disclose it to third parties for marketing purposes.
You can do this by contacting us using the following email address: dataprotection@tophat.io
You can also use this email address to notify us of any preferences you have in relation to the processing of your data, for example, as to the frequency of communications that you receive from us or the manner or the subject matter of such communications.
You have the following rights with respect to your personal information:
8.1 Right of Access
You have the right to request from us information on which personal information about you we process at any time. Please send your request to the postal or email address stated above.
8.2 Right to Rectification of Incorrect Data
If data about you is inaccurate, you have the right to obtain from us rectification of such data without undue delay. Please send your request to the postal or email address stated above.
8.3 Right to Erasure
Under the requirements set out in Art 17 GDPR you have the right to request from us the erasure of your personal information. In particular you may ask us to erase personal information, if (i) it is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) the personal information has been unlawfully processed, (iii) you object to the processing pursuant to Art 21(1) GDPR and there are no overriding legitimate grounds for the processing, (iv) the personal information has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject or (v) you withdraw your consent on which the processing is based and there is no other legal ground for the processing. Please send your request to the postal or email address stated above.
8.4 Right to Restriction of Processing
We do not use automated decision-making including profiling.
8.5 Right to Data Portability
According to Art 20 GDPR you have the right to receive the personal information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Please send your request to the postal or email address stated above.
8.6 Right to Object
Pursuant to Art 21 GDPR, you have the right to object, on grounds relating to your situation, at any time to processing of personal information concerning you which is based on point e) or f) of Art 6 para. 1 GDPR. We will no longer process your personal information unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishing, exercising or defending legal claims.
If you would like to exercise any of the above rights, please use the postal address mentioned above or email the Data Protection Officer at dataprotection@tophat.io in writing. Note that these rights are not absolute and, in some circumstances, we may be entitled to refuse some or all of your requests.
Note too that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website: https://ico.org.uk.
9 Changes to our Privacy Policy
Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
10 Transfers of Information
The personal information may be processed by staff operating outside the EEA working for us, other members of our group or third-party data processors for the purposes mentioned in section 2 above. Further details on to whom your personal information may be disclosed are set out in section 4 above.
If we provide any personal information about you to any such non-EEA members of our group or third-party data processors, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Policy. These measures include entering into European Commission approved standard contractual arrangements with them.
11 Security
TopHat Corporate Limited has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know to perform their job duties and responsibilities. You can obtain further information about these measures from our DPO at the contact details stated above.
Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions.
12 Third Party Websites
Please note that this Privacy Policy only applies to the personal information that we (or third parties on our behalf or our group companies) collect from or about you and we cannot be responsible for personal information collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or third-party terms and conditions or policies.
13 Complaints Procedure
If you have any complaints in relation to how our business has processed your data or in relation to the exercise of your rights as detailed above, you can in the first instance raise your concerns by contacting us at the following email: dataprotection@tophat.io. You may also contact the Information Commissioner’s Office in relation to any such complaints https://ico.org.uk/.
14 Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to our data protection officer via email: dataprotection@tophat.io or post to:
Data Protection Officer
Unit 3000
Park Avenue
Foston
Derby
DE65 5BT