Sentrio, privacytool.info and our other services are provided by Privacy Products Limited.
If you provide your data by contacting us, or when you or your organisation become a client, supplier, collaborator, candidate, employee, etc., then like all businesses, we may need to process your data.
We will use personal data about you for the purpose for which it is given and in accordance with all applicable laws (including the GDPR and Data Protection Act) and this Notice. This Notice may be updated from time to time so please check back to this page for the most current information.
- Data controller The organisation that decides how and why your personal data is processed (the "data controller") is Privacy Products Limited, contactable here:
Privacy Products Limited
11 Barnfield Road
London W5 1QU,
- Purposes and legal basis for data processing If you are or work for a client or potential client, or a service provider or supplier working with Privacy Products, then Privacy Products may need to process certain data about you for the following purposes:
- (a) clients: to provide and charge for Privacy Products’ services as agreed, including managing your login credentials, and commercial, technical and billing contacts: the legal basis for this processing is that this is necessary (if you work for a corporate client) based on our legitimate interests in managing our business, or (if you are an individual client) in order to carry out our agreement with you;
- (b) web users: to respond to your enquiries, questions and comments sent to us via our websites or other contact details: the legal basis for this processing is that this is necessary based on our legitimate interests in communicating properly with you and managing our business;
- (c) suppliers: to receive and pay for services and goods provided to Privacy Products: the legal basis for this processing is that this is necessary (if you work for a corporate supplier or potential supplier) based on our legitimate interests in managing our business, or (if you are an individual supplier) in order to carry out our agreement with you;
- (d) to comply with laws and regulations that apply to us including in the areas of invoicing, accounting and tax, record-keeping: the legal basis for this processing is that this is necessary in order to comply with Privacy Products’ legal and regulatory obligations;
- (e) to promote Privacy Products’ services and products (e.g., for sending you news and information about our publications, seminars or services of potential interest to you): the legal basis for this is that this is necessary based on our legitimate interests, namely managing and developing Privacy Products as a business and improving our websites and services.
- Provision of personal data to third parties
Privacy Products does not share your data with third parties for any purpose outside those listed above.
In providing services and managing its business, Privacy Products may need to share your personal data with third parties who work with or provide services to us. This includes other service providers that process data on our behalf and which we will ensure are subject to similar obligations of data protection as referred to in this Notice.
Where these are based in countries outside the UK, the European Union, the European Economic Area, or other places not officially recognised by the UK or European Commission as having equivalent data protection laws, this will be done on the basis of safeguards that are intended to ensure that your data is kept as secure as under applicable UK and EU laws. These safeguards may include standard contractual clauses issued by the UK Information Commissioner, the European Commission or other Supervisory Authorities. If we receive a valid request we may release a copy of such safeguards.
Other circumstances where Privacy Products may need to disclose your personal data to third parties could be
- (i) where required by regulators, courts, or law enforcement agencies, or by applicable laws, regulations or codes of practice;
- (ii) in connection with legal disputes or proceedings; or
- (iii) in order to exercise or defend Privacy Products legal rights.
- Retention periods for personal data Privacy Products will only retain your data for as long as necessary for the purpose for which it was collected. However, please note that personal data in Privacy Products’ possession may need to be retained even after the end of our relationship with you, in particular in order to comply with applicable legal or accounting rules. Privacy Products will normally retain records for the longer of the limitation period applicable to civil claims in relation to services provided (under English law normally six years) and the mandatory period for holding tax-related records (normally six years from the end of the financial year). In relation to potential clients and marketing related data, Privacy Products will retain this data for the time that the relationship remains active and will review periodically whether the information is still relevant or should be erased.
- Your legal rights Applicable laws give you various rights relating to your data. For example, you are entitled to ask at any time:
- (a) for access to a copy of the personal data that Privacy Products holds about you;
- (b) to have any incorrect personal data about you corrected;
- (c) for data about you to be erased (“right to be forgotten”) or if that is not possible (e.g. due to a legal retention period as referred to above) or you do not want that, to have processing restricted; or to object to particular types of processing;
- (d) to receive an electronic copy of data you provided to us, for provision to a new service provider (“data portability”).
Where Privacy Products processes any data based on consent that you have given in the past, then you are always allowed to withdraw that consent (although the processing that took place before withdrawal will still be legal).
Privacy Products is always reachable as indicated in Section 1 above to resolve any issues or doubts you may have in relation to processing of your data or to help with exercising your legal rights. If you believe that your rights have not been respected then you also have a right to complain to the Supervisory Authority or Data Protection Authority in your country (i.e., in the UK the Information Commissioner’s Office at www.ico.org.uk (opens in a new tab)) to ask them for a resolution.
- Consequences of not providing personal data You do not have to provide any personal data in order to view our websites. If you or your organisation is a Privacy Products client, then we will need to process some personal data from your authorised users so that they can log in and access the relevant services.
Last updated: 10 November 2021