GDPR Policy

Trustify Ltd takes data protection and privacy very seriously. We recognise that new General Data Protection Regulations (GDPR) become effective from 25th May 2018 and have been running a programme of work for some time to ensure we are able to comply with these changes. The following summarises our position.

About Us

​Trustify Ltd is a UK limited company whose commercial offices are at One Lochrin Square, Edinburgh, EH3 9QA and whose registered office is at 3 Forth Street Lane, North Berwick, East Lothian, EH39 4JB.

Trustify specializes in PKI Consulting and Crypto Service Delivery for large Enterprise organizations with evolving IT/OT requirements. Trustify’s Managed Security Services solve the problem of delivering End-2-End Encryption to complex Enterprise and IoT use cases, simply and cost-effectively. We work with Global leaders in DX Consulting and Systems Integration to secure their customers’ infrastructure and protect their digital services. Our customers include some of the largest companies and public sector/government departments globally. We also offer leading Cyber Risk Management solutions to SMEs, enabling organisations of any size, anywhere, to Secure Everything. Always.

What Personal Information Do We Collect and What Do We Use It For?

​At Trustify we will only collect the personal information we need in order to deliver our products and services to you, or to fulfil our statutory purposes and obligations. In doing so, we may collect any of the following:

• Your personal details such as name, job title, email address, postal address, telephone and other contact information (typically the sort of information that may be held on a business card and exchanged with other business contacts)
• Your contact preferences (for example whether you like to be contacted by post, email, text message, phone etc)
• Details of any interests and preferences you have in the products and services we provide now or may be considering for the future
• Details of your visit to our website including your IP address (the location of the computer on the internet), pages accessed and files downloaded
• Records of your correspondence with us, if you have contacted us
• Details of support and training requests you have made and information we may have provided to you in response to such requests
• Financial and accounting information such as purchase orders, payment records, bank details (eg. payment or receipt of monies) when you make a financial transaction with us

We do not collect or store sensitive personal data about people that we deal with, such as information relating to your race, ethnic origin, politics, religion, trade union membership, genetics, health, personal life, sexual orientation or criminal record.
We also do not hold contact details such as your home address, private phone number or other private contact details unless you choose to give us these in place of your business contact details. If you do so, we will provide the same levels of protection but this is entirely at your own risk.

We may collect information about you in the following ways:
​

• When you make an enquiry or provide feedback about our products or services, whether directly or via social media
• When you purchase a product or service from us
• When you request samples, trial software, product/service literature or evaluation services from us
• When you subscribe to our newsletters and blogs
• When you register an account on our web-site or our online portal
• When you request technical support or training services from us
• When you enter into any other form of contract or agreement with us​

We sometimes receive personal data from third parties when pursuing our legitimate purpose of growing the sales of our products and services to organisations with a likely interest in these. When doing so, we are aiming to develop a business-to-business relationship, strictly following these guidelines:

• When we use external marketing databases, these will be taken from third-parties who have sought and gained the approval for the named contacts to be listed for the purposes of such marketing
• We will take care to contact you only if we believe you are a person within your organisation with a professional interest in the products and services being offered (for example a key influencer or decision maker in the of procurement of such)
• We will not contact you if you have previously requested not to be contacted by us, either directly or through registering with the Telephone Preference Service, or the Mailing Preference Service etc.
• We will fully respect your data protection rights under GDPR. For further information please see the UK Information Commissioner’s Office website
• We will comply with other relevant legal or ethical standards and with industry codes of practice (for example the UK Privacy and Electronic Communications Regulations)​

Disclosing and Sharing Data

We will never sell your personal data. If you have opted in to our marketing we may contact you with information about our products and services including those delivered on our behalf by our partners, suppliers and other contracted third parties.
​
We will only share personal data if:

• This is necessary in order for us to deliver the products and services we have agreed to provide you with, for example where we are working with a contractor, supplier or partner that is carrying out work on our behalf. In such cases, this will be carried out under a formal agreement requiring them to keep your information confidential and secure
• We are legally required to do so (for example if compelled by an order of court or by a law enforcement agency legitimately exercising a power)

How Do We Protect Personal Data?

We take all reasonable care to protect our own data and the data entrusted to us by our customers and other stakeholders. This includes the implementation of a broad range of technical security measures including:

• Firewalls and other network security features
• Antivirus and other malware prevention
• Regular security patching and updates to servers and end-user computing
• Identity and access management systems with multi-factor authentication
• Encryption of data at rest and in transit using strong algorithms
• Intrusion detection and advanced persistent threat detection/prevention
• Security Information and Event Management
• Cloud based security controls where appropriate

These are backed by internal security processes and staff security awareness training.
Please note that Trustify does not publish further details of our security controls since this would constitute a security risk. If you have further queries, please contact our Information Security and Data Protection Officer (see below).

For How Long Do We Retain Personal Information?

​We will keep your personal data for no longer than is reasonable to fulfil the purposes for which it is processed.

Your Rights

Under the new GDPR you have the following rights regarding your personal information:

• The right to be informed about how we process your personal information
• The right of access to a copy of the information we hold about you (otherwise known as a Subject Access Request)
• The right to have your data erased (although this will not apply where it is necessary for us to continue to use the data for a lawful purpose, for example the administration of an existing agreement or delivery of an existing service)
• The right to have inaccurate data corrected promptly
• The right to object to your data being used for marketing or profiling purposes,
• The right to “data portability”, although this has no practical meaning in the context of the products and services we provide
• Rights in relation to automated decision making and profiling, but again this has little practical meaning in the context of the products and services we provide.

​​
Please be aware that exemptions apply to these rights in some cases.  There may also be circumstances where we legally prevented from complying with these. Further advice and guidance about your data protection rights can be found on the UK Information Commissioner’s Office website.

Your Rights

If you wish to contact Trustify on any aspect of your data protection rights please email us at info@trustify.com or write to the Data Protection Officer, Trustify Ltd, One Lochrin Square, Edinburgh, EH3 9QA, United Kingdom.