For all concerns, questions, complaints or requests for action on your own rights as a data subject under the EU General Data Protection Regulation (GDPR) please email firstname.lastname@example.org or contact +44 1753 214000 and ask the operator to send a message to the above email on your behalf. These requests will be submitted to the IT Manager who has the authority to engage with all projects, managers and directors to handle data protection requests effectively. Any data gained by TTI (Europe) Ltd is exclusively owned by the project and is never sold on to third parties, only the specific client commissioning the project.
TTI (Europe) Ltd is wholly owned by Technical Training, Inc. based in Michigan, USA which operates globally. As such, we utilise global IT systems including email based in UK, Japan and USA, as well as cloud storage based out of USA and local UK servers located in our offices and in the cloud. We also maintain cloud servers for specific client projects, these will be physically located in data centres close to where the project is being delivered. We employ principle of least access in all scenarios which means that only the staff that have a need to access data are given access and all access is via individual named user accounts.
General Purposes for holding personal data:
- Research Projects: Our clients engage TTi (Europe) Ltd to conduct Research Survey campaigns on their behalf. In this scenario we act as the data processor and are securely passed information about individuals by our clients. During surveys we may also collect data from yourself for the purpose of demographic processing and/or assessing the specific questions in the survey. This data falls under the GDPR categories of “Personal Data” and occasionally “Sensitive Personal Data”. Retention 2 years from project finalisation, unless otherwise instructed by the individual(s) concerned. All Research data is held on UK based servers with a processing server in Japan for delivery of web surveys into Asia Pacific – no data is stored on the Japan server.
- Training Projects: Our clients engage TTi (Europe) Ltd to conduct or manage training on their behalf. In this scenario we act as the data processor for all trainees and trainers except where our own trainers or our own associates in which case we are the data controller. We must maintain contact details and occasionally payment and/or passport details for individuals in this area to allow us to manage training co-ordination, payment or travel plans. We may also maintain data regarding training outcomes and performance as well as training needs assessment data. This data falls under the GDPR category of “Personal Data”. Retention 2 years from project finalisation, unless otherwise instructed by the individual(s) concerned. Training data may be stored on the UK or USA based servers.
- Business Development: We may maintain personal data for the purpose of contacting potential clients and marketing the business. This information may come from yourself via our website, via our clients and contacts by word of mouth, purchased or free online databases and social media platforms. This information is restricted to names, emails, phone numbers, addresses, role and industry type. We are the data controller of this information and this data falls under the GDPR category of “Personal Data”. Data will be retained for a period of 36 months. Business Development data may be stored on the UK or USA based servers.
- Central Services: This includes personal data relating to our own staff, contractors and associates. In this area we have a requirement to hold data in the GDPR category “Personal Data” for legal reasons such as reporting employment data to the government which may include name, address, date of birth, driver licence, passport/visa details, taxation numbers, bank account details and salary/payments information. We may also use the same information to process payments, organise travel or staff benefits. Further information we may hold are contact phone numbers and email addresses that our central team may use for contacting the individual both while employed/under contract and after. We act as the data controller for central services data and are required to keep this information for 7 years. Central data may be stored on the UK or US based servers.
- Under GDPR all data subjects (defined as a natural person) have the right to withdraw consent to our holding of their personal data (right to be forgotten) and the right to get a report on all personal data we hold on the same individual requesting it or their dependants (subject access request). Should you wish to make a request on your own or your dependant’s behalf, please send an email to the contact address at the top of this policy with as much information as possible to enable us to process your request efficiently, per the GDPR this will be free of charge. Please note that where we are required to hold personal data for other legal reasons it cannot be deleted.
Please direct all complaints to the email address at the top of this policy in the first instance. Should you believe that we are not processing your requests fairly then it is your right to contact the UK Information Commissioners Office (ICO) https://ico.org.uk.