Privacy Policy

© Tersus Consultancy, May 2018
Last updated: 27 July 2018
Tersus Consultancy Ltd (“us”, “we”, or “our”) operates the www.tersusgroup.co.uk website (the “Service”).
This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Service.
We will not use or share your information with anyone except as described in this Privacy Policy.
We use your Personal Information for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible at www.tersusgroup.co.uk

Introduction
As a Data Controller and Processor, Tersus Consultancy Limited (Tersus) is committed to protecting and respecting the security and integrity of your personal data in line with GDPR (General Data Protection Regulation). We collect information only which we can justify as reasonable and justifiable for the provision and communication of Tersus related products and services.

The GDPR
The EU General Data Protection Regulation (GDPR) marks a step change for data protection and replaces the Data Protection Directive on 25 May 2018. GDPR simplifies and clarifies rules and strengthens citizens’ rights in relation to their personal data. The GDPR abolishes the single country data protection acts and combines the data protection for all EU member states. When the UK leaves the EU, it will become an approved country and GDPR will continue to form part of UK law.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed and used by us.

1. Information we may collect from you
We may collect and process the following data about you:
• Information that you provide by filling in forms on our website. This includes information provided on forms on the site, subscribing to our service, posting material or requesting further services.
• If you contact us, we will keep a record of that correspondence.
• We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
• Details of your visits to the website and the resources that you access, including your IP address and internet browsing preferences.
2. Log Data
We may also collect information that your browser sends whenever you visit our Service (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.
In addition, we may use third party services such as Google Analytics that collect, monitor and analyse this type of information in order to increase our Service’s functionality. These third party service providers have their own privacy policies addressing how they use such information.
3. Cookies
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.
We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
4. Service Providers
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.
These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
5. Security
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation.
6. International Transfer
Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the information, including Personal Information, to United Kingdom and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
In the event that a dispute arises with regards to the international transfer of data, you agree that the courts of England and Wales shall have exclusive jurisdiction over the matter.

7. Where we store your personal data
Tersus will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the GDPR. Your personal data is stored within the UK. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

8. Uses made from the information
Tersus will use personal information only in connection with Tersus-related business. Personal information will not be passed to third parties. It is our belief that the information we supply satisfies the concept of legitimate interest. We use information held about you in the following ways:
• To provide you with information, products or services that you request from us or which we feel may interest you.
• To carry out our obligations arising from any contracts entered into between you and us.
• To notify you about changes to our service.

9. Retention of your information
The personal data that we collect shall be kept for no longer than is necessary for the purposes for which it is being processed.

10. Disclosure of your information
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of Tersus, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

11. Your rights
You have the right to ask us not to process your personal data for marketing purposes. You can exercise the right at any time by contacting us at data.protection@tersusgroup.co.uk .
You have a right to withdraw consent for Tersus to use your personal data by contacting us. Should you feel that the personal information we hold about you is incorrect or inaccurate, you have the right to request that we rectify this. In both cases, please contact data.protection@tersusgroup.co.uk .
You have a right to lodge a complaint with Tersus or with ICO (The Information Commissioner’s Office) directly, should you have a concern about our information rights practices at https://ico.org.uk/concerns/ .
Under Article 17 of the GDPR you have the right to have your personal data erased. The ‘right to be forgotten’ means we will delete all data that we collect about your business, such as (but not limited to) passwords, phone numbers, list of services and addresses upon request.
Whilst we will delete all data we collect about your business, we reserve the right to keep a record of those who requested ‘the right to be forgotten’ by keeping the name of the business, the requester and the date of the request. This record is kept for monitoring purposes only and will not be shared, sold or leased.
You have the right to request your data to be erased if:
• The data is no longer necessary;
• You withdraw your consent;
• We are processing the data without your consent;
• We are processing your personal data for direct marketing purposes without your consent;
• We have processed the personal data unlawfully;
• We are legally required to do so;
• We have processed the personal data of a minor without their guardian’s consent.
If we think your request to be forgotten is unfounded or excessive we reserve the right to:
• Request a “reasonable fee”
• Refuse your request
If you would like your data to be erased from our records please contact us. You can exercise the right at any time by contacting us at data.protection@tersusgroup.co.uk .
Your data will be erased within 7 working days following our acknowledgement of your request.

12. Links to Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

13. Children’s Privacy
Our Service does not address anyone under the age of 13 (“Children”).
We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children under age 13 without verification of parental consent, we take steps to remove that information from our servers.

14. Access to information
The GDPR gives you the right to access information held about you, to know why we have it, and how it will be used. Your right of access can be exercised in accordance with the GDPR and will be free of charge. However, we may charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.

15. Changes to our privacy policy
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, sent to you by email.

16. Jurisdiction
This Policy shall be governed and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions.

17. Contact us
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to data.protection@tersusgroup.co.uk