How Your Personal Information Is Used By Trividia Health UK Limited

Last updated: 15th June 2018

Who We Are

Trividia Health UK Limited (‘we’ or ‘us’ or ‘our’ or ‘Trividia’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and law. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data.

Trividia is a company registered in England and Wales under company number 10579709. We are registered on the Information Commissioner’s Office Register of Data Controllers under registration number ZA235329 and act as the data controller. You can contact us on (0) 800-689-5035 within the UK. You can also e-mail us at [email protected] or write to us at our registered office which is 27 Old Gloucester Street, London, WC1N 3AX.

How Your Information Is Protected

This privacy notice applies to visitors to our website (www.trividiahealth.co.uk), people who use our products or services, people who contact our helpline, job applicants and our current and former employees. This privacy notice is to let you know how we promise to look after your personal information. This includes what you tell us about yourself, what we learn by having you as a customer, and the choices you give us about what marketing you want us to send you. This notice explains how we do this and tells you about your privacy rights and how the law protects you.
We will:

  • keep your data safe and private;
  • not sell your data; and
  • give you ways to manage and review your marketing choices at any time.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Information That We Collect

Trividia processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We process personal information to enable us to provide products and services, promote our goods and services, action support queries, meet our legal and regulatory obligations, maintain our accounts and records and to support and manage our staff. We also process personal information using a CCTV system to maintain the security of the premises and for preventing and investigating crime. We will never collect any unnecessary personal data from you and do not process your information in any other way than already specified in this notice.

The personal data that we may collect from you includes:

TYPE OF INFORMATION DESCRIPTION
Identity First name, maiden name, last name, username, marital status, title, gender, date of birth
Contact Where you live and how to contact you e.g. name, home address, personal email, business email, home telephone number, mobile telephone number, business telephone number, Skype address, social media accounts
Socio-demographic Details about your employment, nationality, education, lifestyle and social circumstances
Financial How to take payment from you / make payment to you, e.g. credit / debit card / bank details information
Personal Visual images, personal appearance, behaviour, physical or mental health details
Contractual Details about the products or services we provide to you
Communications What we learn about you from letters, emails, and conversations between us
Technical Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
Profile and Usage our username and password, purchases or orders made by you, your interests, preferences, feedback, information about how you use our website, products and services
Social Relationships Details about your family
Documentary Data Documentary Data Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence, or birth certificate. E.g. passport number, drivers licence number
Special Types of Data The law and other regulations treat some types of personal information as special. We will only collect and use these types of data if the law allows us to do so:

  • Racial or ethnic origin
  • Religious or other beliefs of a similar nature
  • Trade union membership
  • Genetic and bio-metric data
  • Health data including gender
  • Criminal convictions and offences and alleged offences

We may need to collect data in relation to your health however we will endeavor to collect no more data than is necessary to help you and provide our service to you.

Consents Any permissions, consents, or preferences that you give us. This includes things like how you want us to contact you.
Marketing your preferences in receiving marketing from us and our third parties and your communication preferences
National Identifier A number given to you by a government to identify who you are, such as a National Insurance Number or NHS number

We may collect personal information about you from these sources:

Data you give to us:

  • When you talk to us on the phone
  • When you use our website
  • In emails and letters
  • When you apply for a job

Data from third parties we work with:

  • Agents working on our behalf
  • Market researchers
  • Medical practitioners
  • Technical Data from the following parties:
  • analytics providers;
  • advertising networks; and
  • search information providers.
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
  • Identity and Contact Data from data brokers or aggregators.

Data we collect when you use our services / website:

  • Technical data about how your equipment, browsing actions and patterns and how you use the services gathered from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software
  • Standard internet log information and details of visitor behaviour patterns
  • Details on your use of our products and other information required to provide you with support

Use of Our Website

Consent

By using our website, you agree with the terms of this privacy notice. Whenever you submit information via the site or contact us using one of the methods specified on the site, you consent to the collection, use and disclosure of that information in accordance with this privacy notice.

Children

Children should use this site with adult supervision. We will not knowingly collect information from website visitors that are children. We encourage parents to talk to their children about their use of the internet and the information they disclose.

Active Information Collection

Like many Web sites, this site actively collects information from its visitors both by asking you specific questions and by permitting you to communicate directly with us via e-mail, feedback forms, and/or chat rooms. Some of the information that you submit may be personally identifiable information (that is, information that can be uniquely identified with you, such as your full name, address, e-mail address, phone number, and so on). Some areas of this site may require you to submit information in order for you to benefit from the specified features (such as newsletter subscriptions, tips/pointers, order processing) or to participate in a particular activity (such as competitions or other promotions). You will be informed at each information collection point what information is required and what information is optional.

Passive Information Collection

As you navigate through a website, certain information can be passively collected (that is, gathered without your actively providing the information) using various technologies and means, such as Internet Protocol addresses, cookies, Internet tags, and navigational data collection. We use Internet Protocol (IP) addresses on this site. An IP Address is a number assigned to your computer by your Internet service provider so you can access the Internet and is generally considered to be non-personally identifiable information, because in most cases an IP address is dynamic (changing each time you connect to the Internet), rather than static (unique to a particular user’s computer). We use your IP address to diagnose problems with our server, report aggregate information, determine the fastest route for your computer to use in connecting to our site, and administer and improve the site.

A cookie is a bit of information that a website sends to your web browser that helps the site remember information about you and your preferences. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.

Internet tags (also known as single-pixel GIFs, clear GIFs, invisible GIFs, and 1-by-1 GIFs) are smaller than cookies and tell the website server information such as the IP address and browser type related to the visitor’s computer. We do not use Internet tags at this site.

Navigational data (“log files,” “server logs,” and “clickstream” data) are used for system management, to improve the content of the site, market research purposes, and to communicate information to visitors. This site uses navigational data.

Use and Disclosure of Information

Except as otherwise stated, we may use your information to improve the content of our site, to customise the site to your preferences, to communicate information to you (if you have requested it), for our marketing and research purposes, and for the purposes specified in this privacy notice. If you provide personally identifiable information to this site, we may combine such information with other actively collected information unless we specify otherwise at the point of collection. We will take reasonable measures to prevent personally identifiable information from being combined with passively collected information, unless you consent otherwise. We will make full use of all information acquired through this site that is not in personally identifiable form.

Security

We take reasonable steps to protect your personally identifiable information as you transmit your information from your computer to our site and to protect such information from loss, misuse, and unauthorised access, disclosure, alteration, or destruction. You should keep in mind that no Internet transmission is ever 100% secure or error-free. In particular, e-mail sent to or from this site may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. Moreover, where you use passwords, ID numbers, or other special access features on this site, it is your responsibility to safeguard them.

Links to Other Websites

This site may contain links or references to other websites. Please be aware that we do not control other websites and that, in any case, this privacy notice does not apply to those websites. We encourage you to read the privacy policy of every website you visit.

Communicating and Interacting with Trividia

How We Use Your Personal Data

Data protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside of Trividia. The law says we must have one or more of these reasons:

  • To fulfil a contract we have with you, or
  • When it is our legal duty, or
  • When it is in our legitimate interest, or
  • When you consent to it.

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.

Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.

Trividia takes your privacy very seriously and will never disclosure, share or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purposes specified in this notice. Where you have consented to us sharing your details with third parties for marketing purposes, you are free to withdraw such consent at any time.

The purposes and reasons for processing your personal data are detailed below:

We process your personal data as necessary in the performance of a contract or to provide a service:

  • To take steps at your request prior to entering into it
  • To decide whether to enter into it
  • To manage and perform the contract
  • To update our records
  • To provide you with support in relation to our products

We process your personal data for our own legitimate interests or those of other persons and organisations, e.g.

  • For good governance, accounting and managing and auditing our business operations
  • To search reference agencies for prospective employees
  • To monitor emails, calls, other communications
  • For market research, analysis and developing statistics; and
  • To send you marketing communications

We process your personal data as necessary to comply with a legal obligation, e.g.:

  • When you exercise your rights under data protection law and make requests
  • For compliance with legal and regulatory requirements and related disclosures
  • For activities relating to the prevention, detection and investigation of crime
  • To verify your identity, make credit, fraud prevention and anti-money laundering checks
  • To monitor emails, calls, other communications

We process special categories of data as necessary for the purposes of health and social care, e.g.:

(a) preventive or occupational medicine,
(b) the assessment of the working capacity of an employee,
(c) medical diagnosis,
(d) the provision of health care or treatment,
(e) the provision of social care, or
(f) the management of health care systems or services or social care systems or services.

We process your personal data based on your consent, e.g.:

  • When you request us to disclose your personal data to other people or organisations or otherwise agree to disclosures
  • To share your personal data with third parties for marketing purposes where we’ve asked for your consent to do so

Promotional Offers

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and, in each case, you have not opted out of receiving that marketing

Third-party Marketing

We will get your express opt-in consent before we share your personal data with any company outside Trividia for marketing purposes.

Opting Out

You can ask us or third parties to stop sending you marketing messages by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Your Rights

You have the right to access any personal information that Trividia processes about you and to request information about:

  • What personal data we hold about you
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  • If we did not collect the data directly from you, information about the source

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will take reasonable steps to update/correct it as quickly as possible, unless there is a valid reason for not doing so, at which point you will be notified.

Your also have the right to request erasure of your personal data or to restrict processing in accordance with the data protection law, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use.

If we receive a request for any of the above rights, we may ask you to verify your identity before acting on the relevant request; this is to ensure that your data is protected and kept secure.

Sharing and Disclosing Your Personal Information

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Trividia uses a third-party to provide the below services and business functions, however all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may disclose your personally identifiable information to other Trividia affiliates worldwide that agree to treat it in accordance with this privacy notice.

In addition, where necessary or required we may disclose your personally identifiable information to third parties:

  • to companies, contractors and other persons we use to support our business (e.g., fulfillment services, technical support, delivery services, and financial institutions), in which case we will require such third parties to agree to treat it in accordance with this privacy notice;
  • in connection with the restructure, sale, assignment, merger, transfer or other reorganisation of the business or its assets, in which case we will require any such buyer to agree to treat it in accordance with this privacy notice;
  • where required by applicable laws, court orders, or government regulations;
  • to our legal and other professional advisors, including our auditors;
  • to Courts to comply with legal requirements, and for the administration of justice;
  • in an emergency or to otherwise protect your vital interests;
  • to protect the security or integrity of our business operations;
  • to market research organisations who help to improve our products or services;
  • to your family, associates and representatives;
  • to employment and recruitment agencies;
  • to current, past and prospective employers, educators and examining bodies;
  • to central government, police forces, security organisations;
  • to fraud prevention agencies, credit reference agencies and debt collection and tracing agencies.

Transfers

It may sometimes be necessary to transfer personal information overseas, outside of the UK and outside of the European Economic Area (EEA). When this is needed information may be transferred to countries or territories around the world.

While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. If we do transfer information to our agents or advisers outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:

  • Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
  • Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
  • Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA.

Safeguarding Measures

Trividia takes your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Consequences of Not Providing Your Data

You are not obligated to provide your personal information to Trividia, however, as this information is required for the fulfilment of the contract to provide products / services and for legitimate interests, we may not be able to offer our full support without it. For example, unless you are willing to provide us with your postal address we will be unable to arrange for products to be sent to you. We will, however, continue to provide our services and support you to the fullest extent possible.

How Long We Keep Your Data

Trividia only ever retains personal information for as long as is necessary.

We retain your personal data:

  • for as long as necessary to deal with your queries and for a period of up to 6 years after the contract has been fulfilled (and after you stop being our customer); or
  • for as long as you might legally bring claims against us; or
  • based on our legal and regulatory requirements.

We may also retain your personal data for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years.

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and withdraw your consent.

Special Categories Data

Owing to the products, services or treatments that we offer, Trividia sometimes need to request sensitive personal information from you. Where we collect sensitive personal data, we will only request the information required for the specified purpose.

Lodging A Complaint

Trividia only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk/).