❓ What is this notice all about?
We want to be completely transparent about how we collect and use your personal data and this privacy notice exists to tell you exactly how we do this.
This notice applies wherever we decide why and how we process personal data (and therefore act as a Data Controller under data protection law). It covers the personal data we process when you use our services.
Our privacy notice tells you the journey of your personal data from the moment it enters our systems up until it's time for us to say "goodbye 👋", as well as the various stops it makes along the way.
👇 The different ways we process personal data
When you send us an enquiry, book a call with us, or sign up to an event, we'll ask you for some some basic information about yourself, such as your name, contact details, company details, telephone number and any enquiry details so that we can answer your question. The data collected is necessary for our legitimate business interest to raise awareness of and grow our business.
The legal basis we rely on are Article 6(1)(f) of the GDPR - Legitimate Interests and Article 6(1)(b) of the GDPR - Contract.
We make use of customer analytics platforms to collect data and transfer it to our Customer Relationship Management (CRM) platform. We use standard applications to process data such as email, word processing and other office cloud based software. We host live events using an event platform application. We may use call recording and note taking software during our meetings which we sometimes use for training purposes.
Most of the data we process is stored in the UK and EEA, including our CRM platform and office applications.
If any data is transferred to a third country such as the US, including the form functionality on our website and event platform application, then we make use of Standard Contractual Clauses along with the UK Addendum to secure the transfer of the data.
We keep the personal data mentioned above in line with our retention schedule and business needs. When you unsubscribe, we will remove your data from our systems, but we will keep your email on an unsubscribe list with restricted access to ensure you won’t receive further emails from us.
When we raise awareness of our company, we may collect some information such as your name, company name, phone number, and work email address.
Often we find prospects are referred to us, or find us through one of our hosted events or our website. If you have attended one of our events, we may occasionally send you news and information about Trust Keith and our services to keep you up to date with what we're up to for as long as you wish to be kept informed.
Occasionally we make use of marketing lists to raise awareness of our business. In order to target companies that we believe will benefit from our offering, we use marketing databases to find name, company name, phone numbers and company email addresses. We screen this data against the Telephone Preference Service and our own ‘do not contact’ list before using it.
We may use call recording and note taking software during our meetings which we sometimes use for preparation and training purposes as well as to gain insights which inform marketing messaging.
We may collect your home or office address in order to send you a gift to show our appreciation. We will only use your address for this specific purpose.
The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interest
We make use of customer analytics platforms to collect data and transfer it to our Customer Relationship Management (CRM) platform. We use standard applications to process data such as email, word processing and other office cloud based software. We host live events using an event platform application.
Most of the data we process is stored in the UK and EEA, including our CRM platform and office applications.
If any data is transferred to a third country such as the US, including mailing lists and our event platform application, then we make use of Standard Contractual Clauses along with the UK Addendum to secure the transfer of the data.
We'll retain your name, company name, phone number, and email address on a marketing list, in line with our retentions schedule unless you unsubscribe. Anyone else who does not wish to be contacted will be transferred to our ‘do not contact list’. We retain name, company, email, phone number so that we know not to contact you, and all supplementary information will be deleted.
We will only retain your home or work address for a maximum of 4 weeks after sending out any gifts, to ensure that they definitely arrive!
When you start working with us, we'll ask for the names of key contacts, contact details, company details, financial details, and any related information, as well as the email addresses of your team, so we can provide our service to you and your organisation.
The legal basis we rely on are Article 6(1)(f) of the GDPR - Legitimate Interests and Article 6(1)(b) of the GDPR - Contract.
To deliver our service, we process and store data using cloud-based communication and collaboration softwares. We use standard applications to process data such as email, word processing and other office cloud-based software alongside a Customer Relationship Management (CRM) platform. We ask for you to sign a contract using a cloud-based application and we collect payment via a finance platform. We use project management software and provide our customers with a 24/7 breach hotline.
Occasionally we may use call recording and note taking software during our meetings which we make use of for product development.
We collaborate with trusted partners to deliver Security Awareness Training and Certifications. If you have signed up for these products, we will share your data with them for the specific projects while they are ongoing.
Most of the data we process is stored in the UK and EEA, including our CRM platform, financial and office applications.
If any data is transferred to a third country such as the US, including our Data Protection Handbook platform and our project management software, then we make use of Standard Contractual Clauses, along with the UK Addendum where necessary, to secure the transfer of the data.
We will retain your personal data while you are a customer of Trust Keith and for 12 months after you leave, in line with our business needs.
We keep financial data for a minimum of 6 years, in line with UK law.
When you apply for a job with us, we ask you for some information about yourself to manage your recruitment process, such as your CV, cover letter, case study and interview notes. The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interests.
All the information we collect during recruitment is stored on a recruitment platform which is hosted in the US.
Where data is transferred to a third country such as the US, then we make use of Standard Contractual Clauses, along with the UK Addendum where necessary, to secure the transfer of the data.
If you're offered a job with us, we'll retain your data during your employment and remove it in line with our obligations under UK law. Otherwise we will keep your data during your the interview process and remove it after 12 months.
Our website uses cookies and other similar technologies of which you should be aware.
When you use our website, the cookies can be stored on your device are either first party cookies, which are placed and read by us directly while you are using our website or third party cookies, which are set by other third parties we have partnered with.
Below is a list of the cookies we use and the purposes for which they are used:
Name | Provider | Purpose | Expiry |
intercom-id-q1q4zs0c | Intercom Messenger | Allows Intercom to identify you as a unique user. This allows us to know when you have messaged us more than once | 9 months |
intercom-session-q1q4zs0c | Intercom Messenger | Allows Intercom to recognise when you use a new browser session. This allows you to see previous conversations you’ve had with us during your browser session. | 1 week |
You can find out more about Intercom Cookies here
Name | Provider | Purpose | Expiry |
_ga | Google | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 2 Years |
_gat | Google | Used by Google Analytics to throttle request rate | 1 day |
_gid | Google | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 1 day |
You can find out more about Google Analytics cookies here
You can choose not to store Non-essential cookies on your computer when you visit our website, or you can adjust your browser settings to prevent cookies from being saved on your computer. You can find information about how to manage Cookies in the most commonly used browsers at the following addresses:
When you first visit our website, you will be prompted to customise your cookies selection and be provided with a link to this policy, where you can find more information about the cookies we use.
📜 What are your rights?
Your personal data is yours and you have rights in relation to it granted by the UK GDPR, which include:
You have the right to be informed about the collection and use of your personal data, the purposes for processing, retention periods for that personal data and who it will be shared with.
You have the right to ask us for copies of the data we hold about you.
You have the right to ask us to stop processing your personal information in some circumstances, such as when we are relying on our own (or someone else’s) legitimate interests to process your personal information, when we are processing your personal information for direct marketing or when we are processing your personal information for research.
You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete.
You have the right to ask us to erase your personal information, in some circumstances.
You have the right to ask us to restrict the processing of your personal information for a duration of time, in some circumstances.
You have the right to ask that we transfer the personal information you gave us to another organisation, or to someone else, in some circumstances.
You don't have to pay anything in order to exercise your rights. Please contact us at rory@trustkeith.co, Trust Keith Ltd, 20-22 Wenlock Road, London, N1 7GU, if you wish to make a request under your rights. We have a calendar month to get back to you with a response.
💔 How you can complain
If you have any concerns about our use of your personal information, please let us know by writing to us at rory@trustkeith.co.
If you are not satisfied with our response or you are unhappy with how we have used your data, you can complain to the Information Commissioner's Office (ICO). You can find the ICO contact details below:
Last updated: 21/12/2022
Trust Keith