Privacy Policy

Last Updated: May 2021

This is the Privacy Policy Statement of: Tiviti Limited, 313 At Zellig Gibb Street, Digbeth, Birmingham, England, B9 4AT.

Our company registration number is 13096602. (We refer to ourselves as “we”, “our” or “us”)

The purpose of this statement is to notify you of how we will deal with the personal information that you give us through our interactions with you: What information we may hold about you, why we collect it, who we share it with and how you can access the information we hold about you.

Tiviti take your privacy seriously and aim to be open and transparent with you on how we deal with your personal information and therefore encourage you to contact us if you have any questions in relation to this statement or about the ways that we use your personal data. Also, please contact us if you have any concerns that this statement has not been complied with.

Our Data Protection Officer is responsible for ensuring compliance with relevant data protection legislation. Any questions or concerns should be sent by email to ryan@tiviti.io

Cookie Statement

For information on how we deal with Cookies and your use of our website please refer to our website terms of use. 

This statement covers the following points

  1. What information we may hold about you

  2. How will we use information about you and the legal reason for doing so 3. The type of third parties we might share your personal information with 4. How long we will keep your information for 

  3. Data Protection Impact Assessments 

  4. How you can access the information we hold about you

  5. What information we may hold about you

 

We may collect, store and use the following personal data:

  • Personal contact details which may include name, title, job title, workplace addresses,  department, telephone numbers and workplace email addresses, signature (if you give them to us, or if you engage with us through a partner, the third party who is  legitimately contracting with us on your behalf). 

  • Other personal information you provide to us by telephone, our portal or by contacting  us via our website or through any of our social media sites, or if you engage with us  through a partner, the third party who is legitimately contracting with us on your behalf.

  • If you are involved in either a security or a health & safety incident connected to us or the service we provide, then the information that we gather under our obligations.  • If you visit our head office we gather information via our visitor sign-in process, including your name, email address, phone number, photograph and signature. • Any personal information about you provided to us during our interactions with you and your employer or if you engage with us through a partner, the third party who is legitimately contracting with us on your behalf. 

  • Voice recordings from phone calls to the company. Video and voice recording from calls over the Internet (such as Microsoft Teams). 

  • We do not knowingly collect information on children without consent from a responsible parent. If we have collected personal information on a child, please contact ryan@tiviti.io so we can remove this information without any undue delay. 


Additional Information We May Hold about Partners and Customers

  • All information, whether personal data or otherwise, relevant to the service we provide to you, whether supplied by you (or if you engage with us through a partner, the third  party who is legitimately contracting with us on your behalf) or gathered during the  work we carry out. 

  • Personal information provided to us by our vendors or third-party service providers.  • Network information you or if you engage with us through a partner, the third party who is legitimately contracting with us on your behalf, provide to us or gathered by our monitoring systems (if this is part of the service provided to you) which may include machine identifiers (such as IP addressing information). 


Additional Information We May Hold about Vendors and Suppliers

  • If you are attending a customer site on our behalf, then we may request a copy of your real time location details 

  • Network information you or if you engage with us through a partner, the third party who is legitimately contracting with us on your behalf, provide to us which may include machine identifiers (such as IP addressing information) 


Additional Information We May Hold about Job Applicants

  • Personal contact details may include home addresses, personal telephone numbers and personal email addresses. 

  • Recruitment information (including copies of right to work documentation, references  and other information included in a subject profile, CV or cover letter or as part of the application process). 

  • Personal information provided to us by our recruitment partners in relation to your application for employment with us. 

  • Personal information provided to us during the course of your application, for example, qualifications and professional accreditations, employment records (including job  titles, work history, working hours and training records), and professional certifications and membership records (e.g. CCIE or Prince II). 

  • Personal information gathered during your application process, including psychometric test data and personality test data, and any background checks which we require you to undertake as part of the application process.

We process personal information in order to manage our contractual relationships,  provide the services we offer as a business & to measure performance of our processes. We will make sure that we only process the information in the way and to the extent that we are permitted to under the current law, which includes having a legal reason for doing  so.  

The following legal grounds are the ones which apply to the way that we use your personal information: 

  • Contract – where we need your personal information in order to perform the contract that we have entered into with you or to take steps in order to enter into a contract with  you.  

  • Legitimate Interests – Where we need your personal information in pursuit of our legitimate interests in providing the services as long as these do not override your fundamental rights and interests. 

  • Legal obligation – Where we need to comply with a legal obligation to which we are subject. 

  • Consent – Where you have provided us with your consent to process the personal information 

In particular the following legal basis apply: 

  • Contractual obligation - your contact details are needed to fulfil our contractual obligations with you.  

  • Legitimate interests (compliance to our certifications) – if you are visiting our offices, we require your personal information to ensure our offices are kept secure. • Legal obligation – when we are required to contact you if we wish to use your information for a purpose not set out in this statement. 

  • Legitimate Interests (in ensuring our network is being used in line with our Acceptable  Use Policy) – when we use the information to track your location history and your use of our IT systems. 

  • Legal obligations – when we require information to comply with legal obligations around health and safety requirements. 

  • Legal obligation – if we are required to notify our insurance providers. • Legal obligation – if we are required to inform a law enforcement or Government body. • Legitimate interests (of maintaining our certifications) – when required to inform our regulators. 

  • Legitimate Interest (ensuring employee performance is meeting the quality expectations of the business and an audit trail of conversations where legal or contractual agreements may be made) – when monitoring our telephone and video conversation recordings. 

We will only use your personal information for the legal basis for which we collected it. If we reasonably consider that the basis has changed or need to use your personal information for another purpose, then we will let you know and notify you of the new legal  basis.

Additional basis for Partners and Customers

In particular the following legal basis apply: 

  • Contractual obligation - your contact details along with site locations and machine identifiers (if required for the services provided), are needed to fulfil our contractual obligations with you (for which the legal basis is legitimate interests if your contract  with us is via one of our partners and the partner is responsible for passing onto us your personal information for processing).  

  • Consent - where you have provided us with your consent to do so we will use your contact details to provide you with further information on our products and services. 

Additional basis for Job Applicants

In particular the following legal basis apply: 

  • Consent - your consent for us to evaluate your suitability to work with us and enter into a contract of employment. 

  • Legal obligation – to comply with the obligation to carry out right to work checks. • Legitimate interests - (compliance to our certifications) – for carrying out security clearance (in line with the job role) to allow you to perform your role and maintain our  contractual obligations and certifications.  

  • Legitimate interests - (assess suitability for role) – for obtaining your PI Behavioural Assessment and/or your PI Cognitive Assessment. 

The type of third parties we might share your personal information with

In order to provide our services or to manage our responsibilities we use third parties for completing certain tasks, some of whom require authorisation from us to share your personal information with them in order to complete their responsibilities. We shall ensure that any third party we use respects the security of your information, in  particular that: 

  • They have provided appropriate safeguards in relation to the processing and transfer (particularly if the transfer of data is outside of the UK);  

  • You have the enforceable rights available to you; and  

  • There is an adequate level of protection to any Personal Data that is processed and  transferred. 

Below are the categories or functions provided by the third parties which we use: • Hardware vendors who provide enhanced services and software support for networking equipment; 

  • Engineering support if required  

  • Circuit providers for telecommunications; 

  • Datacentres and data storage companies; 

  • Suppliers of software we use to host our services (such as our visitor sign in and supplier payment process); 

  • Regulators and law enforcement agencies; 

  • Security clearance providers; 

  • Recruitment agencies; 

  • Delivery companies.

If you want to know which specific third parties we pass your information to please contact  us at ryan@tiviti.io and we will pass that information to you. 

How long we will keep your information for

We will keep your information for as long as is necessary for us to perform the purpose which we have collected it for, except where we are required to keep it for longer to fulfil our  legal obligations, (then we will keep it for the time required by the law). In particular: 

  • We will keep any information contained in your contract for a minimum period of 7 years after your contract has been terminated; 

  • We will keep any information contained in your financial records for a minimum period of 7 years; 

  • If you have consented to receiving marketing information we will keep your contact details for as long as we still have your consent; 

  • Any data collected through our visitor sign-in process will be stored securely as stated on the notice; 

Additional Information for Partners and Customers

  • If you are a prospective customer or partner and choose not to use our products or services, we will keep your information for as long as reasonably required. 

Additional Information for Vendors and Suppliers and Other Business Contacts

We will keep your information for as long as our organisations do business together or for as long as we have a legitimate commercial interest in holding that information, for example, doing business in the future, inviting you to our events and providing you with information about our services where you have consented to this. 

Additional Information for Job Applicants

  • Where your application for employment with us is successful, the legal basis for how we use your personal information will change and we will keep your information in line with the new legal basis. 

  • Where your application for employment is unsuccessful, we will keep your personal information, such as your subject profile, for a period not exceeding 12 months. • Psychometric test data and personality test data is collected via a third party. Please refer to our third-party privacy policy for further information on how your data will be processed - https://www.predictiveindex.com/privacy/privacy-respondent/ 

Data Protection Impact Assessments

We have identified data processing activities we believe could result in a high risk to the rights and freedoms of individuals. Data Protection Impact Assessments (DPIA’s) have been conducted on the following processing activities we undertake as an organisation: 

  • Employee location tracking used for mobile device management and field-based employee scheduling 

  • Health & medical information collected as part of Display Screen Equipment (DSE) Assessments and health & safety reporting

  • Providing IP Address information to police authorities of part of The Regulation of Investigatory Powers Act 2000 

  • Processing of employee details to establish suitability to work in the UK T

  • he interception of legitimate organisation and customer communications 

DPIA’s can be made available to interested parties by contacting our Compliance Team at  ryan@tiviti.io 

How you can access the information we hold about you

You have the right to access the information that we are processing about you, and to request that the data be: 

  • rectified if it is inaccurate or incomplete; 

  • portable so that you can have your personal information securely transferred to another organisation for processing.;  

  • erased if it is no longer necessary for the purpose of the processing; or • that its processing be restricted in certain circumstances. 

If we are relying on the basis of legitimate interests, then you can also object to the  processing of your data on grounds relating to your particular situation. If You would like to access some or all of your personal information, please email ryan@tiviti.io or write to us at the above address. If you send us your request electronically, we will provide the information to you electronically where possible. 

If you have any complaints relating to your personal information that is held or processed, please email ryan@tiviti.io in the first instance. We retain an outsourced Data Protection Officer (DPO), If you  wish to contact our DPO directly, please email contact@bulletproof.co.uk  

You also have the right to lodge a complaint with the Information Commissioner Office (www.ico.org.uk) if you think that we have denied or infringed any of your rights. You can contact them any of the following ways:  

Via their website https://ico.org.uk/make-a-complaint/; or  

call their helpline on 0303 123 1113; or  

contact them via live chat service ico.org.uk/livechat 

Changes to Our Privacy Notice  

We will keep our Privacy Notice under review and will place any updates here. 

Classification: Public 

Information Security © 2021 Tiviti Limited 

 
All Rights Reserved © Tiviti | Registered in England Company No: 13096602 | VAT NO: GB374 5535 75