“We”, “us” and “our” refer to TYL UK Ltd.
We collect, use and are responsible for certain Personal Data about you. When we do so we are subject to the General Data Protection Regulation, which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that Personal Data for the purposes of those laws.
Personal Data means any information that can be used to personally identify you or contact you online or elsewhere.
In order for you to take advantage of particular opportunities provided through the Website (for example, to use for the services offered on the Website), we may require that you provide us with Personal Data. We collect and use the following Personal Data from you:
We collect most of this Personal Data from you in person, by telephone or email and/or via our Website, for example:
Under data protection law, we can only use your Personal Data if we have a proper reason for doing so, e.g.:
When you submit your Personal Data, you may also be given the option (through a tick box or other consent mechanism) to have your information used for an activity or service different from the one you are requesting. For example, if you enter a contest to win a prize, you may also be invited to sign up for a newsletter about other products. If you choose to have your information used for another activity or service in this way we will use your information to provide them to you.
In addition, when you submit your Personal Data, you may be given the option (through a tick box or other consent mechanism) for your information to be used for other products. If you choose this option we will use your information to provide you with information and promotions regarding other products.
We may also use your email address to send you transactional or administrative communications such as confirmation emails when you sign up for, or unsubscribe from, a specific registration or activity or make an order for products. We may also use it for certain service-related announcements, such as updates to our Privacy Notice, discontinued features or programs on our Digital Services, changes to our online services or technical support policies.
Legitimate interests - managing our business
In relation to a number of uses of Personal Data we refer to above we are doing this on the basis that it is in our legitimate interests – or those of a third party – for us to do so. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. These interests cover a number of aspects of our business operations, namely:
We may disclose Personal Data:
If you choose not to submit any Personal Data when requested, you may not be able to participate in certain activities or use some of the personalised features of our Digital Services. This may also limit the services and special offers we can provide you. For example, if you refuse to share your email address, you will not be able to order any products, receive any of our newsletters or otherwise register for our Digital Services. However, you do not need to give us any Personal Data to simply browse our websites and learn more about us and our products.
We will never share your Personal Data with any third party that intends to use it for direct marketing purposes, unless we have specifically told you and you have given us explicit permission to do this.
We may also share your Personal Data with other third parties, but only in the following circumstances:
We are a global group and your Personal Data may be transferred across international borders. It may be transferred to countries that have different data protection laws to the country from where you submitted your Personal Data.
We will, however, ensure the transfer complies with data protection law both during transit and at the storage location and all Personal Data will be secure. Our standard practice is to use standard data protection contract clauses that have been approved by the European Commission.
Some of our service providers for the operation of our Digital Media are based in the United States. The transfers of personal data to these services providers are implemented in accordance with applicable laws and rely on standard contractual clauses as set out by the European Commission or on the EU-US Privacy Shield. Such service providers are also bound by a contract that ensures a high standard of privacy protection and requires (amongst other provisions) that they act only on our instructions and implement technical measures necessary on an ongoing basis to keep your Personal Data secure.
We may store the Personal Data that you send to us via our Digital Services in our databases. We will not retain your Personal Data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of Personal Data.
We retain your Personal Data as long as your account is active, for the duration of a contract with you or however long it takes to provide you with the products or services requested, to answer queries or resolve problems, to show that we treated you fairly, to keep records required by law and to improve or offer new services.
We may also need to retain your Personal Data to comply with our legal and regulatory obligations, resolve disputes, enforce our agreements, and similar records management purposes.
We may also retain your Personal Data for a reasonable period after you stop using our services or our Digital Services. After this period, your Personal Data will be deleted from all.
If you ask us to delete your information in accordance with your rights set out in Section 10 below, we will retain basic information on a suppression list to record your request and to avoid sending you unwanted materials in the future.
We have appropriate security measures to prevent your Personal Data from being accidentally lost, or used or accessed unlawfully. These include: (i) storing your Personal Data in secure operating environments that are not available to the public and that are only accessible to authorised employees, our agents and contractors; and, (ii) verifying the identities of registered users before they can access Personal Data we store about them.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
You have the following rights, which you can exercise free of charge:
You can ask us to:
You can object:
You can also contest the result of an automated decision.
If your Personal Data has been processed on the basis of your consent, you can withdraw your consent at any time.
We hope that we can resolve any query or concern you may raise about our use of your information. You also have the right to complain to the supervisory authority in the European Union where you work, normally live or where any alleged infringement of data protection laws occurred.
If you would like to exercise any of your rights please email us on [email protected]
Your objection (or withdrawal of consent) may mean we cannot provide the products or services you have requested of us or you may not be able to use the services we offer. We will advise you where this is the case. In certain circumstances even if you withdraw your consent we may still be able to process your Personal Data if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.