What type of information we have
Depending up on the activity and or task, while going about the current range of business activities, employees or IT systems of UK Technical Applications Ltd, may see, collect, process, use or retain any of the following types of information:
Personal identifiers, contacts and characteristics of title, christian name, surname, postal address, e-mail address, telephone number, age, sex.
Links to associated social media and networking sites of Twitter, Facebook, instagram, linkedIn.
Links and in some cases message content made on other associated communication platforms of faccebook messenger, whatsapp, SMS text.
Website Cookie files and website user statistics.
Test data supplied to us by product trial participants pre and or post a product trial.
Test data supplied to us by participants in any of our scientific research.
Responses supplied to us during market research.
Sales information of product and quantities during the purchase of products from us.
Some specific confidential and non confidential commercial information shared with or learned by us while engagement on any client assignments.
Business service and systems performance survey responses.
Employee Name, Address, Date of Birth, National Insurance, & Tax Reference numbers, current photograph, and where applicable, a copy of the employee's driving licence.
Bank account name, account number, sort codes.
Writen information in the form of messages, reports, statistical or numerical data.
AirDrate project Flight Test data. Flight to From, duration, results.
How we process and transfer personal data to countries outside of the EEA
Data protection legislation prohibits the transfer of personal data to countries outside the European Economic Area (EEA) unless, the country in question has been deemed by the European Commission to provide an adequate level of protection for personal data.
Under data protection law, you have rights including:
Your right to be informed if your personal data is being used.
An organisation must inform you if it is using your personal data.
Your right of access.
You have the right to find out if an organisation is using or storing your personal data.
You have the right to ask us for copies of your personal information.
Your right to rectification.
You can challenge the accuracy of personal data held about you by an organisation.
You have the right to ask us to rectify information you think is inaccurate.
You also have the right to ask us to complete information you think is incomplete.
Your right to erasure.
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing.
You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing.
You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability.
You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You have the right to get your personal data from an organisation in a way that is accessible.
Your rights relating to decisions being made about you without human involvement.
We must tell you under what circumstances that may occur. Details about decisions being made about you without human involvement in our company are contaied in the 'Automaed Decision Making' section within the 'What we do with information we have' tab that can be found above.
You right to be informed of any significant change.
We must tell you about any change in how your data is collated, processed, used, stored or destroyed.
Should you wish to exercise your right to opt out of processing, this can be requested via email using the subject header ‘Opt Out Notification’, and send to firstname.lastname@example.org
On receipt of such ‘opt out’ requests, where there is no lawful reason for us to continue to collect and hold your information, we will securely destroy all relevant records as soon as possible.
Request to exercise your rights
If you wish to make a request to exercise any of your rights above, then please contact our Data Protection Officer at email@example.com, or you can write to us at our company address:
FAO The Data Protection Officer, UK Techncial Applications Ltd, PO BOX 13278, Cheltenham, Gloucestershire, GL50 9EB.
We will explain our lawful basis for processing the data and advise individuals of their right to make a complaint to the ICO www.ico.org.uk/make-a-complaint/your-personal-information-concerns/ and or seek judicial remedy if you are unsatisfied with the reasons provided or the way in which we process this information.
There may be exceptions when we will be obliged to make a charge for requests such as where we feel they are manifestly unfounded or excessive. Should a charge apply, we will provide this information in a transparent format.
We may also be required to refuse some requests which relate to information we have a right to withhold or are not permitted to share by law, such as information used in criminal or civil proceedings.
We will always inform you of the reason(s) for our refusal and advise you of your right to make a complaint to the ICO and seek judicial remedy. Subject access requests can be provided in paper based or electronic format such as a PDF or spreadsheet.
How we delete or destroy data
Electronic Files stored on Hard Drives or Memory devices
Children's Data and Safeguarding - Parent or Guardian guidance
- The normal business activities of UK Technical Applications Ltd does not involve providing care to children or vulnerable adults. UK Technical Applications Ltd is therefore not required by UK (or as adopted EU) law to operate a ‘Safeguarding System’ and does not meet child safeguarding requirements and is not registered or monitored by the local authority accordingly. However, UK Technical Applications Ltd does operate in accordance with the ICO General Data Protection Regulation for Children 2018 and UK Council for Child Internet Safety (UKCCIS) guidance.
UK Technical Applications Ltd does not offer direct online services to Children but it does engage Children in product testing, online surveys and innovation research that are used to provide feedback used for evidence to proof of concept and proof of Market. This information is used to development products under the control of UK Technical Applications Ltd.
Although UK Technical Applications Ltd does identify and respect a child’s right that when offering an online service directly to a child, in the UK, only children aged 13 or over are able provide their own consent, following a safeguarding risk assessment carried out inline with the above regulations, UK Technical Applications Ltd have determined that in the best interests of the child's protection and fairness to them, that it shall notify and seek consent from the child’s parent or guardian before engaging in those business activities or any subsequent direct communication with the child.
For the purposes of safeguarding and this policy, a ‘child’ is a male or female under the age of 18 years of age. UK Technical Applications Ltd consider its current business activity as inappropriate for those identified as a Vulnerable Adult and shall not engage directly with anybody knowingly identified accordingly.
How we store and retain your information
Your personal data that we see, collect, process, use or retain may either be recieved directly from you or created by us. This data may be stored in any of the following ways:
In electonic file formats and variants of Microsoft XLS, Doc, pdf, jpeg.
In Off Site 'Cloud Based' file storage solutions of Dropbox & Microsoft Server Exchange.
Third party suppliers who we partner with to provide business support services to our organisation may also store your data that you have supplied to us on their IT hardware of which are maintained in accordance with their privacy policies.
Our providers are:
TTNC, Namesco, Xero, Survey Monkey, Facebook, Whatsapp, O2, Apple, Google. Professional Advisors Poole Waterfield, Higgs & Sons, exebookkeeping.
AirDrate Product R&D and manufacturing project partners:
Design Councill of Great Britain (Stakeholder), Charpack Ltd, Alexir Ltd, Camvac Ltd, Iterign Ltd, Proseal Ltd, RNA Ltd.
On hard drives of UK Technical Applications Ltd desktop, lap top, ipads, iphones.
On memory sticks or CD Rom discs.
From time to time, paper copies as required at our offices in Cheltenham, Exmouth or Berkhamsted.
For verbal communication messages left through our office landline number 01395 224793, any recording is available to us for 90 days after which, it is archived by TTNC for two years in line with TTNC’s privacy statement, found on www.ttnc.co.uk We delete TTNC notification e-mails as soon as possible after reviewing our answer phone messages. The legal basis for this processing is our legitimate interests, namely for use in providing an appropriate follow up response as required to the detail left in the message.
Phone records of your call to or fom us using one of our mobile devices is recorded automatically on the relevant suppliers and voice mail messages left by you are left on their system until we delete those messages. Our suppliers are GDPR compliant and storage of your information is maintained in accordance with their privacy polices
Only trained and authorised personel shall have access to your data. Storage applications and computer equuipment used for acessing, viewing and processing your data is password protected.
Norton 360 Security;
'Client Confdentiality Policy' . All employees, contractors or suppliers are boud to keep client information confidential. With regards to sharing information with others, see the 'What we do with the information' tab above.
'Clear Desk Policy'. No printed sensitive, private data or memory device is permitted to be left un attended on a desk or work area when others are present that are not authorised to have access to that data, or when there is unsecrue access to the building or overnight. Printed copies are either destroyed upon completion of use or stored in a locked (preferably steel) cabinet or cupboard.
'Unattended Device Screen Lock Policy' . No device shall be left un attended with a screen unlocked. Auto Lock is also used where possible.
'Need to Know Basis Policy' is used when discussing or using your data that involves other colleagues or partners.
'Single User Account Credentials' . We avoid sharing log in credentials to IT systems and accounts where possible. Where User log in's are issued for company IT systems, the user must not make known or share their personal log in credentials with any other user. The user must take measures to ensure other users do not use the systems that are logged in to using their personal log in credentials. Users must take sesible precautions to protect their company systes log in credntials from theft.
'Computer and Device Theft Policy' . No mobile device shall be left unattended while out of our secure locations of our offices. Our Offices are physically secure buildings located within lower than average crime areas. When our offices are left unattended, windows and dorrs shall be closed and doors locked. Devices and equipment should where possible be out of sight from any casual passer by of the building. When visitors or tradespersons are present at any time within the offices, the company representative should exercise hightened vidgulance with security safeguards detailed above.
Changes to this privacy notice
Data Protection Officer
Information on Recruitment and Retention Policies regarding Automated Decision Making including Profiling International Transmission of Data.
We have also excluded information on recruitment and retention policies as we do not employ any staff other than directors at this time.
We do not envisage at this time providing our services directly to children below the age in which parental consent is required. (See Children's Data and Safeguarding - Parent or Guardian Guidance)
Compliance & Our Contact Details
UK Technical Applications Ltd (UKTA), a private limied company, registered in England & Wales, Company Registration number 7196954, Registered office address Ground Floor, Custom House, Waterfront East, Brierley Hill, West Midlands, England, DY1 1HH are Data Controller’s for the purpose of this privacy notice and commit to implementing and complying with the requirements of the Data Protection Act 2018 and General Data Protection Regulations (GDPR) 2017 to our organisation.
UK Technical Application Ltd requires its employees and contracted staff who have access to UKTA customer data and personal information to undergo a Privacy Training course on a bi-annual basis.
Our ICO Registration Certificate number is ZA595897, effective from 23/12/2019.
We are committed to safeguarding the privacy of our website visitors and service users.
What do we do with the information we have
We use the information that you have given us in order to:
Communicate with you.
Record and process transactions as required by law.
Retain written agreements made between us for future refernce.
We use website cookies and process anonymous visitor data about your use of our website and services ("usage data"). The usage data may include your IP address, approximate geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data taken from is our analytics tracking system, Google Analytics, Google AdWords, namesco and wix. This usage data may be processed for the purposes of analysing the use of the website and services. More information on how to management cookies can be found in our 'Cookies Policy'.
Bank Account Name, Sort Code and Account Number for suppliers business accounts are held in our records so as to allow us to make payments to our suppliers as required. No personal bank details of customers are held in our records.
Bank Account statements containing transactions and card details of comapny issued business cards are retained on our systems for the purposes of business financail management and to meet mandatory requirements laid down by HMRC.
Retention of the transaction data transmitted to our employees personal bank account is processed and made secuerly through our appointed bank of which operate in accordance with the codes governing Banking and Financial institutions.
For product and brand test/trial participants, we use your data provided to us to verify products work correctly, obtain end user feedback that is evaluated and used to improve the product, brand or services provided. This information is also used by our Research & Development Division in our Proof of Concept, Product or Brand validation projects, of which may be used in the application to enter innovation or business competitions, awards, grants, financial applications or sales and marketing promotions.
Automated Decision Making
For those supplying data for Pre Trial Surveys for the AirDrate Return Journey pack project, we use logic functions that are built in to the survey system that will automatically make decisions based upon the answers that have been provided. The logic can automatically select question that enables the system to decide if a person is elegible and suitable to be offered a free trial for the product under test. Contact details are provided within the survey for those using the system to contact us if they feel the decision provided based upon the automatic logic is incorrect.
Sharing Information With Others
We may where required, share relevant information with:
Agencies and Professional Advisors
UK Law enforcement agencies (Police, Borderforce / Imigration, Customs & Excise)
Higgs & Sons Solicitors (Legal Advisors)
Poole Waterfield (Accountants)
Support services and Project Partners that are subject to Non Disclosure and Confidentiality agreements manged uder their own Privacy Policies:
When Sharing Information
We will not disclose or convey any of your personal data to any third party without your express consent except in the following circumstances:
Where It may be necessary for us to disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
When processing financial transactions relating to our website for product and services are handled by our internal accounting department. Your financial data will be stored and processed only for the purposes of financial recording and establishment of credit limits and payment record. We reserve the right to share credit information with legitimate credit reference agencies where there has been unlawful payment default for supply of any goods or services. Complaints and queries relating to such financial transactions will be handled by the company accounting department. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against financial risks.
Coleagues within UK Techncial Applications Ltd will share information between them as required but if personal data needs to be shared between colleagues, it will be on a 'Need To Know Basis'.
How to complain & Investigation of breaches
You can also complain to the ICO (www.ico.org) if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
How we get information and why we have it
Most of the personal information we see, collect, process, use or retain is provided to us directly by you over the telephone, by written communication through the postal service, by e-mail, text, whatsapp, facebook messenger, that can be for any of the following reasons:
For us to be able to communicate with you about services we are currently proposing or currently providing to you.
For us to be able to communiacate with you about or evaluate services you are or proposiing to provide to us.
To provide you with a V.A.T invoice.
To provide prospective or existing clients with estimates, draft agreements, business proposals or quotations.
Sales and Purchase Invoices, receipts, bank account details, date and nature of financial transactions to satisfy HMRC requirements.
Communication include but may not be limited to landlines, mobile telephones, text, e-mail, whatsapp, messenger, microsoft teams, spreadsheets and word docs, written letter, voip services, recorded messages.
We also collect and receive personal information indirectly from the following sources in the following scenarios:
- Statistics to the usage of our website pages are collected by cookies for analysis so as to be able to monitor your expeience during your visit to our website and to review how and if it is required to improve upon user experience for future visitors to our website.
- Some publicly available user account profile information from facebook, twitter, istagram, whatsapp, linkedIn.
- Data provided by you in responses to surveys, colated using SurveyMonkey during product testing market research.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting us at firstname.lastname@example.org. More iformation about your rights and how to exercise your rights can be found at the 'Your Rights' tab below.
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a vital interest.
(e) We have a legitimate interest.