|
Privacy Policy
Data Collection
Data Security
Data Use
Data Disclosure
Data Retention and Destruction
Access by You to Your Personal
Data
Information about Data Handling
Practices
Handling of Enquiries, General
Concerns and Complaints
Enforcement
Changes to These Privacy
Undertakings
Definitions
Data Collection
TOPAAS undertakes to
collect Your Data by means that
are:
fair;
legal; and transparent.
If you visit
TOPAAS’s
web-site,
your web-browser
automatically discloses, and
TOPAAS’s web-server
automatically logs, the
following information: the date
and time, the IP address from
which you issued
the request, the type of browser
and operating system you are
using, the URL of
any page that referred you to
the page, the URL you requested,
and whether your
request was successful.
This
data may or may not be
sufficient to identify
you.
Any additional data that you
provide, e.g. in a web-form,
may
also be logged. This data may or
may not be sufficient to
identify you.
Any additional data that your
web-browser automatically
provides
may also be logged. This will be
the case, for example, if
your browser has previously been
requested to store data on your
computer in
‘cookies’
and submits them each time you
request a web-page
within a particular domain (such
as TOPAAS.com).
This data
may or may not
be sufficient to identify you.
If you disclose personal data to
TOPAAS in conjunction with
an
identifier such as your name or
your credit-card details,
TOPAAS
will collect Your Data.
Moreover, any data that becomes
available to TOPAAS through any of the
means described in the preceding
paragraphs may
be able to be associated with
that identifier, and hence
become Your Data.
Subject to the qualifications
immediately below, TOPAAS
undertakes to
collect Your Data
from you
and not from other parties. This
undertaking is qualified as
follows:where TOPAAS reasonably
considers that the protection of
its
financial interests requires
that it gather YourData from
other sources, or
from additional sources.
This
applies in particular where
TOPAAS has a
lending exposure to you, and
seeks information about your
creditworthiness;
where TOPAAS reasonably
considers that its capability to
deliver
quality services to you will be
materially enhanced by gathering
YourData from
other sources.
This applies in
particular to consumer profile data.
Where
TOPAAS collects Your Data
from sources other than
you,
it undertakes:
to do so only by legal means;
to do so only with your Consent;
and
to declare to you what sources
it uses, and under what
circumstances.
TOPAAS undertakes to
declare the
purpose of collection
in a manner which is clear and
meaningful, and to avoid vague,
highly inclusive
statements such as ‘to support
our operations’.
Data Security
TOPAAS undertakes to
store
Your Data in a manner that
ensures security against
unauthorised access, alteration
or deletion, at a
level commensurate with its
sensitivity.
TOPAAS undertakes to store
Your Data only in
jurisdictions
where data protections are at
least equivalent
to those required under the OECD
Guidelines.
TOPAAS undertakes to
transmit
Your Data in a manner that
ensures security against
unauthorised access, alteration
or deletion, at a
level commensurate with its
sensitivity.
TOPAAS undertakes to
implement appropriate
measures to ensure
security of Your Data against
inappropriate behaviour by
TOPAAS’s
staff-members and contractors.
These include:
training for staff in relation
to privacy;
access control, to limit access
to Your Data to those staff and
contractors who have legitimate
reasons to access it;
particularly in the case of
sensitive data, audit trails of
accesses,
including the identities of
staff and contractors accessing
the data;
reminders to staff and
contractors from time to time
about the importance
of data privacy, and the
consequences of inappropriate
behaviour;
declaration of appropriately
strong sanctions that are to be
applied in
the event of inappropriate
behaviour
clear communication of policies
and sanctions; and
processes to audit, to
investigate and to impose
sanctions.
Data Use
Use refers to the application of
Your Data by any part of
TOPAAS, or
any staff-member or contractor
of TOPAAS in the course of
their work.
TOPAAS undertakes to use
Your Data only for:
the purposes for which it was
collected;
such other purposes as are
subsequently agreed
between
TOPAAS and You;
such additional purposes as may
be
required by law.
In
these circumstances, TOPAAS
will take any reasonable steps
available to it
to communicate to You that the
use has occurred, unless it is
precluded from
doing so by law; and
such additional purposes as are
authorised by law
(in
particular to protect TOPAAS’s interests, e.g. if it
believes on
reasonable grounds that You have
failed to fulfil your undertakings to
TOPAAS or have committed a
breach of the criminal law).
TOPAAS undertakes to use
YourData only if it has
demonstrable
relevance
to the particular use to which
it is being put.
TOPAAS undertakes to use
YourData in such a manner as to
take into account
the possibility that it is not
of
sufficient quality for the
purpose,
e.g. because it is inaccurate,
out-of-date, incomplete, or
out-of-context.
Data Disclosure
Disclosure refers to making
YourData available to any party
other than TOPAAS and You. The term
disclosure may include many
different conditions
of data transfer, including
selling, renting, trading,
sharing and giving.
TOPAAS undertakes to
disclose Your Data only under
the following
circumstances:
in the course of business being
conducted between You and TOPAAS,
where disclosure is necessary to
a contractor, such as a
transport company. Where Your
Data is disclosed in this way,
TOPAAS
undertakes to exercise control
over TOPAAS’s contractors
to ensure that
their actions are compliant with
these Terms;
in other circumstances that are
directly implied by the purpose
agreed between You and TOPAAS
at the time of data collection
or
subsequently.
Where Your Data is
disclosed in this way, TOPAAS undertakes
to exercise control over
TOPAAS’s contractors to
ensure that their actions
are compliant with these Terms;
with your consent,
or at your request; where
required by law, such as a
provision of a statute,
or a court order such as a
search warrant or sub poena. In
these circumstances, TOPAAS
will take any reasonable steps
available to it to communicate
to You that the disclosure has
occurred, unless it is precluded
from doing so by law;
where permitted by law
(e.g. the reporting of suspected
breach of the criminal law to a
law enforcement agency; and in
an emergency,
where TOPAAS believes on
reasonable grounds that the
disclosure of
Your Data will materially assist
in the protection of the life of
health of some
person), provided that TOPAAS will apply due diligence to
ensure that the
exercise of the permission is justifiable.In all cases,
TOPAAS undertakes to
disclose only such of Your Data
as
is necessary in the particular
circumstances.
Data Retention and Destruction
Subject to the qualifications
immediately below, TOPAAS
undertakes:
to
retain
Your Data only as long as is
consistent with
its purpose; and to
destroy
Your Data when its purpose has
expired, and to
do so in such a manner that Your
Data is not subsequently capable
of being
recovered.
This undertaking is qualified as
follows:
Your Data may be retained in
TOPAAS’s
logs, backups and audit
trails
within short-term retention
cycles that are devised to
protect
the company’s operations. In
such cases, Your Data will be
destroyed in
accordance with those cycles;
Your Data may be retained beyond
the expiry of its purpose if
that is
required by law,
such as a provision of a
statute, or a court
order such as a search warrant
or sub poena, or a warning by a
law enforcement
agency that delivery of a court
order is imminent. In these
circumstances, TOPAAS:
will take any reasonable steps
available to it to communicate
to You that
Your Data is being retained,
unless it is precluded from
doing so by law; and
will only retain Your Data while
that provision is current, and
will then
destroy Your Data;
Your Data may be retained beyond
the expiry of its purpose if it
is
authorised by law
(in particular to protect
TOPAAS’s
interests, e.g. if it believes
on reasonable grounds that You
have failed to
fulfil your undertakings to
TOPAAS or have committed a
breach of the
criminal law). In these
circumstances, TOPAAS will
only retain Your Data
while that situation is current,
and will then destroy Your Data.
Access by You to Your Personal
Data
TOPAAS undertakes to
provide you with
access
to Your
Data, subject to only such
conditions and processes as are
reasonable in the
circumstances. In particular,
TOPAAS undertakes to enable
access:conveniently;
without unreasonable delay; and
without cost.
TOPAAS undertakes to
establish and operate
identity
authentication protections for
access to Your Data
that are
appropriate to its sensitivity,
but practical. This may involve
some
inconvenience; for example,
relatively straightforward
procedures may be
involved in order to provide you
with access through a channel
that you have
previously registered with
TOPAAS (such as a
particular email-address),
but may impose more onerous
procedures if you wish to use
some other channel.
In the event that you dispute
some aspect of Your Data,
TOPAAS undertakes
to take reasonable steps in
relation to the
amendment, supplementation
or deletion
of Your Data.
You undertake:
not to seek access for frivolous
purposes, or unreasonably
frequently;
to accept that deletion of some
data may not be consistent with
the
provision of particular services
by TOPAAS to you.
Information about Data-Handling
Practices
TOPAAS undertakes to make
information available to you
about the manner
in which TOPAAS handles
your data:
in general terms, in a readily accessible manner; and
in more specific terms, on
request.
Where Your Data is disclosed to
a contractor, TOPAAS
undertakes to make
information available to you on
request about the manner in
which TOPAAS’s
contractors handle your data.
TOPAAS undertakes to ensure
that the information provided is
meaningful,
and addresses your concerns.
You undertake:
not to seek such information for
frivolous purposes, or
unreasonablyfrequently; and
to accept that the disclosure of
excessive detail may harm the
security of
Your Data and TOPAAS’s
business processes, and may harm
TOPAAS’s
commercial interests.
·
Handling of Enquiries, General
Concerns and ComplaintsIf
you have enquiries, general
concerns, or complaints about
these Terms, or
about TOPAAS’s behaviour in
relation to these Terms, you
undertake:
to
communicate them in the first
instance:
to TOPAAS only;
in sufficient detail;
through a channel made available
by TOPAAS for that purpose;
TOPAAS undertakes:
to provide one or more
channels for communications
to
TOPAAS, which are
convenient to users;
to promptly provide
acknowledgement
of the receipt of
communications, including the
provision of a copy of the
communication, the
date and time it was registered,
and TOPAAS’s reference-code
for the
communication;
to promptly provide
a response
to the communication, in
an appropriate and meaningful
manner.
You further undertake to not
pursue TOPAAS through any
Regulator or the media:
until and unless TOPAAS has
had a reasonable opportunity to
respond
to the initial communication;
and
while TOPAAS and you remain
are conducting a meaningful
dialogue
about the matter.
Enforcement
TOPAAS declares that its
undertakings in these Terms are
intended to
create
legal obligations,
and that those obligations are
intended to be
enforceable
under appropriate laws in
appropriate jurisdictions. These
include laws relating to data
protection,
privacy, fair trading,
corporations and criminal laws.
You undertake to seek
enforcement only in a
jurisdiction
that
is relevant to the transactions
that have taken place between
You and
TOPAAS, in particular the
jurisdiction in which you live
or in which you
performed the relevant acts, and
the jurisdiction in which
TOPAAS is
domiciled or performed the
relevant acts.
Changes to These Privacy
Undertakings
TOPAAS undertakes:
not to materially change these
Terms in a manner that reduces
the
protections for Your Data;
to take all possible steps to
prevent any company that
acquires this
company or any of its relevant
assets from materially changing
the Terms
applicable to Your Data in a
manner that reduces the
protections for Your Data;
where it is considering making
changes to these Terms, or
creating more
specific Terms relating to
specific services, to consult
with appropriate
representative and advocacy
organisations;
where it makes changes to these
Terms, to ensure that the
differences
between successive versions are
readily accessible;
to maintain all prior versions
of these Terms in such a manner
that they
are dated, and readily
accessible.
Definitions
TOPAAS
means TOPAAS.
Head Office: 42 Valentines Road,
Ilford, IG1 4SA, United Kingdom.
Your Data
means data that is capable of
being associated with
you, whether or not it includes
an explicit identifier such as
your name or
customer number. In particular,
it encompasses all data that
TOPAAS is
capable of correlating with you,
using such means as server-logs
and
cookie-contents.
Your Data does not refer
to data that can no longer be
associated with
you. This includes aggregated
data that does not and cannot
identify the
individuals whose data are
included in the aggregation.
Consent
means your concurrence with an
action to be taken by
TOPAAS. Consent may be
express or implicit, but in
either case must be
informed and freely-given.
|
