Regardless of where, why or how we obtain or Process your Personal Data, we comply with Data Protection Law (DP Law). DP Law protects ‘data subjects’ in the UK and EU (that’s you) by imposing stricter obligations on ‘data controllers’ (that’s us) and ‘data processors’ (those that help us) when we ‘process’ ‘personal data’. Click here to see our glossary below under ‘Personal Data’, ‘Processing’, ‘Controller’, ‘Processor’.

In a nutshell, DP Law applies to any data that might identify you, wherever or however we got it, whatever we do with it and wherever we Process it, even if someone else Processes it on our behalf, and even if we send it outside the EEA.

This means that whenever we Process your Personal Data we do so:

  • Lawfully: Only if we can justify it on one of the following Lawful Bases:
    • Consent – this means you have given us permission, which you can withdraw at any time. We need your explicit consent to process sensitive data like health-related data (Special Data) or to transfer your Personal Data outside the EEA where we don’t have another basis for doing so
    • Legitimate Interest – to help fulfil a legitimate business objective (see the ‘Why’ column of our At-a-Glance table) after confirming we’ve only used what’s reasonably necessary and proportionate to meet that objective and struck the right balance between our interests and yours (Legitimate Interests Assessment (LIA)).  Generally speaking, we need this it to operate our business, generate leads and sales, make sure our relationship with you runs smoothly, and protect the Personal Data and commercial data we hold by securing our network and information systems
    • Contractual necessity – to enter into or fulfil our contract, including to generate a quote
    • Legal obligation – to comply with the law (e.g. tax reporting, Anti-Corruption)
    • Vital interests – in rare instances where one of the others don’t apply but we need your Personal Data to protect your vital interests or those of another person
  • Fairly and transparently: we strike the right balance between our interests and yours and we tell you what we do with your Personal Data
  • For a specific purpose: we won’t use your Personal Data for another incompatible purpose unless the law permits or requires us to
  • Using the least amount reasonably necessary
  • Ensuring it is accurate, complete and up-to-date
  • For a limited time: Only for as long as reasonably necessary, and then we either destroy it or de-identify it so it can’t be linked back to you
  • Securely: managing our people and designing our processes and technology to ensure end-to-end confidentiality, integrity and availability
  • Within the UK/EEA: we don’t transfer your Personal Data outside the EEA except as permitted under DP Law. We use appropriate safeguards for consistent protection and ensure third parties we rely on do so as well
  • With your rights in mind: We make it easy for you to exercise your rights (see Your Rights)

The types of Personal Data we Process about you are grouped under the following categories:

  • Identity Data: first name, last name, company name, title
  • Contact Data: billing address, trading/physical address (if different from billing address), email address and telephone numbers, contact name(s)
  • Financial Data: bank details (if you are a supplier of ours), invoices we send (if you are a client of ours)
  • Transaction Data: details about payments to and from you and other details of products and services you have purchased from us (e.g. Membership, TRN subscription) or for which you have sought a quote or additional information through our Contact Us form or via email
  • Profile Data: purchases or orders made by you, your company ‘category’/SIC code, preferences, feedback on work
  • Marketing and Communications Data: your preferences in receiving marketing and newsletters from us – including do-not-call and unsubscribe requests (suppression lists), cookie preferences, and your preferred communication methods
  • Client Data refers to Personal Data we receive or generate in connection with matters for which you’ve sought our expertise: director or employee names or details, emails, text messages, internal or external documents you’ve shared