1.1 This privacy notice (Privacy Notice) sets out the ways in which we, Trust 3.0 a charity registered in England(we, us, our), collect and use your personal data (your personal information) in connection with our business. It also explains what rights you have to access or change your personal data.

1.2 We are the data controller in relation to the personal data processed in accordance with this Privacy Notice (except where this Privacy Notice explains otherwise). This Privacy Notice and our procedures have been developed in line with the requirements of the EU General Data Protection Regulation, the UK General Data Protection Regulation, the Data Protection Act 2018 and other applicable national law (Data Protection Law).

1.3 Where we refer to ‘websites’ in this Privacy Notice, we are referring to the main Trust 3.0 website available at www.trust30.org (the Trust 3.0 website).

1.4 Note, if you have come to this Privacy Notice because you would like to stop receiving marketing emails from us, you can unsubscribe at any time by following the “unsubscribe” link at the bottom of those emails.

About Us

2.1 Trust 3.0 is a charity registered in England and Wales with the Charities Commission, charity number 1203317 with our registered office set out below.

2.2 You can contact us as follows:
Address: 75 Shelton St, London WC2H 9JQ
Email: privacy@trust30.org

Information We May Collect About You

3.1 Information that you provide to us

3.1.1 We will collect any information that you provide to us when you:

1. make an enquiry about our services via email, telephone, post or via our websites or social media channels;
2. subscribe to our mailing lists and newsletters via our websites;
3. as a client, ask us to provide services to you (or you work for someone who we provide services to); and
4. as a supplier, provide goods or services to us (or you work for someone who supplies goods or services to us).
5. Attending a Trust 3.0 managed event held either virtually or in person.

3.1.2 The information you provide to us might include your name, address, country of residence, phone number and/or job title.

3.2 Information we collect about you

3.2.1 We will collect any information contained in any correspondence between us. For example, if you contact us by email or telephone, or send us an enquiry via our websites or social media channels, we will keep a record of that correspondence.

3.2.2 When you sign up to our e-mail newsletters, we use technology to collect information about how you interact with our emails, including whether our emails are delivered to you and whether you open them, unsubscribe from them or click on any of the links which they contain.

3.2.3 We also use analytics tools on our websites to collect anonymised and aggregated information about website visitors. This includes information about how our visitors navigate the site (including mouse movements and key presses) details of our visitors’ browsers, operating systems, device screen resolutions and screen sizes, internet protocol (IP) addresses, geographic locations, time zone settings and other technology on the devices they use to access our websites. We use this information for analysis purposes and, unlike the other types of information we collect from our website visitors, it cannot be used to identify individuals.

3.3 Information we receive from third parties

3.3.1 We may be provided with your contact details if you or your services are referred or recommended to us by a third party;

How We Use Information About You And Recipients Of Your Information

4.1 We will use your information for the purposes listed below either on the basis of:

4.1.1 performance of your contract with us and the provision of our services to you;

4.1.2 your consent (where we request it); or

4.1.3 our legitimate interests (see paragraph 4.3 below).

4.2 We may use your information for the following purposes:

4.2.1 to provide you with access to our websites in a manner convenient and optimal including sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our websites are presented in an effective and optimal manner);

4.2.2 as a client, to provide you with our services as agreed pursuant to the performance of our contract with you;

4.2.3 to keep in contact with you about our news, events, or new services that we believe may interest you, provided that we have the requisite permission to do so, and sharing your information with our e-mail marketing services provider (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);

4.2.4 if you are a supplier, to receive services from you or your organisation, for example where a supplier is providing us with IT or other outsourced services we will handle personal data about the individuals who are involved in providing the service to us;

4.2.5 to carry out aggregated and anonymised research about general engagement with our websites (on the basis of our legitimate interest in providing the right kinds of information and content to our website users);

4.2.6 to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including without limitation fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so); and

4.2.7 to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).

4.3 Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in:

4.3.1 Personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;

4.3.2 To provide you with direct marketing about our products and services unless you have asked to be taken off our mailing lists;

4.3.3 Protecting against fraud and other risks to our business, for example when we collect personal data in the course of carrying out due diligence on our suppliers.

4.3.4 Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don't automatically override yours and we won't use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation).

Who Might We Share Your Information With

5.1 In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we may share your personal data with third parties that we work with such as:

5.1.1 third parties who provide data processing and IT services to us including website hosting providers, data back-up, security and storage providers and cloud-based software providers;

5.1.2 other third-party service providers who help us run and improve our business. For example providers of email services, marketing services, survey and market research providers, providers of fulfilment and postal services and travel service providers;

5.1.3 any selected third party that you consent to our sharing your information with for marketing purposes;

5.1.4 third parties with whom we may choose to sell, transfer or merge parts of our business or our assets; and

5.1.5 any other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) where necessary to enable us to enforce our legal rights, or protects the rights, property or safety of our employees or where such disclosure may be permitted or required by law.

5.1.6 We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.

Cookies

6.1 We use cookies to ensure that you get the most out of our websites. Please find further details in our cookies policies available on each of our websites. The cookies policy for the Trust 3.0 website is available here.

How We Look After Your Information And How Long We Keep It For

7.1 We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:

7.1.1 ensuring the physical security of our offices and other sites;

7.1.2 ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;

7.1.3 limiting access to your personal data to those in our company who need to use it in the course of their work.

7.2 We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. Please contact us if you would like to be provided with the details of the retention periods for specific aspects of your personal data.

7.2.1 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

International Transfers Of Your Information

8.1 We are a global business based in the UK and we use third-party service providers located in other countries to help us run our business. As a result of this we may transfer personal data of individuals located in the UK outside of the UK, and personal data of individuals located in the European Economic Area (the European Economic Area being the European Union and Iceland, Liechtenstein and Norway, which is also referred to as the “EEA”) outside of the EEA.

8.2 Countries outside of the UK and the EEA may not have data protection laws that provide the same level of protection as those within the UK or the EEA and so whenever we transfer your personal data outside the UK or the EEA, we take steps to ensure all personal data is protected with adequate safeguards, such as by entering into approved standard contractual clauses or transferring personal data to countries, territories, sectors or organisations that are covered by an EU Commission "adequacy decision" and/or a UK "adequacy regulation".

8.3 Please contact us if you would like further information on the specific mechanism we use when transferring your personal data out of the UK or the EEA.

Your Rights To The Information We Hold About You

9.1 You have certain rights under Data Protection Law in respect of the information that we hold about you:

9.1.1 Access: You have the right to request confirmation that we are holding your personal data and to access a copy of the personal data that we hold about you. This is known as a “data subject access request” and enables you to check that we are handling your personal data lawfully;

9.1.2 Correction: You can ask us to change or complete any inaccurate or incomplete personal data we hold about you;

9.1.3 Erasure: You can ask us to delete or remove your personal data where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful reason for keeping it;

9.1.4 Objection: You can object to our processing of your personal data where we are relying on a legitimate interest if there is something about your particular situation which makes you believe it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes;

9.1.5 Withdraw consent: If you have given us your consent to use personal data you can withdraw your consent at any time;

9.1.6 Transfer: You can ask us to provide the personal data which you have provided to us back to you or to a third party in a structured, commonly used, electronic form, so it can be easily transferred; and

9.1.7 Restriction: You can ask us to suspend the processing of your personal data, for example, if you want to establish its accuracy or where you have objected to our use of it.

9.2 In addition, in accordance with Data Protection Law, you have the right to lodge a complaint about us to the UK Information Commissioner's Office (https://ico.org.uk/) or the relevant authority in your country of work or residence.

9.3 Please note that some of these rights only apply in certain circumstances and we may not be able to fulfil every request. If this is the case you will be notified of this at the time of your request. If you make a request we may require specific information from you to help us confirm your identity. This is to ensure that personal data is not disclosed to anyone who does not have the right to receive it.

9.4 You may exercise your rights in 9.1 above by contacting us directly using the details set out in 2 above.

Changes To This Privacy Notice

10.1 We may make changes to this Privacy Notice from time to time. We will post any changes to our site, or notify you of any material changes by e-mail.

This Privacy Notice was launched on 11th November 2023