TBC’s data protection and privacy measures are governed by the (i) the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the United States and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998 (“Data Protection Legislation”).
For Data Protection Legislation:
- where personal data is provided directly to TBC through use of the Website, email, or other means where TBC is determining the way in which that personal data is processed for its own use, then TBC will be a data controller of such information;
- where TBC is provided personal data in its capacity of providing Services to its clients, then TBC will only process that personal data in accordance with the instructions of its clients and TBC will therefore act as a data processor in respect of such personal data; TBC’s clients will be the data controller of that personal data for that purpose and will be responsible to data subjects for the way in which their personal data is processed as the data controller.
Personal data and basis for collection
Personal data means any data or information about an individual from which that person can be identified. It does not include data where the identity data has been removed (anonymous data).
Where TBC is acting as a data controller, TBC may collect, use, store and transfer different kinds of personal data about you which TBC has grouped together as follows:
- includes first name, last name, username or similar identifier, title, job title and date.
- includes billing address, delivery address, email address and telephone numbers.
- includes information about how you use TBC’s Services or submit an inquiry or query through the Website.
How TBC uses personal data
TBC will only use your personal data when the law allows us to, i.e., if we have a legal basis for doing so, as outlined in this Policy or as notified to you at the time we collect your personal data, and for the purposes for which it was collected for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do this. Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.
Where we act as the data controller for client contact information, we have set out below in the table a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact TBC if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.
Type of Data
Lawful basis for the processing including basis of legitimate interest
|To register you or the company that you are connected to as a new client and verify your identity||
Performance of a contract
To process and deliver the Services requested, such as BaaS, ITSM, HCI, Cybersecurity, including but not
Performance of a contract
Necessary for our legitimate
|To respond to queries and inquiries||
|To undertake marketing to you||
Where we act as a data processor of personal data on behalf of our clients, we will process personal data in accordance with our clients’ instructions or to comply with a legal or regulatory obligation.
We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed and have various information security policies in place to which we adhere to. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Personal Data Retention
We will only retain personal data in accordance with our retention policy, which includes:
- where we act as a data controller in connection with client contact information, for as long as necessary to fulfil the purposes we collected it for.
- where we act as a data processor on behalf of its clients, for the period notified to TBC by the data controller client.
- in either case, for the period required for the purposes of satisfying any legal, accounting, regulatory or reporting requirements.
No data is transferred outside of the EU without it being agreed by the Data Controller and TBC’s Chief Operating Officer. It is the responsibility of the Data Controller to ensure the data has been lawfully collected and can be legally transferred prior to transferring their data outside the EU.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- The right to be informed – this is information on for what purpose we are processing it and what personal data we are processing.
- The right of access – you have the right to be provided with copies of the personal data of you that we are processing as well as confirmation of the processing we are doing. You can do this by sending a “subject access request” to the contact details noted below for our consideration.
- The right to rectification – if you think the personal data we hold on you is wrong, you can tell us, and we will fix it.
- The right to erasure (also known as the right to be forgotten) – if you want us to permanently delete the personal data we hold for you, then you can ask us to do so. Our ability to delete such personal data is subject to exceptions in accordance with data protection laws.
- The right to restrict processing – if you do not like how we are using your personal data, then you can let us know and we will stop processing it in that way.
- The right to data portability – if you want us to pass on your personal data to someone else, then please let us know. This transfer should not affect the integrity or otherwise damage your personal data.
- The right to withdraw your consent – you can withdraw your consent for us to process your personal data (if we have relied on your consent to process your personal data) at any time by contacting us. If we have relied only on your consent as the basis to process your personal data, then we will stop processing your personal data at the point you withdraw your consent. Please note if we can also rely on other bases to process your personal data aside from consent, then we may do so even if you have withdrawn your consent.
- Rights in relation to automated decision making and profiling – if we use either automated decision making or profiling, then you have a right to know. Also, we need your consent if either of these are used to make a decision that affects you. As with all consent, you can withdraw it at any time.
To exercise any of the above rights please email your request to: email@example.com, with the subject heading “Data Processing Request”.
Where you exercise your right to erasure (and we do not have another legal basis to hold on to that personal data) or where information is deleted in accordance with TBC’s retention policy, please note that after the deletion of your personal data, it cannot be recovered, so if you require a copy of this personal data, please request this during the period TBC retains the data.
Where you exercise your right to request access to the information TBC processes about you, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances. TBC will try to respond to all legitimate access requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
Consent for the Collection and Processing for Special Categories of Sensitive Personal Data from the European Union
Special categories of sensitive personal data include racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic, biometric data; health data; or data concerning a person’s sex life or sexual orientation.
Pursuant to the European Union General Data Protection Regulation (EU GDPR), TBC in its capacity as a data controller under the EU GDPR, must obtain your explicit, affirmative consent before it can collect or process any special categories of sensitive personal data for a lawful basis.
In its role as a data processor, special categories of sensitive personal data will be handled and processed only by the persons who are responsible for the necessary activities agreed upon by the data controller and TBC.
The Website is not intended for children and TBC will not knowingly collect any personal data from persons under the age of 18 and will immediately delete any such data subsequently so determined.
How to contact us
8328 E. Hartford Dr., Scottsdale, Arizona 85255
If you are in the European Union / United Kingdom, you may address privacy-related inquiries to our EU / UK representative pursuant to Article 27 GDPR:
EU: EU-REP.Global GmbH, Attn: TBConsulting, Hopfenstr. 1d, 24114 Kiel, Germany
UK: DP Data Protection Services UK Ltd., Attn: TBConsulting, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom