TBConsulting, LLC, is a company incorporated under the laws of the State of Arizona, USA,, having its principal place of business at 8328 E. Hartford Drive, Scottsdale, AZ 85255. This Privacy Policy defines how TBConsulting (TBC) uses and protects any personal data that is provided to TBC (including personal data provided through the website https://www.tbconsulting.com/ (“Website”)). TBC provides services to its business clients, including access to software and technology for clients to use in their business operations (“Services”). In addition to these practices, the Website also collects certain personal data from users, as set out in this Policy.

TBC is firmly committed to respecting and protecting the privacy of all personal data received or collected, in strict adherence to Data Protection Legislation (defined below) and best business practice. TBC has established this Policy so users can understand the care with which we intend to treat personal data, as a standard. Although legal requirements may vary from country to country, TBC intends to adhere to the principles set out in this Privacy Policy even if, in connection with the above, we transfer your personal information from your country to countries outside of the European Economic Area that may not require a high level of protection for your personal information (as detailed further below).


Terminology Used

TBC’s data protection and privacy measures are governed by the (i) the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the United States and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998 (“Data Protection Legislation”).

For Data Protection Legislation:

  • Where personal data is provided directly to TBC through use of the Website, email, or other means where TBC is determining the way in which that personal data is processed for its own use, then TBC will be a data controller of such information;
  • Where TBC is provided personal data in its capacity of providing Services to its clients, then TBC will only process that personal data in accordance with the instructions of its clients and TBC will therefore act as a data processor in respect of such personal data; TBC’s clients will be the data controller of that personal data for that purpose and will be responsible to data subjects for the way in which their personal data is processed as the data controller.

Where TBC acts as a data processor on behalf of its clients, TBC will process that personal data on the instructions of its clients, who would have collected that personal data in accordance with that client’s own privacy policy. Individuals who have contracts with our clients should therefore check that client’s own privacy policy, to ensure they understand how their personal data may be processed.

Personal data and basis for collection

Personal data means any data or information about an individual from which that person can be identified. It does not include data where the identity data has been removed (anonymous data).

Where TBC is acting as a data controller, TBC may collect, use, store and transfer different kinds of personal data about you which TBC has grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier, title, job title and date.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Usage Data includes information about how you use TBC’s Services or submit an inquiry or query through the Website.

Subject to where TBC needs to verify your identity and you provide your express consent for TBC to process such information, TBC does not process any Special Category personal data (as defined by Data Protection Legislation) about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), nor does TBC collect any information about criminal convictions and offences. As mentioned above, TBC may process Special Category personal data about individuals on behalf of its clients, in which case our client’s own privacy policy will explain the Special Category data being processed and the purposes for which it will be processed.

How TBC uses personal data

TBC will only use your personal data when the law allows us to, i.e., if we have a legal basis for doing so, as outlined in this Policy or as notified to you at the time we collect your personal data, and for the purposes for which it was collected for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do this. Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.

Where we act as the data controller for client contact information, we have set out below in the table a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact TBC if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.

Type of Data
Lawful basis for the processing including basis of legitimate interest
To register you or the company that you are connected to as a new client and verify your identity 1)  Identity
2) Contact

Performance of a contract

To process and deliver the Services requested, such as BaaS, ITSM, HCI, Cybersecurity, including but not
limited to:

1)  Manage accounts, payments, fees, and charges
2) Contacting you and corresponding about the Services
1)  Identity
2) Contact

Performance of a contract
Necessary for our legitimate interests

To respond to queries and inquiries 1)  Identity
2) Contact
3) Usage
Legitimate interests
To undertake marketing to you

1)  Identity
2) Contact
3) Usage

Legitimate Interests

Where we act as a data processor of personal data on behalf of our clients, we will process personal data in accordance with our clients’ instructions or to comply with a legal or regulatory obligation.

Data Security

We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed and have various information security policies in place to which we adhere to. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data Transfers

No data is transferred outside of the EU without it being agreed by the Data Controller and TBC’s Chief Operating Officer. It is the responsibility of the Data Controller to ensure the data has been lawfully collected and can be legally transferred prior to transferring their data outside the EU.

Personal Data Retention

We will only retain personal data in accordance with our retention policy, which includes:
  • where we act as a data controller in connection with client contact information, for as long as necessary to fulfil the purposes we collected it for.
  • where we act as a data processor on behalf of its clients, for the period notified to TBC by the data controller client.
  • in either case, for the period required for the purposes of satisfying any legal, accounting, regulatory or reporting requirements

Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

  • The right to be informed – this is information on for what purpose we are processing it and what personal data we are processing.
  • The right of access – you have the right to be provided with copies of the personal data of you that we are processing as well as confirmation of the processing we are doing. You can do this by sending a “subject access request” to the contact details noted below for our consideration.
  • The right to rectification – if you think the personal data we hold on you is wrong, you can tell us, and we will fix it.
  • The right to erasure (also known as the right to be forgotten) – if you want us to permanently delete the personal data we hold for you, then you can ask us to do so. Our ability to delete such personal data is subject to exceptions in accordance with data protection laws.
  • The right to restrict processing – if you do not like how we are using your personal data, then you can let us know and we will stop processing it in that way.
  • The right to data portability – if you want us to pass on your personal data to someone else, then please let us know. This transfer should not affect the integrity or otherwise damage your personal data.
  • The right to withdraw your consent – you can withdraw your consent for us to process your personal data (if we have relied on your consent to process your personal data) at any time by contacting us. If we have relied only on your consent as the basis to process your personal data, then we will stop processing your personal data at the point you withdraw your consent. Please note if we can also rely on other bases to process your personal data aside from consent, then we may do so even if you have withdrawn your consent.
  • Rights in relation to automated decision making and profiling – if we use either automated decision making or profiling, then you have a right to know. Also, we need your consent if either of these are used to make a decision that affects you. As with all consent, you can withdraw it at any time.

To exercise any of the above rights please email your request to: privacy@tbconsulting.com, with the subject heading “Data Processing Request”.

Where you exercise your right to erasure (and we do not have another legal basis to hold on to that personal data) or where information is deleted in accordance with TBC’s retention policy, please note that after the deletion of your personal data, it cannot be recovered, so if you require a copy of this personal data, please request this during the period TBC retains the data.

Where you exercise your right to request access to the information TBC processes about you, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances. TBC will try to respond to all legitimate access requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

Consent for the Collection and Processing for Special Categories of Sensitive Personal Data from the European Union

Special categories of sensitive personal data include racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic, biometric data; health data; or data concerning a person’s sex life or sexual orientation.

Pursuant to the European Union General Data Protection Regulation (EU GDPR), TBC in its capacity as a data controller under the EU GDPR, must obtain your explicit, affirmative consent before it can collect or process any special categories of sensitive personal data for a lawful basis.

In its role as a data processor, special categories of sensitive personal data will be handled and processed only by the persons who are responsible for the necessary activities agreed upon by the data controller and TBC.


The Website is not intended for children and TBC will not knowingly collect any personal data from persons under the age of 18 and will immediately delete any such data subsequently so determined.

How to contact us

For questions related to this privacy policy or data subject rights you may contact our TBC appointed Data Protection Officer at:

Michelle Shilliday
8328 E. Hartford Dr., Scottsdale, Arizona 85255

If you are in the European Union / United Kingdom, you may address privacy-related inquiries to our EU / UK representative pursuant to Article 27 GDPR:

EU: EU-REP.Global GmbH, Attn: TBConsulting, Hopfenstr. 1d, 24114 Kiel, Germany
UK: DP Data Protection Services UK Ltd., Attn: TBConsulting, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom



Remember the risks whenever you use the internet

TBC is committed to ensuring that your information is secure and has in place reasonable and proportionate safeguards and procedures to protect your personal data. While TBC does its best to protect your personal data, TBC cannot guarantee the security of any information that you transmit to TBC, and you are solely responsible for maintaining the secrecy of any passwords or other account information.

Privacy Policy was last updated on July 31, 2021