![IMG_7506[9669].jpg](https://static.wixstatic.com/media/377f5f_e870083a292944829f8c3b0232ecc033~mv2.jpg/v1/fill/w_329,h_141,al_c,q_80,usm_0.66_1.00_0.01,enc_auto/IMG_7506%5B9669%5D.jpg)
Privacy & GDPR
Privacy & GDPR
We take data protection and information security very seriously. Our privacy statement below highlights why we collect certain data information, what we collect, how we use it and how long we store it. We also want you to know how you can access, amend or in some cases delete your information.
Tastested handles all information supplied to us by our customers and registered users of our website with the utmost care and confidence. We use computer security measures including firewalls, strong passwords and data encryption to keep your information stored safely on a highly secure server. All physical copies of data are stored in a locked safe and may only be accessed by authorised personnel who require that access to fulfil their job responsibilities.
We will handle your personal information as confidential (although we reserve the right to disclose this information in the circumstances described below).
All information provided to us is held securely and protected under strict security measures to prevent unauthorised access. We will not sell or rent your personal data to other parties.
Payments
Tastested uses leading payment solution provider Stripe for all online transactions.Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, Stripe uses the best-in-class security tools and practices to maintain a high level of security.
HTTPS and HSTS for secure connections
Stripe forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard.
-
Stripe.js is served only over TLS
-
Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection
Stripe regularly audits the details of their implementation, including the certificates they serve, the certificate authorities they use, and the ciphers they support. Stripe uses HSTS to ensure that browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.
Encryption of sensitive data and communication
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons can obtain plaintext card numbers but can request that cards are sent to a service provider on a static allow list. Stripe’s infrastructure for storing, decrypting and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
A quick introduction to GDPR:
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It enforces laws based on a set of principles that businesses which handle personal data of EU citizens should follow.
These fundamental principles state that personal data should be:
-
1. Processed lawfully, fairly and in a transparent manner in relation to the data subject.
-
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
-
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
-
4. Accurate and, where necessary, kept up to date.
-
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
-
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Knowing your data
Tastested requires very little personal data from its customers; we do however need the following to create an account for you to access the Tastested system: –
First Name
Surname
Email Address
Telephone Number
Your data will always be held securely and in line with the requirements of UK Data Protection/GDPR Legislation. By communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.
We do not sell or rent your personal information to other companies or individuals.
Other data we capture
We collect anonymous information sent by your browser when you visit our websites, including IP address, visited page/category, geographic location, referrer, operating system, duration, landing URL, search keyword and browser version.
Social media information – If you choose to engage with us via social media i.e. tweet us for support, follow us or directly engage with a post, eg like, retweet etc, we will capture your public social media information.
System usage – we log your usage of Tastested systems using 3rd party software called ‘Google Analytics’ this helps us to identify system issues and to make improvements to our solutions.
We collect data that you have sent to us through online customer surveys, event registration forms, contact us or career enquiries.
Should you disclose your personal data when opting into our mailing list, we hold your name and email address solely for the purpose of sending you emails in your professional capacity with your employer. Our lawful basis for sending these emails is our legitimate interest in promoting our products and services. We have conducted a legitimate interest assessment to establish that this does not pose a significant risk to the professionals receiving these emails.
3rd Party Software Providers
We use some carefully selected 3rd party software providers to aid us with the running of Tastested we have reviewed each provider to ensure they comply with UK Data Protection and GDPR Legislation.
We may use a number of services, listed below, for advertising based on your web activity, or remarketing. We use this to show adverts to visitors that have been to our websites, on Google, Twitter, Facebook, LinkedIn, and other participating websites. Your anonymous browsing behaviour may in turn be shared by the following partners as outlined in their privacy statements. We do not share any personal information with these vendors.
Google Adwords, Doubleclick and Google’s display adverts.
Google Remarketing
LinkedIn Adverts
Email Marketing and Direct Mail - if you are a customer, partner, or prospect we may use your business contact information and business address to send you marketing communications such as email marketing and direct mail. We may also send you product, company news and service updates that are relevant to your use of our website, products and services. We will process this information for legitimate business purposes stated above.
If you do not wish to receive email marketing content from us, you can opt-out using our unsubscribe button at the base of every email we send. If you do not wish to receive telemarketing or direct marketing from us, please email info@tastested.uk
Consent
We have introduced changes to our sign-up processes and our Privacy Policy to align ourselves withGDPR’s principle of fairness and transparency.
For all marketing communications, new users will have to opt-in to receive them, this includes our monthly newsletters.
We will continue to provide an option to opt out from marketing communications; this opt-out option is located in the footer area of every marketing email we send.
Our account customers can use their administration area on our website to make changes including opting in and out of marketing communications at any time.
Vendors that collect anonymous data on our behalf
Google Analytics: We use Google Analytics to analyse the performance of our websites and follow up on the effectiveness of our marketing efforts. Google Analytics allow us to analyse data in aggregate, we do not collect or store any personal information in Google Analytics. If you would like to opt-out of Google Analytics monitoring your behaviour on our sites please use this link (https://tools.google.com/dlpage/gaoptout/)
Business Intelligence - We use business intelligence software to identify companies visiting our website/s and what pages visitors from those companies have viewed. Gathering data from publically available data sources.
Keeping your data
We store your data on our secure servers using encryption for security purposes, and this data is stored while you have an active account with us, for you to access the Tastested systems.
If you cancel your Tastested account, your user data is removed from the system. The company details are de-activated and archived to allow for easy re-activation, but specific personal data is not.
Your Rights: Access Requests & Unsubscribe Options
Opt-Out: You can choose to opt out of marketing communications at any time, regardless if you are a customer, partner, or none of the above.
Access Requests: You can request a copy of your personal information and you can update any incorrect information.
Right to be Forgotten: You can ask to have your personal information removed, or in some cases limit our processing of personal information. This does not apply when we need to keep your information for legal reasons.
If you do not wish to receive telemarketing or direct marketing from us, please email info@tastested.uk
Tastested is the Data Controller of any data you supply. Tastested takes data privacy and security of our customers very seriously, and we are committed to ensuring we comply with the highest standards of data security.
We do have the right to charge an administration fee for this request and can also ask for additional proof of identity to process this request. If you feel any of the data we have may be inaccurate in any way, please let us know so this can be corrected.
Access requests are to be made in writing and sent to:
Tastested
64 Lifstan Way
Southend on Sea
Essex
SS12XE
Please note that you may be charged a fee of £12 for this service.
You may also be asked to provide proof of your identity, and for information that might help to locate the data, you are seeking.
This will be completed within 20 working days from the acquisition of this request. If you have a complaint about the way in which your personal information has been handled, we will acknowledge it within 5 working days and respond in full within 20 working days.
For any further information, please contact us by emailing our support team info@tastested.uk
Data breach notification
Tastested system itself is all accessed using secure servers using data encryption to ensure the highest security levels.
When we become aware that site security has been compromised as a result of external activity (including but not limited to external security attacks) we shall take reasonable measures which we deem appropriate. This includes but is not limited to internal investigation and reporting, and notification to and cooperation with law enforcement authorities. All affected users will be notified of this infringement within no more than 72 hours following discovery.
How long we keep information
We keep your business/personal information as long as it is warranted for us to fulfil our commitments to you, or to adhere to legal or regulatory requirements.
If you are a customer, partner or prospect, we keep information for the duration of the relationship. If you have requested to receive marketing communications, we will keep your personal information only as long as you interact with us, or until the data subject opts-out or asks to be forgotten.
Information collected through online customer surveys are kept for a maximum of 5 years. This is so we can establish year-on-year comparisons to determine trends in customer satisfaction.
Starting May 25, 2018, user and event data (associated with cookies, user identifiers, or advertising identifiers) on Google Analytics will be retained for 50 months; Google Analytics will automatically delete user and event data that is older than 50 months.
Changes to our privacy policy
We may change our privacy policy at any time. Continued use of our websites signifies that you agree to such changes.