Privacy Policy

Introduction

True & North respects the privacy of its customers, suppliers and partners. We have therefore formulated and implemented a policy on complete transparency regarding the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the best possible way. For employees, we have formulated a separate privacy policy, available upon employment and upon request.

If you require any additional information about the protection of personal data, please visit the following website: https://ico.org.uk/.

Definitions
  • Party responsible for processing personal data: True & North, 27 Mortimer Street, London, United Kingdom, W1T 3BL (the Controller).
  • Data Protection Authority: Information Commissioner UK.
  • Data Protection laws:
    • The UK GDPR 2020 and the UK Data Protection Act 2018;
    • The EU GDPR 2018;
    • The EU e-privacy directive 2002 (soon to be replaced by the EU e-privacy
    • regulation).
Collection of data
  • Your personal data will be collected by True & North and its data processors.
  • Personal data means any information relating to an identified or identifiable natural person (‘data subject’).
  • An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The types of personal data we collect:
Type Legal Basis Purpose
Customer Identification Information Consent / Legitimate interest Customer management, work planning, direct marketing, administration
Employee Identification Information Consent Employee management, work planning, administration
Supplier or partner Identification Information Consent / Legitimate interest Supplier management, Work planning, administration
Employee Financial Information Consent Employee management, administration
Supplier or partner Financial Information Consent Supplier management, administration
Employee employment or educational history Consent Employee management
Contracts with employees, customers and suppliers Consent Employee, customer or supplier management, administration
Copies of ID Consent Employee management, administration
How we collect, store or otherwise process your data:
Description of processing Type Third-party recipients
Website: Collection of cookies; subscription to the newsletter and contact form User identification information Cloudways and HubSpot
Email: Corresponding with customers, suppliers and partners
  • Customer Identification Information
  • Employee Identification Information
  • Supplier or partner Identification Information
  • Customer Financial Information
  • Employee Financial Information
  • Supplier or partner Financial Information
  • Employee employment or educational history
  • Contracts
  • Copies of ID
Google and Microsoft
Using cloud-services for storing and exchanging documents
  • Customer Identification Information
  • Employee Identification Information
  • Supplier or partner Identification Information
  • Customer Financial Information
  • Employee Financial Information
  • Supplier or partner Financial Information
  • Employee employment or educational history
  • Contracts
  • Copies of ID
Google and Microsoft
Marketing and customer delivery activities; email campaigns, advertisement
  • Customer Identification Information
  • Supplier or partner Identification Information
Yesware, Typeform and Hubspot
Administration and payment
  • Customer Identification Information
  • Supplier or partner Identification Information
  • Customer, supplier or partner financial information
Xero and Transferwise
Security measures taken by True & North to protect your data include:

Your data is protected by True & North and its processors in pursuance to all legal requirements set by the relevant data processing laws. True & North has taken technical and organizational security measures to protect your data and requires its data processors to meet the same requirements. True & North has signed processing agreements with its processors to ensure the same level of data protection.

Organisational
  • Policies and procedures for information security that have been assessed and approved on management-level;
  • Security and privacy training for everyone that has access to True & North data or our customer’s data;
  • A rolling programme of information security policies, security procedures and technical security controls;
  • A security incident management programme;
  • Business continuity and recovery plans, including regular testing;
  • Rigorous change control programmes; and
  • Procedures for independent, periodic security risk assessments to identify critical information assets, assess risks to those assets, determine potential vulnerabilities, and define timely remedial actions.
Technical
  • Access and authentication management;
  • Clean Desk en Clear Screen policy;
  • Encryption at rest and in transit;
  • Firewall on devices and networks;
  • Physical access restrictions based on least privilege;
  • Appropriate security patches
  • Processes for monitoring, analysing and responding to security alerts
  • The use and regular updating of antivirus software; and
  • Processes for regularly maintaining, managing and protecting the installed software
Your rights regarding information
  • Pursuant to Article 13 paragraph 2 sub b UK GDPR and corresponding articles in EU data protection laws, each data subject has the right to information on and access to, and rectification, erasure and restriction of processing of his personal data, as well as the right to object to the processing and the right to data portability.
  • You can exercise these rights by contacting us at the following email address: info@trueandnorth.co.uk. Each request must be accompanied by a copy of a valid ID, on which you put your signature and state the address where we can contact you. Ensure that you write “GDPR request” in the subject line of your email.
  • Within one month of the submitted request, you will receive an answer from us. We will not charge you for submitting your request unless the request is manifestly unfounded or otherwise unreasonable in its nature. Depending on the complexity and the number of the requests this period may be extended to two months.
Marketing
  • You may receive commercial offers from True & North. If you do not wish to receive them (anymore), please send us an email to the following address: info@trueandnorth.co.uk and ensure that you write “GDPR opt-out” in the subject line of your email.
  • Your personal data will not be used by our partners for commercial purposes.
  • If you encounter any personal data from other data subjects while visiting our website, you are to refrain from collection, any unauthorized use or any other act that constitutes an infringement of the privacy of the data subject(s) in question. The collector is not responsible in these circumstances.
Data retention

The collected data are used and retained for the duration determined by law. You may, at any time, request your data to be deleted from any True & North account, system or other data processing medium in accordance with the process described above.

Applicable law

These conditions are governed by British law. The court in the district where the collector has its place of business has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.

Contact

This policy was created for True & North by Naq Cyber. For questions about this privacy policy, please contact Naq Cyber at info@naqcyber.com. For questions about True & North’s services or information about the website, please contact: info@trueandnorth.co.uk.