Privacy Policy

We want to be completely transparent about how we collect and use your personal data and this privacy notice exists to tell you exactly how we do this.

This notice applies wherever we decide why and how we process personal data (and therefore act as a Data Controller under data protection law). It covers the personal data we process when you visit our website or use our services as a (potential) customer and/or test user.

We provide an employee voice platform that transforms employee’s ideas into action so that meaningful change can be made. We are a Data Processor for user’s personal data hence we only process this data as per instructions from the Customer (i.e. Data Controller). We support our customers in completing the necessary assessments and we rely on our customers to have obtained the necessary notices, lawful basis for processing or any other legal requirements.

The different ways we store personal data

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you sign as a customer, we collect your company name, details of your primary contact and any other relevant key contacts, payment details, and a signature. The legal basis we rely on for this processing is Article 6(1)(b) of the GDPR – Contract.

To keep in touch with you and manage your account we use your key contact name, email address, phone number and company name. The legal basis we rely on for this is Article 6(1)(f) of the GDPR – Legitimate Interest.

To collect payments for our service we require your company name and address, key contact name, and VAT number. The legal basis we rely on for this processing is Article 6(1)(b) of the GDPR – Contract.

We may use call recording and note-taking software during our meetings which we sometimes use for preparation and training purposes, and to gain insights so we could identify new business prospects and improve our services. The legal basis we rely on for this is Article 6(1)(f) of the GDPR – Legitimate Interest.

Where do we store it?

We use applications that store data in the UK or EEA GDPR zone, or countries deemed ‘adequate’ under GDPR. When we use an application that stores data outside of the UK (or EEA), we will use appropriate measures to secure the transfer, including the new US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken.

How long do we keep it?

We will retain your personal data while you are a customer of ours and for up to 12 months after you leave, in line with our business needs. We keep financial data for a minimum of 6 years, in line with UK law.

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you get in touch to book a demo, we ask for your name, email address, phone number, company name, company headcount, and we ask how you heard about us. We use this information to book a demo call with you and provide you with further information about our services. We record demo calls for training and reference purposes. The legal basis we rely on for this processing is Article 6(1)(f) of the GDPR – Legitimate Interest or Article 6(1)(a) of the GDPR – Consent.

Where do we store it?

We use some data application providers and suppliers to manage our services. It is our general practice to use applications where we can store data in the UK, EEA or countries deemed ‘adequate’ under GDPR.

We use a US based Customer Relationship Management (CRM) and a US based pop-up tool on our website to host our ‘book a demo’ form, collect your personal details, manage communications with you, and schedule calls. We use calendar, video call, recording and transcribing tools for meeting bookings. When we use an application that stores data outside of these zones, we will use appropriate measures to secure the transfer such as Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken. If this applies we will indicate the importer country, otherwise the data resides in the GDPR zone.

How long do we keep it for?

We’ll retain your name and email address on a marketing list, for 5 years from the date you last contacted us in line with our retention schedule unless you unsubscribe sooner. Anyone who unsubscribes will be transferred to our ‘do not contact list’. We retain your name and email address so that we know not to contact you with marketing messages.

We provide an employee voice platform that transforms employee’s ideas into action so that meaningful change can be made. We are a Data Processor for user’s personal data hence we only process this data as per instructions from the Customer. We support our customers in completing the necessary assessments and we rely on our customers to have obtained the necessary notices, lawful basis for processing or any other legal requirements.

What personal data do we process on behalf of our customers?

We may process various types of personal data on behalf of our customers, including but not limited to:

  • Employee identifiers (e.g., names, employee IDs)
  • Contact information (e.g., email addresses)
  • Job-related information (e.g., role, department)
  • Details of feedback, ideas or comments
  • Any other data our customers choose to collect through the platform

If you are a user and have questions regarding how your personal data is being processed, please contact your employer or the organisation that provided you access to our platform for more information about how they handle your personal data.

Where do we store it?

Data within our platform is stored within the European Economic Area. If this position changes, we will use appropriate measures to secure the transfer, including the new US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken.

How long do we keep it?

We retain personal data only for as long as it is necessary to fulfil the purposes for which it was collected and processed on behalf of our customers, in line with their instructions and our contractual obligations. The specific retention period for each type of data will depend on the customer’s requirements and their own retention obligations.

At the end of a contract with the customer or once the retention period has expired, or if instructed by our customers, we will securely delete or anonymise personal data in accordance with applicable data protection laws. It is the responsibility of our customers to determine the appropriate retention period based on their legal obligations and business needs.

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

We engage with various potential customers in order to build awareness of our services and create opportunities. When we raise awareness of our company, including during events, webinars and via our masterclass series or healthcheck quiz. We may collect some information such as your name, company name, phone number, and work email address. We may use call recording and note-taking software during our meetings which we sometimes use for preparation and training purposes, and to gain insights so we can identify new business prospects and improve our services. The legal basis we rely on for this is Article 6(1)(f) of the GDPR – Legitimate Interest.

We may collect your home or office address to send you gifts or marketing materials such as information leaflets. The legal basis we rely on for this is Article 6(1)(f) of the GDPR – Legitimate Interest or Article 6(1)(a) of the GDPR – Consent.

Where do we store it?

We use applications that store data in the UK or EEA GDPR zone, or countries deemed ‘adequate’ under GDPR. When we use an application that stores data outside of the UK (or EEA), we will use appropriate measures to secure the transfer, including the new US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken.

 

How long do we keep it?

We’ll retain your name, company name, phone number, and email address on a marketing list, in line with our retention schedule unless you unsubscribe. Anyone else who does not wish to be contacted will be transferred to our ‘do not contact list’. We retain your name, company, email, and phone number so that we know not to contact you, and all supplementary information will be deleted.

 

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you sign up to our newsletter, we collect your name, company name and email address so that we can keep in touch with you. The legal basis we rely on for this processing is Article 6(1)(a) of the GDPR – Consent.

Where do we store it?

We use applications that store data in the UK or EEA GDPR zone, or countries deemed ‘adequate’ under GDPR. When we use an application that stores data outside of the UK (or EEA), we will use appropriate measures to secure the transfer, including the new US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken.

How long do we keep it?

We’ll retain your name and email address on a marketing list, for 5 years in line with our retention schedule unless you unsubscribe sooner. Anyone who unsubscribes will be transferred to our ‘do not contact list’. We retain your name and email address so that we know not to contact you with marketing messages.

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you apply for a job with us, we will ask you for some information about yourself to manage the recruitment process, such as your name, contact details and CV. We may also invite you to attend an interview in person or via video call and complete tests as part of the recruitment process. The legal basis we rely on for this is Article 6(1)(f) of the GDPR – Legitimate Interests.

Where do we store it?

We use applications that store data in the UK or EEA GDPR zone, or countries deemed ‘adequate’ under GDPR. When we use an application that stores data outside of the UK (or EEA), we will use appropriate measures to secure the transfer, including the new US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken.

How long do we keep it?

If you’re offered a job with us, we’ll retain your data during your employment and remove it in line with our obligations under UK law. Otherwise, we will keep your data during your interview process and remove it after 12 months.

See our cookies policy here.

 

What are your rights?

Your personal data is yours and you have rights in relation to it granted by the UK GDPR, which include:

You have the right to be informed about the collection and use of your personal data, the purposes for processing, the retention periods for that personal data and who it will be shared with. We have set out this information in this privacy notice.

You have the right to ask us for copies of the data we hold about you. If you ask us, we’ll confirm whether we’re processing your personal information and, if so, provide you with a copy of that personal information (along with certain other details).

You have the right to ask us to stop processing your personal information in some circumstances, such as when we are relying on our own (or someone else’s) legitimate interests to process your personal information, when we are processing your personal information for direct marketing or when we are processing your personal information for research.

You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete. When you ask us to rectify your information, if we’ve shared your personal information with others, we’ll let them know about the rectification where possible.

You have the right to ask us to erase your personal information, in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable).

You have the right to ask us to restrict the processing of your personal information for a period of time in some circumstances, such as where you contest the accuracy of that personal information or object to us processing it. This right is separate from the right to object and will only stop us from using your personal information further, not from processing it. If we’ve shared your personal information with others, we’ll let them know about the restriction where possible.

You have the right to ask that we transfer the personal information you gave us to another organisation, or to someone else, in some circumstances.

You don’t have to pay anything to exercise your rights. Please contact us by sending an email to dataprotection@trickle.works if you wish to make a request under your rights; we have a calendar month to get back to you with a response.

Who we share your personal data with

When acting as data controller, we might transfer your personal data, if Trickle Data Insight Limited or its assets are acquired by or merged with another company. We may share your personal data during the fundraising process for venture capital and when we believe disclosure of personal information is necessary in order to comply with applicable law and legal processes and to enforce a contract with us.

When acting as a data processor, we only share users’ personal data as per customers’ instructions and when legally required.

How to contact us

We are Trickle Data Insights Limited (company number SC567746, having its registered office at Suite 2, Ground Floor Orchard Brae House, 30 Queensferry Road, Edinburgh, EH4 2HS).

If you have any concerns about our use of your personal information, please let us know by:

Emailing us at dataprotection@trickle.works, or writing to us at 104 Gloucester Green, Oxford, OX1 2BU, United Kingdom.

If you are not satisfied with our response or you are unhappy with how we have used your data, you can complain to the Information Commissioner’s Office (ICO). You can find the ICO contact details below:

ICO Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113.

ICO Website: https://www.ico.org.uk

 

This Privacy Policy was last reviewed in November 2024.