Privacy, data protection and copyright

This page describes:

Purpose of this website

This website exists to offer my professional advisory, support and consultancy services, and to provide public access to the outputs produced by TRL Insight.

Cookies and analytics on this website

Cookies

This website uses files known as cookies. A cookie is a small text file of letters and numbers that gets put onto your computer when you visit a website. This allows the site to distinguish you from other users. A cookie isn’t a computer program, can’t read files on your computer, can’t carry viruses and can’t install malware onto your computer. Most web browsers allow some control of most cookies through the browser settings.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Analytics

I care about your privacy and handling your data with sensitivity and respect. I try to ensure that I keep data collection and analysis to a minimum.

This site uses Google Analytics. This tool collects a variety of information about visitors to the site, as described below. It uses cookies (see above), as described here. The way in which it collects data is described here. To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout. Other methods of opting out may be available for your particular browser. This data is analysed by the Google Analytics tool and the results are viewable to me in the form of series of dashboards. The data I collect with Google Analytics is NOT shared with Google. Specifically, the tool contains toggles for setting the circumstances under which data is shared with Google and I have opted to switch all of these to OFF:

  • I do not give Google marketing specialists and Google sales specialists access to my Google Analytics data for purposes such as optimization and improving account configuration;
  • I do not give all Google sales experts access to my data for enhanced analysis and product recommendations;
  • I do not contribute data to enable features like benchmarking and publications;
  • I do not share Google Analytics data with Google to help improve Google’s products and services;
  • I do not let Google technical support representatives access my Google Analytics data.

I do not share any data collected by Google Analytics with any third parties. Data collected that I am able to view (but do not necessarily view – see below) includes:

  • Number of visits to each page;
  • Estimated visits which are from new users and from returning users;
  • Duration each page is viewed;
  • Landing and exit pages;
  • Visitors who have clicked through to the site from social media;
  • Time of day;
  • Country (I am also informed of the number of visitors from particular cities when traffic is particularly high from that city);
  • Type of device (desktop/tablet/mobile);
  • Browser;
  • Operating system;
  • Service provider;
  • Screen resolution for mobiles.

I view this data very irregularly, to:

  • Gauge the impact of particular actions by me or others in publicising this website and my outputs;
  • Get a sense of how much interest there is in particular outputs, and how this varies over time;
  • See whether interest in my work is stronger in particular parts of the country, and how this varies over time;

and for similar purposes. Some correlations between the above data sets are provided automatically by Google Analytics, but I do not view detailed information about individual visits. Furthermore, where detailed analysis is provided for a group of visitors with particular characteristics, I have a policy of not viewing this. For example, I may view the number of visitors from each geographical location, but I do not view the average number of pages per session or duration of visits from a particular city or network provider. Similarly, I have a policy of not viewing data relating to visitors’ devices (browser, operating system and screen resolution), apart from in exceptional circumstances for the purpose of diagnosing faults with the site. Google Analytics collects your IP address but I do not view this directly – I only see a summary of the estimated locations of visitors, as set out above. You can mask your IP address by using a Virtual Private Network (VPN). I do not carry out any analysis of user demographics or users’ interests. Data collected and processed by Google Analytics is automatically deleted 26 months after your last visit to the site. It is kept securely and confidentially: details about how this data is safeguarded can be found here.

Other data collection through this website

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.) from other websites.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content.

Data sent using the contact form

Messages sent through the contact form will be checked through at least one automated spam detection service. It is then forwarded to me as an email. See below for more on data I receive in the form of emails.

Other

I do not receive any other information about visitors to this website from any other sites or providers.

TRL Insight policy on collecting, processing and retaining personal and sensitive data

TRL Insight is a sole trader business. You can contact TRL Insight in various ways, as set out on the Contact page.

For some projects carried out by TRL Insight for clients, the contract with the client specifies that the client is the data controller and TRL Insight is the data processor, under the terms of the General Data Protection Regulation (GDPR). For any other data processing carried out by TRL Insight, TRL Insight is both data controller and data processor. If TRL Insight is contacting you with regard to a particular project, this contact will specify whether TRL Insight is data controller for this particular project.

TRL Insight collects or receives personal data from you in the following ways:

  • From visits to this website – see above for a description of how data is collected;
  • In emails addressed to TRL Insight (including through the contact form described above) and their attachments;
  • Through messages sent to me through online platforms such as Twitter and LinkedIn;
  • In paper documents you have supplied, such as business cards, flyers and brochures;
  • From public web pages, including organisation websites and LinkedIn profiles;
  • Through telephone calls, face-to-face conversations, presentations, training sessions, webcasts etc;
  • From text messages and mobile and landline call records;
  • In digital documents downloaded from the World Wide Web (including from servers for which registration to a particular service is required).

Other than data collected through this website (see above), all data collection and processing is done manually by TRL Insight:

  • TRL Insight does not use software such as scrapers or crawlers for collecting information;
  • TRL Insight does not contract data collection or processing to any third parties.

The sections below explain:

Storage of documents and emails

Emails sent to TRL Insight, including through the web contact form, are held on a secure mail server. They are accessed solely through password-protected ITC devices. Some emails and most attachments are saved locally as stand-alone files on these devices. Very occasionally, some may be printed.

All files relating to TRL Insight are encrypted and held on password-protected devices, and appropriate security software is used. Except where this data is shared as described below, the only copies made of this data are for backup purposes. Such backups are encrypted and held securely.

Notes and other paper documents are held securely at a single location.

General description of personal data received by TRL Insight

In some documents received by TRL Insight (both digital and paper), the personal data contained in them is only incidental. That is, the document has been sent to me for the non-personal information contained in it, and the personal data is not processed (beyond the saving of the document as a whole, in the case of digital documents). For example, I may have been sent a briefing as part of a briefing service. It may have the name and email address of a member of staff of the organisation that runs the service, but in most cases I will not want to make any use of this.

However, in many other cases, the personal data is a key part of what is being provided. Three examples of this are:

  • Business cards;
  • Documents containing the email addresses or phone numbers of people I wish to contact for case studies or other advice;
  • Emails sent to me by people wishing to make contact with me.

Certain classes of personal data require additional protection under GDPR. This is often known as “sensitive data”. Almost all of the sensitive data held by TRL Insight is either:

  • Political affiliation. This almost exclusively relates to elected representatives of political parties, such as councillors. TRL Insight does not collect this information about anyone else unless it is provided by that individual to TRL Insight – this may occasionally happen when a communication from that individual mentions another post they hold within a political party.
  • Other political opinion, where this has been shared in an email or attachment sent to TRL Insight, in a presentation, conversation or phone call or in a document acquired from the World Wide Web or in paper form. Given the political nature of the work of TRL Insight, this is sometimes required for the completion of work that TRL Insight is contracted to undertake.

Any other data received by TRL Insight that may need to be treated as sensitive, (such as dietary requirements for a training session lunch, or mentions of illness in an email sent to me), are incidental to the main purpose of retaining a communication or document and are not further processed.

Other (“non-sensitive”) personal data held by TRL Insight essentially consists of:

  • Names;
  • Job titles/descriptions and organisations;
  • Contact details: phone numbers, email addresses, web addresses, postal addresses, Twitter handles/social media links;
  • Biographical data – where either i) it has been provided to me to complete a task we are jointly involved in, such as submitting a bid for a contract, or ii) it forms part of the papers for a publicly-available report or an event such as a conference;
  • Gender – only where it happens to be mentioned in an email or document, for example referring to “he” or “she”;
  • Photographic images received in notifications from platforms such as LinkedIn and Airbnb;
  • Bank details – for situations where I need to make a payment or series of payments;
  • Signatures – where either i) provided in a financial transaction with me or ii) in a publicly-available document such as open letters from ministers or MPs.

Processing, retention and sharing of personal data, including lawful basis

Personal data of clients, subcontractors and collaborators on projects

I carry out work both under general associate agreements and contracts for specific outputs. Some projects involve collaborating with other providers; this can be with another associate, or it can be under a contract in which I am lead contractor or another provider is the lead contractor.

There is a high level of information exchange between TRL Insight, those with whom I collaborate, and clients. Personal data of these persons may be used in the planning and execution of projects. This includes processing invoices, purchase orders and contracts, as well as an exchange of views and opinions. This data may be shared as necessary for this planning and execution. It may also be processed by TRL Insight for financial record keeping and business administration, such as keeping records of time spent on projects.

For political opinions, see the section below on sensitive data.

In addition to the above, the names and contact details of clients and collaborators may be used for the following:

  • Connecting with them on social media;
  • Informing them of the activities of TRL Insight and briefing them on developments they may wish to know about, through emails and newsletters;
  • Providing contact details for third parties, if requested by the data subject and/or the third party, if I honestly believe it is in the interests of both parties to be put into contact (names and contact details will only be given to individuals, not supplied through any automated procedure).

If any client, collaborator or subcontractor wishes me not to use their names or contact details in one or more of these ways, please contact me and I shall ensure your choices are respected. All newsletters and marketing emails will invite recipients to opt out of such communications.

Lawful grounds for processing under Article 6 of the GPDR:

  • For any processing that is necessary for the fulfilment of project undertaken under an associate agreement or under a contract, the lawful ground is performance of a contract.
  • Where records of payments made and received need to be retained for tax purposes, the lawful ground is compliance with a legal obligation.
  • For all other processing, the lawful ground is legitimate interest. These legitimate interests are:
    • Project planning and execution;
    • Keeping records for future reference/follow-up;
    • Attendance at events associated with contract/agreement;
    • Business planning & record-keeping;
    • Connecting on social media;
    • Marketing (only as set out above);
    • Providing to third parties (only as set out above).

Other than providing contact details to third parties on the grounds set out above, and with each other for the purpose of planning and executing the project, the personal data of clients, collaborators and subcontractors will not be shared with anyone without the express consent of all concerned. Some clients, collaborators, subcontractors and third parties may be outside the UK. Data sharing with subcontractors will be subject to an agreement which requires a similar level of data protection to this privacy policy.

All of this data will be retained for six years after the end of the relevant contract (or project, if there is no contract specifically for that project), in case of legal disputes or insurance claims. Where the personal data relates to a person who is outside the jurisdiction of English and Welsh law, the data may be retained longer than this, depending on the statute of limitations in the jurisdiction.

 

Personal data of third parties received/collected in the course of executing projects

Paid projects undertaken by TRL Insight often involve correspondence with individuals who are not party to the contract (that is, not from the client’s organisation or subcontractors). This may be for specific queries, such as questions for a Government department on a policy or statistical matter. At the other extreme, it may involve close working over an extended period, such as with an interviewee, someone who has agreed to act as an unpaid adviser for the project, or guest speakers at events I am arranging.

The personal data of such third parties may also be exchanged during interactions between TRL Insight and clients, subcontractors or other third parties. (For example, a recommendation to call a particular person to get an answer to a particular question, or an attendance list for training session I am running.)

In the course of a project, I may also collect reports, brochures and other documents which contain personal data, which may or may not be used for contacting you.

In addition, TRL Insight sometimes undertakes unpaid projects, which may involve similar processing of personal data.

In addition to the above, the names and contact details of fellow associates may be used for the following:

  • Connecting with them on social media;
  • Informing them of the activities of TRL Insight and briefing them on developments they may wish to know about, through emails and newsletters;
  • Providing contact details for third parties, if requested by the data subject and/or the third party, if I honestly believe it is in the interests of both parties to be put into contact (names and contact details will only be given to individuals, not supplied through any automated procedure).

The lawful grounds for processing this personal data under Article 6 of the GPDR is legitimate interest. These legitimate interests are:

  • Project planning and execution;
  • Keeping records for future reference/follow-up;
  • Attendance at events associated with contract/agreement;
  • Assisting colleagues;
  • For fellow associates with an organisation:
    • Connecting on social media;
    • Marketing (only as set out above);
    • Providing to third parties (only as set out above).

The personal data covered in this section will only be shared:

  • With clients, subcontractors, collaborators and other third parties as necessary for the execution of the project; or
  • For providing contact details of fellow associates to third parties on the grounds set out above.

Some clients, collaborators, subcontractors and third parties may be outside the UK. Data sharing with subcontractors will be subject to an agreement which requires a similar level of data protection to this privacy policy.

All of this data will be retained for six years after the end of the relevant contract (or project, if there is no contract specifically for that project), in case of legal disputes or insurance claims. Where the personal data relates to a person who is outside the jurisdiction of English and Welsh law, the data may be retained longer than this, depending on the statute of limitations in the jurisdiction. Also, documents which are in the public domain may be retained longer than this.

 

Personal data received/collected in the course of preparing project proposals

There is a high level of information exchange between TRL Insight and with those with whom I collaborate on a project proposal. Personal data of these persons may be used in putting together a project proposal. This may involve an exchange of views and opinions – for political opinions, see the section below on sensitive data. Personal data of representatives of the potential client may also be used during the development of project bid or other proposal. Collaboration on a project proposal does not always lead to a contract.

In addition to the above, the names and contact details of collaborators on project bids may be used for the following:

  • Connecting with them on social media;
  • Informing them of the activities of TRL Insight and briefing them on developments they may wish to know about, through emails and newsletters;
  • Providing contact details for third parties, if requested by the data subject and/or the third party, if I honestly believe it is in the interests of both parties to be put into contact (names and contact details will only be given to individuals, not supplied through any automated procedure).

If any collaborator wishes me not to use their names or contact details in one or more of these ways, please contact me and I shall ensure your choices are respected. All newsletters and marketing emails will invite recipients to opt out of such communications.

Lawful grounds for processing under Article 6 of the GPDR:

  • For the processing of a potential client’s data that is necessary to complete a bid at their request (including that of a lead bidder to whom I would be subcontracting if successful), the lawful ground is performance of a contract.
  • For all other processing, the lawful ground is legitimate interest. These legitimate interests are:
    • Selecting and administering project bids and proposals;
    • Business planning & record-keeping;
    • Connecting with collaborators on social media;
    • Marketing (only as set out above);
    • Providing to third parties (only as set out above).

Other than providing contact details to third parties on the grounds set out above, and with each other for the purpose of putting together and submitting a bid or other proposal, the personal data of collaborators and potential clients will not be shared with anyone without the express consent of all concerned. Some collaborators, potential clients and third parties may be outside the UK.

 

Discussion of potential future projects

From time to time I hold conversations by email, telephone or face-to-face with people about potential future projects. I keep records, solely for my own reference, of any communications which I believe may result in future work, and keep documents sent to me in relation to projects open to tender or potential projects. These documents and communications may include personal data such as names, job titles, organisations and contact details. They may also include political opinions if these have been expressed – see the section below on sensitive data. The personal details of such individuals may be used for developing a project in line with our conversations. The names and contact details may also be used for the following:

  • Connecting with them on social media;
  • Informing them of the activities of TRL Insight and briefing them on developments they may wish to know about, through emails and newsletters;
  • Providing contact details for third parties who have approached me, if I honestly believe it is in the interests of both parties to be put into contact (names and contact details will only be given to individuals, not supplied through any automated procedure).

If you have held a conversation with me about potential future work for TRL Insight and wish me not to use your name or contact details in one or more of these ways, please contact me and I shall ensure your choices are respected. All newsletters and marketing emails will invite recipients to opt out of such communications.

The lawful grounds for processing this personal data under Article 6 of the GPDR is legitimate interest. These legitimate interests are:

  • Keeping records for future reference/follow-up;
  • Business planning & record-keeping;
  • Connecting on social media;
  • Marketing (only as set out above);
  • Providing to third parties (only as set out above).

Other than providing contact details to third parties on the grounds set out above, the personal data described in this section will not be shared with anyone without the express consent of all concerned. Some third parties may be outside the UK.

 

Documents relating to services and goods paid for/used by TRL Insight

These include records of conversations and transactions with telecommunications providers, web developers and organisations with which TRL Insight has or may in future have taken out membership or a subscription. They also include receipts for expenses. These are held for the following purposes:

  • Financial administration;
  • Future reference: should I need to make changes to the services or similar reasons.

The personal data in them may be used for these purposes.

Lawful grounds for processing under Article 6 of the GPDR:

  • Where records of payments made and received need to be retained for tax purposes, the lawful ground is compliance with a legal obligation.
  • Where the document relates to a contract which TRL Insight currently has with a supplier, the lawful ground is performance of a contract.
  • For all other processing, such as potential future subscriptions, the lawful ground is legitimate interest. These legitimate interests are:
    • Keeping records for future reference/follow-up;
    • Business planning & record-keeping.

This data will not be shared, unless an issue arises that requires correspondence between two different suppliers. It is highly unlikely that this would involve any transfer of data outside the UK.

 

Other personal data and its uses

As described above, in many cases, the personal data I hold is an integral part of a document or email sent to me, and I make no further use of it. The document or email is retained solely for other information contained in it.

Besides this, the personal data of other individuals may be used/processed for purposes such as (see below for lawful grounds):

  • Processing an endorsement, recommendation or reference you have given or agreed to give me, (with your express consent);
  • Quotes or mentions on this website (including backup copies of web pages) or in marketing materials if we have discussed this and you have given express consent;
  • Setting up a phone call, video- or teleconference, or face-to-face meeting with you;
  • Research purposes, queries, following up on a conversation, returning forms you have asked me to complete, or otherwise responding to you; (“research purposes” here means the kind of research TRL Insight undertakes, into policy, practice, finance and governance of the public sector and issues impacting on these);
  • Keeping notes of a conversation for future reference;
  • Connecting with you on social media or keeping in touch in other ways;
  • Informing you of the activities of TRL Insight and briefing you on developments you may wish to know about, through emails, newsletters and social media;
  • Amending/adding to distribution lists held for the preceding purpose (this is done manually);
  • Providing contact details for third parties, if requested by the data subject and/or the third party, if I honestly believe it is in the interests of both parties to be put into contact (names and contact details will only be given to individuals, not supplied through any automated procedure).

If you wish me not to use your name or contact details in one or more of these ways, please contact me and I shall ensure your choices are respected. All newsletters and marketing emails will invite recipients to opt out of such communications.

Lawful grounds for processing under Article 6 of the GPDR:

  • For processing an endorsement, recommendation or reference, the lawful ground is consent;
  • For quotes or mentions on this website (including backup copies of web pages) or in marketing materials, the lawful ground is consent;
  • For all other processing, the lawful ground is legitimate interest. These legitimate interests are:
    • Processing personal references;
    • Keeping records for future reference/follow-up;
    • Business planning & record-keeping;
    • Connecting on social media;
    • Marketing (only as set out above);
    • Providing to third parties (only as set out above).

For an endorsement, recommendation or reference, or for quotes or mentions on marketing material, I will discuss with you who this will be shared with when I seek your consent for this. Quotes or mentions on this website will be publicly visible.

Other than providing contact details to third parties on the grounds set out above, or contacting your colleagues to update distribution lists, no other personal data described in this section will be shared with anyone without the express consent of all concerned. Some third parties may be outside the UK.

 

Data sharing outside the UK

I have a few colleagues with whom I work on projects who are based outside the UK. My communications with them are the only cases in which I transfer any data outside the UK. (For example, forwarding a client’s email to them as subcontractor, or forwarding an email containing a question I believe they may be able to answer.) It may also occur in future if I am contacting someone outside the UK regarding an international comparison of public policy. In the rare cases that data is shared outside the UK, the recipient will be requested to process it in accordance with this privacy policy.

 

Processing, retention and sharing of sensitive data, including lawful basis

Under Article 9 of the GDPR, certain “special categories” of data are regarded as particularly sensitive. Such data cannot be processed unless it is covered by one of ten exemptions.

One of these exemptions is data which is manifestly made public by the data subject. Most of the sensitive data received or collected by TRL Insight consists of political opinions which are manifestly made public by the data subject. These may be contained, for example, in published reports (including political forewords), briefings for which TRL Insight is included in a circulation list, or published evidence to a committee of Parliament or a local authority.

In some cases, you may inform TRL Insight of your political opinions on your own initiative, unsolicited by TRL Insight, for example by email or in a conversation in person or by telephone. If there is no indication that these opinions have been manifestly made public by you, then the lawful ground for processing this data will be consent. If I wish to carry out further processing of this data, I will seek your explicit consent for doing so, explaining how it will be used. You have the right to withdraw consent to future processing at any time, by the same method that you provided it (for example, by email or by telephone).

Where such sensitive data relates to a contract which TRL Insight currently has with a supplier, it will be retained for six years after the end of the relevant contract, in case of legal disputes or insurance claims. Where the sensitive data relates to a person who is outside the jurisdiction of English and Welsh law, the data may be retained longer than this, depending on the statute of limitations in the jurisdiction.

In other cases, TRL Insight may request information/views from you, which may be considered to include political opinions. This will be in relation to a specific project being undertaken by TRL Insight. (Key examples are the views and opinions of interviewees or unpaid advisers for the project.) In such cases, the lawful ground for processing this data is consent. I will inform you of the nature of the project and how your data may be processed and used. The political opinions you choose to provide will not be used for any other purposes. You have the right to withdraw consent to future processing at any time, by the same method that you provided it (for example, by email or by telephone).

Occasionally, TRL Insight may be contracted to fulfil a project for a particular client, with the client acting as data controller and TRL Insight acting as data processor, and the client may share the views of their stakeholders with TRL Insight. (For example, this may be the views of a governance body of the client or a sounding board they are using for the project.) In such cases, TRL Insight will process this data in accordance with this privacy policy and the contract with the client. Any sensitive data provided to TRL Insight in this way will not be used for any other purposes.

Other than political opinions, TRL Insight very rarely holds sensitive data. This would only occur when you have provided it to TRL Insight unsolicited, and it is incidental to the purpose for which the document or communication is held. (For example, mentioning your health or ethnicity in an email on another topic.) Such data will not be further processed. You have the right to withdraw consent to future processing at any time, by the same method that you provided it (for example, by email or by telephone).

Other than data which you have manifestly made public, TRL Insight will only share sensitive data with others (such as collaborators/subcontractors) if your explicit consent has been given for this. If this data sharing is with a subcontractor for the purpose of fulfilling a contract, it will be subject to an agreement which requires a similar level of data protection to this privacy policy. In the rare cases that data is shared outside the UK, the recipient will be requested to process it in accordance with this privacy policy.

 

Your rights

Under Article 13 and Article 14 of the GDPR, you have the following rights over your data:

  • The right to request access to your personal data (including sensitive data) from the data controller (see Article 15);
  • The right to know which sources (other than you) this data has been obtained from (see Article 15);
  • The right to request from the data controller that errors in your data be rectified, and/or that your data be deleted (Article 16 and Article 17);
  • The right to object to processing of your data (Article 21) and/or request from the data controller that the processing of your data be restricted (Article 18);
  • The right to data portability (Article 20). Note that this only applies to data processed by automatic means – in the case of TRL Insight, this means data collected when you interact with this website (see “Cookies and analytics on this website” and “Other data collection through this website”);
  • The right to complain to the regulator in the country in which you reside or where you believe any misuse of your data has taken place. The UK Information Commissioner’s Office can be contacted directly if you believe that TRL Insight has failed to address your concerns – see ico.org.uk.

If your data has been provided to TRL Insight with your consent, you also have the right to withdraw that consent at any time, without repercussions for you. This does not affect the lawfulness of processing based on consent before you withdrew it.

Images used in the banner on this site are courtesy of Keattikorn and Pong at FreeDigitalPhotos.net and via Good Free Photos. All other items shown in this website have been created solely by me. For any queries regarding any copyright issues, please contact me at the following e-mail address: tom@trlinsight.co.uk