GDPR Compliance

Our commitment to data protection and privacy

Data Protection Commitment

TraceID is committed to protecting your personal data and respecting your privacy rights. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

For the purposes of UK data protection legislation, TraceID is the data controller responsible for your personal data. Our registered address is:

Stadium Business and Trade Park, Tilehurst, Reading RG30 6BX

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract: Processing necessary to perform our contractual obligations to you
  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services
  • Legal obligation: Processing required to comply with legal obligations
  • Consent: Where you have given explicit consent for specific processing activities

Data We Collect

We may collect and process the following categories of personal data:

  • Identity Data: Name, job title, company name
  • Contact Data: Email address, telephone number, business address
  • Technical Data: IP address, browser type, device information, usage data
  • Account Data: Username, password (encrypted), account preferences
  • Transaction Data: Service usage, subscription information

How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain our Service
  • To manage your account and relationship with us
  • To communicate with you about our services
  • To improve and optimise our Service
  • To comply with legal obligations
  • To prevent fraud and ensure security

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • For the duration of your account and service usage
  • To comply with legal, accounting, or reporting requirements
  • To establish, exercise, or defend legal claims
  • For legitimate business purposes such as fraud prevention

When personal data is no longer required, we will securely delete or anonymise it.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

Data Sharing and Transfers

We may share your personal data with:

  • Service providers: Third parties who provide services on our behalf (e.g., hosting, analytics)
  • Professional advisers: Lawyers, accountants, auditors
  • Regulatory authorities: When required by law or to protect our rights

We ensure that all third parties respect the security of your personal data and treat it in accordance with applicable data protection laws.

International Data Transfers

Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK authorities
  • Adequacy decisions recognising equivalent data protection standards
  • Other mechanisms approved under UK GDPR

Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: Request copies of your personal data
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data
  • Right to restrict processing: Request limitation of processing in certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making: Not be subject to solely automated decisions with significant effects

Exercising Your Rights

To exercise any of your rights, please contact us at:

  • Email: [email protected]
  • Post: Stadium Business and Trade Park, Tilehurst, Reading RG30 6BX

We will respond to your request within one month, as required by UK GDPR. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: https://ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Changes to This Notice

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated information on our website.

Contact Us

If you have any questions about our GDPR compliance or data protection practices, please contact us:

  • Email: [email protected]
  • Post: Stadium Business and Trade Park, Tilehurst, Reading RG30 6BX
Book a demo