Your data privacy and data security mean a lot to us.
Let us explain.
This policy was last updated
on the 22nd May 2018
We are a modern business, operating a paper-free environment. We use modern cloud-based software systems to avoid using printed media, reducing our environmental impact and reducing the chance of data leakage through lost paperwork.
We make use of industry standard software systems and services, and implement enhanced security systems such as two-factor authentication wherever possible.
With this in mind, we do everything we can to avoid leaking any of the data that resides on our systems, including this website.
- A “Customer” means any persons or company with whom we have performed a financial transaction, for instance, for goods or services.
- A “Service” means any regular and structured effort performed by us on behalf our customers and resulting in a charge.
- The “Supplier”, also known as ‘We’ means 3CO UK Limited, trading as ‘TribeSquared’ (or Tribe2), registered in the UK as a limited company, number 9542960.
- The “Visitor” is any human or non-human session of access to our website, served across the Internet.
Our commitment to you, the reader:
- We will not deliberately collect and store information (personal or otherwise) without consent and/or legal basis to do so, on any of our systems.
- The information which we do store (personal or otherwise) will never be sold or transferred to third parties without the consent and knowledge of the Customer, person or organisation to which it relates.
- We commit to advising our Customers within 1 business day of any breach of data security, suspect or proven, whether directly relating to their data or generally related to our systems.
- We commit to offering individual service level agreements for our Customers which detail our responsibilities (and those of our Customers) plus any measures of service performance and details of insurance or compensation.
- We don’t collect any “sensitive data” about you (like racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offences (or alleged offences) except when we have your specific consent, or when we have to to comply with the law.
About our Website
This website is a means of communicating our services and information about who we are. We do not use this website to collect personal information, other than offering a means of contacting us via a form.
- This website is regularly checked for malware, trojans, viruses and other nefarious code and efforts are made to ensure that it remains free from such issues. However, it is also the responsibility of the Visitor to ensure that they also have suitable software solutions in place to detect any malware, trojans, viruses or other similarly nefarious code.
- This website uses an SSL security certificate to encrypt data sent to and from the Visitor as best as can be achieved. However, the Visitor should also take measure to ensure that they are visiting the correct website in an unmodified form.
- This website uses an industry standard security plugin which detects attempts to log into the content management section of the website (and other sections as deemed appropriate) and in doing so will records various data (see below). This plugin can automatically detect and block malicious activity.
- Access to the content management areas of this website is strictly limited to authorised persons. Any visitors attempting to log into the content management system without authority must accept that their attempt will be logged and it may result in being blocked from the website.
- The Supplier reserves the right to block any IP address or Visitors suspected of attempting to damage this website, its content or the public image of the Supplier, without further explanation and until further notice.
This website records Visitor information for these reasons:
- To record Visitor traffic volumes and other related metrics such as ‘time on page’ and others, so as to enhance the overall
- Visitor experience and offer good quality content.
- To identify malicious Visitors and other forms of access that might result in damage to the website.
- To enable Visitors to contact us via online Forms
- To identify non-human submissions to contact form
The systems used to collect this information are:
- Google Analytics
- An industry standard security plugin
- An industry standard forms plugin
- Google reCaptcha
Data is held in these places, relating to the systems above:
- Only within the Google Analytics platform. We retain data for 14 months and reset user sessions based on new activity. For more information, see here.
- Within the website and in some cases exchanged with the supplier where traffic represents a trend which may also affect other website operators. Retained data is cleared out periodically, or on request, or on removal of the plugin.
- No information is resident on this website at any point, it is transmitted immediately by email. We use the Google GSuite email system.
- If recorded, only in the Google reCaptcha platform
Types of data we hold, relating to the systems above:
- Source or Medium of the Visitor, Time and Date of the Visit, Browser, Device Type, Operating system, approximate geographic location, IP Subnet, length of Visit (where more than one page is accessed), number of pages Visited, sequence of pages Visited, Advert clicked to lead to a Visit (where applicable) and Search term used that resulted in a visit, where the search provider was Google.
- Attempted (successful or otherwise) login name, which can be an email address (deliberately or by mistake), IP address, Time and Date, approximate geographic location, IP address and URL used (including any attempts to breach website security).
- The contact form is intended to give us a means to return the contact, so it asks for Name, contact email address, and offers a free text area. We cannot control the data supplied in the free text area.
- A cookie that does not contain personal information but is used to track individual Visits
Why do we collect and/or store this data, related to the systems above:
- This is justified as common best practice in website management and to help us deliver a meaningful and pleasant experience in using our website.
- To prevent the loss of service, loss of data and loss of image. Also to protect against a breach which may place malicious code on the website which will affect Visitors.
- To enable a simple means to make contact
- To prevent automated responses to contact forms which may lead to the transfer of malicious code, and therefore a security risk.
Where related to anonymous Public data such as Analytics and Security logs etc., we are happy to remove information immediately on request, where systems allow, and providing the information is not necessary for another purpose such as for legal action. We consider the collection and retention of this data to be necessary to the delivery of a quality Visitor experience and the prevention of security issues that may affect other Visitors.
Where related to our Customers, we have a legal obligation to retain data for up to 7 years for financial accounting and potentially for insurance purposes. We consider this to be necessary and legitimate reasoning. However, we’re happy to consider requests to remove personal data for Customers and treat them on a case by case basis.
- For Google Analytics, to identify you as a unique Visitor
- For a security plugin, to identify you as a unique Visitor
- For our content management system, when logging in to maintain content or add a comment to a piece of content
- For the Google reCaptcha system to identify you as a unique Visitor
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers
Subject Access Requests
You may use the form below to request a response to a Subject Access Request for this website or any of the systems we use to deliver service (except any data owned by our Customers but hosted in or on our systems (or where we have access to their systems as a Data Processor). We will respond within 40 days unless doing so would adversely affect the rights and freedoms of other (e.g. another person’s confidentiality or intellectual property rights). We reserve the right to ignore any emails which we feel have been programmatically submitted or spam in nature. We also reserve the right to request proof that the requestor is who they say they are and will refuse to respond if we cannot determine identity.
PLEASE NOTE: If you are not recorded on any of our systems but request Subject Access, you will then, by the very nature of the transaction, be recorded on our systems.
Any information collected via the website may be stored on other systems within our business in order that we can deliver service. For example (but not limited to): Email systems, CRM systems, Financial Accounting systems, Document Management systems, File Storage systems etc.. We are happy to detail the systems we use for these purposes on request.
Terms and Conditions
For the use of our services: We will detail this directly with our Customers via a Service Agreement.
Our right to vary this policy
We reserve the right to vary our services in a way which may make this policy temporarily out of date or inaccurate, especially where such variations do not fundamentally change our commitments to you. We periodically review this policy for such inaccuracies and commit to promptly updating it where necessary.
- You have the right to make us correct any inaccurate personal data about you.
- You can object to us using your data for profiling you or making automated decisions about you.
- You provide personal data at your own risk: unfortunately, no data transmission is guaranteed to be 100% secure.
- The Supplier shall be liable for any damages whatsoever including without limitation direct, special, indirect, incidental, or consequential damages, or damages to data arising out of the use or inability to use this site, any product, or service, or the information on these pages.
- This includes damages arising from the use of or in reliance on the documents or information on this site, even if the Supplier has been notified or advised of the possibility of such damages.
- All company and product names and logos are the trademarks or registered trademarks of their respective owners in certain countries.
- All matters relating to the access to this site shall be governed by the laws of England & Wales, and any legal action or proceedings relating to access to this site shall be instituted in a court in England & Wales.