Provided by

Tiller Technologies Limited

Date

03/2/2023

Privacy Policy

This Privacy Policy is provided by Tiller Technologies Limited (also referred to as “Tiller”, “we”, “us”, or “our”), who is registered under the Companies (Jersey) Law 1991 as a private company and is registered with the Jersey Registry under company number 129056.

This privacy policy applies to the ‘Verify by Tiller’ service.

We take the security of the data and information we hold seriously and are committed to protecting and respecting your privacy.  This Policy is designed to help you understand what kind of information we collect in connection with our websites and online services and how we will process and use this Personal Data.

This Policy describes how and why we collect, use, share, retain and safeguard Personal Data.  This Policy also sets out your individual rights and who you should contact if wishing to discuss the use of your Personal Data.

Please read the Policy carefully to understand our practices regarding your Personal Data and how we will; collect, use, share, secure and retain it.

Collection of Personal Data

When you use our websites, services, or your organisation enters into an agreement with us to provide products and services, we ask you to give us some of your Personal Data to enable us to carry out these services or contractual obligations to your employer that affect you.  

Failure by you to provide the requested information may prevent or delay the fulfilment of these obligations, and consequently have an impact on you. We also collect your Personal Data at other times, for example when you contact us directly.  We are committed to keeping all the Personal Data we hold about you secure, private and confidential.  This Policy explains why we need to collect your Personal Data and what we do with it.  It also sets out the legal basis on which we collect and use your Personal Data and outlines the rights you have under Data Protection (Jersey) Law 2018 and General Data Protection Regulation (“GDPR”) (Regulation (EU) 2016/679).

What is Personal Data?

Personal Data is information relating to an identified or identifiable natural person.

There are three scenarios when we may be collecting your personal data:

  • When browsing or interacting with our www.tillertech.com and www.tiller-verify.com marketing websites
  • As an individual who has been asked by an organisation to verify their identity using our Verify by Tiller service.
  • As an employee of an organisation using our Verify by Tiller service.

In each of these scenarios different Personal Data may be collected and be used or shared differently, however your data remains secure and is only retained by us for as long as it is needed. What Personal Data is collected and how it is used or shared is described below.

How do we use Personal Data collected by our websites from business organisations?

When you browse our websites www.tillertech.com or www.tiller-verify.com, we will collect the Internet Protocol (“IP”) address of the device you are using, but will be unable to identify you at this point. We collect this data so that we can identify where customers are dropping out of the websites and to identify areas of improvement to make the experience more engaging for our customers.

We use cookies on our websites, so please see our Cookie Policy below for more information.

Where you have consented to receive news or marketing from Tiller or when you have requested contact with Tiller, for example to book a demo, we may collect the following information from you:

  • Your first and last name (so that we contact or market to the right individual);
  • Email address (so that we contact you and/or send the marketing to the right place);
  • Emails addresses of demo guests (so we may invite them to the demo. You must ensure that you have the consent of these guests for us to contact them)
  • Work Phone number (so that we contact you regarding your demo request);
  • The marketing preferences indicated by yourself, such as receive our newsletter and your areas of interest and how you want to be marketed to
  • A record of your consent to confirm what you have consented to and when.

Where you request further information from us by completing a form on our websites in relation to our products and services, your details will be added to our marketing database to receive marketing from Tiller relevant to the products and services you have an interest in. We will collect the following data from you:

  • Your first and last name (so that we market to the right individual);
  • Email address (so that we send the marketing to right place);
  • The marketing preferences indicated by yourself, such as your areas of interest and how you want to be marketed to.

Tiller attends numerous conferences and events. Tiller will obtain from each event organiser a delegate list of all attendees who have consented to their personal data being shared with Tiller.

When your organisation enters into discussions or an agreement with Tiller to provide products and services, we will collect additional information, which is necessary for:

  • The creation of, or the ongoing performance of the contract we have with your organisation, such as billing information;
  • Providing service updates or additional information related to the products and services Tiller are providing to you or other services available from Tiller.

All personal data we collect is held electronically within our HubSpot Customer Relationship Management system (“CRM”) which is located in the European Economic Area (“EEA”).

How do we use and what do Data do we collect on employees of companies using our Verify by Tiller service

When you are asked to use our services by your employer to perform tasks it is necessary to hold some basic data on you so as to be able to identity you as an authorised user of the service and to support the operation of the service.

The service will initially collect the Internet Protocol (“IP”) address of the device you are using but will be unable to identify you at this point. We collect this data so that we can identify where users are accessing our site from so as to assist in resolving any issues with the service and to identify areas of improvement to make the experience more useful for users.

We use cookies on our service website, so please see our Cookie Policy below for more information.

We hold the following information on users of the service in line with the contract between Tiller and your employer so as to be able to identify you and your activities within the service. If you are unhappy with the following information being held please contact your employer and/or request you removal of your data as a user from the service. As a user of the service, we will process the following Personal Data and data you enter into the service:

  • Your first and last name (so you can be identified as the user);
  • Email address (as part of your login id and so we may email you in regard to the operation of your user account. e.g., Password resets, etc.)
  • Job title (so as to aid your identification as an employee within your organisation and the role you undertake within the system)
  • Permissions (the permissions to features and data you have been granted within the service)
  • Notes (the notes or comments you enter against transactions in the service)

Economic Area (“EEA”).

Personal Data collected on individuals using our Verify by Tiller service.

When you are asked to use our services for the purposes of identity, address, source of funds verification, and for the prevention of fraud or other financial crimes by the organisation you are engaging with, we will ask you to provide some or all of the following information depending on the degree of verification requested by that organisation. Before any of this data is collected you will be asked to provide your consent for this data to be processed, stored and shared with that organisation.

When you use our Verify by Tiller service mobile application we will collect the Internet Protocol (“IP”) address and type of the device you are using, but we will be unable to identify you at this point. We collect this data so that we can identify where customers are having difficulty with the service and to identify areas of improvement to make the experience more engaging for our customers.

Once you have entered the invite code sent to you and you have given your consent, you will be asked to provide some or all of the following information:

  • Your full legal name (including any middle names)
  • Your email address (so we may confirm you are the individual to be verified and as part of your overall identity profile)
  • Your mobile and/or landline number (so we may so we may confirm you are the individual to be verified via SMS and as part of your overall identity profile)
  • Your date of birth (so as to assist in verifying your identity and to ensure you are 18 years or older and are able to provide you legal consent to this process)
  • Your sex (so as to assist in verifying your identity when checking identity documents and third party sources)
  • Your current residential address and previous residential addresses you have lived at within the last 3 years (so we may verify your identity for the prevention of fraud or other financial crimes
  • An image of your legal identity document such as a Passport, Driving Licence or Identity Card (We use this to aid in you identification and to assist in confirming the other details you have captured. To confirm the validity of the identity document we will also store the information printed or stored on the document such as, but not limited to;
  • Document type (e.g. passport, driving licence or id card)
  • Identity document number
  • Issuing country/authority and issue date
  • Expiry date
  • Place of birth
  • Nationality
  • Date of birth
  • Sex
  • Residential address
  • Image of individual on or stored in the id document.
  • Images of your face (so as to confirm you are the individual on the identity document and that you are the person presenting it often referred to as a liveness test)
  • Image of a secondary document such as a utility bill or bank statement (so as to aid in the verification of your residential address)
  • GPS location of your device (so as to aid in the prevention of fraud, identity theft or other financial crimes)

Once this information is collected, we will perform checks on this data to assist in verifying its accuracy and validity. These checks may include sharing your data with select organisations so as to:

  • Verify the integrity and validity of your identity document and to confirm your identity.
  • Your current residential address may also be used to search government, credit agency header and utility company databases to verify you live at that address
  • We may also use this information to search international sanction lists and Politically Exposed Persons (“PEP”) list to aid in the prevention of fraud and other financial crimes.
  • Reporting to the professional service provider who asked you to use Verify

Under the data protection legislation we are known as the data processor for this information. We collect information as agreed with the organisation who has asked you to use our Verify by Tiller service. We are answerable to them as well as you, as that organisation is your Data Controller.

Sharing Personal Data

We use selected organisations to help us deliver the service we provide. When you provide consent for us to verify or identity and perform regulatory Anti Money Laundering (“AML”) checks on you, we may share your Personal Data with:

  • Our service providers who provide data processing services to us, for example providers such as GB Group Plc (“GBG”) will provide identity, address and AML solution services us. We only share the data that’s necessary for them to provide their services to prevent fraud and other financial crimes.
  • Other agencies and organisations who also check your identity, address and source of funds, and to prevent fraud and financial crimes.
  • The professional services organisation that asked you to use Verify by Tiller service.

We may also share your Personal Data with government bodies, law enforcement agencies, courts or other third parties to comply with our legal obligations or lawful disclosure requests, for example.

Securing Personal Data

We are committed to ensuring the confidentiality of the Personal Data that we hold, and we continue to review our security controls and related policies and procedures to ensure that your Personal Data remains secure.

When we contract with third parties, we require that they have appropriate security, privacy and confidentiality measures in place to ensure that Personal Data is kept secure.

Retention of Personal data

We keep your Personal Data where we have an ongoing legitimate or lawful need to do so. For example, we keep some records for audit purposes for up to seven years after the relationship with us has ended. When we no longer have a legitimate or lawful need to keep your Personal Data, we will delete it.

Keeping each other informed

We will give you or your organisation information about the products and services we provide. If we need to get in touch, we will call you or write to you by email and or post. To make sure you can receive information and communications from us, please make sure you tell us whenever you change your name, address, phone number or email address.

Legal background and your rights

Here we summarise the lawful basis on which we collect and use your Personal Data and outline the rights you have under GDPR.

Lawful basis

The processing of Personal Data will only be lawful if it satisfies at least one of the following conditions:

  • Consent of the data subject;
  • Necessary for the performance of a contract with the data subject or the employer of the data subject or to take steps preparatory to such a contract;
  • Necessary for compliance with a legal or regulatory obligation;
  • Necessary to protect the vital interests of a data subject or another person where the data subject is incapable of giving consent;
  • Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
  • Necessary for the purposes of legitimate interests.

We process your information because you have consented for us to do so and it is necessary for the legitimate interests of the professional services organisation that has asked you to use Verify by Tiller service.

We have a legitimate interest in promoting our services. For this reason, we may use your Personal Data to, for example, where explicit consent is given, send you marketing information about our own products or services that we think you may be interested in. You can ask us to stop sending you marketing and/or research at any time by clicking on the “unsubscribe” links in any of the electronic messages we may use for marketing purposes or amending your communication preferences in account management.

Your rights

Under certain circumstances, you have the following rights in relation to your Personal Data such as, the right to:

Handling

You have the right to know what Personal Data we collect of you and how we process the data we have collected.

Access

You have the right to access Personal Data that we hold about you under GDPR by making a “Subject Access Request”. You can request the form from [email protected] or by writing to us:

Subject Access Request
Tiller Technologies Limited
5 St Andrews Place
Charing Cross
St Helier
Jersey
JE2 3RP

Rectify

You have the right to ask us to rectify Personal Data we hold about you if it is inaccurate or not complete.

Erasure

You can request that we erase your Personal Data. We may keep basic data to identify you and retain it solely for preventing further unwanted processing or to meet our legal or regulatory obligations.

Restricted Processing

You have the right to ask us to restrict how we process your data. This means we are permitted to store the data but not further process it. We will keep just enough data to make sure we respect your request in the future.

Data Portability

Where processing is based on consent or performance of a contract, you have the right to data portability. We must allow you to obtain and reuse your Personal Data for your own purposes in a safe and secure way without this effecting the usability of your data. This right only applies to Personal Data that you have provided to us as the Data Controller.

Object to Processing

Where processing is based on legitimate interests, you have the right to object to us processing your data. We will consider your request to discontinue processing your data in relation to our legitimate grounds for the processing. With Verify by Tiller service your refusal to continue processing may change your relationship with your professional service provider that uses us to verify your identify.We may keep basic data to identify you and retain it solely for preventing further unwanted processing.

Right not to be subject to automated decision-making and profiling

If we have made a decision about you based solely on an automated process (e.g. through automatic profiling) that affects your ability to use the services or has another significant effect on you, you can ask to not to be subject to such a decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us. Even where a decision is necessary for entering into or performing a contract, you may contest the decision and require human intervention.Verify by Tiller service uses automated process within its service. There are no automated decision making or profiling services operated by Tiller for Verify by Tiller service.

Exceptions to your rights

There are exceptions to a number of these rights and not all rights will be applicable in all circumstances, but we will always respond to any request related to your rights within a month. If we are unable to do so, we will inform you of the reasons for the delay. You are not required to pay any charge for exercising your rights.

Cookie Policy

Our sites and online services use cookies to distinguish you from other users of our site.

What is a Cookie?

A cookie is a small file of letters and numbers which asks permission to be placed onto your computer’s hard drive. Once you have accepted a cookie the file is added to the hard drive of your computer. Cookies help analyse web traffic and lets web applications respond to you as an individual. Web applications can tailor their operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Overall, cookies help us provide you with a better browsing experience, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Data controller

Under the data protection legislation, we are known as the data processor for the information we hold about you through Verify by Tiller. We collect information as agreed with the organisation who has asked you to use Verify. We are answerable to them as well as you, and organisation is your Data Controller.
This means that Tiller acts as the data controller of some of your personal information if you are:

  • A client
  • An employee
  • A visitor to our website

for Verify by Tiller service, Tiller acts as the data processor of some of your personal information if you are:

  • Subject to a Tiller check through Verify by Tiller service

Your professional service adviser – the organisation requesting the check – is the data controller of your personal information and you should therefore refer to their company privacy policies first.

Use of Cookies

We implement the following type of cookies in our websites:

Strictly necessary cookies

These cookies are essential to enable you to move around our websites and online services and use its features, such as accessing secure areas of our websites or online services.

Performance cookies

These cookies collect information about how visitors use our websites, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.

We also use a common website analytics tool called Google Analytics which uses cookies similar to performance cookies, which gather and review analytic data such as number of site visits, average session duration, referral sources, devices used to access our websites and browsers used to access the websites.

Further information on Google Analytics can be found at www.google.com/analytics.

Functionality cookies

These cookies allow the website to remember choices you make (such as your username, language or the region you are in) and provide enhanced, more personal features.

How to control Cookies

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Disabling or blocking may prevent you from taking full advantage of websites, including ours. When deleting cookies, please be aware that cookies that are already stored on your computer will not be affected. For that reason, you might want to delete the cookies already stored on your computer before deleting cookies on your browser.

Links to Third Party Websites or Other
Services

Our websites may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over these other websites. Tiller cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites and such websites are not governed by this Policy. You should exercise caution and we encourage you to review the privacy policy applicable to the website in question.

Policy Changes

From time to time, we may update this Policy. You can see the latest version on www.tillertech.com or www.tiller-verify.com websites.

If you have questions about this Policy, or need further information about our privacy practices, please write to us:

Data Controller
Tiller Technologies Limited
5 St Andrews Place
Charing Cross
St Helier
Jersey
JE2 3RP

If you wish to raise a complaint about how we have handled your Personal Data, you can contact us and we will investigate the matter.

Data Protection Complaints

Tiller Technologies Limited
5 St Andrews Place
Charing Cross
St Helier
Jersey
JE2 3RP

If you are not satisfied with our response you can complain to the Jersey Office of the Information Commissioner (“JOIC”) at www.jerseyoic.org

Date of Issue: 30th January 2023

How can we help?
Choose from one of the below
Help us prevent automated submissions.
Go back
Fill in a few details
Our team will be happy to help
Oops! Something went wrong while submitting the form.
Help us prevent automated submissions.
Go back
Fill in a few details
Our team will be happy to help
Oops! Something went wrong while submitting the form.