Privacy Policy

Data Protection

This statement applies to TMC² Limited and aims to give you information on how TMC²
collects and processes your personal data when providing services to you, through your
visiting of our websites or applications, or otherwise in the course of conducting its
day to day business.

Our websites, applications and services are not intended for children and we do not
knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy notice
or fair processing notice we may provide on specific occasions when we are collecting
or processing personal data about you so that you are fully aware of how and why we
are using your data.

This privacy notice supplements the other notices and is not intended to override them.

We have appointed a data protection officer (DPO) who is responsible for overseeing
questions in relation to this privacy notice. If you have any questions about this
privacy notice, including any requests to exercise your legal rights, please contact the
DPO using the details set out below.

Customers may request a copy of the information held about them by applying to:

Name Lastnem
The Leather Market
Weston Street

Information will be provided within 40 days of receipt of the request.

Information held

TMC² records information about its customers for the purposes of administering an
effective website, web applications, plugins, marketing (including direct marketing)
and invoicing/billing system by post and by email.

TMC² gathers information about customers at the time a user signs up to our
newsletter, application or billing system either by person, by telephone, by email or on
our website.

This information is kept as a permanent record to enable us to analyse historical data
and understand trends.

Customers joining our mailing list and subscribing to our applications do so on the
understanding that consent is given for TMC² Limited to process and use the
information given in accordance with this policy. You may unsubscribe at any time.

We also hold

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender
  • Contact Data includes billing address, delivery address, email address and telephone numbers
  • Financial Data includes bank account and payment card details
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites or applications
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses
  • Usage Data includes information about how you use our websites, applications, products and services
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic
data for any purpose. Aggregated Data may be derived from your personal data but is
not considered personal data in law as this data does not directly or indirectly reveal
your identity. For example, we may aggregate your Usage Data to calculate the
percentage of users accessing a specific website feature. However, if we combine or
connect Aggregated Data with your personal data so that it can directly or indirectly
identify you, we treat the combined data as personal data which will be used in
accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes
details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual
orientation, political opinions, trade union membership, information about your health
and genetic and biometric data). Nor do we collect any information about criminal
convictions and offences.

Please note, the use of information received from Google APIs will adhere to the
Chrome Web Store User Data Policy, including the Limited Use requirements.
Using Information Held
General information about TMC² is sent regularly to those who have requested it.

Loyal analyses information held to inform its business planning. We will only use your
personal data when the law allows us to. Most commonly, we will use your personal
data in the following circumstances…
ΠWhere we need to perform the contract we are about to enter into or have entered
into with you‡
ΠWhere it is necessary for our legitimate interests (or those of a third party) and your
interests and fundamental rights do not override those interests‡
ΠWhere we need to comply with a legal or regulatory obligation.

TMC² does not pass any personal details about its customers to any third party outside
TMC², other than to third parties who analyse the data on our website and social
media activity and return the results to us for our own use.
How is your personal data collected?
We use different methods to collect data from and about you including…
ΠDirect interactions. You may give us your Identity, Contact and Financial Data by
filling in forms or by corresponding with us by post, phone, email or otherwise. This
includes personal data you provide when you:

  • request our products or services;
  • enter into discussions or correspondence with us in relation to our services;
  • enter into a contract with us;
  • create accounts on our websites or applications;
  • subscribe to our services or publications;
  • request marketing to be sent to you;
  • enter a competition, promotion or survey; or
  • give us some feedback‡
    ΠAutomated technologies or interactions. As you interact with our websites or
    applications, we may automatically collect Technical Data about your equipment,
    browsing actions and patterns. We would collect this personal data by using
    cookies and other similar technologies. Please see our cookie policy section below
    for further details‡
    ΠThird parties or publicly available sources. We may receive personal data about you
    from various third parties and public sources as set out below…
    ΠTechnical Data from analytics providers such as Google based outside the EU; an
    ΠIdentity and Contact Data from publicly available sources such as Companies
    House and the Electoral Register based inside the EU.
    International transfers
    Some of our external third parties are based outside the European Economic Area (EEA)
    so their processing of your personal data will involve a transfer of data outside the
    EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar
    degree of protection is afforded to it by ensuring at least one of the following
    safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide
an adequate level of protection for personal data by the European Commission. For
further details, see European Commission: Adequacy of the protection of personal data
in non-EU countries.

Where we use certain service providers, we may use specific contracts approved by the
European Commission which give personal data the same protection it has in Europe.
For further details, see European Commission: Model contracts for the transfer of
personal data to third countries.

Where we use providers based in the US, we may transfer data to them if they are part
of the Privacy Shield which requires them to provide similar protection to personal
data shared between the Europe and the US. For further details, see European
Commission: EU-US Privacy Shield.

Please contact us if you want further information on the specific mechanism used by
us when transferring your personal data out of the EEA.
Data security
We have put in place appropriate security measures to prevent your personal data from
being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal data to those employees, agents,
contractors and other third parties who have a business need to know. They will only
process your personal data on our instructions and they are subject to a duty of

We have put in place procedures to deal with any suspected personal data breach and
will notify you and any applicable regulator of a breach where we are legally required
to do so.
Data retention
How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes
we collected it for, including for the purposes of satisfying any legal, accounting, or
reporting requirements.

To determine the appropriate retention period for personal data, we consider the
amount, nature, and sensitivity of the personal data, the potential risk of harm from
unauthorised use or disclosure of your personal data, the purposes for which we
process your personal data and whether we can achieve those purposes through other
means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in
our retention policy which you can request from us by contacting us. In some
circumstances you can ask us to delete your data.

In some circumstances we may anonymise your personal data (so that it can no longer
be associated with you) for research or statistical purposes in which case we may use
this information indefinitely without further notice to you.
Third Parties
TMC² website and applications may include links to third-party websites, plug-ins and
applications. Clicking on those links or enabling those connections may allow third
parties to collect or share data about you. We do not control these third-party
websites and are not responsible for their privacy statements. When you leave our
websites or applications, we encourage you to read the privacy notice of every website
you visit.
Cookies are small text files that can be used by websites to make a user s experience
more efficient.

Learn more about our use of cookies, your consent and how to update your preferences
on our Cookie Preferences page. This page applies to all TMC² websites, applications
and plugins.

We may revise and update this page at any time. Please periodically review, as your
continued use of our sites indicates your agreement with any changes that we make.

Your legal rights

You have the right to:

Request access to your personal data (commonly known as a data subject access
request ). This enables you to receive a copy of the personal data we hold about you
and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to
have any incomplete or inaccurate data we hold about you corrected, though we may
need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove
personal data where there is no good reason for us continuing to process it. You also
have the right to ask us to delete or remove your personal data where you have
successfully exercised your right to object to processing (see below), where we may
have processed your information unlawfully or where we are required to erase your
personal data to comply with local law. Note, however, that we may not always be
able to comply with your request of erasure for specific legal reasons which will be
notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate
interest (or those of a third party) and there is something about your particular
situation which makes you want to object to processing on this ground as you feel it
impacts on your fundamental rights and freedoms. You also have the right to object
where we are processing your personal data for direct marketing purposes. In some
cases, we may demonstrate that we have compelling legitimate grounds to process
your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to
suspend the processing of your personal data in the following scenarios: (a) if you
want us to establish the datas accuracy; (b) where our use of the data is unlawful but
you do not want us to erase it; (c) where you need us to hold the data even if we no
longer require it as you need it to establish, exercise or defend legal claims; or (d) you
have objected to our use of your data but we need to verify whether we have overriding
legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to
you, or a third party you have chosen, your personal data in a structured, commonly
used, machine-readable format. Note that this right only applies to automated
information which you initially provided consent for us to use or where we used the
information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your
personal data. However, this will not affect the lawfulness of any processing carried
out before you withdraw your consent. If you withdraw your consent, we may not be
able to provide certain products or services to you. We will advise you if this is the
case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the
other rights). However, we may charge a reasonable fee if your request is clearly
unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your
request in these circumstances.