Purpose

 

TBConsulting, LLC, is a company incorporated under the laws of the State of Arizona, USA, having its principal place of business at 8328 E. Hartford Drive, Scottsdale, AZ 85255. This Privacy Policy defines how TBConsulting (TBC) uses and protects any personal data that is provided to TBC (including personal data provided through the website https://www.tbconsulting.com/ (“Website”)). TBC provides services to its business clients, including access to software and technology for clients to use in their business operations (“Services”). In addition to these practices, the Website also collects certain personal data from users, as set out in this Policy.

TBC is firmly committed to respecting and protecting the privacy of all personal data received or collected, in strict adherence to Data Protection Legislation (defined below) and best business practices. TBC has established this Policy so users can understand the care with which we intend to treat personal data, as a standard. Although legal requirements may vary from country to country, TBC intends to adhere to the principles set out in this Privacy Policy even if, in connection with the above, we transfer your personal information from your country to countries outside of the European Economic Area that may not require a high level of protection for your personal information (as detailed further below).

Residents of the European Economic Area (“EEA”), which includes the member states of the European Union (“EU”), should consult the sections of this policy relating to the “EEA Residents” and “International Data Transfers” for provisions that apply to them.

California residents should consult the section titled “Your California Privacy Rights” for rights that apply to them.

 

Terminology Used

TBC’s data protection and privacy measures are governed by the (i) the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the United States and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998 (“Data Protection Legislation”).

For Data Protection Legislation:

  • where personal data is provided directly to TBC through use of the Website, email, or other means where TBC is determining the way in which that personal data is processed for its own use, then TBC will be a data controller of such information;
  • where TBC is provided personal data in its capacity of providing Services to its clients, then TBC will only process that personal data in accordance with the instructions of its clients and TBC will therefore act as a data processor in respect of such personal data; TBC’s clients will be the data controller of that personal data for that purpose and will be responsible to data subjects for the way in which their personal data is processed as the data controller.

Where TBC acts as a data processor on behalf of its clients, TBC will process that personal data on the instructions of its clients, who would have collected that personal data in accordance with that client’s own privacy policy. Individuals who have contracts with our clients should therefore check that client’s own privacy policy, to ensure they understand how their personal data may be processed.

 

Personal data and basis for collection

Personal data means any data or information about an individual from which that person can be identified. It does not include data where the identity data has been removed (anonymous data).

Where TBC is acting as a data controller, TBC may collect, use, store and transfer different kinds of personal data about you which TBC has grouped together as follows:

  • Identity Data - includes first name, last name, username or similar identifier, title, job title and date.
  • Contact Data - includes billing address, delivery address, email address and telephone numbers.
  • Usage Data - includes information about how you use TBC’s Services or submit an inquiry or query through the Website. 

Subject to where TBC needs to verify your identity and you provide your express consent for TBC to process such information, TBC does not process any Special Category personal data (as defined by Data Protection Legislation) about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), nor does TBC collect any information about criminal convictions and offences. As mentioned above, TBC may process Special Category personal data about individuals on behalf of its clients, in which case our client’s own privacy policy will explain the Special Category data being processed and the purposes for which it will be processed.

 

How TBC uses personal data

TBC will only use your personal data when the law allows us to, i.e., if we have a legal basis for doing so, as outlined in this Policy or as notified to you at the time we collect your personal data, and for the purposes for which it was collected for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do this. Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.

Where we act as the data controller for client contact information, we have set out below in the table a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact TBC if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.


Purpose/Activity
Type of Data
Lawful basis for the processing including basis of legitimate interest
To register you or the company that you are connected to as a new client and verify your identity 1)  Identity
2) Contact

Performance of a contract
Consent

To process and deliver the Services requested, such as BaaS, ITSM, HCI, Cybersecurity, including but not
limited to:

1)  Manage accounts, payments, fees, and charges
2) Contacting you and corresponding about the Services
1)  Identity
2) Contact

Performance of a contract
Necessary for our legitimate interests

To respond to queries and inquiries 1)  Identity
2) Contact
3) Usage
Legitimate interests
To undertake marketing to you

1)  Identity
2) Contact
3) Usage

Legitimate Interests


Where we act as a data processor of personal data on behalf of our clients, we will process personal data in accordance with our clients’ instructions or to comply with a legal or regulatory obligation.

Data Sharing

We do not sell, trade or license Personal Information about our users for marketing purposes. We do not share your Personal Information outside of TBC unless it is necessary to fulfill our responsibilities, including providing information or Services. However, your personal information is shared within TBC.

Data Security

We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed and have various information security policies in place to which we adhere to. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data Transfers

No data is transferred outside of the EU without it being agreed by the Data Controller and TBC’s Chief Operating Officer. It is the responsibility of the Data Controller to ensure the data has been lawfully collected and can be legally transferred prior to transferring their data outside the EU.

Personal Data Retention

We will only retain personal data in accordance with our retention policy, which includes:

  • where we act as a data controller in connection with client contact information, for as long as necessary to fulfil the purposes we         collected it for.
  • where we act as a data processor on behalf of its clients, for the period notified to TBC by the data controller client.
  • in either case, for the period required for the purposes of satisfying any legal, accounting, regulatory or reporting requirements.

Cookies

A cookie is a small piece of data sent from a website and stored on your computer by your web browser. The file is added once you agree to store cookies on your computer or device, and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow sites to respond to you as an individual. The Website can also tailor its operations to your needs, likes, and dislikes by gathering and remembering information about your preferences.

This Website collects cookies and may use cookies for reasons including, but not limited to:

  • Analyze our web traffic using an analytics package;
  • Identify if you are signed in to the Website;
  • Test content on the Website;
  • Store information about your preferences;
  • Recognize when you return to the Website.

Overall, cookies help us provide you with a better Website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. This setting may prevent you from taking full advantage of the Website.

Do Not Track

Do Not Track is a preference you can set on your browser to inform websites that you do not want to be tracked. We do not support Do Not Track ("DNT"). You can either enable or disable Do Not Track by visiting the Preferences or Settings page of your browser.

Third-party websites

This Website may contain hyperlinks to websites operated by parties other than us. We provide such hyperlinks for your reference only. We do not control such websites and are not responsible for their contents or the privacy or other practices of such websites. It is up to you to read and fully understand their Privacy Policies. Our inclusion of hyperlinks to such websites does not imply any endorsement of the material on such websites or any association with their operators.

Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

  • The right to be informed – this is information on for what purpose we are processing it and what personal data we are processing.
  • The right of access – you have the right to be provided with copies of the personal data of you that we are processing as well as confirmation of the processing we are doing. You can do this by sending a “subject access request” to the contact details noted below for our consideration.
  • The right to rectification – if you think the personal data we hold on you is wrong, you can tell us, and we will fix it.
  • The right to erasure (also known as the right to be forgotten) – if you want us to permanently delete the personal data we hold for you, then you can ask us to do so. Our ability to delete such personal data is subject to exceptions in accordance with data protection laws.
  • The right to restrict processing – if you do not like how we are using your personal data, then you can let us know and we will stop processing it in that way.
  • The right to data portability – if you want us to pass on your personal data to someone else, then please let us know. This transfer should not affect the integrity or otherwise damage your personal data.
  • The right to withdraw your consent – you can withdraw your consent for us to process your personal data (if we have relied on your consent to process your personal data) at any time by contacting us. If we have relied only on your consent as the basis to process your personal data, then we will stop processing your personal data at the point you withdraw your consent. Please note if we can also rely on other bases to process your personal data aside from consent, then we may do so even if you have withdrawn your consent.
  • Rights in relation to automated decision making and profiling – if we use either automated decision making or profiling, then you have a right to know. Also, we need your consent if either of these are used to make a decision that affects you. As with all consent, you can withdraw it at any time. 

To exercise any of the above rights please email your request to: privacy@tbconsulting.com, with the subject heading “Data Processing Request”.

Where you exercise your right to erasure (and we do not have another legal basis to hold on to that personal data) or where information is deleted in accordance with TBC’s retention policy, please note that after the deletion of your personal data, it cannot be recovered, so if you require a copy of this personal data, please request this during the period TBC retains the data.

Where you exercise your right to request access to the information TBC processes about you, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances. TBC will try to respond to all legitimate access requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

 

Consent for the Collection and Processing for Special Categories of Sensitive Personal Data from the European Union

Special categories of sensitive personal data include racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic, biometric data; health data; or data concerning a person’s sex life or sexual orientation.

Pursuant to the European Union General Data Protection Regulation (EU GDPR), TBC in its capacity as a data controller under the EU GDPR, must obtain your explicit, affirmative consent before it can collect or process any special categories of sensitive personal data for a lawful basis.

In its role as a data processor, special categories of sensitive personal data will be handled and processed only by the persons who are responsible for the necessary activities agreed upon by the data controller and TBC.

Children

The Website is not intended for children and TBC will not knowingly collect any personal data from persons under the age of 18 and will immediately delete any such data subsequently so determined.

Your California Privacy Rights

The following section pertains to the rights of individuals or households in California (“California consumers”).

• Civil Code Section 1798.83

Under certain circumstances, California Civil Code Section 1798.83 states that, upon receipt of a request by a California consumer, a business may be required to provide detailed information regarding how that business has shared that customer’s Personal Information with third parties for direct marketing purposes. However, the foregoing does not apply to businesses like ours that do not disclose Personal Information to third parties for direct marketing purposes without prior approval or giving customers a free mechanism to opt out of having their Personal Information disclosed to third parties for their direct marketing purposes.

• Rights under the CCPA

After January 1, 2020, the CCPA (California Civil Code Section 1798.100 et seq.) will provide California consumers with additional rights regarding Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The categories of Personal Information we collect are generally described above but differ for individual consumers depending on the Services used by such consumers.

Under the CCPA, qualifying California consumers may have the following rights: 49339-00002/3724254.3

Right to Know and Right to Delete

A California consumer has the right to request that we disclose what Personal Information we collect, use, disclose and sell. A California consumer also has the right to submit requests to delete Personal Information. When we receive a request to know or delete from a California consumer, we will confirm receipt of the request within 10 business days and provide information about how we will process the request, including our verification process. We will respond to such requests within 45 days.

Right for Disclosure of Personal Information

A California consumer may also submit requests that we disclose specific types or categories of Personal Information that we collect.

Under certain circumstances, we will not provide such information, including where the disclosure creates a substantial, articulable and unreasonable risk to the security of that Personal Information, customers’ accounts with us, or the security of our systems or networks. We also will not disclose California consumers’ social security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, or account passwords and security questions and answers.

How to contact us

For questions related to this privacy policy or data subject rights you may contact our TBC appointed Data Protection Officer at:

Marcos Saiz

Chief Information Security Officer

privacy@tbconsulting.com

8328 E. Hartford Dr., Scottsdale, Arizona 85255

If you are in the European Union / United Kingdom, you may address privacy-related inquiries to our EU / UK representative pursuant to Article 27 GDPR:

EU: EU-REP.Global GmbH, Attn: TBConsulting, Hopfenstr. 1d, 24114 Kiel, Germany

UK: DP Data Protection Services UK Ltd., Attn: TBConsulting, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom

tbconsulting@eu-rep.global

www.eu-rep.global


Remember the risks whenever you use the internet

TBC is committed to ensuring that your information is secure and has in place reasonable and proportionate safeguards and procedures to protect your personal data. While TBC does its best to protect your personal data, TBC cannot guarantee the security of any information that you transmit to TBC, and you are solely responsible for maintaining the secrecy of any passwords or other account information.

This Privacy Policy was last updated on August 31, 2023