tictoc Family Ltd. is a company incorporated in Scotland of 14 Newton Terrace, Glasgow G3 7PJ. tictoc is a digital marketing agency that is committed to protecting and respecting the personal data of our clients and their clients.
For the purpose of the relevant laws concerning the protection of personal data, including the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) (collectively the “Data Protection Laws”), tictoc Family Ltd. acts as both a Data Processor and Data Controller.
This policy sets out the basis by which any personal data we collect, are provided with or control, is managed.
Our Role As A Data Processor
When our clients use a Content Management System (CMS) to process EU personal data we act as a data processor. For example, we act as the data processor when users complete forms that are stored in the CMS.
tictoc only acts as a data processor on behalf of our clients in the course of providing the Content Management System (CMS) used to manage the website. The client must comply with legislation as a data controller and ensure that any data processing instructions it issues to tictoc or via the CMS also comply.
Data processing in relation to hosting:
- All data collected via a clients website is stored within the European Economic Area (EEA)
- tictoc hosting providers act as sub-processors and as such have their own processes that comply with GDPR. The two primary hosting providers used by tictoc are AWS - and Linode.
- tictoc shall not transfer any data outside the EU - our hosting data centres are located within the EU and backups of data are also stored within the EU
- As part of our hosting, we monitor the security of our servers and provide information on any security incident
- If a client wishes to host with a 3rd party it is their responsibility to ensure the provider complies with the required GDPR laws
Clients can use the functionality provided within the CMS to delete data upon a Deletion of Data Request or can request that tictoc remove the data. If the required functionality is not already built into your CMS tictoc can quote to create the required function.
tictoc takes no responsibility in ensuring that a client’s website, internal processes, online processes, content, terminology and terms and conditions are GDPR compliant. Each client should seek legal advice to ensure they are fully compliant. tictoc can make requested GDPR related alterations to your digital platform as required, a suitable quotation can be supplied based on a supplied brief.
Our Role As A Data Controller
We may also periodically send emails about new services or other information we think you may find interesting using the email address you have provided. We only send these emails to users who have consented to receive such information.
Storage of client information
Information supplied by clients to enable us to provide our services is stored as follows:
- Xero - Our finance and invoicing system stores your registered address and finance point of contact. This information is used to supply invoices. View the Xero privacy notice.
- MailChimp - Our email system which contains our email newsletter list of contacts who have requested to be kept up to date on our latest information. View Mailchimp’s privacy notice.
- PB - Our bespoke quoting and management system stores information relating to each point of client contact relating to every project
Cookies and usage tracking
You can update your cookie preferences for using our site by either accepting or declining cookies using the options below.
You have the right to ask tictoc Family Ltd to remove your personal data or refrain from processing your data for marketing purposes. We will usually inform you before collecting data if we indent to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at tictoc Family Ltd. 14 Newton Terrace, Glasgow G3 7PJ or by emailing firstname.lastname@example.org.
Both tictoc and client will not, without prior written consent of the other party, disclose any Confidential Information of the other party to a third party. In giving written consent to the disclosure of Confidential Information, a Party may impose such conditions as it thinks fit, and the other Party agrees to comply with these conditions before making the requested disclosure.
tictoc and client will take all reasonable steps to ensure its employees, contractors and subcontractors engaged to perform work on the project are aware that Confidential Information is confidential. Access and the use of Confidential Information is only for the purposes directly linked to providing the services required for ongoing Services.
Protection of Personal Information
tictoc agrees not to use or disclose any Personal Information for a purpose other than implementing obligations required for the provision of the proposed Services, or in accordance with the Law. tictoc further agrees to comply at all times with its obligations under the Data Protection Act 1998.
Use of Information
The parties agree that any information provided to them by the other party in connection with the project is to be used solely for the purposes of providing the agreed Services.
Each party must notify the other party immediately if it becomes aware of a breach of any confidentiality, preferably within a period of 72 hrs.
Your information is retained only for as long as necessary to supply the services we provide.
We take your privacy seriously with every reasonable measure and precaution to protect and secure your personal data.
Changes To This Policy
From time to time we may make changes to this policy, updates will be posted on this page or supplied by email where appropriate.