Privacy and Cookie Policy

1. Introduction
   

   1. This policy references Tintisha Technologies (UK) Ltd (Tintisha, we, us, our), a private limited company (company registration number (England and Wales): 04217038).
      
      

   2. This Privacy Policy (together with our Terms of Usage) sets out the basis on which we may process your personal data and information. Tintisha is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this Privacy Policy.
      
      

   3. Tintisha may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
      
      

   4. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our sites, you are accepting and consenting to the practices described in this Privacy Policy.
      
      

2. What personal data we collect
   

   1. We may process personal data that you provide to us directly (for example, through the websites that we operate, correspondence, phone, email, social media etc), via third parties who you have given permission to pass on your information, and from publicly available sources or otherwise.
      
      

   2. Data provided by yourself may include information gathered:
      
      

      1. at the time of registering to use a Tintisha owned site; when updating any of the information provided at the time of registering; when accepting cookies on an Tintisha owned site;

      2. at the time of subscribing to our services or posting material to our sites; if you complete any surveys that we may invite you to participate in; interacting with social media accounts; and in connection with your other communications with us;

      3. as a decision maker within an organisation;

      4. as a supplier of services.

   3. The information you give us may include, but is not limited to, your name, age, address, postcode, email address, phone number, gender, ethnicity, employer, affiliated organisations (for example, professional body), job details, and personal description.
      
      

   4. At the time of providing this personal information we will be clear of the purpose it is being collected, how you can subsequently ask for your data to be amended and how you can ask for it to be deleted.
      
      

   5. We may also collect and process technical information about your computer, including (where available) your Internet Protocol address, login information, operating system and browser type and version, for system administration purposes and to report aggregate information to other organisations (including our funders). When reporting to other organisations, this is statistical data about the browsing actions and patterns of usage of our sites, and does not (of itself) identify any individual by name. For more information on this please refer to our Cookie Policy below.
      
      

3. Our 'lawful basis' for collecting information
   

   1. We have a number of legal reasons (or the 'lawful basis') that mean we can use (or 'process') your personal information, including consent, contractual, legitimate interest and public task (there are six in total). These are outlined in the following sections. Sometimes more than one lawful basis will apply when we process your personal data. You can find out more about this from the ICO here.
      
      

   2. Legitimate interest: means we can process your personal information if: we have a genuine and legitimate reason; we are not harming any of your rights and interests; and you would not be surprised or likely to object to receiving the communication.
      
      

   3. We will process the personal information you have supplied to us to conduct and manage our business to enable us to give you the most appropriate marketing, information, service and products, and provide the best and most secure experience. These are what we consider to be our 'Legitimate Interests'. When processing your data in this way, we will also carefully consider and balance any potential impact on you and your rights.
      
      

   4. Some typical examples of when we might use this approach are for preventing fraud, recording our reach and impact, direct marketing (including providing information regarding our products and services, where sought), promoting resources or materials in areas you have expressed interest, maintaining the security of our system, data analytics, enhancing, modifying or improving our services, gaining insights and understanding journeys related to usage of our services and sites, identifying usage trends and determining the effectiveness of our campaigns. See Annex 1 for further detail regarding these examples and your interests.
      
      

   5. Consent: means we can process your personal information if consent can be freely given and you have real choice and control over how we use your data. You must be able to give your consent through opting in and we must provide you with a clear explanation of why we want your data and what we'll do with it. Tintisha seeks consent from individuals where appropriate.
      
      

   6. Contractual: means we can process your personal data to fulfil our current or planned contractual obligations with you. For example, we will process personal data as part of our tendering process with bidding and contracted organisations (our 'delivery partners' or suppliers). We will also process the personal data of our SET members and individuals who register on a course through the Tintisha Booking System, using this basis.
      
      

   7. Public task: means we can process your personal data where we have 'official authority' or are performing a task which is in the public interest (set out in law). As part of our Department for Education grant and contractual funding we are required to meet a number of targets, including evidencing the reach and impact of support programmes, such as the number of individuals who attended a course. We will store and share personal information related to our work which may have been contracted or commissioned by the Department for Education or any other third party.
      
      

4. How we use information about you
   

   1. We require your personal data to understand your needs and provide you with a better service, and in particular for the following reasons:
      
      

      1. internal record keeping and audit purposes;

      2. to provide a tailored experience and customise the website according to your interests;

      3. to advise of changes to our company or services.

   2. Tintisha will not sell or lease your personal information to third parties and we will only share your data with third parties when:
      
      

      1. it is to provide you with a service or information including any benefits and services (including membership, if relevant) provided by third parties as set out above. Tintisha requires all such third-parties to treat your personal information as confidential and to comply with all applicable UK Data Protection Legislation (including the General Data Protection Regulation and Data Protection Act 2018) and Consumer Legislation in place at any given time, or

      2. you have given your explicit consent to do so, or

      3. where it is necessary to comply with an order from a statutory body which is empowered to require us to release your data; or to comply with any legal obligation; or to enforce or apply any of our terms which you are subject to; or to protect the rights, property, or safety of Tintisha, our staff or others, or

      4. Tintisha is acquired by a third party, in which case personal data held by it will be one of the transferred assets.

   3. Tintisha will complete due diligence on third parties we ask to process data on our behalf. As part of our contract management processes, we keep an overview of how your data is processed by third parties.
      
      

   4. You can unsubscribe from marketing and communications from Tintisha at any time by using unsubscribe link on any marketing or communications or by contacting us by email at: info@tintisha.net
      
      

   5. We will stop processing and or delete your personal data if you ask us to. Please contact us at info@tintisha.net
      
      

   6. We retain your information as long as necessary for each purpose we use it. In some instances, we are obliged by law to keep it for a defined period and in this event, this negates your right to be forgotten. For example, we keep all financial transactions for seven years as outlined by the Companies Act 2006. At the end of specified retention periods we dispose of your data securely.
      
      

5. Security
   

   1. All information you provide to us is stored on secure servers. We adopt appropriate technical and organisational measures to protect the security of all personal data held by Tintisha, including sensitive personal data. All payment transactions are encrypted and stored securely.
      
      

   2. Although Tintisha tries to ensure your personal data is protected, we cannot guarantee the security of your data transmitted to our site; any transmission of data is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
      
      

   3. The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing and/or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
      
      

6. What are your rights
   

   1. The General Data Protection Regulation (GDPR), gives everyone a number of rights. These are:
      
      

      1. Transparency over how we use your personal information (right to be informed).

      2. Request a copy of the information we hold about you, which will be provided to you within one month (right of access).

      3. Update or amend the information we hold about you if it is wrong (right of rectification).

      4. Ask us to stop using your information (right to restrict processing).

      5. Ask us to remove your personal information from our records (right to be 'forgotten').

      6. Object "opt-out" to the processing of your information for marketing purposes (right to object).

      7. Obtain and reuse your personal data for your own purposes (right to data portability).

      8. Not be subject to a decision when it is based on automated processing (automated decision making and profiling).

   2. If you would like to know more about your rights under the data protection law see the Information Commissioner's Office website.
      
      

   3. You can change the way you hear from us or withdraw your permission for us processing your personal data by contacting info@tintisha.net
      
      

   4. You have a right to access the personal data that is stored about you. Any person wishing to exercise this right should write a Subject Access Request to info@tintisha.net
      
      

   5. For any other queries related to your individual rights you can contact info@tintisha.net
      
      

   6. You can complain to the UK regulator, the Information Commissioner's Office, if you feel we are not acting fairly.
      
      

7. Links to other sites
   

   1. Our website may contain links to other websites. Tintisha does not have any control over the content or security of other websites and cannot be responsible for your privacy and protection if you choose to visit these websites.
      
      

8. Cookie Policy
   

   1. It is important to Tintisha that our websites are easy to use, accessible and reliable. Small files, called cookies, place small amounts of information on your computer or other device used to access the internet, such as a mobile phone.
      
      

   2. Cookies may be used on this site to help personalise your visit, to improve how you use the site and to record your online activity. This information cannot be used to identify you personally. You can disable cookies by adjusting your browser settings, but some functions of the site may not work correctly.
      
      

   3. Specifically,Tintisha uses cookies to measure how people are using the website so that we can improve the capacity and overall user experience.
      
      

   4. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated relating to our website is used to create reports about the use of the website. Google will store and use this information. Google's privacy policy is available here.
      
      

   5. In addition to Google Analytics, we also may use a range of other cookies, web beacons and flash cookies when relevant, these include, but are not limited to: Facebook Advertising, DoubleClick, Lotame, AppNexus, EXelate, MediaMath, TradeDEsk, Semasio,Eyeota, Hotjae, Bombora and Mouseflow.
      
      

   6. It is usually possible to stop your browser accepting cookies, or to stop it accepting cookies from a particular website. All modern browsers allow you to change your cookie settings. You can usually find these settings in the 'options' or 'preferences' menu of your browser. To understand these settings, the following links may be helpful, or you can use the 'Help' option in your browser for more details.
      
      

   7. The BBC website provides a user-friendly outline of cookies and how they work.
      
      

   8. Please note Tintisha is not responsible for the content on other websites.
      
      

   9. If content is shared through social media, you may be sent cookies from those sites. We do not control the settings of these cookies so do check third party sites for more information about the cookies they use and how to manage them.
      
      

9. Contacting us and who to complain to
   

   1. If you would like to talk through anything in this policy, find out more about your rights or obtain a copy of the information we hold about you, please contact us.
      
      

   2. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Lead who will investigate the matter. Contact details can be found below. Alternatively, you can complain directly to the Information Commissioner's Office (ICO).
      
      

   3. Our Data Protection Lead, Ian Pritchard can be contacted via info@tintisha.net
      
      

10. Annex 1
    

    1. The following are some examples of Tintisha's interests, outlining when and why we would use 'legitimate interest':
       
       

       1. Direct Marketing: We will send postal, text and e-marketing communications and marketing tasks which further the aims and objectives of Tintisha. We will also make sure our marketing communications are relevant for you, tailored to your interests.

       2. Your best interest: Processing your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.

       3. Personalisation: Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our supporters.

       4. Analytics: To process your personal information for the purposes of customer analysis, assessment, profiling and direct marketing, on a personalised or aggregated basis, to help us with our activities and to provide you with the most relevant information as long as this does not harm any of your rights and interests. Please see our privacy policy above for further details.

       5. Research and evidence: To determine the effectiveness of our services and products, marketing and communications and to develop our products, services, systems and relationships with you.

       6. Due Diligence: We may need to conduct investigations on supporters, potential customers and business partners to determine if those companies and individuals have been involved or convicted of offences such as fraud, bribery and corruption.

    2. We'll also hold information about you so that we can respect your preferences for being contacted by us.
       
       

    3. When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Therefore, Tintisha's needs do not automatically override your personal data rights (unless we have your consent or are otherwise required or permitted to by law).
       
       
       

Published: 19 March 2025