At TCAS, the privacy and security of our customers, respondents and visitors are of paramount importance and TCAS is committed to protecting the data You share with us. We strive to provide a secure program that carefully considers data protection matters across the suite of products and services offered by TCAS including data submitted by TCAS Clients and their customers to our services. This privacy policy explains how TCAS processes any information that can be used to directly or indirectly identify an individual (“Personal Data”) collected through use of its website and platform. We will, therefore, use Your personal information, or provide it to others, in accordance with this Privacy Policy.
Definitions
For the purposes of this Privacy Policy:
- Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to TCAS.
For the purpose of the GDPR, the Company is the Data Controller.
- Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
- Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
- Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.
- Platform refers to the TCAS system provided to TCAS’s customers as TCAS’s product.
- Personal Data is any information that relates to an identified or identifiable individual.
For the purposes of the GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
- Service refers to the Website and the Platform.
- Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- Website refers to TCASOnline.com, accessible from https://tcasonline.com
- You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as You are the individual using the Service.
Types of Data Collected
Personal Data
While using Our Service, we may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally, identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Usage Data
Usage Data
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse Our Service. The technologies We use may include:
- Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, you may not be able to use some parts of our Service. Unless You have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
- Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.
We use both Session and Persistent Cookies for the purposes set out below:
- Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
List of these cookies We use:
| Cookie | Type | Duration | Description |
| _abck | https | 1 year | Used to detect and defend against replay-cookie-attacks – The cookie is necessary for the security and integrity of the website. |
| ak_bmsc | https | This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. | |
| bm_sz | https | Used in context with the website’s BotManager. The BotManager detects, categorizes, and compiles reports on potential bots trying to access the website. |
- Functionality Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering Your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter Your preferences every time You use the Website.
List of these cookies We use:
| Cookie | Type | Duration | Description |
| lang | https | Session | Remembers the user’s selected language version of a website. |
- Tracking and Performance Cookies
Type: Persistent Cookies
Administered by: Third Parties
Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify You as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device You use to access the Website. We may also use these Cookies to test new pages, features or new functionality of the Website to see how our users react to them.
List of these cookies We use:
| Cookie | Type | Duration | Description |
| _ga | https | 2 years | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. |
| _gat | https | 1 day | Used by Google Analytics to throttle request rate. |
| _gid | https | 1 day | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. |
| _hjAbsoluteSessionInProgress | https | 1 day | This cookie is used to count how many times a website has been visited by different visitors – this is done by assigning the visitor an ID, so the visitor does not get registered twice. |
| _hjFirstSeen | https | 1 day | This cookie is used to determine if the visitor has visited the website before, or if it is a new visitor on the website. |
| _hjIncludedInPageviewSample | https | 1 day | Used to detect whether the user navigation and interaction s are included in the website’s data analytics. |
| _hjSession_# | https | 1 day | Collects statistics on the visitor’s visits to the website, such as the number of visits, average time spent on the website, and what pages have been read. |
| _hjSessionUser_# | https | 1 year | Collects statistics on the visitor’s visits to the website, such as the number of visits, average time spent on the website and what pages have been read. |
What are Your cookies options?
If You do not like the idea of cookies or certain types of cookies, You can change Your browser’s settings to delete cookies that have already been set and to not accept new cookies. To learn more about how to do this, visit the help pages of Your browser.
Please note, however, that if You delete cookies or do not accept them, You might not be able to use all of the features We offer, You may not be able to store Your preferences, and some of our pages might not display properly.
Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, you will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Collecting Your Information
We may hold information about You as a customer, or as a representative of a business customer. We collect this information in several ways:
- Information is collected through Your use of our website and any other applications (The usage data may include Your IP address, geographical location, browser type and version, operating system, referral source, length of visitor page views and website navigation paths, as well as information about timing, frequency and pattern of Your service use).
- Information is collected through Your communications with us.
- Information is collected via our networks when You use any of our services to enable us to provide the service.
- Information is sometimes collected from outside sources, such as banks or credit reference agencies to help us with credit-related decisions.
The source of the usage data is our analytics tracking system and this usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
How We Use Your Personal Data
We may use Your data to:
- Provide the services You have requested.
- Comply with our legal and regulatory obligations in connection with the provision of goods and/or services to You.
- Check or confirm Your identity if You contact us.
- Provide You with personalised services.
- Carry out, monitor and analyse our business.
- Notify You of any changes to our products or services.
- Contact You by email, letter, telephone or in any other way about our products and services unless You tell us that You prefer not to receive marketing. An unsubscribe option will be included in appropriate communications.
- Fulfil other administration or operational purposes.
Your data may be used for other purposes for which You give Your permission.
Communication Subscriptions
If You subscribe to our email communications, you thereby agree to receive email communications at the contact details provided for such purposes. These communications will come from @TCASOnline.com.
You understand and agree that all information entered and transmitted through the website is the sole responsibility of the person from whom such user content originated. More specifically, you are entirely responsible for all user content You make available herein. In consideration of the use of the website, you agree to;
- Provide accurate, current and complete information about Yourself as may be prompted; and
- Maintain the security of any logins, passwords, or the credentials that You select or that are provided for the use on the site. If You have opted in to receive communications, your information may be tracked. In order to opt out of this tracking, you should take the following steps:
- Access an email communication
- Click unsubscribe
- Or email privacy@tcasonline.com
Retention and Deletion
TCAS will not retain data longer than is necessary to fulfil the purposes for which it was collected or as required by applicable laws or regulations. TCAS is a cloud-based solution, the servers are all EU-based and the information captured on behalf of the clients is stored herewith. For Personal data, TCAS Users have control of the purpose for collecting data, and the duration for which the Personal Data may be kept. For Personal data, Users with an active account will therefore have the responsibility to delete data when required. When a user’s account is terminated or expired, all Personal Data collected through the platform will be deleted, as required by applicable law.
Our Responsibility
TCAS will take commercially reasonable security measures to safeguard Your information according to strict standards of security and confidentiality, including, without limitation, addresses, phone numbers, email addresses, social security numbers, credit card numbers, and any other private information entered. All this information gathered herein is stored within a controlled database accessible only to TCAS and its specifically authorised contractors and vendors globally. We will keep Your personal information confidential and will only share it as set out in this Privacy Policy. Access to databases containing user information is limited to employees who need it to perform their jobs. However, TCAS cannot guarantee the complete security of our database, nor can TCAS guarantee that information You supply will not be intercepted while being transmitted to TCAS over the internet. If You do not want TCAS or the Operator to know any particular information about You, You should not include it in anything You submit.
Acceptance of Privacy Policy
We assume that all visitors of our website, communication recipients and users of the TCAS platform have carefully read this document and agree to its contents. If someone does not agree with this privacy policy, they should refrain from using our website and platform. We reserve the right to change our privacy policy as necessity dictates. Continued use of TCAS website and platform after having been informed of any such changes to these conditions implies acceptance of the revised privacy policy.
Our Legal Obligation to Disclose Personal Information
We will reveal a user’s personal information without his/her prior permission only when We have reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who are suspected of infringing rights or property belonging to TCAS or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property. We are permitted to disclose personal information when We have good reason to believe that this is legally required.
Our Privacy Policy is regularly reviewed to ensure that We continue to serve Your privacy interests. We reserve the right to update this Privacy Policy from time to time, with any updates published on the website. We therefore, encourage You to review our Privacy Policy periodically for the most up to date information on our privacy practices. We will not, however, substantially change the way We use personal information You have already provided to us without the appropriate prior agreement. By consenting to this privacy agreement, You are giving us permission to process Your personal data specifically for the purposes identified.
What is a data subject access request?
A data subject access request is a written or verbal request for personal information (known as personal data) held about You by TCAS. Under article 15 of the GDPR You have, as the data subject, the right to see if TCAS is processing Your personal data and receive a copy of the data itself.
In particular You have the right to the following information:
- The data itself in a permanent and intelligible format
- The purposes of the processing (what are We using Your data for?)
- The categories of personal data concerned (categories such as: name, address, email address, date of birth etc.)
- The recipients or categories of recipient to whom the personal data have been or will be disclosed (are We sharing Your information with anyone else?)
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing (the right to object to having Your data processed, and to have data erased or corrected upon request)
- The right to lodge a complaint with a supervisory authority
- Where the personal data is not collected from the data subject, any available information as to their source (if We didn’t collect the data from You, where did We get it?)
- The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
How do You make a subject access request?
To allow us to respond promptly to any data subject access request We ask You to:
- Send an email to privacy@tcasonline.com with Your request and We will provide You with the Data Subjects Access Request Form.
- Please complete, sign and date the form and be specific as possible about the information You wish to access.
- Attach a photocopy of Your proof of identity and address to the Data Subjects Access Request Form.
- Send the completed request form, along with the proof of identity and address either:
(1) Electronically to: privacy@tcasonline.com
(2) By post to: TCAS, Fitzwilliam Hall, Fitzwilliam Place, Dublin 2,D02T292, Ireland
What do We do when We receive a valid data subject access request?
We will first check that We have enough information to be sure of Your identity. Usually, We will have no reason to doubt a person’s identity. However, in rare cases We may request additional evidence We reasonably need to confirm Your identity. We do this to ensure that We only disclose information about personal data to the data subject.
We will then check that We have enough information to find the records You requested. If We feel We need more information, then We will promptly ask You for this.
We will then conduct a full search of all our relevant databases and filing systems and collect all data relevant to the subject access request. Provided that none of the restrictions specified in Article 23 of the GDPR apply, We will then share with You the data and the additional information that You are entitled to. The default position is that You will get a hard copy of the information in a permanent and intelligible format unless the supply of such a copy is not possible or would involve a disproportionate effort, or You have agreed otherwise. Any terms which are not intelligible without an explanation will be accompanied by an explanation.
The copy of the requested material will be dispatched by secure, registered delivery, and We will seek timely confirmation from You, as the data subject on receipt of the material.
Are there any fees payable?
While in most instances there is no charge, We reserve the right, in accordance with Article 12 of the GDPR to charge a fee or refuse the request if it is considered to be (1) “manifestly unfounded” or (2) “excessive”.
“Manifestly Unfounded”
A request may be manifestly unfounded if the individual has no clear intention to access the information or is malicious in intent and is using the request to harass an organisation with no real purposes other than to cause disruption.
Factors that may indicate malicious intent include:
- The individual has explicitly stated, in the request itself or in other communications, that they intend to cause disruption;
- The request makes unsubstantiated accusations against TCAS or specific employees;
- The individual is targeting a particular employee against whom they have some personal grudge; or
- The individual systematically or frequently sends different requests to TCAS as part of a campaign with the intention of causing disruption.
“Excessive”
A request may be excessive if it:
- Repeats the substance of previous requests and a reasonable interval has not elapsed; or
overlaps with other requests.
- Subsequent copies may incur a reasonable fee based on administrative costs.
If TCAS determines that a request is “manifestly unfounded or excessive”, We will notify the individual and include the following details:
- The reasons why TCAS has not complied with their request;
- Notify the individual about their right to make a complaint to the DPC or another supervisory authority; and
- Notify the individual about their ability to seek to enforce this right through a judicial remedy.
How soon will my subject access request be dealt with?
All valid data subject access requests, accompanied by valid proof of identity, received by TCAS will be dealt with within 30 days of the latest of the following:
- Our receipt of Your request; or
- Our receipt of any further information We may ask You to provide to enable us to comply with Your request.