TypeGenie is a product by True AI Ltd.
True AI Ltd. is committed to best practice with regards to data protection and data privacy. All activities are carried out in line with relevant UK and EU legislation. This includes, but is not limited to the Data Protection Act 1998 (DPA), the EU Data Protection Directive 95/46/EC, and the forthcoming EU General Data Protection Regulation (GDPR).
Although all staff have a responsibility for adhering to our Data Protection Policy, the Senior Management have day-to-day responsibility for developing, implementing and monitoring the data protection policy. This ensures the policy is effectively managed and coordinated.
We employ individuals with vast technical expertise and experience within data security and practice industry standard to secure client's data at rest and in transit.
Education and Awareness
All staff are briefed on their data protection responsibilities upon appointment, with training updates at regular intervals or when required, Specialist training for staff with specific duties, such as marketing, information security and database management, is provided.
To ensure that processing of data is fair, True Al LTD is transparent about how it intends to use the data, As good practice, the company includes privacy notices on any forms used to collect data. These clearly explain the reasons for using the data.
Personal data is not processed in any manner that is 'incompatible' with its specified purpose.
Responding to access requests
Personal data is processed in accordance with individual rights under the DPA, the EU Data Protection Directive 95/46/EC, and the forthcoming GDPR. Individual requests, or on behest of the client, are recognised and responded to by True Al LTD within 20 days. This includes the right of access and portability.
Data quality & accuracy
True Al LTD ensures that the personal data it holds is of sufficient quality to make decisions about individuals. Data is not collected without a legitimate business reason and collects only the minimum required to meet the purposes for which it is needed and which are specified in the privacy notice. All personal data held is accurate and, where necessary, kept up-to-date.
Retention and disposal
True Al LTD ensures that personal data is not kept for longer than is necessary. Checks are carried out to identify which records or data sets are held, and when they should be deleted or anonymised. True Al LTD records retention and disposal dates for all information they hold. Data is disposed of securely according to client agreements and in compliance with the GDPR.
Right to be forgotten
Decisions on deleting an individual's data on request will be taken by the True Al LTD and its client in compliance with the rules set out in the GDPR, Any reasonable request for deletion of information will be complied within 2 weeks for live data, and for archival information purged within 30 days.
In the unlikely event where data and/or security is compromised affecting the rights and freedoms of individuals, a Security Breach Procedure is in place and all staff are trained and aware of their responsibilities. Such incident will reported to the relevant data controller and supervisory authority within 72 hours of True Al LTD becoming aware of it.
True Al LTD ensures an adequate level of protection for any personal data processed by others on its behalf or transferred outside the European Economic Area. When determining whether to use an external provider, True Al LTD requires proof of their adherence to Data Protection Legislation both in the UK and EU. New Supplier/Contractor Forms must be completed by all third parties, which request proof of their credentials and compliance requirements before True Al LTD will consider engaging their services.
Privacy Impact Assessments
As required under The EU General Data Protection Regulation (GDPR), True Al LTD ensures that any new projects or initiatives are privacy-proofed at the planning stage. Privacy considerations are an integral part of the early design of all projects plans or initiatives that involve the processing of personal data. Privacy Impact Assessments (PIA) are conducted during the development, testing and delivery stages of any project to evaluate the origin, nature, particularity and severity of the risk to the rights and freedoms of natural persons before processing personally identifiable information. The PIA includes the measures, safeguards and mechanisms envisaged for mitigating the identified risks. The PIA process is scaled on case-by-case to the scope of the particular project.
Any further information on data policy can be requested by emailing firstname.lastname@example.org