Privacy Policy
1. Keeping your data safe
1.1 We are committed to keeping your personal data safe and secure and handling it in accordance with our legal obligations. This privacy notice sets out in detail the purposes for which we process your personal data, who we share it with, what rights you have in relation to that data and everything else we think it’s important for you to know.
2. Who we are
2.1 We are Cogniscion Limited, trading as Tio Fire Safety, or “Tio” for short. We are registered in England under company number 10664317 and have our registered office at Belmont Estate, Bristol Road, Wraxhall, BS48 1NF.
2.2 For the purpose of the relevant data protection laws (including the Data Protection Act 2018 and the UK General Data Protection Regulation), we are the controller of the personal data we process about you.
2.3 We are registered with the Information Commissioner’s Office with registration number ZA380947.
3. What Service we provide
3.1 We provide “Tio”, a cloud service supporting your safety and compliance records via www.tiofiresafety.com to enable you to comply with UK fire safety laws and other legislation and best practice (the Service).
4. Contact details
1.1 You can reach us by writing to us at Belmont Estate, Bristol Road, Wraxhall, BS48 1NF, or by emailing us at [email protected].
5. What is personal data?
5.1 Personal data is any information that identifies an individual. This could include be a name, contact details, date of birth, medical information or bank account details, for example.
6. What personal data do we collect?
6.1 We may collect the following personal data about you:
6.1.1 your name, title, address, telephone number, email address;
6.1.2 any personal data that you provide to us in correspondence you send;
6.1.3 transaction history relating to your use of the Service;
6.1.4 payment information if you sign up to use the Service;
6.1.5 your internet protocol (IP) address if you visit our website;
6.1.6 social media profile information, including your handles and posts if you interact with us via social media;
6.1.7 photographs taken by you for the purposes of use in or in relation to the Service;
6.1.8 video footage taken by you for the purposes of use in relation to the Service;
6.1.9 location data from GPS or other similar services if used as part of the Service.
7. How do we collect personal data?
7.1 We collect personal data from various sources, including:
7.1.1 directly from you when you:
(a) sign up for an account and start using the Service;
(b) contact us with questions or feedback;
(c) sign up to our newsletter, or provide information to us in marketing forms;
(d) interact in our marketing, sales or training assets on our website or other digital platforms or at any exhibitions or other events;
(e) correspond with us during the normal course of business;
7.1.2 credit reference and fraud prevention agencies;
7.1.3 publicly available sources such as social media, public review platforms and the electoral roll;
7.1.4 third party review platform providers that we use to gather specific feedback from customers;
7.1.5 organisers of exhibitions, webinars, events or meetings which you have attended in relation to our business sector.
8. How do we use your personal data?
8.1 We use your personal data for the following purposes:
8.1.1 to make decisions about whether we can provide the Service to you;
8.1.2 to confirm your identity as a user of the Service;
8.1.3 to provide the Service to you;
8.1.4 to allow you to participate in interactive features of the Service;
8.1.5 to run and manage your account;
8.1.6 to provide support to you in using the Service and to answer any questions you may have;
8.1.7 to record your use of the Service as part of your work or statutory duties;
8.1.8 to send statements and invoices to you, and collect payments from you;
8.1.9 to notify you about any technical issues which may affect you and your use of the Service;
8.1.10 to notify you about any changes to the Service or to the Services’ terms and conditions or this privacy notice;
8.1.11 to deal with complaints or other feedback;
8.1.12 to build up a picture of your use of the Service;
8.1.13 for statistical, research and analytics purposes;
8.1.14 to analyse and improve the Service and our business;
8.1.15 to prevent and detect fraud and other criminal activity;
8.1.16 to send you communications about our products and services we think you will be interested in;
8.1.17 to tailor the advertising and marketing that we send to you based on your interests;
8.1.18 to run competitions and promotions that you enter.
9. What is our legal basis for using your personal data?
9.1 Under data protection laws, we are only permitted to use your personal data if we have a legal basis for doing so. The table below tells you what that legal basis is in relation to the reasons why we process your personal data which are set out above.
| Purpose | Personal data used | Legal basis |
|---|---|---|
| To provide the Service to you and all reasons relating to your use of the Service; communicating with us about the Service and us dealing with issues relating to your use of the Service. This also includes in relation to payment for the Service and any debt collection, if required. | Your name and business (or personal, if offered) contact details including address, telephone number and email address and any other contact methods provided by you. | We process this personal data for these purposes on the basis that it is necessary for us to do so in order to fulfil the contract that we have with you to deliver the Service. |
| To analyse and improve the Service and our business. | Information about how you have used the Services and any feedback that you provide including any issues which require remediation. | We process this personal data for these purposes on the basis that it is necessary in our legitimate interests. We have a legitimate interest in ensuring that we continue to improve our business and provide the best possible service for our customers. |
| To send you marketing communications. | Your name and contact details including email address and telephone number. | We process this personal data either on the basis that:a.we have your consent to do so; b. If you are an existing customer, it is in our legitimate interests to do so. We have a legitimate interest in promoting our business and services.You can opt out of receiving marketing communications at any time by clicking the “unsubscribe” link in marketing emails. |
9.2 Please note that if we process your personal data on the legal basis of your consent, you are able to withdraw your consent at any time. This will not affect the lawfulness of any processing that was carried out based on your consent prior to it being withdrawn.
10. What happens if you don’t provide the personal data we request?
10.1 We need some of your personal data to perform our contract with you where you have signed up to the Service or to comply with legal obligations, as set out in section 9.1 above. Where personal data is required for these purposes, if you do not provide the data requested, we will not be able to perform our contract with you or continue to provide the Service to you. We explain when we collect your personal data which data is mandatory and which is not.
11. How we share your personal data
11.1 We share your personal data in the following ways:
11.1.1 with our employees, officers, agents, suppliers and subcontractors insofar as is necessary for the purpose of delivering the Service to you;
11.1.2 with companies within our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise or for system maintenance and hosting of data;
11.1.3 when we use third party service providers who process personal data on our behalf to provide services to us. The service providers we use who have access to your personal data are as follows:
(a) hosting providers
(b) cloud services providers for cloud storage
(c) marketing services providers;
(d) IT support and maintenance providers;
(e) debt collection agencies;
(f) providers of business process software such as financial and customer relationship management packages that allow us to manage our payment and collection services, and our interactions with customers and stakeholders.
11.1.4 If we sell any part of our business and/or integrate it with another organisation, your details will be disclosed to our advisers and to prospective purchasers or joint venture partners and their advisers. If this occurs, the new owners of the business will only be permitted to use your personal data in the ways detailed in this notice.
11.1.5 We will disclose your personal data where we are legally required to do so, for example should we be required to provide information for an investigation by a regulatory authority or to tax authorities, or where we need to share your personal data for the purposes of preventing or detecting crime, in connection with legal proceedings, for the purpose of obtaining legal advice or otherwise for the purposes of establishing, exercising or defending legal rights or claims.
11.2 Online payment transactions are processed by our 3rd party payment gateway, which will have access only to your payment details. Your payment details will be encrypted in accordance with the payment provider’s own policies.
12. Where personal data is stored and transferred
12.1 We do not anticipate that we will need to transfer your data to countries outside the UK and the European Economic Area (EEA). However, if we do need to transfer your personal data outside the UK or the EEA, we will take all steps reasonably necessary to ensure that any such transfer is made securely and that there is adequate protection in place in order to protect your personal data. Please contact us if you wish to find out more; if we ever transfer your personal data outside the EEA you can ask us for a copy of the relevant safeguards implemented in relation to the transfer.
13. How long personal data is kept for
13.1 We will keep your personal data for as long as you are a customer of the Service, and for as long as is necessary after this to ensure we are able to comply with any audit requests received.
13.2 Where your personal data is part of an audit trail created by your use of the Service, we will process such personal data to deal with any claims or complaints or to comply with any legal or regulatory obligations for as long as is necessary in the circumstances.
13.3 In addition to 13.2 further information about how we continue to process your personal data once your subscription has ended is detailed in this clause 13.3
13.3.1 When you cease to pay a subscription for a service we will make available your data as follows:
13.3.2 The Building Occupier Subscriber (or related role) of a Fire Logbook will receive a pdf copy of their log book and all uploaded files.
13.3.3 Asset Management Subscribers will receive a pdf of their asset history and any uploaded documents
13.3.4 Documents will be made available when the subscription has ended via a download link that will remain valid for 30 working days. It is the Subscriber’s responsibility to ensure they access the data via this link within this timeframe. After this period is over documents will no longer be available for download.
13.4 We generally anticipate that the necessary period referred to in 13.1 to 13.3 above will be no longer than six years from when you or your business ceases using the Service.
13.5 If we process your personal data for any other reason, for example if we met you at an event or if you requested information from us but did not subscribe to use the Service, we will generally process your personal data for no longer than 12 months after you cease to interact with the business.
14. Your rights
14.1 You have a number of rights under data protection laws. These rights and how you can exercise them are set out in this section. We may need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
14.2 We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case we will let you know as soon as we can and explain why we need to take longer to respond.
14.3 If you want to exercise any of these rights, please contact us by email at [email protected] or by post at Belmont Estate, Bristol Road, Wraxhall, BS48 1NF.
14.4 A right to access your personal data – You can ask us to send you a copy of the personal data that we hold about you (subject to some exceptions).
14.5 A right to an electronic copy of your personal data – You can also ask us to send you the information that we process for the purposes of fulfilling our contract with you or based on your consent in a common electronic format, or to ask us to transfer that data to a third party if you want us to and if it is technically feasible for us to do so.
14.6 A right to object to us processing your personal data – You may object to us processing your personal data where we rely on legitimate interests as the legal basis of our processing (as set out in section 9 above). If you make a request to exercise your right to object, if we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
14.7 A right to ask us not to send direct marketing to you – You can do this by following the “unsubscribe” instructions in any marketing or by contacting us using the details above.
14.8 A right to have inaccurate data corrected – You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
14.9 A right to have your personal data erased – You have a right to ask us to delete your personal data in certain circumstances, for example if we have processed your data unlawfully or if we no longer need the data for the purposes set out in this notice.
14.10 A right to have processing of your personal data restricted – You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights. Restricting your personal data means that we only store your personal data and don’t carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.
15. Complaints
15.1 You are important to us, and so is protecting your personal data. We have high standards when it comes to collecting and using personal data. For this reason, we take any complaints we receive from you about our use of your personal data very seriously and request that you bring any issues to our attention.
15.2 You also have the right to lodge a complaint with the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK. You can find out how to do this by visiting www.ico.org.uk.
16. Updates to this notice
16.1 We may make changes to this notice from time to time. We will notify you if significant changes are made.