This Privacy Notice sets out how Certainty 3D, LLC DBA TopoDOT (the Data Controller) collects and uses your personal data. When we refer to "we", "us" "our" or "controller" in this Privacy Notice we mean Certainty 3D, LLC DBA TopoDOT.
This Privacy Notice is specifically written to comply with both the EU and UK GDPRs as at the time of writing. It will also give relevant privacy information for citizens affected by the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (CDPA). Our Privacy Notice will be continually reviewed and updated as necessary to reflect any changes in these laws or if new laws require us to comply with additional obligations.
Our Privacy Notice is structured in a way for you to easily find the specific details of what we do with your personal data, depending on which processing activity you want to find out more about.
Part 1 of our Privacy Notice is information we must tell everyone regardless of your relationship with us. The remaining parts give specific information on how we use your personal data for each of the different processing activities we undertake.
Certainty 3D, LLC DBA TopoDOT is the data controller for the personal data we process about you.
You can contact us regarding the use of your personal data via one of the following ways:
We are not legally obliged to appoint a Data Protection Officer under the EU or UK GDPRs. Furthermore, neither the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA) or the Virginia Consumer Data Protection Act (CDPA) expressly provide for requirements regarding the appointment of a DPO. However, a member of our team does oversee our data protection compliance with both GDPRsand other relevant privacy laws. The various ways you can contact us to discuss any data protection issues or concerns are shown in the "Our contact details" section.
We obtain your personal data either directly from you or indirectly from publicly available sources or third parties.
Directly
We obtain personal data directly from you. This is when you have directly given your details to us, examples of when you may do this include when you:
Indirectly
We may sometimes obtain your personal data from publicly available sources or third party sources, examples of how we may get your personal data include:
When gathering and using UK and EU citizens personal data we must have a legal basis, under the EU and UK GDPRs, to do so.
The legal basis we rely on to process your personal data varies depending on the processing activity undertaken. The full details of the processing activities we undertake along with the legal basis we rely on to process your personal data are given in the specific Parts of this privacy notice.
Where we process your personal data for us to comply with a legal/regulatory requirement we will rely on the legal basis of "legal obligation" as the processing is necessary for us to fulfil our legal obligation to which we are subject to.
Depending on the purpose and legal basis we rely on for processing your personal data, there are various rights available to you. You can:
We do not undertake any solely automated decision making, including profiling, about you.
UK and EU citizens are advised to read their own Supervisory Authorities guidance on how to exercise their rights which are published on their websites.
You do not pay a fee to us to exercise any of your rights under the EU and UK GDPRs. However, if your request is manifestly unfounded or excessive we may either charge a reasonable fee or refuse the request.
We shall respond to a valid request within one month of receiving it.
If you wish to exercise one of your rights, please contact us via one of the methods shown in the "Our contact details" section.
If you are not happy with how we are processing your personal data or you believe we have not dealt with one of your rights correctly you are entitled to make a complaint to your Supervisory Authority. Full details how to make a complaint will be given on their websites.
We do not share, sell or rent your personal data to other businesses for them to use for their own marketing purposes.
We do not currently undertake any data sharing activities with other businesses (this includes both routine and ad-hoc data sharing). Should this change in the future we will update our privacy notice to reflect this processing activity. We will always comply with relevant data protection laws should we enter into any data sharing with another business.
We may use data processors to help us fulfil the delivery of our services or products to you.
When we do use other businesses to process personal data on our behalf (these are known as data processors) we ensure we have appropriate UK GDPR compliant contracts in place with each one.
The data processor is not allowed to do anything with your personal data other than what we have instructed them to do with it. They will not share your personal data with any other business apart from us, unless they are required to do so by law. They will hold it securely and retain it for the period we instruct.
Our data processors include:
Whenever personal data is transferred to us from the EU or the UK we will work with the transferring organisation to ensure the relevant part of the GDPRs are complied with to undertake the international transfer.
Generally transfers from the EU or the UK can only take place when one of the following provisions are in place to safeguard the personal data:
An "adequacy decision" is in place with the country where the personal data is being transferred to.
We do not collect and process personal data relating to children.
Our website may provide links to websites of other organisations. Our Privacy Notice does not cover how those organisations process your personal data when you visit their website. We advise you to read their Privacy Notices.
We keep our Privacy Notice under review to ensure it remains accurate and up to date and we reserve the right to modify this policy at any time. Changes to this policy will be posted on our website and you should endeavour to review the policy frequently.
If you have any questions about our Privacy Notice, please contact us via one of the ways shown in the "Our contact details" section.
This Privacy Notice was last updated on 6/10/2021
When you use one of our services we need to collect the following type of personal data from you:
We gather your personal data directly from you when you either enquire about our services or enter into a contract with us to purchase one of our services.
We use your personal data to:
The legal basis we rely on for these purposes are:
Contractual obligation (GDPR Article 6(1)(b))
The services we provide to you are done so under contract or with a view to entering into a contract with you. We require certain information from you to enable us to fulfil our contractual obligation. If you are not able to provide all the information we need we may not be able to provide the service to you and the arrangement may be terminated.
Consent (GDPR Article 6(1)(a)
If you enquire about our services or purchase one of our services we may ask you if you would like to receive marketing from us. We will only add you to our marketing list when you have given your consent for us to use your personal data for this purpose.
You always have the right to withdraw your consent to receive marketing, you can do this by clicking the "unsubscribe" link in the marketing email you receive.
When we have concluded the provision of our service to you we will keep your data for a period of 5 Years before it is securely disposed.
Marketing contact details are held for as long as you want to remain on our marketing contact list.
Yes, we use the following data processors to deliver our service to you:
When you use one of our services we need to collect the following type of personal data from you:
We gather your personal data directly from you when you use TopoDOT.
We use your personal data to:
The legal basis we rely on for these purposes are:
Contractual obligation (GDPR Article 6(1)(b))
The services we provide to you are done so under contract or with a view to entering into a contract with you. We require certain information from you to enable us to fulfil our contractual obligation. If you are not able to provide all the information we need we may not be able to provide the service to you and the arrangement may be terminated.
When we have concluded the provision of our service to you we will keep your data for a period of 5 Years before it is securely disposed.
Marketing contact details are held for as long as you want to remain on our marketing contact list.
Yes, we use the following data processors to deliver our service to you:
When you purchase one of our products we need to collect the following personal data from you:
We gather your personal data directly from you when you enquire about our products or place an order with us to purchase one of our products.
We use your personal data to:
Contractual obligation (GDPR Article 6(1)(b))
The products we sell to you are done so under contract or with a view to entering into a contract with you. We require certain information from you to enable us to fulfil our contractual obligation. If you are not able to provide all the information we need we may not be able to provide the products to you and the arrangement may be terminated.
Consent (GDPR Article 6(1)(a)
If you enquire about our services or purchase one of our services we may ask you if you would like to receive marketing from us. We will only add you to our marketing list when you have given your consent for us to use your personal data for this purpose.
You always have the right to withdraw your consent to receive marketing, you can do this by clicking the "unsubscribe" link in the marketing email you receive.
We keep product purchasing data for a period of 5 Years from the date you make a purchase from us.
Marketing contact details are held for as long as you want to remain on our marketing contact list.
Yes, we use the following data processors to deliver our service to you:
We need to collect some or all of the following information from you:
We will gather your details either directly from you or we will obtain your details from the individual who is liaising with us from your organisation to arrange the training.
We need your personal data to:
The legal basis we rely on are:
Contractual obligation (GDPR Article 6(1)(b))
The data we obtain to process your enquiry about our training packages is necessary in order to take steps at your request prior to entering into a contract with you.
The data we obtain to process your order to deliver one of our training packages to your organisation and to provide you with service updates in relation to that order is necessary for the performance of a contract to which you have entered into.
We require certain information from you to enable us to fulfil our pre-contractual and contractual obligations. If you are not able to provide all the necessary information we need we may not be able to process your enquiry or provide our training services to you.
We keep records relating to provision of training for 5 Years from when the training took place.
Yes, we use the following data processors to deliver our service to you:
To receive marketing communications from us we need the following personal data:
We gather your personal data directly from you when you sign up to receive marketing information from us.
We need your personal data to be able to send you relevant news about us and our services and products, etc that you have subscribed to receive.
The legal basis we rely on is:
Consent (GDPR Article 6(1)(a)
By submitting your contact details to receive marketing from us you have given your consent for us to use your personal data for this purpose.
You always have the right to withdraw your consent to receive marketing, you can do this by clicking the "unsubscribe" link in the marketing email you receive.
Marketing contact details are held for as long as you want to remain on our marketing contact list.
Yes, we use the following data processors:
For us to pay you for the service or goods you have provided to us we need to collect and use a small amount of information about you and your business, this is also likely to include some information about the individuals who work at your business. The personal data we are likely to need is:
We obtain your data directly when we start to use your services or have purchased goods from you. We gather the relevant information from you to enable us to process payment to you for those services and goods.
We need your personal data to either enquire about the services or goods you provide that we may be interested in purchasing or to make a purchase. We then use your personal data to pay for those goods and services when you invoice us or to raise any queries about the payment.
The legal basis we rely on are:
Contractual obligation (GDPR Article 6(1)(b))
The services or goods you have provided to us are done so under contract or with a view to entering into a contract (i.e. we have asked you for a quote for the goods or to undertake the service for us).
We require certain information from you to enable us to fulfil our part of the pre-contractual and contractual obligations, e.g. we need to have certain information to make the purchase and to process payment. If you are not able to provide all the necessary information for us to do this, we will not be able to purchase the goods or services you provide or be able to make payment once purchased.
Legal obligation (GDPR Article 6(1)(c))
We have a legal obligation to pay for any services or goods we have purchased.
We keep all financial data (which includes supplier information) for 5 Years from end of the financial year it relates to.
Yes, we use the following data processors:
When you apply for a job with us you will need to provide some or all of the following information as part of the job application process:
Depending on where you get to in the recruitment stage will determine what personal data you will need to provide.
We collect information directly from you when you submit your application form or your CV to us for a job you are applying for.
We may also collect your information from recruitment agencies who put forward your name for one of our recruitment campaigns.
We will also collect information about you from your referees as you progress along the recruitment process.
We need your personal data to be able to process your application for a job with us, which includes, but is not limited to:
The legal basis we rely on to undertake our recruitment activities includes:
Contractual obligation (GDPR Article 6(1)(b))
The processing of your job application is necessary in order for us to take steps at your request before entering into a possible employment contract with us.
We require certain information from you to enable us to fulfil our employment pre-contractual and contractual obligations. If you are not able to provide all the necessary information we need we may not be able to process your application and consider you for one of our job vacancies.
Legal obligation (GDPR Article 6(1)(c))
We have certain obligations under employment law in relation to recruitment and selection and equal opportunities that we must comply with.
Processing for employment law (GDPR Article 9(2)(b))
Information you provide to us that relates to special category personal data, such as health, religious or ethnic information is necessary for our recruitment and selection purposes as it relates to our obligations in employment law.
Processing to assess working capacity (GDPR Article 9(2)(h))
We have certain obligations to assess your health in relation to your ability to work for us.
All unsuccessful candidate details are kept for 5 Years from the end of the recruitment process they relate to.
Successful candidate details are transferred to their employment record and kept for 5 Years after employment ends.
Yes, we use the following data processors:
We obtain personal data directly from you, for example when you get in touch with us directly to discuss exhibiting at or sponsoring one of our events.
We need your personal data to be able to communicate with you about exhibiting at or sponsoring any one of our events.
The legal basis we rely on are:
Contractual obligation (GDPR Article 6(1)(b))
To be an exhibitor at or sponsor one of our events we will enter into a contract with you. This also includes any prospective contract discussions.
We require certain information from you to enable us to fulfil our pre-contractual and contractual obligations. If you are not able to provide all the necessary information we need we may not be able to use you as a sponsor or exhibitor and any arrangements we have entered into may need to be terminated.
We retain information relating to exhibitors and sponsors 5 Years from when the exhibition finishes or sponsorship expires.
We do not use any data processors.
