This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to all products and services, and instances where we collect your personal data.
Changes to this privacy notice
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices and it is available on our support portal should you ever wish to review it.
Who are we and how do you contact our Data Controller?
thewealthworks produces the Troika system which is installed by a number of organisations who use it to record details about a range of their clients including trusts, companies and some individuals. In addition thewealthworks also provide a hosting service through a third party for a small number of clients and act for them as a Data Processor. Under the new data privacy rules (GDPR) thewealthworks is therefore both a Data Controller and Processor.
thewealthworks provide services to a number of clients whose staff details we record in order to provide them with support services. It is the responsibility of those organisations to keep thewealthworks informed when a member of their staff leaves so that our records can be kept up to date. We rely on information provided by our clients about who they employ.
Information we collect
Who are “you”?
You are a customer of thewealthworks using the Troika system and you either: enter data yourself into the product, use information within it, or support its use within an organisation. You might also use our support facilities to obtain assistance for advice on how to use the system or resolve problems that a user of the system is experiencing.
You are interested in our product and the connected services we provide and would like further information about what we do or you are just visiting our website for research purposes.
You are an employee of thewealthworks.
Supplier or contractor
You provide products or services directly to thewealthworks.
Information we collect about you
Personal and contact details, such as title, full name, contact details, email address and contact details history.
We collect usage information about you whenever you interact with our website and other support services. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, and so on which is standard to Google analytics.
Device and browser data
We collect information from the device and application you use to access our services. Device data mainly means your IP address, operating system version, device type, system and performance information, and browser type.
Information from page tags
We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect data about our own clients. This data includes usage and user statistics. Newsletter emails sent by thewealthworks via a third party mailing platform (such as MailChimp) or by users through these services include page tags that allow the sender to collect information about who opened those emails and clicked on links in them.
Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.
If you arrive at thewealthworks website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
Information from third parties and integration partners
We collect your personal information or data from third parties if you give permission to those third parties to share your information with us or where you have made that information publicly available online.
The support calls you make can be utilised as ‘Big Data’ giving us information about the types of training or consultancy needed, or an area that needs to be improved in the product.
If you are a Customer we will also collect:
You need a support portal account before you can use thewealthworks support site. When you register for an account, we collect your first and last name, username, password and email address, together with the name of the organisation that you work for.
If you make a payment to thewealthworks, we require you to provide your billing details, a name, address, email address and financial information corresponding to your selected method of payment (e.g. a bank transfer or cheque payment).
If you are an Employee the details of what information we collect can be viewed in our Employee Data Policy.
If you are a Supplier we will also collect details of the services you supply together with information about the staff that you employ to provide those services.
What do we use your personal data for?
We use your personal data, for the following purposes:
- Managing any aspect of our support for the Troika product
- Updating your records
- To perform and/or test the performance of, our products, services and internal processes
- To improve the operation of our business
- To follow guidance and best practice under the change to rules of governmental and regulatory bodies
- To monitor and to keep records of our communications with you and our staff
- To develop new products and services and to review and improve current products & services
- To comply with legal and regulatory obligations, requirements and guidance
- To share information, as needed, with service providers (for example, payroll providers, health insurance, etc) or as part of providing and administering our products and services or operating our business
We process personal data about you either with your consent or in order to:
- Fulfill our contractual responsibility to deliver the services to you;
- To pursue thewealthworks’s legitimate interests of:
- improving service experience; and
- developing new products and service features.
We process your personal information in the following categories of data for legitimate interests pursued by us. We have undertaken to ensure that we place clear limitations on each of these uses so that your privacy is respected and only the information necessary to achieve these legitimate aims is used. Our primary goal is to improve upon and make sure our services are relevant for all our users, while also ensuring that personal information of all users is respected and protected.
thewealthworks produces release notes with every formal release of the software. No data identifying individuals will be published in these notes, although reference to specific faults will. We do not publish or disseminate this information (unless you explicitly ask us to).
thewealthworks assigns a unique identification number to each call. The ID will appear on each copy of the release notes and our users may look up and view release information (except for such visitor’s internet protocol (IP) address).
We use contact information to fulfil our contractual responsibility of supporting your use of the Troika system.
More details: We respond to your inquiries, and send you information as part of our support services; we send you information about program issues, including advice and fixes for problems together with information about changes included in a specific release of the programs.
Information on how you use our services
We use information about the type of support calls we receive to improve our product and the service we provide for you and all users.
More details: We collect information about the types of support problem you may have experienced and analyse trends so we can advise (for example) if more training is required or a change to the system needed. We also write help notes designed to assist users when they receive updates of the product at various times.
We collect and use the following data on the basis that we have to use this information in order to fulfil our contract with you.
Your Account Information
We need to use your account data to run your account, provide you with services, bill you for our services, provide you with customer support, and contact you about your service or account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, a welcome letter when you first become a client, or a decommission letter should you cease to be a client). You cannot opt out of these communications since they are required to provide our services to you and fulfil our contractual obligations.
It is the responsibility of the clients of thewealthworks to protect the information entered onto the Troika database, and who has access to their data. The system is password protected and thewealthworks provides support for issues within the system and will have access to that data from time to time using the data access protocols described in the Data Security Policy.
Your Client Data
As part of our support obligations we may need to investigate reported problems with data entered into the database. This process will either be undertaken remotely to your systems or occasionally, using a copy of your data at out premises. For more details on how we manage these processes see the document Data Fault Diagnosis.
Transaction Monitoring – HMRC’s VAT API
Transaction Monitoring (TxM) is a key security approach adopted in the UK and globally. The approach of HMRC is in line with National Cyber Security Centre (NCSC) and Cabinet Office recommended guidance and industry good practice and is a requirement for the use of their API. They monitor transactions to protect taxpayers from infringement of their data by criminals or fraudsters. Without the protection offered by TxM, personal data could be compromised, leading to fraud against taxpayers or the UK Exchequer. We are obliged to help protect our users’ confidential data by sending HMRC particular types of user audit data which they will record. The HMRC APIs provide HTTP headers that can be used to pass this audit data to them. These headers can influence the processing of the API call, or support their prosecutions for tax or duty fraud. Details of what is contained in these headers can be found on on the HMRC’s API fraud prevention information page.
As developers we are explicitly required to collect and supply fraud header metadata to HMRC. We will be the data controllers of that data by virtue of Section 6 of the Data Protection Act 2018, which supplements the definition of “controller” found in Article 4(7) of the GDPR and provides that the person who is obliged to process data under a statutory obligation is the controller. This data is only collected for submission to the HMRC API.
The servers on which thewealthworks work are located within United Kingdom, (including our Website and back-up facilities). thewealthworks also has a server on their premises which is located in locked, key pass and alarmed premises with CCTV cameras.
Some of you (in particular, European users and those whose information we receive under the EU-U.S. Privacy Shield) have certain legal rights to obtain information about whether we hold personal information about them, to access personal information we hold about them, and to obtain its correction, update, amendment or deletion in appropriate circumstances. Some of these rights may be subject to some exceptions or limitations and in our instance this is the provision of the services provided by our business. We will respond to your request to exercise these rights within a reasonable time (and in all cases within 30 days of receiving a request).
Rights which you are entitled to are:
- Data access rights
- Right to restrict processing
- Right of Rectification
- Right to Erasure (Right to be Forgotten)
- Right to object to processing
- Right to withdraw consent; and
- Data portability rights
Where you are a customer of thewealthworks, you are entitled to a copy of all personal data which we hold in relation to you. You are also entitled to request that we restrict how we use your data or object to some aspect of our treatment of your data. If you want to obtain a full copy of all your data or to request a restriction/ limitation in how we use your data, please contact us.
Exercising your rights
Our Contact Information for Privacy Inquiries is firstname.lastname@example.org
If you are resident in the European Union and you are dissatisfied with how we have managed a complaint you have submitted to us, you are entitled to contact your local data protection supervisory authority.