How we protect your data
With the 2018 introduction of the General Data Protection Regulation (GDPR) across Europe it is our obligation to make clear, in plain English, how we manage the data that our customers and users provide to us.
This document aims to give a clear, simple, breakdown of our role, the data we and our clients collect, and your rights. If any of this doesn’t make sense, or you have concerns, please contact us via firstname.lastname@example.org.
For the purposes of this document, we need to make a few definitions to ensure clarity.
We, Twine or other references to ourselves means Twine Limited – UK Company number 09199373 or the software we provide.
Platform refers explicitly to the Twine software that we provide access to.
Clients refers to our direct clients who have either signed up to use Twine via signup.twinehr.com or who otherwise have a contract with us to provide access to the Twine services.
Users refers to individuals who log into Twine, having been onboarded or invited by a Client.
Tenant refers to a Client’s isolated Twine environment, supplied for their users to log in to.
Twine is a Software as a Service (SaaS) provider that supplies the Twine intranet. Our clients are normally businesses or organisations who wish to use the Twine platform to help their users collaborate more effectively.
Twine has a relationship with both Clients and Users, and the data collected can vary depending on these relationships. Clients can decide how to control access to their Twine tenant, from open registration to invitation only.
In order to provide our service we collect and hold information that broadly falls into three categories as described in this section. This information may come from the client or directly from the users themselves.
We hold information about our clients in order that we can supply a service, and where relevant manage any contractual relationship. This information includes:
Administrator user information is classed the same way as any other user information and is covered by section 3.2 below.
We collect and store a standard set of information about each user in order to provide the service. This information includes:
In addition to the basic minimum data described in section 3.2 above, clients may configure the system to collect additional information. We do provide some common default options such as:
It is important, however, to understand that our Clients may request, and even require, that you supply additional information onto the Twine platform in order to participate. Twine considers that you are providing this information to our Client that we are simply holding on their behalf. Twine provides a default terms of service for end users, however many of our Clients will instead provide their own specific terms, and you should refer to them in the first instance regarding any concerns you may have.
We have systems and processes in place to protect the data we receive from you, and we take this commitment very seriously. We can provide, upon request, our detailed data protection, data handling, and privacy policies. Otherwise we’re happy to talk through any concerns or questions you have directly.
Broadly speaking, we follow best practices and store your data on an environment hosted by Amazon Web Services, based in Dublin, Ireland. Amazon have extensive documentation on their security and legal compliance available on their website at https://aws.amazon.com/compliance/.
In handling your data we follow best practices such as:
Using encryption to communicate between users and ourselves.
Restricting and logging those who have access to the data we hold.
Not moving data from production to test environments.
Having outside security companies perform penetration tests on the platform.
In order to both operate the platform and our business as a whole we need to involve some third party suppliers and platforms. We have detailed each, and the reason we use them below. We may use more third parties than this, however these are the ones that would potentially see personal information.
4.2.1 In order to provide the platform
4.2.2 In order to operate our business
We will need to keep hold of your data while you as a User are active (not deleted). The primary reason for this is Twine is a community built from your contributions made on the Twine platform. For example your contributions to Polls, Comments, and the Forum all need to persist while the Tenant and your User are active.
There are two conditions where your data will be deleted:
You or the Tenant administrator elect to delete your User account on the Twine platform, by contacting us via email@example.com.
The Tenant administrator or Client requests to close down the Tenant, by contacting us via firstname.lastname@example.org
After processing your request to delete data, it will almost immediately be made inactive, meaning your data will not be visible to any other User within Twine. Then, within 30 days Twine Platform will automatically delete your data entirely from our platform, including backups.
GDPR provides for several rights for individuals, if you wish to exercise any of these right we request that you contact us via email@example.com where will arrange for the required work to be undertaken.
In order to service rights requests in the timeframe required by the law, we may not be able to provide data in a specific format defined by the user making the request. We will, however, aim to provide the data in a machine readable format (such as CSVs) to enable portability.
If your request is excessively complex to fulfill we may need to charge a fee to cover the extra time required, as permitted by the law.