TPTracker has many features which can help users comply with GDPR requirements by ensuring data is stored safely and used appropriately.
DATA CONTROLLER AND DATA PROCESSOR
The TPTracker licensee is legally the ‘Data Controller’ and therefore the owner of the data held in TPTracker. They are responsible for GDPR compliance with respect to what data is held and how it is used.
Arena Partnership is legally the ‘Data Processor’ and therefore responsible for the safe storage and processing of the data. Arena Partnership will never use the personal data held in TPTracker for any purpose or pass it to a third party.
PERSONAL DATA HELD IN TPTracker®
The TPTracker licensee is responsible for the data held in TPTracker: the people included in the database, the data fields populated, the personal information held in those fields and the use of that data.
Records updated via TPUpdate
If TPTracker is regularly updated via TPUpdate from the licensee’s master database, and this master database is compliant with GDPR, then TPTracker will also be compliant with GDPR in terms of the licensee’s authority to hold the data.
Records added manually to TPTracker
For any people added manually to the TPTracker database, the licensee is responsible for ensuring that they have obtained permission from the people being added. The facility for manually adding people to the TPTracker database can be turned off by request.
Personal data fields in TPTracker
Licensees may wish to review the data fields being populated within TPTracker, to ensure that holding this data is both legal and necessary; unwanted fields can be removed, hidden or left un-populated.
ARCHIVING AND DELETING RECORDS
Records which are no longer required, can be archived and/or deleted from the TPTracker database.
TPTracker will automatically ‘Archive’ the records of people who are not included in a TPUpdate file.
Those people who have been added manually to the database will not be automatically archived. It is the licensee’s responsibility to review manual records annually and archive or delete them manually as necessary.
Archived records are still available for selection and viewing by any TPTracker user, including their personal profiling data.
Manually deleting individual records
A TPTracker user can manually delete ‘Current’ or ‘Archived’ records from the TPTracker database by clicking the ‘Delete’ button provided. Access to this button can be restricted to specific authorised users only.
The definition of ‘Deleted’
In TPTracker, once a person has been deleted from the database then this is a complete and permanent delete; it will not be possible restore their record or to trace them or any of their personal details.
- Their personal record is no longer available for selection or viewing.
- Any Participation, Communication, Support or Feedback records linked to them will be replaced with pseudonymised records which do not include any data which can be used to identify the former participant.
Manually deleting multiple records
A TPTracker user can contact the Help Desk to request that a list of specific records be deleted from the TPTracker database.
A licensee can agree a contract with the Help Desk to review their database at regular intervals and delete all records that have been archived for longer than a specified period. In this way, archived records will only remain accessible for a limited time.
PARTICIPATION AND SUPPORT MODULES
It is the licensee’s decision whether they need specific permission from participants to create records of participation or support provided. TPTracker fields are available for recording their permission if required.
Recording engagements in TPTracker
Users are responsible for creating all engagement records in TPTracker relating to ‘Participation’ or ‘Support’ activities.
Deleting Participation or Support records
A user can permanently delete individual participation and support records or complete programmes of records from TPTracker.
Deleting a record from within a Programme or deleting a whole Programme, will automatically delete the relevant records from each participant’s personal file.
A number of additional fields are being added to enable a TPTracker user to manage communications with complete confidence that they are GDPR compliant.
It is the user’s responsibility to identify whether the communication they wish to send is a ‘marketing communication’ or a ‘legitimate business communication’.
Consent to receive marketing communications
TPTracker is adding a ‘Consented to receive marketing communications’ field to each personal record:
- Unticked = Consent not given (Default): This will mean they have either not given or have withdrawn their consent to be contacted with marketing communications. TPTracker will automatically exclude them from any communication which is classified as ‘marketing’.
- Ticked = Consent given: This will mean they have positively given their consent to be contacted with a marketing communication. These are the only people who TPTracker will allow to be selected for a ‘marketing’ communication.
There will also be a ‘Date’ field and a ‘How’ field, to record when and how their consent was given or withdrawn.
These fields can either be populated automatically via TPUpdate from the licensee’s master database, OR they can be populated manually in TPTracker.
These fields can also be automatically updated by TPTracker (see ‘Unsubscribe’ below).
Sending communications from TPTracker
When creating a communication through TPTracker it will by default be classified as ‘This is a marketing communication’.
This will mean TPTracker prevents selection of people who have not consented to receive such communications and that an ‘Unsubscribe’ option will be automatically included in the email or SMS communication (see below).
If the user changes this default setting by unticking ‘This is a marketing communication’, then the communication created will be treated as for ‘Legitimate interests’. Nobody will be filtered out on the basis of their consent and ‘Unsubscribe’ will not be included in the communication (see below).
Including ‘Unsubscribe’ in communications
TPTracker will automatically include an ‘Unsubscribe’ option in marketing emails and texts sent from TPTracker.
Clicking ‘Unsubscribe’ in an email or SMS message will send a signal back to TPTracker which will then:
- Untick the ‘Consented to receive marketing communications’ field for that person and record the date and communication reference;
- Send an email alert with the person’s personal details to a nominated email address plus up to two cc email addresses.
Hyperlinked text can be included in email bodies, signatures or footers sent from TPTracker.
The ‘Survey preference’ fields in TPTracker allow a person to opt out of receiving any surveys or surveys using specific methods.
‘No surveys’ option
There is no requirement to include a ‘No surveys’ option within a questionnaire but licensees may wish to include a statement such as “If you do not wish to receive questionnaires from us in future then please call us on…” They can then update the ‘Communication preferences’ fields for that person either manually or via TPUpdate.
Revealing a survey respondent’s identity
Any questionnaire can include a standard field for the respondent to give permission for their identity to be revealed.
If an ‘Opt in’ field is NOT INCLUDED, or an ‘Opt in’ field is INCLUDED in a questionnaire and is TICKED by the respondent, then the response data is treated by TPTracker as ‘Confidential’:
- Confidential means good practice is being followed to ensure that no personal information about individual respondents or small groups of respondents is released into the public domain or made accessible within your organisation, except to a very small group of Data Controllers.
- The respondent’s survey reference and identity are shown in the ‘Export’ file of response data but are not revealed if their ‘Comments’ or the ‘Review individual feedback’ screens are viewed.
Surveys are generally ‘Confidential’ rather than ‘Anonymous’ because it is accepted that you need to be able to relate the response data to respondents’ personal profiles for analysis purposes and you may also need to know who has/has not responded if you wish to send them a reminder.
If an ‘Opt in’ field is INCLUDED in a questionnaire and NOT TICKED by the respondent, then the response data is treated by TPTracker as ‘Anonymous’:
- Anonymous means that the information provided by the respondent cannot be traced back in any way to an individual respondent or a small group of respondents.
- In TPTracker, neither the respondent’s survey reference nor their identity are shown in the ‘Export’ file of response data, and are not revealed if their ‘Comments’ or the ‘Review individual feedback’ screens are viewed.
SUBJECT ACCESS REQUESTS
If a licensee receives a SAR, they can download all the data held in TPTracker or ask the Help Desk to do it for them.
CLOSING DOWN A TPTracker® SITE
When a TPTracker licence is not renewed, the site is closed down and all the data held in the site is permanently deleted.