1. Privacy Policy

Triyit Ltd. ("Triyit", "we", "our", or "us") is committed to protecting your privacy and ensuring that your personal information is protected.

We have provided this Privacy Policy to inform you ("You" or "Your") how we gather and use, and the circumstances under which we may disclose, personal information we collect from our members ("Club Members") through www.triyit.co.uk (the "Site") in connection with our service (the "Service").

The owner and data controller of the site is Triyit Ltd. (A data controller is responsible for determining why your data is collected and how it is processed.) Our address is 3/1, 84 Miller Street, Glasgow, G1 1DT and our number company is SC538503.

We may update this Privacy Policy from time to time at our discretion and will notify you of any material changes by posting an announcement notice on the Site or via email to our Members. We encourage you to revisit this Privacy Policy which was last updated on 17 September 2021.

2. Rights of the Data Subject

Under the GDPR, you have the following rights, which we will always work to uphold:

a) The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 12.

b) The right to access the personal data we hold about you. Part 11 will tell you how to do this.

c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 12 to find out more.

d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Part 12 to find out more.

e) The right to restrict (i.e. prevent) the processing of your personal data.

f) The right to object to our using of your personal data for a particular purpose or purposes.

g) The right to data portability. This means that, if you have provided personal data to us directly, we am using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask me for a copy of that personal data to re-use with another service or business in many cases.

h) Rights relating to automated decision-making and profiling.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 15.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

3. PRIVACY POLICY IS LIMITED TO TRIYIT

This Privacy Policy does not apply to third party sites to which we may link or to the products or services of our business partners such as the brands that we work with who provide product samples or third parties who may host and/or deliver our data to brands and other like services. The fact that we link to a website or display an advertisement or other third party content is not an endorsement, authorisation or representation of our affiliation with any of those third parties, nor is it an endorsement of their privacy or information security policies or practices.

4. COLLECTION AND USE OF NON-IDENTIFYING INFORMATION

We may collect, use, transfer, and disclose information in a form that does not personally identify you ("Non-Identifying Information") for any purpose. Non-Identifying Information can include certain personally identifiable information that has been de-identified; that is, information that has been rendered anonymous. We and/or our third party service providers obtain and may collect non-Identifying Information about you from information that you provide us and/or from your use of the Service, either separately or together with your Personal Information. We may combine your Personal Information with Non-Identifying Information and aggregate it with information collected from other users or sources to attempt to provide you with a better experience, to improve the quality and value of our products and services, and to analyse and understand how our products and services are used. We may also use the combined information without aggregating it to serve you specifically.

When you access our Service, we and our third-party service providers may use a variety of technologies, now and hereafter devised, that automatically record certain usage information. This information may include your Internet Protocol address (and other unique identifiers for the particular device you use to access the Internet), browser type, your web or application request, your interaction with our Service, the webpage or other feature you were using before you came to our Service, pages of our websites that you visit, information you search for via our Service, access times and dates, and other similar information. We use this information for a variety of purposes, including analysing and enhancing our products and services, and to help personalise our Service for you. We do not treat this information as Personal Information (except to the extent required by law), although if we combine it with the Personal Information you provide, we will treat the combined information as Personal Information.

5. COLLECTION OF PERSONAL INFORMATION

As part of your use of our Site and as part of our Service to the brands we work with, we may ask you to submit feedback on certain products, by way of surveys, testimonials, ratings and reviews or other format. In order to uniquely identify you, and so that you may receive communications from us and use our Site, we may ask for the following:

- your name

- address

- phone number

- e-mail address

- age

- gender and

- any other personal information that we may require to fulfil our obligations ("Personal Information").

Our justification for collecting this information is that it is necessary for us to do so in order to fulfil our obligations to our Members under the contract between us contained in our Terms and Conditions.

If you decide to access the service or sign up via a third party social networking platform ("SNP"), such as Facebook, via our Service, we may also collect Personal Information when you interact with the service. If you log into an SNP via the Service, you are allowing Triyit to access the Personal Information in your SNP account, as well as other information associated with your SNP account, pursuant to the SNP's applicable terms and conditions. The information we receive from an SNP may depend on the privacy settings you have with the SNP, so please check the SNP's privacy policy.

For information on how long we keep your personal data, see clause 7 below.

6. USE OF PERSONAL INFORMATION

We may use your Personal Information, either alone or in combination with other information, so that we can provide, enhance and personalise our Service and related content, products, offers, and marketing efforts. The following is a non-exhaustive list of ways that we may use your Personal Information:

(a) to register and/or identify you as a user of the Service and to help authenticate any account you create with us;

(b) to match you with products, offers, and trials that best fit your likes and needs;

(d) to communicate with you regarding campaigns, the Service, updates, offers, promotions or events and to deliver products to you for sampling (if you have provided your consent for us to use your information in this way);

(e) to help us develop, customise, deliver, support and improve our Service, products, samples, content, and advertising and to provide you with the best user experience possible;

(f) to administer promotions, contests, sweepstakes or other offerings;

(g) to protect the rights or property or security of Triyit or our users, and prevent fraud and other prohibited or illegal activities;

(h) for our internal purposes (such as auditing, data analysis, and research to improve our services, and communications); and

(i) as may be disclosed to you at the point of collection.

Except as described in this Privacy Policy we will not share your Personal Information with other companies or individuals outside of Triyit and its affiliates, unless we have received your consent. For example, at the time of collection of a rating and review of a product, your consent may be requested to share your Personal Information and grant certain rights to a brand or other third party, in the form of a "Testimonial Release."

7. STORAGE OF PERSONAL DATA

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):

Type of Data

Retention Period or Criteria

Name of Data Subject - [3 years]

Email Address of Data Subject - [3 years]

Data Subject gender and date of birth - [3 years]

Data Subject address and telephone number - [3 years]

Any Sensitive Personal Data which the Data Subject has provided - [3 years]

Technical activity tracking during use of Our Site - [3 years]

We will only store or transfer your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law. By supplying your Personal Information to Triyit, you are consenting to Triyit passing your information outside of the EEA.

The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:

· Personal data may be transmitted over secure networks only, transmission over unsecured networks is not permitted in any circumstances;

· Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable;

· Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted. All temporary files associated therewith should also be deleted using permanent deletion of the email from trash;

· Where personal data is to be transferred in hardcopy form it should be passed directly to the recipient; and

· All personal data to be transferred physically, whether in hardcopy form or on removable electronic media shall be transferred in a suitable container marked “confidential”.

· No personal data may be shared informally and if an employee, agent, sub-contractor, or other party working on our behalf requires access to any personal data that they do not already have access to, such access should be formally requested from Dr Derek Connor (datateam@triyit.co.uk);

· No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on our behalf or not, without the authorisation of Dr Derek Connor (datateam@triyit.co.uk);

· Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors, or other parties at any time;

· If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it; and

· Where personal data held by us is used for marketing purposes, it shall be the responsibility of Dr Derek Connor (datateam@triyit.co.uk) to ensure that the appropriate consent is obtained and that no data subjects have opted-out, whether directly or via a third-party service such as the TPS;

· All passwords used to protect personal data should be changed regularly and should not use words or phrases that can be easily guessed or otherwise compromised. All passwords must follow recognised industry bets practices. All software used by us is designed to require such passwords;

· Under no circumstances are passwords to be written down or shared between any employees, agents, contractors, or other parties working on our behalf, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method. Our IT staff do not have access to passwords;

· All software (including, but not limited to, applications and operating systems) shall be kept up-to-date. Our IT staff shall be responsible for installing any and all security-related updates not more than six months after the updates are made available by the publisher or manufacturer;

· No software may be installed on any of our owned computers or devices without the prior approval of Dr Derek Connor (datateam@triyit.co.uk).

8. SHARING CAMPAIGN FEEDBACK & OTHER CONTENT

The information collected during the feedback/survey process is used to prepare statistical reports and analytics for our clients (brand partners). The reports give insight into the performance of the product during a campaign run on the client’s behalf. The Reports will not contain your personal information, unless you have specifically given permission to do so via an opt-in at the time you join a campaign or leave feedback.

By joining the club, you acknowledge and agree that: (a) we are not under any obligation of confidentiality (express or implied) with respect to your campaign/product feedback; (b) we and our clients can use or disclose (or choose not to use or disclose) your feedback for any purpose, in any way, in any media worldwide; and (d) you are not entitled to any compensation or reimbursement of any kind from us or any of our clients under any circumstances.

By posting content to our site or any third party sites as part of a Triyit campaign, promotion or competition, you represent that you own or have the right to use all of the content and information you post. Although you will continue to own your content (unless stated otherwise in the terms of any third party site used), when you publish content as described, you agree that you are allowing us and our clients to access and use that content & information. For content that is covered by intellectual property rights (like photos and videos) you grant us a non-exclusive, sub-licensable, royalty-free, worldwide license to use this content in connection with current & future Triyit campaigns/marketing and our client’s (brand partners) own marketing communications. For example, our client could create an ad using content that you have placed/posted as part of a Triyit campaign, promotion or competition. You are not entitled to any compensation or reimbursement of any kind from us or any of our clients under any circumstances.

You, and not us, are entirely responsible for all content that you upload, post, email, transmit or otherwise make available via Triyit and/or any of our product campaigns.

We do not have an obligation to review the content posted to our site, but you understand that we may refuse to post or remove any of your content at our sole discretion.

9. OUR SERVICE PROVIDERS

We may engage third parties to perform services on our behalf, such as hosting and storage services, software maintenance services, e-mail notifications, database management, analytics and other services. These third parties may have access to your Personal Information to perform certain tasks on our behalf but they are not authorised by us to otherwise use or disclose your Personal Information.

The service providers who we are currently engaged with are:

Typeform – platform used to record all consumer profiles and feedback completion data

Mailchimp – platform used as a proxy email server to send out mass emails to our members. Collects names, emails and IP addresses.

SendGrid - platform used as a proxy email server to send out mass emails to our members. Collects names, emails and IP addresses.

Google Cloud Platform – Cloud storage platform for all profiles and member data

Message Bird – uses Member mobile phone numbers to send SMS messages during campaigns.

DPD (DPDGroupUK Limited) – are provided with club member’s names and addresses to facilitate package delivery.

Royal Mail – are provided with club member’s names and addresses to facilitate package delivery.

MyHermes - are provided with club member’s names and addresses to facilitate package delivery.

In addition, if you voluntarily participate in a sweepstakes, contest, rewards program or other promotion through our Site or Service, we may share your Personal Information with the participating sponsors or with third parties who assist us in using the content or other information you have posted or shared with us.

Pre-Launch Profile information of users/members who join the club after 12/01/2024 may be held securely on Amazon Web Services (AWS).

10. OTHER GENERAL INFORMATION

(a) Public Posts on the Service

Any information that you voluntarily disclose for public posting to the Service becomes available to the public and may be seen or collected by other persons, including third parties that may not adhere to the standards set forth in this Privacy Policy. Do not submit information, comments, or other content that you want to keep strictly private. We are not responsible for events arising from the distribution of any information you choose to publicly post or share through our Service.

(b) Changing or Deleting Your Information

To view and change Personal Information that you have directly provided to Triyit via the Service, you can contact Triyit by sending an email to hello@triyit.co.uk Information may also be accessible via the "account profile" section of our website. Please note we may retain server/backup copies of all such data, and that we may decline to process change or deletion requests that we deem to be unreasonable, or require disproportionate technical effort, or jeopardise the privacy of others.

We may disclose Personal Information or other information about you to government or law enforcement officials, in connection with court orders or judicial process, to protect the property and rights of us or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical or legally actionable.

(d) Business Transfers

We reserve the right to transfer or otherwise disclose your Personal Information in connection with a merger, acquisition, or other change in control, joint venture, reorganisation or sale of assets or in the event of bankruptcy or liquidation proceeding.

(e) Data Transfers

Triyit processes Personal Information via 3rd party service providers. Your Personal Information may be transferred to, and used by, entities located outside of your country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. Such export is a requirement of providing your information to Triyit, and you consent to such transfer and use in all respects.

(f) Our Policy Toward Children

We do not knowingly collect personally identifiable information from anyone under 18 and do not target our online services to anyone under 18. If we discover that someone under the age of 18 has provided Personal Information we will delete such information from our Site and server. We encourage parental controls to prevent children from submitting information or data on our Site.

11. HOW CAN YOU ACCESS YOUR PERSONAL DATA?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 1. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within 28 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

12. RIGHT TO RECTIFICATION

In accordance with the rights indicated in Part 2, you have the right to request that any of your Personal Information which we hold and which is or has become inaccurate, be changed to reflect your correct information. To make such a request, write to us at the address in Part 1, or email us at the email address in Part 15 with the details of your request.

13. SECURITY IS IMPORTANT TO US

We strive to protect your Personal Information and privacy. We employ security measures to protect your Personal Information from unauthorised access and disclosure. Our service providers use secure sockets layer ("SSL") technology. An SSL certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key. Please be advised that we cannot guarantee or warrant the security of any information you disclose or transmit to us online and are not responsible for the theft, destruction, unauthorised access by third parties or inadvertent disclosure of your Personal Information.

14. USE OF COOKIES

We and our third-party service providers may automatically collect Non-Identifying Information using various methods, including, without limitation, cookies. A cookie is a small data file transferred to your computer (or other device) when it is used to access our Service. Cookies may be used for many purposes, including to enable certain features of our Service, to better understand how you interact with our Service and to monitor aggregate usage by visitors and online traffic routing. You may be able to instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the online services you visit. If you do not accept cookies, however, you may not be able to use all portions of our online services or all functionality of our online services.

Non-Identifying Information may be provided to third parties for marketing, advertising, or other uses. For example, we may share aggregated demographic about our members without disclosing Personal Information except as described in this Privacy Policy.

15. OPT-OUT AND CONTACT INFORMATION

If you decide at any time that you no longer wish to receive communications from us, please follow our unsubscribe instructions on one of our email communications, or email us at hello@triyit.co.uk . While you are a member of Triyit you may not opt-out of important communications from us such as service related announcements or notifications about changes to our Terms and Conditions or Privacy Policy.

If you have any questions about this Privacy Policy, please feel free to contact us by sending an email to datateam@triyit.co.uk

PRIVACY POLICY OPERATIONAL FROM : January 2019

16 GOOGLE USER DATA

Impacting users joining after: 5th August 2024

16.1 This section of the Privacy Policy describes how we collect, use, and disclose personal information when you use the OAuth consent screen provided by Google to connect to your Triyit account. By logging in with your email address, you consent to the practices described in this policy.

16.2 Information We Collect

16.2.1 When you use the OAuth consent screen to connect to your Triyit account, we may collect the following types of personal information:

16.2.1.1 Personal Information: We may collect your name, email address, and other contact details associated with your Triyit account.

16.2.1.2 OAuth Permissions: We may collect and store the permissions you grant to our application during the OAuth consent process. These permissions allow us to access certain information from your Triyit account, as authorised by you.

16.3 Use of Information

16.3.1 We use the personal information collected through the OAuth consent screen for the following purposes:

16.3.1.1 Authentication and Account Access: We use your Triyit email address and associated permissions to authenticate your identity and provide you with access to our application.

16.3.1.2 Service Provision: We may use the information to provide you with the requested services, including personalised features, support, and updates related to our application.

16.3.1.3 Influencer Status: We may use the information to determine whether you qualify for Influencer Status, based on your follower and subscriber counts.

16.4 Disclosure of Information

16.4.1 We do not sell, trade, or otherwise transfer your personal information to third parties without your explicit consent, except in the following circumstances:

16.4.1.1 Service Providers: We will never share your personal information with any third party service providers.

16.4.1.2 Legal Compliance: We may disclose your personal information if required by law, governmental or regulatory authorities, or to protect our rights, property, or safety, or that of our users or the public.

16.5 Data Security

16.5.1 We take reasonable measures to protect the personal information collected through the OAuth consent screen from unauthorised access, use, or disclosure. However, please note that no method of transmission over the internet or method of electronic storage is 100% secure.

16.6 Data Retention

16.6.1 We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

16.7 Your Rights

16.7.1 You may have certain rights regarding your personal information, including the right to access, correct, or delete your information. To exercise these rights or if you have any questions or concerns about the processing of your personal information, please contact us using the information provided below.

16.8 Changes to this Privacy Policy

16.8.1 We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated Privacy Policy on our website or through other communication channels.

16.9 Contact Us

16.9.1 If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at datateam@triyit.co.uk.

16.9.2 By using the OAuth consent screen provided by Google and connecting Triyit account, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.

17 Meta Pixel Data

Impacting users joining after: 18th November 2024

17.1 We utilise the Facebook Pixel to help us understand the effectiveness of our advertising on the across the Meta network and to provide you with relevant, targeted adverts. The Meta Pixel enables us to collect information about your browsing behaviour on our website, which may be shared with Meta to allow us to show you content and adverts across Meta platforms that are more relevant to you. Any data collected is managed in accordance with our Privacy Policy, and you may adjust or disable the Meta Pixel through your browser settings or via Meta’s advert preferences.