Tahdah Verified Ltd. Privacy Policy
Tahdah Verified Ltd (TVL) operates a system (multi-tenant software as a service platform) and we are committed to safeguarding the privacy of the users of our system. This Policy sets out our commitments to you, in compliance with the General Data Protection Regulation (commonly known as the GDPR) and explains how we collect, store and use your personal information.
This privacy policy relates to a living individual, a business, forming a partnership, company, charity or organisation. Our systems use cookies – you should refer to our cookies policy and confirm your acceptance of our use of cookies according to that policy.
When we hold or use your personal information as a data controller (see below for a description of what this is) below sets out the information we hold about you (such as your contact details, address, etc.), how your personal information may be used and the reasons for these uses, together with details of your rights.
If our privacy policy is updated substantially, then we may provide you with details of the updated version. You are encouraged to check back regularly for updates.
In most cases, we will not be a data controller of your personal information. In any case, where we are not a data controller, this means that you cannot exercise these rights against us directly (i.e. where we only act as a data processor), but you can do so against the data controller (i.e. the organisation who controls how we process the personal information). In these cases, we will endeavour to inform you who is the data controller of your personal information so that you can direct any such requests to them.
Also, it is only a data controller that will provide you with a privacy policy about your personal information, so where we process your personal information as a data controller we will provide you with a privacy policy. Where we process your personal information as a data processor for a third party, that third party should provide you with a privacy policy which will set out details regarding the processing of your personal information, which should also include the processing to be carried out by us on their behalf.
This data includes the following:
1. Verification services. These services will already have a record of your personal details. When you connect your tahdah account to these services we exchange basic information about you sufficient only to establish a link, and in general these services do not record any further information. At the time of writing these services are :
a. Azolve Ltd – We use this to verify your membership of organisations that use their software to manage membership. Currently, we use this to verify membership of Mountaineering Scotland and Cycling Ireland
b. Mountaineering Ireland – to verify membership of Mountaineering Ireland
c. British Mountaineering Council – to verify membership of the BMC
2. Account linking. These services let you link elements of your account to tahdah for your own convenience. These links are initiated by you. We do not send any data to these services. We use a process called OAUTH to allow their API to communicate securely with us to share information from those services that we can use to improve your experience of tahdah. You are not required to use our services. At the time of writing the services, we link to are.
a. Facebook – you can link to Facebook for the purposes of creating a single login to your tahdah account. You can unlink this at any time. Facebook do not share any additional information with us
b. Twitter – As with Facebook
c. Google Health – You can run one-off imports of data from your Google Health account. We do not provide google with any additional information about you
d. Fitbit, Runkeeper, MapMyFitness and Strava all work the same as Google Health.
3. Cross-site login. These services allow you to log in to other websites using your tahdah login. When you do this we share a list of your active qualifications, award registrations and memberships as well as a marker if you are a director or work for any provider. These websites use this information to show you restricted content and training material. At the time of writing the websites that use this service are:
a. Mountain Training, including MTA and AMI
b. NICAS / ABC Training Trust
For further information on GDPR - click here
This privacy policy relates to a living individual, a business, forming a partnership, company, charity or organisation. Our systems use cookies – you should refer to our cookies policy and confirm your acceptance of our use of cookies according to that policy.
When we hold or use your personal information as a data controller (see below for a description of what this is) below sets out the information we hold about you (such as your contact details, address, etc.), how your personal information may be used and the reasons for these uses, together with details of your rights.
If our privacy policy is updated substantially, then we may provide you with details of the updated version. You are encouraged to check back regularly for updates.
THE DIFFERENCE BETWEEN DATA CONTROLLERS/PROCESSORS
A data controller is the organisation who controls how personal information is processed and used. A data processor is an organisation who processes and uses personal information in accordance with the instructions of a third party, i.e. the data controller. This distinction is important.In most cases, we will not be a data controller of your personal information. In any case, where we are not a data controller, this means that you cannot exercise these rights against us directly (i.e. where we only act as a data processor), but you can do so against the data controller (i.e. the organisation who controls how we process the personal information). In these cases, we will endeavour to inform you who is the data controller of your personal information so that you can direct any such requests to them.
Also, it is only a data controller that will provide you with a privacy policy about your personal information, so where we process your personal information as a data controller we will provide you with a privacy policy. Where we process your personal information as a data processor for a third party, that third party should provide you with a privacy policy which will set out details regarding the processing of your personal information, which should also include the processing to be carried out by us on their behalf.
1. What data do we collect and from where
a. We may collect, store and use the following kinds of personal information either directly or in conjunction with and on behalf of our clients or via the contact form on our website (www.tahdah.me)This data includes the following:
- Full name
- Your email address
- Date of birth
- Gender
- Postcode and address
- Emergency Contact details
b. We also collect information that you voluntarily provide to us when you contact us with queries, complaints, comments or praise.
c. Information relating to any financial transactions carried out between you and us on or in relation to this system, including information relating to additional services you may purchase.
d. Information that you provide to us for the purpose of subscribing to our services, email notifications and/or newsletters, provided that you have indicated that you are happy to be contacted for these purposes.
e. Any other information that you choose to send to us including download, uploads and communication via your account control panel on the system.
2. Under 16’s
Under the General Data Protection Regulation (GDPR), the lawful basis we rely on for processing child information as per Article 6 and Article 9 is for the basis of: Registering for courses/workshops or awards.
The accounts for those aged under 16 can optionally be accessed by parents or legal guardians by using our parental account feature. The information that we will process will be limited and will include:
First name
Last name
Date of birth
Gender
This will have been obtained either via the parent/guardian or entered into the system by the provider of the course the child is registering on. For Parents/guardians of a child under 16 we may process limited personal data about you so that you can give consent for your child to access relevant workshops/ courses/awards. We may also use your contact details to communicate with you either directly or on behalf of a client about the child account or use of services.
3. Using your personal information
Personal information submitted to us via this system will be used for the purposes specified in this privacy policy or in relevant parts of the system. We may use your personal information in pursuit of legitimate interests and/or fulfilment of a contract to:
a. develop and maintain an accurate record of individuals, companies, charities or organisations;
b. enable your use of the services available on the system; c. supply to you services purchased via the system;
d. send reminders and receipts to you, and collect payments from you;
e. send you general (non-marketing) commercial communications;
f. send you email notifications which you have specifically requested;
g. send you our newsletter, periodic emails about new features, solicit your feedback, or just keep you up to date with what is going on with our product together with other marketing communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you, by post or, where you have specifically agreed to this.
h. provide third parties with anonymised statistical information – but this information will not be used to identify any individual user;
i. deal with enquiries and complaints made by or about you relating to the system;
j. keep the system secure and prevent fraud;
k. verify compliance with the terms and conditions governing the use of the system under the terms of our disclaimer in our terms and conditions.
Your privacy settings can be used to limit the publication of your information on the system. You can adjust your privacy settings at https://cms.tahdah.me/manage. We will not, without your express consent, provide your personal information to any third parties for the purpose of direct marketing.
4. Financial Transactions
All of our system's financial transactions are handled through our payment services providers, Stripe and GoCardLess. You can review their privacy policies here:
We will share information with Stripe and GoCardLess only to the extent necessary for the purposes of processing payments you make via our website, refunding such payments and dealing with complaints and queries relating to such payments and refunds. Organisations or Boards will be able to view and manage payments you make to them. They will not be able to view payments made to other organisations. They will however be able to view a payment made to an Organisation or Board in respect of their financial transaction. TVL will be able to see all transactions made to all Organisations or Boards.
4. Disclosures
We may disclose your personal information to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this privacy policy. We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this privacy policy. In addition, we may disclose your personal information:
a. to the extent that we are required to do so by law;
b. in connection with any ongoing or prospective legal proceedings;
c. in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
d. to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
e. to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information. Except as provided in this privacy policy, we will not provide your information to third parties.
5. International data transfers
Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy policy. The information which you provide will be stored in the EU and in accordance with the Data Protection Act 1998.
6. Data Portability
The data connected to your profile is unique, there is no way to transfer it to another system. However, we do plan to give you the ability to download certain data as CSV files in the future which will be password protected.
The data controller for your data will be Organisation or Board and the data processor will be TVL.
7. Security of your personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all the personal information you provide on secure (password and firewall-protected) servers. All electronic transactions entered via our system will be protected by encryption technology. You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping your password and other login details confidential. We will not ask you for your password (except when you log in to the system). Our system utilises two-factor authentication and we would encourage all users to use this functionality for added security.
8. How long do we keep your personal information
Users' personal data - We will keep your personal information for as long as necessary to provide you with a service in line with our legitimate interests. Details will be retained for a minimum of 40 years so that TVL, Organisations or Boards are able to comply with legal requests including investigations in respect of insurance claims or by the police or other authorities in the future, however, you have the right to withdraw consent for specific organisations to access your updated information.
9. Your rights
a. All data held about you is viewable in your personal account, so there should be no need to contact us to request your personal data, however you may request us to provide you with any personal information we hold about you. However, where the request is manifestly unfounded, unnecessary or excessive we may charge a “reasonable fee” for the administrative costs of complying with the request. We can also charge a reasonable fee if an individual requests further copies of their data following a request.
b. the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
We may withhold such personal information to the extent permitted by law. You may instruct us not to process your personal information for marketing purposes, by sending an email to us at support@tahdah.me. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal information for marketing purposes. Right to erasure
TVL and our customers affirm that they have a legitimate interest to access the information you are supplying as part of specific system activity. This activity forms part of the records of the relevant organisation therefore once you complete your activity there is no right to remove any of the above information unless you cancel within the specified time limit as indicated at the time of the transaction.
10. Third party websites
Tahdah Verified Ltd employs third party suppliers to provide services. These suppliers may process personal information on our behalf as data processors and are subject to written contractual conditions to only process that personal information under our instructions and protect it. In the event that we share personal information with external third parties, we only share such information strictly required for specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes.
- Stripe Ltd: process credit and debit card payments on our behalf. We pass them your name, email address and postcode in order to perform fraud checks when making payments and they keep a record of this against all payments.
- GoCardless Ltd: process direct debits on our behalf. We pass them your name, email address and postcode and they may also collect additional information from you including bank details in order to process direct debit payments. They do not report your bank details back to us.
- Twilio Ltd: provide SMS services to us for the purpose of sending two-factor access codes, we will only provide them with your mobile number in order to send you an access code and only if you opt into two-factor authentication by SMS.
- Zendesk: provide our support desk services. If you send us a contact only the information you enter into the contact form will be sent to Zendesk.
1. Verification services. These services will already have a record of your personal details. When you connect your tahdah account to these services we exchange basic information about you sufficient only to establish a link, and in general these services do not record any further information. At the time of writing these services are :
a. Azolve Ltd – We use this to verify your membership of organisations that use their software to manage membership. Currently, we use this to verify membership of Mountaineering Scotland and Cycling Ireland
b. Mountaineering Ireland – to verify membership of Mountaineering Ireland
c. British Mountaineering Council – to verify membership of the BMC
2. Account linking. These services let you link elements of your account to tahdah for your own convenience. These links are initiated by you. We do not send any data to these services. We use a process called OAUTH to allow their API to communicate securely with us to share information from those services that we can use to improve your experience of tahdah. You are not required to use our services. At the time of writing the services, we link to are.
a. Facebook – you can link to Facebook for the purposes of creating a single login to your tahdah account. You can unlink this at any time. Facebook do not share any additional information with us
b. Twitter – As with Facebook
c. Google Health – You can run one-off imports of data from your Google Health account. We do not provide google with any additional information about you
d. Fitbit, Runkeeper, MapMyFitness and Strava all work the same as Google Health.
3. Cross-site login. These services allow you to log in to other websites using your tahdah login. When you do this we share a list of your active qualifications, award registrations and memberships as well as a marker if you are a director or work for any provider. These websites use this information to show you restricted content and training material. At the time of writing the websites that use this service are:
a. Mountain Training, including MTA and AMI
b. NICAS / ABC Training Trust
11. Updating information
For your convenience updates to your personal details including address changes and name changes are held in a central record and controlled by you. If you do not wish updates to be shared with an Organisation you are no longer actively associated with you can apply to disconnect.12. Contact
If you have any questions about this privacy policy or our treatment of your personal information, please contact us by email at support@tahdah.me or by post to TahDah Verified Ltd, 16 Trinity Square, Llandudno, LL30 2RB.For further information on GDPR - click here
ICO Statement
TahDah is fully registered with the Information Commissioners' Office (ICO). We abide by all of their guidelines and endeavour to safeguard our customer's data in any way we can.
The ICO's mission is to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
To view our ICO registration certificate - click here