TOTUM

Privacy Policy

Here's the important privacy policy legal text , make sure you read it.

Your privacy is important to us

  1. Introduction

OneVoice Digital Limited (registered in England under number 10842253) whose registered office is at 196 Deansgate, Manchester, M3 3WF) (“we”) is committed to protecting and respecting your privacy. We are the operator of the TOTUM platform. We gather and process data in accordance with the prevailing data protection legislation, including the General Data Protection Regulation 2016 (the “GDPR”) and the Data Protection Act 2018.

When you purchase a TOTUM platform registration you are entering into a legally binding agreement which allows us to deal with your data as set out in this policy. This policy sets out the basis on which we will process personal data we collect about you, or that you provide to us. Please read the following carefully to understand our views and practices regarding your data.

This policy affects the following website: www.totum.com

  1. Information we may collect about you

We may collect and process the following data about you:

Information that you provide:

  • approaching us to supply products and services;
  • by applying for and while being a member of the TOTUM platform discount scheme;
  • by applying for and while being a member of a student union which uses our services;
  • by interacting with our website, including by participating on our blog and entering prize draws and competitions;
  • requesting further information, services or content; and
  • completing surveys and questionnaires.

This includes your title, gender, age, full name, address and other communication contact information, academic achievements; course and level of study, university or further education establishment, club membership, personal interests and preferences, disability and ethnicity information.

Details of your visits to our website. This may include, but is not limited to:

  • details of the computer or other device that you are using;
  • details of the web browser you are using;
  • details of your language settings;
  • traffic data;
  • location data;
  • weblogs;
  • other communication data; and
  • IP address data

Information provided by reputable third-party data sources such as student unions, universities and further education establishments.

If you contact us, we may keep a record of that correspondence, including any information provided or required to resolve your enquiry or issue.

  1. Cookies

We use Cookies on our website pages in order to optimise functionality and for anonymised statistical purposes.

A ‘cookie’ is a small piece of information which is sent to your browser and stored on your computer’s hard drive. Cookies do not damage your computer, and by themselves cannot be used to discover the identity of the user.

You can set your browser to notify you when you receive a cookie; and you may block cookies by adjusting the settings on your browser. Please note that if you restrict all cookies you may not be able to access all or parts of our site. Unless you have configured your browser to refuse cookies, our system will issue cookies as soon you visit our websites.

When you first visit any of our sites a pop-up header will be generated alerting you to our cookie policy. It will re-appear in the event that you change your cookie settings from time to time.

A copy of our cookie policy can be found here: TOTUM Cookie Policy

You can find more about how cookies are used and opting out of their use at: cookies information

  1. Storage of personal data

We implement appropriate security measures to protect information from:

  • loss;
  • misuse;
  • unauthorised access or modification;
  • disclosure;
  • alteration; or
  • destruction.

Our security systems include password authenticated access to internal databases. We also encrypt and anonymise data wherever it is appropriate to do so. We regularly take back-ups of our data. We regularly review overall web security and audit procedures.

Our security measures include the following Information Security Management (“ISMS”) policies:

  • ISMS policy: Acceptable Usage
  • ISMS policy: Antivirus
  • ISMS policy: Backup
  • ISMS policy: Cloud Computing
  • ISMS policy: Data Protection
  • ISMS policy: Data Security Breach
  • ISMS policy: Incident Management
  • ISMS policy: Information Handling
  • ISMS policy: Logical Access Control
  • ISMS policy: Mobile Computing
  • ISMS policy: Network and System Security
  • ISMS policy: Password protection
  • ISMS policy: Physical Security
  • Information Technology Security policy: Patch Management

In conforming with data protection laws, we endeavour to implement appropriate procedures to protect your personal data and to prevent any unauthorised access or misuse of it. Our servers, on which your personal data is kept, are located in the European Union. We use Adobe Systems Incorporated; Amazon.com, Inc; GitHub, Inc; Google, LLC; LinkedIn Corporation; Microsoft Corporation; to assist us in managing your data. While those companies are located in the United States, each of them has joined the Privacy Shield system allowing the processing of data by those company in accordance with the GDPR.

We also use the services of the following companies based in the European Union: Hotjar Limited, Typeform SL. Where you apply for an International Student Identity Card (an “ISIC Card”), we necessarily pass the information printed on that card to ISIC Global Office B.V. Where you apply for a Gourmet Card we necessarily pass some information to the providers of that card, Simard Limited. Where you have elected to do so in your preferences, we pass some of your data to Graduate Prospects to provide you with careers assistance.

Please be aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data when transmitted via the internet between us: any such transmission is at your own risk.

  1. Uses made of the information

We use information held about you in the following ways:

  • To ensure that content from our site is presented in the most effective manner for you and for your computer.
  • To provide you with relevant information, services of a type that you request from us or which we feel may interest you.
  • To carry out the requirements of any contracts entered into between you and us.
  • To allow you to use the interactive features of our website, when you choose to do so.
  • To notify you about changes to our service.

If you have provided us with your email address in relation to participating in or buying our products or services or attempting to do so we may send a reminder email within 14 days if you have then left the process half way though. Our lawful basis to do this is legitimate Interest.

We are committed to responsible email practices. We only send email to individuals whose data has been lawfully and fairly obtained. If at any time you do not wish to receive emails from us, please use the unsubscribe functionality contained in our communications. Alternatively, please contact us on dpc@onevoicedigital.com.

  1. Disclosure of your information

We may disclose your relevant personal information for temporary maintenance purposes freely between the member companies of our group, which at the moment is Arrk Limited (registered in England under number 03574335 whose registered office is at 196 Deansgate, Manchester, M3 3WF), OneVoice Digital Limited and Arrk Solutions Private Limited, a private limited company duly incorporated with registration number U72900MH2002FTC135091 under the laws of India, having its registered office at Unit No. 1 & 2, Building No. 5, Sector-2, Millennium Business Park, Mahape, Navi Mumbai, PIN 400710. This Privacy Notice applies to each of those companies and we reserve the right to freely pass the data between these companies. Arrk Limited (which is the parent company of OneVoice Digital Limited and Arrk Solutions Private Limited) and Arrk Solutions Private Limited have entered into a Model Form Contract based on the Standard Contractual Clauses on transfer of personal data to third countries as per Directive 95/46/EC of European Parliament and of the Council. This allows for the lawful transfer of your data to Arrk Solutions Private Limited.

The National Union of Students National Union of Students (United Kingdom) registered in England under number 08015198 whose registered office is at Ian King House, Snape Road, Macclesfield, Cheshire, SK10 2NZ (“NUS”). NUS is one of the oldest student organisations in the world, and it works hard every day to help to make your experience as a student the best it can be. NUS works to influence national and local policies in areas that are important to you, such as accommodation, fees and the right to study. NUS also run ground breaking programmes to drive change, such as improving environmental impact and reducing alcohol abuse. We pass your information to NUS so that they can better provide you with their services and help manage your data. NUS is an English company.

Where you opt in to doing so, we also pass information to NUS so that NUS can use the information to provide you with their latest information, offers and competitions.

If you do not wish to receive this information from NUS you can use the unsubscribe function at any time.

Students’ Unions

We pass your information to your local students’ union so that they can provide you with personalised customer service.

Where you opt in to doing so, we also pass information to your local Students’ Unions so that they can use the information to provide you with their latest information, offers and competitions.

If you do not wish to receive this information from Student Unions you can use the unsubscribe function at any time.

Endsleigh

Endsleigh Insurance Services Limited registered in England under number 00856706 whose registered office is at Shurdington Road, Cheltenham Spa, Gloucestershire, GL51 4UE (“Endsleigh”)

We disclose your data to Endsleigh (www.endsleigh.co.uk) which uses your personal information to ensure they have the best rates to offer you if you contact them directly, and so that they can check that information you supply to them is accurate. We also give you the option to opt in to Endsleigh’s great product offers and services. We supply Endsleigh with the following data: Your title, name, gender, country, date of birth, email, Students Union, start and end date of study, course, course level and the source of your data.

Graduate Prospects

Graduate Prospects Limited registered in England under number 02626618 whose registered office is at Prospects House, Booth Street East, Manchester, M13 9EP (“Graduate Prospects”)

Graduate Prospects (www.prospects.ac.uk) provide job opportunities and career advice.– You can find them on every university campus, working in partnership with the NUS and careers services to bring you the very best opportunities. As well as providing graduate jobs, internships and postgraduate courses, the site has careers advice written by specialist professional advisers and a range of tailored tools such as Prospects Planner, which match your skills and interests with the best career options for you.

Where you opt in to doing so, we share your contact information, including course details, with Graduate Prospects so that they can match you with the perfect opportunity. Graduate Prospects will also contact you directly with opportunities and information. We supply Graduate Prospects with the following: your title, name, email address, gender, country, students’ union, course and level, year of course, study start and end date, date of joining.

We may disclose your relevant personal information to the extent that we are under a duty to or it is proper to disclose or share your personal data in order to:

  • comply with any legal obligation;
  • enforce or apply our terms of use and other agreements with you;
  • protect our, our groups or any third party’s legitimate interests, property, or safety. For example, we may need to do so, to investigate the misuse of a TOTUM membership, or our website.
  1. Your rights

The data protection legislation gives you a number of rights. These rights include:

  • Right to data erasure.
  • Right to make a “subject access request”, which is a request for a copy of the data which we hold about you.
  • Right of correction (or where appropriate erasure) of data which we hold about you where this is inaccurate.
  • Right to data portability
  • Rights in relation to automated decision making and profiling
  • Right to withdraw your future consent to our processing your personal data.
  • Right to contact and make enquiries of our data protection co-ordinator who can be contacted at dpc@onevoicedigital.com
  • Right to complain to the Office of the Information Commissioner.

Please be aware that if you exercise one of these rights, that in order to protect your privacy, we may require you to undergo some verification tests to ensure that we are dealing with you.
You have the right to be informed of the matters stated in this privacy policy.

There are three legal bases upon which we collect, process and transfer your personal data as described in this privacy policy:

  • Contract - to consider potential or to fulfil actual contracts with you. If we were not able to process this data we would be unable properly to perform our side of any actual or potential contract.
  • Legitimate Interest - in order to consider potential or to fulfil actual contracts with you and others, we need to collect, process and transfer personal data about you.
  • Consent - also, we may rely on your express consent for us to use your personal data.
  1. Data Retention

We normally hold and process your data in accordance with the following criteria and duration:

Source criteria of the data Relevant Event date Maximum duration of processing
Data collected when you initially register on the TOTUM website 24 months after your last interaction with us
Data collected for TOTUM membership purposes Membership expiry 24 months after the date of expiry of paid-for membership
Data collected when signing on for the App but where you have not become a TOTUM member Signing on to the app 24 months after your last interaction with us
Data collected for events Date of event 12 months after the end of the year in which event took place
Data collected during case studies, white papers, articles, blogs, surveys and questionnaires and similar The last date on which such case studies, white papers, articles and blog were hosted live on our websites 12 months after the end of the year in which such contents were withdrawn from our websites
Data collected when you correspond or similarly interact with us The last date of such correspondence or interaction with us 12 months after the end of the year in which the last such correspondence or interaction took place
Data not falling into any of the categories above but otherwise collected about you from a third party Last date on which we had contact with you 12 months after the end of the year in which the last date on which we had contact with you fell

In addition, we may regularly purge personal data subject records which are not relevant on earlier occasions.

In any event we will stop the processing of your data where you ask us to do so by contacting us at unsubscribe@onevoicedigital.com. The only circumstances in which we will not do so or where we may keep data for a longer period are where we have a legal obligation or a legitimate interest to continue processing your data.

Our websites and email bulletins may contain links to and from the websites of third parties including our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies. We do not set and are not responsible for those policies.

  1. Analytic Suppliers

In common with comparable companies we use your personal data to help Analytic Suppliers match relevant ads to you using the data analytics of those Analytic Suppliers. However, we only use the data in that way where you are a subscriber to the services of Analytic Suppliers and have therefore agreed to this service by acceding to the relevant Agreements of those Analytic Suppliers. Accordingly, we do not control the countries in which those Analytic Suppliers process data.

We mean by Analytic Suppliers companies such as: Facebook; Google; LinkedIn; Twitter and Microsoft. Analytic Suppliers supply us with statistical information on how users interact with our website to help us improve our user experience.

You can find further details of our interaction with Analytic Suppliers in our cookie policy a copy of which can be found here: TOTUM Cookie Policy

  1. Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page. Where we make any material change to this privacy policy we will notify you that it has been changed.

  1. Contact

Questions and requests regarding this privacy policy should be addressed to dpc@onevoicedigital.com.