The data controller responsible in accordance with the purposes of the UK General Data Protection Regulation (UK GDPR) and other data protection regulations is:

TOCA Social UK Limited

Third Floor 240 High Holborn WC1V 7DN United Kingdom

+44 (0)330 331 4800

info@toca.social
https://toca.social

DATA PROTECTION OFFICER CONTACT DETAILS The designated data protection officer is:

DataCo International UK Limited

c/o One Peak Partners, 41 Great Pulteney Street 2nd floor London W1F 9NZ United Kingdom

+44 (0)20 3318 1718

www.dataguard.co.uk

1.1 Scope of processing personal data

In general, we only process the personal data of our users to the extent necessary to provide a functioning website with our content and services. The regular processing of personal data only takes place with the consent of the user. Exceptions include cases where prior consent cannot be technically obtained and where the processing of the data is permitted by law.

1.2 Legal basis for data processing

Where consent is appropriate for processing personal data, Article 6 (1) (a) UK GDPR serves as the legal basis to obtain the consent of the data subject for the processing of their data.

As for the processing of personal data required for the performance of a contract of which the data subject is party, Article 6 (1) (b) UK GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual activities.

When it is necessary to process personal data in order to fulfil a legal obligation to which our company is subject, Article 6 (1) (c) UK GDPR serves as the legal basis.

If vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) UK GDPR serves as the legal basis.

If the processing of data is necessary to safeguard the legitimate interests of our company or that of a third party, and the fundamental rights and freedoms of the data subject do not outweigh the interest of the former, Article 6 (1) (f) UK GDPR will serve as the legal basis for the processing of data.

1.3 Data removal and storage duration

The personal data of the data subject will be erased or restricted as soon as the purpose of its storage has been accomplished. Additional storage may occur if this is provided for by international regulations, laws, or other relevant regulations to which the data controller is subject. Restriction or erasure of the data also takes place when the storage period stipulated by the aforementioned standards expires, unless there is a need to prolong the storage of the data for the purpose of concluding or fulfilling the respective contract