GDPR Compliance Statement

TRACD / Caldwell National Limited

Effective Date: 16/02/2026

Our Commitment to Data Protection

At TRACD, operated by Caldwell National Limited, we take the privacy and security of our members' data seriously. We are committed to high standards of information security and transparency, complying with the Data Protection (Jersey) Law 2018 and any other applicable Jersey data‑protection legislation.

1. Data Protection Principles

We ensure that all personal data is:

  • Processed lawfully, fairly, and in a transparent manner.

  • Collected for specified, explicit, and legitimate purposes.

  • Adequate, relevant, and limited to what is necessary.

  • Accurate and kept up to date.

  • Kept in a form which permits identification of data subjects for no longer than is necessary.

  • Processed in a manner that ensures appropriate security.

2. Individual Rights under GDPR

As a user of the TRACD platform, you have the following rights regarding your data:

  • The Right to be Informed: Transparent information about how we use your personal data.

  • The Right of Access: You can request a copy of the data we hold about you.

  • The Right to Rectification: You can ask us to correct inaccurate or incomplete data.

  • The Right to Erasure: Also known as the ‘right to be forgotten,’ you can request the deletion of your data under certain circumstances.

  • The Right to Restrict Processing: You can "block" or suppress the processing of your personal data.

  • The Right to Data Portability: You can obtain and reuse your personal data for your own purposes across different services.

  • The Right to Object: You can object to your data being used for direct marketing or legitimate interests.

3. Data Security Measures

We implement robust technical and organisational measures to protect your data, including:

  • Encryption: Using SSL/TLS encryption for data transmission.

  • Minimalism: We only collect the data strictly necessary to provide our membership services.

  • Secure Payments: We do not store financial or card information on our servers; all transactions are handled by PCI-DSS compliant third-party processors.

4. Data Protection Officer (DPO)

While we are not required to appoint a formal DPO under the current scope of our processing, our data protection compliance is managed by our lead administrator.

For any data-related queries or to exercise your rights, please contact: Email: hello@tracd Address: 9 Bond Street, St. Helier, Jersey, Channel Islands, JE2 3NP.

5. Subject Access Requests (SAR)

If you wish to make a Subject Access Request, please contact us at the email above. We aim to respond to all valid requests within 30 days.