Pre-launch placeholder. The summary below mirrors the structure of the executable DPA. Email info@trillic.co.uk to request the latest signed copy for your firm's review.
1. Roles
Your firm is the data controller for personal data contained in the documents you submit to Trillic. Trillic Ltd is the processor and processes that data only on your documented instructions, as captured in the Master Subscription Agreement and the Order Form.
2. Subject matter and duration
Trillic processes personal data for the duration of the subscription, in order to provide the document-automation service described on this site. Processing ceases on termination, with deletion or return of personal data as set out in clause 6.
3. Categories of data and data subjects
Likely categories of data subject
- Buyers and sellers in conveyancing transactions
- Lender contacts
- Other parties named in title, search and contract documents
- Authorised users at your firm
Likely categories of personal data
- Identity data (names, dates of birth, ID document references)
- Contact data (addresses, phone numbers, email addresses)
- Property and financial data linked to the transaction
- Account and audit data for users of the service
4. Sub-processors
Trillic uses a small number of sub-processors to deliver the service, listed and kept current on the sub-processors page. We give your firm prior notice of new or replacement sub-processors and a reasonable window to object.
5. Security measures
- UK-resident data and compute, with encryption in transit (TLS) and at rest (AES-256).
- Per-firm tenant isolation. No pooling of document content for shared model training across firms.
- Role-based access controls and a full audit trail of every action (import, draft, edit, approve, sync).
- Regular vulnerability management, secure development practices and personnel screening.
6. Deletion and return
On termination, your firm chooses whether Trillic returns or deletes personal data within 30 days, subject only to retention required by law. Audit logs are retained for the period required to meet our regulatory obligations.
7. Personal data breach
Trillic notifies your firm without undue delay (and within 72 hours where reasonably practicable) of any confirmed personal data breach affecting your firm's data, with the information you need to meet your own notification obligations.
8. Audit and assistance
Trillic will provide reasonable information and assistance for your firm to meet its obligations under UK GDPR, including data subject requests and DPIAs. Audit rights are exercisable on reasonable notice and at reasonable frequency.