Last Updated: 4 June 2018
In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.
The Company is registered with the UK Information Commissioner’s Office (Registration Reference ZA191390). See the Contact Information section below for details. As a small organisation, the Company has decided not to appoint a Data Protection Officer. The Trustees are aware of their responsibilities under GDPR.
Our appointed compliance officer in respect of our data protection activities is Paula Mitchell who can be contacted on 01387 249111
Please read the following information carefully to understand our practices regarding your personal data and how we will process data.
1. DATA PROTECTION PRINCIPLES
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
- processing is fair, lawful and transparent
- data is collected for specific, explicit, and legitimate purposes
- data collected is adequate, relevant and limited to what is necessary for the purposes of processing
- data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
- data is not kept for longer than is necessary for its given purpose
- data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
- we comply with the relevant GDPR procedures for international transferring of personal data
- We will only ever ask for what we really need to know.
- We will collect and use the personal data that you share with us transparently, honestly and fairly.
- We will always respect your choices around the data that you share with us and the communication channels that you ask us to use.
- We will put appropriate security measures in place to protect the personal data that you share.
- We will never sell your data.
3. HOW WE USE THE INFORMATION TO HELP US RUN THE CHARITY EFFECTIVELY:
We may use your information to:
- process bookings or qualifications that you have requested to undertake
- carry out our obligations arising from any transactions or any contracts you have entered into by you and us;
- notify you of changes to our organisation;
- send you communications which you have requested and that may be of interest to you. (These may include information about the training or SVQ’s that you have enquired about or any of our other activities)
4. WHAT INFORMATION DO WE COLLECT?
1) The type and amount of information we collect depends on why you are providing it.
We will usually ask you for your name, email address and information about your organisation, including name of organisation and region.
However, we may request other information where it is appropriate and relevant, for example if we are processing a booking request or you are undertaking an SVQ. This additional information might include:
- Your physical address
- Date of birth
- Contact number
2) information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type, referral source, length of visit and number of page views. We may collect this information using “cookies.”
Cookies are small data files stored on your computer or mobile device by a website. We may use session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Site.
For more information on cookies and how you can control the information they can collect about you, see our Cookies Policy here.
5. DO WE PROCESS SENSITIVE PERSONAL INFORMATION?
Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions. In limited cases, we may collect sensitive personal data about you. We would only collect sensitive personal data if there is a clear reason for doing so; and will only do so with your explicit consent.
6. COMMUNICATIONS AND MARKETING
Where you have provided us with your physical address, we may contact you by post; and where you have provided appropriate consent, also by telephone and e-mail, with targeted communications to let you know about our events and/or activities that we consider may be of particular interest.
7. THIRD-PARTY PAYMENTS
Our website uses third-party service providers to administer online bookings and payments.
These third parties have access to your Personal Information only to perform these specific tasks on our behalf and are obligated not to disclose or use it for any other purpose.
8. PROTECTING YOUR DATA
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented several processes to guard against such.
We seek to use reasonable organisational, technical and administrative measures to protect personal data within our organisation. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure.
We protect your personal data on our website in the following ways:
- SSL Certification and encryption technology protect your data from theft during transmission from your browser to our servers.
- Comprehensive website security monitoring and protection minimise the risks from cyber attacks.
- Adoption of strong passwords reduces the risk of any individual users’ credentials being abused and compromising others.
- Also, we only engage with Service Providers whose Policy is to comply with the GPDR legislation.
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised), please immediately notify us of the problem by contacting us.
If we become aware of an actual or potential data breach, we will inform you by email as soon as possible.
9. RETENTION PERIODS
We only keep your data for as long as we need it for, which will be at least for the duration of your engagement with us though in some cases we will keep your data for a period after your engagement has ended. Our retention period is:
- Accounts – 5 years
- Training Attendance – 1 year
- SQA – Candidate complete SVQ folder are retained within the centre for three weeks following completion of an award unless requested for Verification visit. Personal information will be kept for one year following completion as per SQA policy.
10. Our Policy On Children
Our Site is not directed to children under 18. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us. We will delete such information from our files as soon as reasonably practicable.
11. DATA SUBJECT RIGHTS
You have the following rights in relation to the personal data we hold on you:
- the right to be informed about the data we hold on you and what we do with it
- the right of access to the data we hold on you. More information on this can be found in our separate policy on Subject Access Requests
- the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’
- the right to have data deleted in certain circumstances. This is also known as ‘erasure’
- the right to restrict the processing of the data
- the right to transfer the data we hold on you to another party. This is also known as ‘portability’
- the right to object to the inclusion of any information
- the right to regulate any automated decision-making and profiling of personal data.
More information can be found on each of these rights in our separate policy on Your Rights in Relation to Your Data Policy which can be obtained by contacting [email protected]
Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data.
13. THE RIGHT OF ‘ERASURE’
In certain circumstances, we are required to delete the data we hold on you. Those circumstances are:
- where it is no longer necessary for us to keep the data;
- where we relied on your consent to process the data and you subsequently withdraw that consent. Where this happens, we will consider whether another legal basis applies to our continued use of your data;
- where you object to the processing (see below) and the Company has no overriding legitimate interest to continue the processing;
- where we have unlawfully processed your data;
- where we are required by law to erase the data.
If you wish to make a request for data deletion, you should complete the User Data Control Form.
We will consider each request individually, however, you must be aware that processing may continue under one of the permissible reasons. Where this happens, you will be informed of the continued use of your data and the reason for this.
Third parties to whom the data was disclosed will be informed of the erasure where possible unless to do so will cause a disproportionate effect on us.
14. POLICY REVIEW
Please note that the procedures and policies outlined in this policy, and in any related policy, may be reviewed or changed at any time.
15. MAKING A COMPLAINT
If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO). You can contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.