GENERAL DATA PROTECTION REGULATIONS
Our access and handling of this information is subject to the General Data Protection Regulations (GDPR). This replaces the Data Protection Act of 1998.
THE DATA WE COLLECT
Any service or product we provide to our clients and potential clients, typically makes it necessary for you to provide us with information. This could be about you, your business and possibly one or more of your employees.
Depending upon the nature of the service or product, the specific information may vary. However, we will only request information that is relevant and required for provision of the service or product in question. For example, during delivery of some of our training courses and qualifications, documentary evidence is provided that also contains an employee’s name, address, date of birth or similar.
We also collect personal information such as names and contact details via contact forms on our web site and/or through voluntary subscriptions to newsletters or electronic marketing communications.
WHY WE COLLECT THIS DATA
When you engage us to provide a service or product, we have a contractual obligation to deliver what is required. Hence, this information is necessary, so we can perform these activities in line with our contractual obligations.
For personal information gathered via contact forms and voluntary subscriptions to newsletters or electronic marketing, this is based on your specific consent being explicitly given for us to contact you.
HOW WE USE THE DATA
We only use personal information provided for the purposes of providing the service or product required. We will not use this information for any other purpose.
Information provided by consent, eg via contact forms or subscriptions to electronic marketing materials, will only be used for that purpose. We may use a third-party mailing list or marketing service provider to send out marketing communications (electronic or physical), provided that service provider also complies with GDPR.
HOW THIS DATA IS PROTECTED
Personal information may be stored in a number of locations, depending upon the nature of the information and how it was acquired (eg through being engaged to provide a service or product or through a consensual subscription or contact request).
Information relating to provision of a service or product, typically resides in our email correspondence with you as we handle the matter. This includes any documents that you send us or that we produce. Our email is held on a secure server and is accessed via an encrypted network connection. Documentation is stored in a client-specific folder, which is maintained on a cloud drive. There may be working copies and backups of those documents on a system within our office.
Information relating to provision of a service or product, is only retained as long as necessary. This would consist of the services and/or products you have purchased from us. Courses are renewed every three years and annual refreshers may be purchased. Products may be re-ordered. It would therefore, be necessary to keep the information we have about you, with your consent, in order to provide those continued services and products, or keep you informed via our newsletters.
We store personal information acquired via consent-based subscriptions or contact forms in local or cloud hosted customer management systems, eg a third-party mailing list service provider such as MailChimp.
YOUR RIGHTS REGARDING YOUR DATA
You have the right to request access (ie copies of) all your personal information held by us. We will provide this information within thirty days of having received your request. Where applicable, you can have your data in a “portable” format.
You have the right to ensure any information we retain is accurate. You can inform us of any changes to your personal information and we will update our records.
You have the right to have your personal information erased, provided it is no longer required for the provision of a service or product.
You have the right to restrict the use of your information under certain circumstances. This means that while we retain the information, it will not be processed until those circumstances are addressed.
You also have the right to object against the use of your personal information, for example by withdrawing consent to be contacted for direct marketing purposes.
HANDLING OF DATA BREACHES
A data breach is any occasion where security measures have been deliberately or accidentally circumvented in order to access, alter, disclose or destroy personal information. For example, if unauthorised parties have gained access to and potentially obtained copies of your personal information from our systems.
Outside of documents pertaining to services and/or products we have provided you with, we generally do not retain anything except contact names, email addresses and telephone numbers (ie the information provided with consent). As such, the information we retain is generally low risk.
In the unlikely event that there is a personal data breach that represents a risk to individuals or their businesses, we will inform the Information Commissioners Office (ICO) within 72 hours of becoming aware of it.