For the purposes of the General Data Protection Regulation (GDPR) the data controller is Independent Training. We hope the following sections will answer any questions you have but if not, please do get in touch with us.
Lawful grounds for processing your data
When collecting your personal data, we will always make clear which data is necessary in connection with our service. We may process your data for more than one lawful ground. The law on data protection sets out a number of different reasons why we may collect and process your personal data including:
In specific situations, we can collect and process your data with your consent. For example, when you sign up for our newsletter or promotions by providing your email address.
If you are a customer or a supplier, we need your personal data to comply with our contractual obligations. For example, if you are a course delegate we need your name, email address and postal address so that we can invoice you and forward certificate. We will also need your date of birth if we are registering you with an awarding body to undertake an accredited course.
If the law requires us to, we may need to collect, process and store your data. For example, we need to store personal data that is needed to support our regulatory reporting to HRMC and Companies House.
We will use your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interest. For example , we may use your address details to send you invitations to workshops and other events that we think might interest you.
When do we collect your personal data?
We may collect personal data under any of the following circumstances. It will always be clear what we are collecting and why.
- When you book to attend a course
- When you sign up for our newsletter and promotions
- When you join one of our courses via our website
- When you book a meeting with us
- When you enter any of our prize draws or competitions
- When you choose to complete any of the surveys we may send you
- When you’ve given a third-party permission to share with us the information they hold about you
- When you deliver a service or a product to us as a supplier
We will never insist on having your consent to receive any of our services or information
What personal data do we collect?
- Date of Birth (for awarding body qualifications)
- Address (for sending out certificates if requested)
- Email Address
- Telephone Number
- Mobile Number
- Accessibility requirements (only if you attend our events)
- Your social media username, if you interact with us through channels, to help us respond to your comments, questions or feedback.
- Business address
- Photographs at events or on testimonials
How and why do we use personal data?
Here’s how we’ll use your personal data and why. (if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below) If you are a customer or past customer, then we will use your personal data to:
- To keep informed about courses and events
- To send you joining instructions for course sessions
- To send your invoices
- To send you newsletters
- To process any bookings
If you are yet to become a customer but have expressed an interest in what we can offer, then we will use your personal data to:
- Send you invitations for relevant courses and events
- Send you newsletters
- To send you joining instructions for course sessions
- To process any bookings
Protecting your personal data
We will treat your data with the utmost care and take all appropriate steps to protect it. Our website is secured with ‘https’ technology and access to your personal data is password-protected on the various applications we use. Data is regularly backed up and virus software kept up to date.
How long will we keep your personal data?
We will only keep your personal data for as long as is necessary for the purpose for which it was collected or specified by HRMC/Awarding Body or similar regulatory authorities. At the end of that retention period, your data will either be deleted completely or anonymised (so that it can still be used for management information analysis)
Who do we share your personal data with?
We will share your personal data with trusted third parties who act as data processors. We check that they are GDPR compliant and have processing agreement in place with each of them. We provide only the information they need to perform their specific services and they may only use your data for the exact purposes we specify in our contract with them. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous. We do not sell your data to any third party nor do we share your data with any third party for their own direct marketing purposes. We currently use the following companies, who will process data as part of their contracts with us:
- World Pay – World Pay process the online payments for our customers and gather information directly from you to enable payments to be processed. They do not make any banking information available to us. For more information, please see World Pays privacy statement
- Sage – We use Sage as our accounting platform, so it holds the personal data we need to process invoices and to properly account for the transactions. For more information, please see sages privacy notice.
- Mailchimp – We use Mailchimp, to deliver our electronic newsletters and promotional emails. We gather statistics around the email opening and clicks to help us monitor and improve our newsletter and email campaigns. For more information, please see Mailchimp’s privacy notice.
- Microsoft Exchange – We use Microsoft Exchange to handle all our incoming and outbound emails and calendar events as well. We only store name and email address in the address book. We use SharePoint as a collaborative platform for sharing our internal information and this is password protected for each application. For more information, please see Microsoft’s privacy notice.
- City & Guilds – We use City & Guilds for accredited courses and they will require, names and Date of Births for registration and certification purposes. For more information see City & Guilds privacy notice.
- Qualsafe – We use Qualsafe for accredited courses and they will require, names and Date of Births for registration and certification purposes. For more information see Qualsafes privacy notice.
- Facebook – We only use Facebook to share information, tips and promote events. We do not use any of the personal data outside of Facebook.
- Twitter – We use Twitter to share information, tips and promote events. We do not use any of the personal data outside of Twitter.
- LinkedIn – We use LinkedIn to share information, tips and promote events as well as contacting our connections via the platform. Email addresses may also be used outside of LinkedIn.
In the event that we sell Independent Training and it’s assets are acquired by a third party then the personal data we hold may be one of the transferred assets.
Where your personal data may be processed
Several of the data processors we use are outside of the EEA. The EEA includes all EU member countries as well as Iceland, Liechtenstein and Norway. Where the processor is outside of the EEA we ensure that they have appropriate privacy policies in place and that the processing agreement with them includes appropriate protection for your data.
What are your rights over your personal data?
You have the right to request:
- Access to the personal data we hold about you
- The correction of your personal data when incorrect, out of date or incomplete
- That we stop using your personal data for direct marketing (either through specific channels, or all channels) You can click the ‘unsubscribe’ link in any email communication we send you or send an email to firstname.lastname@example.org ‘UNSUBSCRIBE’ Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated
- That we stop any consent-based processing of your personal data after you withdraw that consent
- That we erase all data that we hold about you providing this follows regulatory bodies such as HRMC
To protect the confidentiality of your information, we will ask you to verity your identity before proceeding with any data subject access request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Links to other websites
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioners’ Office. You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.