ABC First Aid & Safety Training Ltd. Privacy Notice

 

Date of publishing: 20/5/2018. Review: 20/5/2019

 

 

Who are we?

 

 

ABC First Aid & Safety Training Ltd.

 

5 Marrat Close

 

Lincoln

 

LN2 4WG

 

01522 520133

 

info@abc-training.co.uk

 

 

Managing Director and lead trainer is Dave Wardell

 

Managing Director and head of Accounts is Emma Wardell

 

We are registered with the Information Commissioner's Office

 

ICO Reference number: ZA366876

 

 

 

 

General Data Protection Regulations 2018 compliance

 

 

Privacy Notice

 

 

This privacy notice sets out how ABC First Aid & Safety Training Ltd. uses and protects any information that you give ABC First Aid & Safety Training Ltd. when you use this website or email us via the contact form or directly to our company email address or via social media, telephone or in person.

 

 

ABC First Aid & Safety Training Ltd. is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when communicating with us, then you can be assured that it will only be used in accordance with this privacy notice.

 

 

If you are not happy with how we use your data please let us know. We will, without charge, let you know what data we hold about you and why, and you have a right to be forgotten by us, unless we have a legal duty to hold onto your information. You can also contact the Information Commissioner's Office at www.ico.org.uk if you are not satisfied with how we process your data.

 

 

Our basis for processing your data

 

 

Consent

 

Consent must not be requested, nor it is it appropriate, when there is a lawful basis, including legal basis, contract basis or legitimate business interest for processing your data. There are very few situations where we would seek consent, such as the use of photographs and other private details as part of our social media pages. All other data we process is held because of a lawful basis.

 

 

 

What we collect

 

 

We may collect the following information, only when relevant to the particular enquiry/course and is collected on a lawful basis, specifically a legal basis and contract basis, depending on the circumstances: names, addresses, bank details, qualifications, certificates, CV's, dates of birth, insurance, land line, mobile, address, sometimes photo ID, past training history, DBS details, medical conditions where relevant, gender, Unique Learner Number, National Insurance info, car type and registration plates where relevant, social media usernames and other identifiable information along these lines. Purpose: We collect this data in order to fulfill our contract with you, provide certification, invoices and renewal notices etc. as well as process the data for a legal basis such as HMRC investigations, Health and Safety Executive audits, Awarding Organisation audits; but most of the time we just require brief information of an employee, if we are fulfilling a contract with an employer, such as, but not restricted to email address, names of delegates, and contact and emergency numbers.

 

 

Marketing

 

Please note - we currently do not add any of your details to mailing lists, direct marketing lists or any other mass communication automated systems. If this changes we will seek specific, granular and 'opt in' consent to do this. The usual communication we have with you will be for a lawful reason (such as short or long term contract or to manage an enquiry) or because we believe we have a legitimate business interest in sending it to you. Consent is not required under these circumstances. If you disagree and wish to opt out of communications from us then you can reply with 'opt out' or similar and we will process your request and let you know the outcome (if we need it for lawful reasons we may not be able to delete your data, but will not contact you again unnecessarily). If we subsequently believe it is not a legitimate business interest we will remove all trace of you on our systems. We do have a network of tutors and separetely manage consents linked to communication with them. If this is relevant to you see the relevant section of this notice.

 

 

Special category data

 

This is data in relation to health and we need to know if there is any medical reason we should bear in mind while you are on one of our courses, for the grounds of safety and if there is any special consideration which can be applied. This data is held by us and reasonable steps are taken on courses to minimise the effects. We try not to broadcast the issue to the rest of the course but it may be impossible to keep it completely confidential, for example if any extra assistance is required, as this may be obvious to other delegates. There are certain circumstances where the general reason why a delegate has not carried out any of the required skills must be stated on the certificate. e.g. “CPR not carried out due to a disability”.

 

 

Note – when we run courses for councils etc or under Awarding Organisations for regulated qualifications there may be some special category data questions in their paperwork. This data is not used by us in any way and not recorded on our systems. We are passing on the information required by law or requested for reasons of diversity or demographic monitoring by the particular 3rd party. The specific data collected can include, race or ethnic background, age, gender and disability.

 

 

 

What we do with the information we gather

 

 

We require this information to understand your needs and fulfill our contract with you, for internal record keeping, invoicing, to improve our products and services, to keep for Awarding Organisation Audits, complaints, debt recovery, to contact you in the event of any issues/amendments with the course, to have and send renewal information for certificates etc. No automated decisions are made in relation to your data.

 

 

Security

 

 

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

 

 

Personal data breaches

 

We recognise that the compromise of information, confidentiality, integrity, or availability may result in harm to individual(s), reputational damage, detrimental effect on service provision, legislative non-compliance, and/or financial costs. Our full Data Breach procedures are available separately on our website

 

 

We do not use cookies

 

 

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

 

 

Links to other websites

 

 

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy notice applicable to the website in question.

 

 

Controlling your personal information

 

 

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so, or it is in the usual running of the business where we have taken reasonable precautions to ensure appropriate procedures and security are in place. Specifically we mean banks, website and email providers, mobile phone and broadband providers, Awarding Organisations and Government and Regulatory Bodies. Other third parties such as facebook publish their own privacy notices, which are available on their websites.

 

 

You may request details of personal information which we hold about you under the GDPR, with no fee payable. If you would like a copy of the information held on you or wish to be forgotten, please write to us or email us using our contact info above. We will reply with requests, as is required by law, within 30 days.

 

 

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect and we will if asked to and it is reasonable and lawful 'forget you' on request.

 

 

How long do we keep your personal information?

 

 

Unless a longer retention period is required or permitted by law, we will only hold your personal information on our systems for the period necessary to fulfil the purposes outlined in this Privacy Notice (in order to satisfy legal, accounting or reporting requirements) or until you request it is deleted. If, having registered for any of our services, you do not use them for a reasonable time (which may vary depending on the service(s) you've registered for) we may contact you to ensure you're still happy to receive communications from us. Let us know if you want to be forgotten and (if lawful) we will do this very quickly.

 

 

Photos, social media etc

 

With your separate, specific informed consent we may publish photographs and quotes from courses. The information may show location, name of course, dates and other identifiable information. This can appear on our website, facebook page or other social media, and publications authorised by us. We realise this is potentially sensitive so we will be sure consent is freely and fully given before this take place. It is not a common occurrence.

 

 

Note – as we live in a connected world some of the information we hold on you may pass outside the borders of the European Union and this is beyond our control. We take reasonable steps to ensure the integrity of the data.

 

 

Consent to contact tutors and associate companies

 

This section is only relevant to tutors and associate companies who provide training services to us. We currently hold a database of tutors – with information such as bank details, qualifications, certificates, CV's, dates of birth, insurance, land line, mobile, address, sometimes photo ID, past training history, DBS details, medical conditions where relevant, car type and registration plates where relevant, social media usernames and other identifiable information along these lines. We collect this data in order to fulfill our contract with you and to offer you work. As per our general privacy policy we do not sell this to 3rd parties. Any 3rd parties that get your data is out of necessity, such as banks, website and email providers, and we have done basic, but reasonable checks and have assessed their integrity. We use this data to book you for work, pay your invoices and administrate courses. We also will contact you to offer you relevant work. If you want to know what information we hold on you, just ask. And if you wish to be forgotten by us then let us know. You can also contact the Information Commissioner's Office at www.ico.org.uk if you are not satisfied with how we process your data. If you are a tutor you will need to email us to say “I consent” or “I do not consent” for us to contact you for these purposes.