Privacy Notice Download
Download the privacy notice as a PDF file.
General Information
Who are we?
The terms “we”, “us” or “our” shall refer to Common Sense Training Ltd.
- We are a company registered in England and Wales with company number 11349758.
- Our registered office is 31, Denmark Street, Watford, WD17 4YA
- Our website is www.commonsensetraining.co.uk & https://firstaidcalculator.com
What’s covered by this privacy notice?
We take your privacy seriously and believe that by being clear about how we use your personal information will allow us to build trust with our customers, suppliers and employees. The privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services. We’ll tell you:
- why we are able to process your information
- what purpose we are processing it for
- whether you have to provide it to us
- how long we store it for
- whether there are other recipients of your personal information
- whether we intend to transfer it to another country, and
- whether we do automated decision-making or profiling.
If you go to another website from this one, read the privacy policy on that website to find out what the associated owner does with your information.
Registration with the Information Commissioner’s Office
For the purposes of processing of your personal data we act as a data controller, joint data controller and a data processor. Further details can be found in the section, “Personal Data Processed”.
We are registered with the Information Commissioner’s Office as a data controller with registration number ZA431777. You can contact our data protection officer by email at [email protected].
- data controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed
- data processor, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller
- processing, in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:
- organisation, adaptation or alteration of the information or data,
- retrieval, consultation or use of the information or data,
- disclosure of the information or data by transmission, dissemination or otherwise making available, or
- alignment, combination, blocking, erasure or destruction of the information or data
How do we get information?
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You have requested information about one of our services.
- You wish to attend, or have attended one of the courses we deliver.
- You have made a complaint or enquiry to us.
- You have applied to, or have delivered services on our behalf as an associate trainer, assessor or in some other capacity.
- You are a supplier and have provided your details for the fulfilment of a contract.
- You have consented to receive marketing materials from us.
- You choose to follow our company via a social media channel e.g. by liking our Facebook page or following our Twitter profile.
We also receive personal information indirectly, in the following scenarios:
- Your employer has provided your details in order to register you for one of the courses we deliver.
- Someone involved in the delivery of our services e.g. an associate trainer has given your contact details as an emergency contact or a referee.
- You have agreed to accept cookies on our website. For further information about the information we collect via cookies, please refer to our cookie policy.
- Your details were captured by a social media platform you chose to interact with in accordance with their privacy policy.
- Your image was captured during one of courses, at a networking event or other marketing event and may appear in our marketing materials. In all these situations you can expect to be notified of the potential capture of images/videos to allow you to object to the processing.
- Your image was captured by our CCTV.
Your data protection rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. For each of your rights we have provided a link to allow you to obtain the latest information on these rights directly from the Information Commissioner’s Office (ICO) website (https://ico.org.uk).
- Your right to be informed if your personal data is being used
This privacy policy provides you with clear and concise information concerning how your personal data is used by Common Sense Training Ltd. (ICO: Your right to be informed if your personal data is being used). - Your right of access
You always have the right to ask us for copies of your personal information. (ICO: Your right to get copies of your data) - Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. (ICO: Your right to get your data corrected) - Your right to erasure (right to be forgotten)
You have the right to ask us to erase your personal information in certain circumstances. (ICO: Your right to get your data deleted) - Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. For example if you are concerned about the accuracy of the data or how it is being used. (ICO: Your right to limit how organisations use your data) - Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. (ICO: Your right to data portability) - Your right to object to processing
You have the right to object to processing (use) in some circumstances. This right applies where we are processing your data for our legitimate interests or direct marketing. (ICO: The right to object to the use of your data). - Your right regarding automated decision making/profiling
We do not process personal data where automated decision-making or profiling is used. (ICO: Your rights relating to decision being made about you without human involvement)
How to raise a concern
You have the right to raise a concern with us about how we are using your data. This allows us the opportunity to respond and demonstrate that we are serious about handling your personal information responsibly. Please raise any concerns by addressing them to our data protection officer who can be contacted at [email protected]. (ICO: Raising a concern with an organisation).
If you are not satisfied with our response you can complain to the Information Commissioner’s Office. (ICO: Make a complaint).
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow SK9 5AF
t: 0303 123 1113
e: [email protected]
Subject Access Requests
You are not required to pay any charge for exercising your rights. We have one calendar month to respond to you. Please contact us at [email protected] if you wish to make a request.
Personal Data Processed
Age Restrictions
Our Services are available for purchase only for those over the age of 16. Our Services are not targeted to, intended to be consumed by or designed to entice individuals under the age of 16. If you know of or have reason to believe anyone under the age of 16 has provided us with any personal data, please contact us.
What happens if you don’t provide your data?
You do not have to provide us with any personal information, however failure to do so may result in one of the following issues.
- We will be unable to register you for a course/training/service. This relates especially to the non-provision of age related information which in some instances must be provided to awarding bodies where the qualification has a legal minimum age restriction.
- We will be unable to process any course paperwork or action any requests to award qualifications and issue certificates.
- We will be unable to make payment or query services you have delivered.
- We may not be able to answer a query/complaint you have raised.
If there is a specific type of data you would prefer not to provide please contact us at [email protected] and we’ll be able to inform you of the exact implication of not supplying the information.
Customer / Learner
| Type of data | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Learner – Names, addresses, telephone numbers, email addresses, payment details | Course administration & billing | Performance of a contract | 7 years |
| Learner (P.A.L.M. Academy1) – Names, addresses, telephone numbers, email addresses and course results | Award administration | Performance of a contract | 7 years from the day of assessment |
| Learner (RLSS2) – Names, addresses, telephone numbers, email addresses and course results | Award administration | Performance of a contract | 7 years from the day of assessment |
| Learner (Qualsafe Awards3) – Names (first, middle, surname), data of birth, gender, telephone numbers, email address, address, signature, employer, unique learner number (ULN), centre name, centre number, course location (venue), course start/finish date, course time, course duration, answer paper number(s), qualification title, qualification number, learner placement data, data pertaining to learner performance, assessment paperwork, assessment results, learner workbooks, achievement date, certification date, learner certificate, records of achievement, reasonable adjustment and special consideration data. | Common Sense Training Ltd, acting as a joint data controller will capture, process and retain Learner data obtained through the registration and assessment processes (including Learner Feedback Forms) for Qualsafe Awards. Qualsafe Awards stated purposes of the data capture: • assessing evidence provided in support of claims for the Recognition of Prior Learning (RPL) from Learners • making decisions on whether or not qualifications should be awarded based on assessment evidence • awarding QA qualifications that have been successfully completed • issuing certificates for qualifications that have been awarded • producing a record of Learner achievements on our in-house data systems • planning, preparing and carrying out quality assurance activity in line with our own policies and regulatory requirements • complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA) • checking certificate verification requests received from external sources • processing appeals received against assessment decisions made which directly affect them • analysing and producing statistical information for internal review purposes | Qualsafe Awards stated legal basis for processing is one of legal obligation and in some instances legitimate business interest. | Qualsafe Awards will retain the data captured indefinitely for the purposes of: • responding to data requests from the Qualification Regulators • statistical analysis for business improvement purposes • responding to certificate verification requests from internal and external parties • planning and carrying out quality assurance activity. |
| Learner (IOSH6&7) – Names, unique learner identifier | Award administration | Performance of a contract | 7 years from the day of assessment. |
| Learner (STA8) – Name, address, date of birth, contact details | Qualification administration | Performance of a contract | For lifetime of qualification | Learner (Nuco Training Ltd.9) Name, email address and date of birth. Gender and a postcode are only collected if a learner requests entry of their achievement onto their Personal Learning Record. Collection of learner’s special category data when a reasonable adjustment is granted. | Administration and certification of Nuco Training courses and FAA qualifications and data that is collected during qualification delivery and on official course paperwork/documentation. | Refer to: Nuco Training Learner Privacy Policy Nuco Training Data Protection Policy | Full course paperwork packs are retained for three years and six months from the final date of the course to provide evidence of a learner’s achievement. |
| Complaints data | To maintain a record of interaction regarding the query of complaint | Legitimate Interest | Complaints retained indefinitely so that data is available should a legal dispute arise. Other comments made are not retained and can be removed by the user themselves from the social media platform. |
| Testimonials / Course Feedback | Internal quality monitoring and business promotion. Where a customer/learner provides optional qualitative feedback (descriptive) this information may be incorporated in marketing materials to promote the business. | Legitimate Interest | Feedback will be kept as long as the related service continues to be delivered. |
Employees
| Type of data | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Recruitment – Names, addresses, telephone numbers, email addresses, web site addresses, qualifications | Recruiting staff | Legitimate Interest | 3 months from date of application decision. |
| Personnel – Names, addresses, telephone numbers, email addresses, web site addresses, National Insurance Number, qualifications, contract | Administration | Performance of a contract | 7 years after employment ceases |
| Personnel – Names, payroll number, email addresses, National Insurance Number, Bank account details | Administration of payroll | Performance of a contract | 7 years |
| Personnel – Special category data | Equality & Diversity Monitoring | Legitimate Interest | 3 months after employment ceases. |
| Personnel registered with Qualsafe Awards as company director – Names (first, middle, surname, previous, maiden), address, telephone numbers, email addresses, centre name, registered company number, due diligence check (Directory history, disclosure/baring service, passport copy, utility bill copy), bank account name, bank account number, bank account sort code, bank address, insurance certificates & trade references | Common Sense Training Ltd, acting as a joint data controller will capture, process and retain data required to complete the Qualsafe Awards Centre application process and/or further information on Centre Approval, in order that Common Sense Training Ltd can register as a Qualsafe Awards Centre. Qualsafe will use this data for the purposes of: • processing the Centre Approval Application and carrying out normal due diligence, including requesting any further information required from the applying Centre • populating our in-house data systems to create a Centre profile • contacting the Centre (once approved) on matters relating to their account • arranging QA’s external quality assurance activity • automatically calculating a risk rating for the Centre. This rating can either be low, medium or high. The rating is calculated based on the risk of the qualifications the Centre is approved to deliver, the quality assurance record of the Centre and the risk rating of the Trainers/Assessors/IQAs approved to deliver QA qualifications at the Centre. The Centre risk rating is used to calculate the level of internal and external quality assurance required for the Centre • invoicing for payments due and making invoicing enquiries • issuing reminders regarding insurance policy renewal dates • processing appeals received from Approved Centres against decisions made by QA which directly affect them • creating customised course delivery materials and qualification certificates for the Centre • complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA) • supporting investigation activity carried out by QA or the Qualification Regulators • sending updates and marketing materials | Qualsafe Awards stated legal basis for processing is one of legal obligation and in some instances legitimate business interest. | Qualsafe Awards will retain the data captured indefinitely for the purposes of: • responding to data requests from the Qualification Regulators • statistical analysis for business improvement purposes • responding to certificate verification requests from internal and external parties • planning and carrying out quality assurance activity. |
| Personnel registered with Qualsafe Awards as trainer/assessor/IQA – Names (first, middle, surname, previous, maiden), address, telephone numbers, email addresses, employed status, qualification titles, institution/training organisation(s), awarding organisation, award date, expiry date (if applicable), qualification title(s) (approval granted), curriculum vitae, experience evidence, further information provided to support application, signature, risk rating (approved centre generated), internal quality assurance documentation (contributing to the trainer/assessor/iqa profile), due diligence checks (disclosure and barring service). | Common Sense Training Ltd, acting as a joint data controller will capture, process, retain and send Trainer/Assessor/IQA data to Qualsafe Awards. Qualsafe Awards stated purposes of usage: • processing the approval application and carrying out normal due diligence • populating our in-house data systems to create a Trainer/Assessor/IQA profile • recording training, assessment and internal quality assurance activity carried out at the Centre by the Trainer/Assessor/IQA • awarding QA qualifications that have been successfully completed by the Trainer/Assessor/IQA • issuing certificates for qualifications that have been awarded to the Trainer/Assessor/IQA • making decisions on whether or not qualifications should be awarded to Trainers/Assessors/IQAs based on evidence presented to claim Recognition of Prior Learning (RPL) • producing a Learner record of achievement for the Trainer/Assessor/IQA on our in-house data systems • complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA) • checking certificate verification requests received from external sources • analysing, producing and exchanging statistical information with external stakeholders • creating a risk rating profile based on the quality assurance activity carried out at Centre level. This risk rating profile will be used to determine what further quality assurance activity requires to be carried out and also the level of external quality assurance that QA may carry out arranging training and continuing professional development (CPD) events • sending reminders to Trainers/Assessors/IQAs when requalification is required • processing appeals received from Trainers/Assessors/IQAs against decisions made by QA which directly affects them • sending updates and marketing material | Qualsafe Awards stated legal basis for processing is one of legal obligation and in some instances legitimate business interest. | Qualsafe Awards will retain the data captured indefinitely for the purposes of: • responding to data requests from the Qualification Regulators • statistical analysis for business improvement purposes • responding to certificate verification requests from internal and external parties • planning and carrying out quality assurance activity. |
| Personnel registered with STA8 as a member – Name, address, data of birth, contact information, email address, membership number | Administration | Performance of a contract | One year after subscription lapses |
| Personnel – Names, email addresses, qualifications, photographs | Marketing – Employee Biography/Profile | Legitimate Interest | 3 months after employment ceases |
Associates
| Type of data | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Application – Names, addresses, telephone numbers, email addresses, web site addresses, qualifications | Engagement of an Associate – review of relevant qualifications/experience | Legitimate Interest | 3 months from date of application decision. |
| Delivery of services by the Associate – Names, addresses, telephone numbers, email addresses, web site addresses, qualifications, contract, bank account details | Administration of Associate contract & payment of Associate Invoices | Performance of a contract | 7 years after associate contract ceases |
| Special category data e.g. race, ethnic origin | Equality & Diversity Monitoring | Legitimate Interest | 3 months after associate contract ceases. |
| Personal – Names, email addresses, qualifications, photographs | Marketing – Employee/Associate Bio | Legitimate Interest | 3 months after associate contract ceases |
| Personnel registered with Qualsafe Awards as trainer/assessor/IQA – Names (first, middle, surname, previous, maiden), address, telephone numbers, email addresses, employed status, qualification titles, institution/training organisation(s), awarding organisation, award date, expiry date (if applicable), qualification title(s) (approval granted), curriculum vitae, experience evidence, further information provided to support application, signature, risk rating (approved centre generated), internal quality assurance documentation (contributing to the trainer/assessor/iqa profile), due diligence checks (disclosure and barring service). | Common Sense Training Ltd, acting as a joint data controller will capture, process, retain and send Trainer/Assessor/IQA data to Qualsafe Awards. Qualsafe Awards stated purposes of usage: • processing the approval application and carrying out normal due diligence • populating our in-house data systems to create a Trainer/Assessor/IQA profile • recording training, assessment and internal quality assurance activity carried out at the Centre by the Trainer/Assessor/IQA • awarding QA qualifications that have been successfully completed by the Trainer/Assessor/IQA • issuing certificates for qualifications that have been awarded to the Trainer/Assessor/IQA • making decisions on whether or not qualifications should be awarded to Trainers/Assessors/IQAs based on evidence presented to claim Recognition of Prior Learning (RPL) • producing a Learner record of achievement for the Trainer/Assessor/IQA on our in-house data systems • complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA) • checking certificate verification requests received from external sources • analysing, producing and exchanging statistical information with external stakeholders • creating a risk rating profile based on the quality assurance activity carried out at Centre level. This risk rating profile will be used to determine what further quality assurance activity requires to be carried out and also the level of external quality assurance that QA may carry out arranging training and continuing professional development (CPD) events • sending reminders to Trainers/Assessors/IQAs when requalification is required • processing appeals received from Trainers/Assessors/IQAs against decisions made by QA which directly affects them • sending updates and marketing material | Qualsafe Awards stated legal basis for processing is one of legal obligation and in some instances legitimate business interest. | Qualsafe Awards will retain the data captured indefinitely for the purposes of: • responding to data requests from the Qualification Regulators • statistical analysis for business improvement purposes • responding to certificate verification requests from internal and external parties • planning and carrying out quality assurance activity. |
| Personnel registered with STA8 as a member – Name, address, data of birth, contact information, email address, membership number | Administration | Performance of a contract | One year after subscription lapses |
Suppliers
| Type of data | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Supplier – Names, addresses, telephone numbers, email addresses, bank account details | Supplier and procurement administration | Performance of a contract | 7 years – records for HMRC |
Image Data
| Type of data | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| CCTV Images | Crime prevention | Legitimate Interest | 30 days unless images are required by law enforcement/courts for the purpose of prosecution. |
| Images/Videos captured during course delivery, business fairs, networking events, team training and other events where images are generated suitable for marketing purposes. | Marketing (Website, newsletters, brochures, social media) | Legitimate Interest In all these situations you can expect to be notified of the potential capture of images/videos to allow you to object to the processing. | For internal marketing material e.g. website/brochures/newsletters 1 year after we stop marketing the service. For social media platforms please refer to the privacy policy of those processors detailed below. For images/videos posted to social media platforms indefinitely unless a request is received to delete/remove an image/video by the user contacting us at [email protected]. |
User Engagement (Social Media/Website/Marketing)
| Type of data | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Social media engagement: Likes, follows, retweets, interaction statistics | Marketing – Build understanding of customer base, deliver relevant content and understand the effectiveness of our advertising. | Legitimate Interest | Insights downloaded from social media sites are held for 38 months.5 |
| Social media direct engagement: Comments, direct messages, user identifiers e.g. twitter handle | Answer queries / complaints raised. | Legitimate Interest | Complaints retained indefinitely so that data is available should a legal dispute arise. Comments made are not retained and can be removed by the user themselves from the social media platform. Copies of direct messages are removed after 38 months. |
| Website engagement: Names, addresses, email addresses, telephone numbers, comments via contact form or comments on blog posts. | Marketing – Build understanding of customer base, answer queries, resolve complaints, understand the effectiveness of our advertising. Not used to provide direct marketing material via SMS, phone email, post unless explicitly requested by the user. | Legitimate Interest | 38 months. |
| Marketing material requests e.g. for newsletter – Names, addresses, email addresses, telephone numbers, website addresses | Marketing – provision of requests marketing material by the contact method that the user consents to. | Consent | Until consent is withdrawn by the user contacting us at [email protected] |
Technical (Website)
| Type of data | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Website: IP address gives us a sense of the country, state or city a user comes from (also known as “IP geolocation”), device type, browser type, interaction statistics, app instance IDs | Provide and protect the security of the website (www.commonsensetraining.co.uk / www.firstaidcalculator.com), deliver relevant website content and understand the effectiveness of our advertising. | Legitimate Interest | 38 months, with data exceeding the retention basis removed automatically on a monthly basis. |
Health & Safety
| Type of data | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Accident/Incident – Name, job title, address, telephone numbers, email addresses, incident detail, (gender, age, injury details)5 | Record of work-related injuries/Management of H&S | Legal obligation (Health and Safety at Work etc. Act 1974 / The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) | Retained indefinitely. |
- Physical Activity and Leisure Management Academy Ltd. (P.A.L.M. Academy) provide the programme of training and qualifications related to swimming pool water treatment. We are a customer of P.A.L.M. acting in the role of a data processor when delivering their training and qualifications.
- The Royal Life Saving Society UK (RLSS) is the Drowning Prevention Charity and the UK’s leading provider of water safety and drowning prevention education. We are a member of the RLSS and a training provider. We act in in the role of a data processor when delivering their training and qualifications and have detailed the retention period they specify for regulated awards above. If we are delivering a non-regulated award the retention period is reduced to 2 years after all membership and awards have expired.
- Qualsafe Awards is one of the largest Ofqual recognised Awarding Organisations in the UK and are a joint data controller for the delivery of our First Aid qualifications. If your interaction with us relates to a course we deliver as a Qualsafe Awards registered centre or you are one of our employees, associates, trainers, assessors or IQAs delivering Qualsafe Awards qualifications you should review the Qualsafe Awards Privacy Policy.
- If you opt to engage with Common Sense Training Ltd via a social media platform you should be aware that the platform may process other personal data for their own purpose in their capacity as a data controller. You should familiarise yourself with the privacy policy of the relevant platform so you can make an informed decision on whether to interact with us via this means.
- Special category data requested in the HSE (Health and Safety Executive) RIDDOR (The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) injury report form.
- Institute of Occupational Safety and Health (IOSH) are the biggest health and safety membership organisation in the world. They are also the only Chartered body for health and safety professionals. In partnership with Tall Man Solutions7 Ltd who are an IOSH approved provider we provide IOSH courses. We act in the role of a data processor when delivering their training and qualifications.
- Tall Man Solutions Ltd (company number 10465311) work in partnership with us to deliver IOSH6 qualifications that we advertise to our clients. We act in the role of a data processor when delivering IOSH training and qualifications. Tall Man Solutions Ltd have signed an associate agreement with us.
- Safety Training Awards (STA) are the awarding organisation of The Swimming Teachers’ Association. They are a registered charity number 1051631 in England and Wales and SC041988 in Scotland. We act in the role of a data processor when delivering their training and qualifications.
- Nuco Training Ltd. (company number 03684918) is an approved centre with First Aid Awards Ltd, an Ofqual and SQA regulated awarding organisation. We act in the role of a data processor when delivering their training and qualifications.
Data sharing / Sub-contractor processing
Organisation / Purpose / Transfer outside EEA
| Organisation name / Categorisation of organisation | Purpose of sharing / processing | Transferred outside EEA1? | Further information |
|---|---|---|---|
| Microsoft | Data storage: Office 365 services e.g. email, document storage (SharePoint/OneDrive). | Yes | European Union (EU) model clauses legitimise the transfer of personal data outside of the EU. ISO 27018 compliant. ISO 27001 security benchmark for many products in Office 365 ISO 27001. Further info: Privacy Statement |
| Xero | Accounting: Storage of supplier & customer data/payments | Yes | Signed Data Processing Addendum in place. Further info: Privacy notice, GDPR centre |
| RWR Bookkeeping Services Limited | Accounting: Our account who has access to Xero to prepare accounts, assist with payroll and provide professional services. | No2 | |
| Qualsafe Awards | Service Delivery: We are a joint data controller along with Qualsafe Awards and share data to deliver qualifications primarily relating to first aid. | No | Signed Data Management Contract in place where we and Qualsafe Awards agree to act as Joint Data Controllers and agree to manage all data in line with GDPR requirements. Privacy Policy. Qualsafe Awards (QA) (a trading name of Qualsafe Limited), are registered with the ICO with registration number Z9738727. |
| Qualifications Regulator (Ofqual) | Service Delivery: As joint data controller with Qualsafe Awards we must respond to requests from Ofqual to meet our regulatory obligations. | No | Personal information charter. Data transfers outside the EEA performed by Ofqual are not relevant to the data we may be required to share with them for the stated purpose. |
| RLSS UK | Service Delivery: We are a data processor for RLSS UK and share data to deliver qualifications primarily relating to pool safety. | No | Data is stored in UK data centres operated by organisations with ISO 270001 certification. Privacy Policy |
| P.A.L.M. Academy | Service Delivery: We are a data processor for P.A.L.M. Academy and share data to deliver qualifications primarily relating to pool plant operation. | No | |
| STA | Service Delivery: We are a data processor for STA and share data to deliver qualifications primarily relating to pool safety. | Refer to latest STA privacy policy | STA Privacy Policy |
| Associates | Service Delivery: We share customer data with our associate trainers for the purpose of service delivery. | Yes3 | Personal data is either transferred using Microsoft Office 365 products or is paper based. Paper records are returned to us at the completion of the service delivery for processing. All our Associates deliver services under a written contract with defines that they must comply with our data privacy requirements. |
| Santander UK plc | Banking: Bank sort codes and account numbers are stored for the efficient processing of payments. | Yes | Privacy statement including details of the safeguards put in place to protect data that is transferred outside the EEA. Privacy Statement |
| Holly Small Design | Marketing: Website/advertising material development. Images/videos, testimonials, comments shared for inclusion as content. | No | Privacy Policy |
| Printers | Marketing: Advertising material development. Images/videos, testimonials, comments shared for inclusion as content. | No | |
| GoDaddy.com, LLC | Marketing (Web hosting): Storage of data entered into our website, images/videos, testimonials, comments & technical data. Usage insights are extracted and stored in Microsoft Office 365. | Yes | Privacy Policy Website hosted in Europe but backups are stored in North America. |
| Marketing: Tracks website usage data. Usage insights are extracted and stored in Microsoft Office 365. Security: reCAPTCHA is used to fight spam and abuse on the website originating from contact forms. | Yes | Google Privacy Policy. Google Analytics data privacy and security Google comply with the EU-US and Swiss-US Privacy Shield Frameworks and incorporate EU model contract clauses with regard to transfer of data outside the EEA. Legal framework for data transfers. | |
| Marketing: Usage insights are extracted and stored in Microsoft Office 365. | Yes | Data Policy What is the General Data Protection Regulation (GDPR)? Pages, Groups and Events Policies Information controlled by Facebook Ireland will be transferred or transmitted to, or stored and processed in, the United States or other countries outside where you live for the purposes as described in their Data Policy. | |
| Marketing: Usage insights are extracted and stored in Microsoft Office 365. | Yes | Privacy Policy Twitter for Business FAQ See “Our Global Operations and Privacy Shield” in the Privacy Policy for details of data transferred to the United States, Ireland and other countries where Twitter operate. | |
| Humphreys Shredpoint | Document Destruction: Secure removal and destruction of paper documentation. | No | |
| Government Bodies e.g. HMRC, ICO, law enforcement, courts | Legal Requirement: To comply with legal requests for information. | Yes | HMRC Privacy Notice ICO Privacy Notice |
| Law Enforcement / Courts | Legal Requirement: To comply with legal requirements and for the administration of justice. | Yes4 | |
| Immedia Semiconductor, LLC (“Blink”) | CCTV: “Blink” provide the security cameras and secure on-line storage for images we capture for the purpose of crime prevention. | Yes | Privacy Policy GDPR and Privacy |
| Apple Inc. | Data transfer: Where images/email are transferred using Apple Inc products the data will be processed in the Apple iCloud product. | Yes | Privacy Policy iCloud Security Overview |
| IOSH | Service Delivery: We are a data processor for IOSH and share data to deliver qualifications primarily relating to health & safety. | Yes | Privacy Notice GDPR |
| Eventbrite Inc. | Service Delivery / Marketing: Advertising of course availability and on-line booking. | Yes | Privacy Policy |
| Nuco Training Ltd. | Service Delivery: We are a data processor and share learner data to deliver qualifications primarily relating to mental health first aid. | No, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. | Nuco Training Learner Privacy Policy Nuco Training Data Protection Policy |
- EEA – European Economic Area
- No – Data is not transferred out of EEA by this organisation for processing, but information accessed is held in Xero which does hold the data outside the EEA.
- Yes as data is transferred using Microsoft Office 365.
- Data may be transferred outside the EEA as The Court of Justice of the European Union, in certain circumstances can be used to settle legal disputes.
Keeping your data secure
We exercise great care in providing secure transmission of your information. Personal information collected is stored in secure operating environments or disposed of securely where it is not received in electronic format. We ensure that we review the privacy policies where we share your information or rely on sub-processors. Our security procedures mean that we may occasionally request proof of identity before we disclose your personal information to you. Please understand, however, that while we try our best to safeguard your personal information once we receive it, no transmission of data over the internet or any other public network can be guaranteed to be 100% secure.
Automated decision-making / profiling
We do not use automated decision-marking / profiling.
Changes to this privacy notice
Last Updated: 21st August 2024
Version: 1.19
Changes:
1.19 Images we capture for the purpose of crime prevention are now processed by Immedia Semiconductor, LLC (“Blink”) rather than Netgear and held for 30 rather than 7 days.
1.18 Updated URL for Xero Privacy Policy.
1.17 ICO “Your right of access” updated to “Your right to get copies of your data” along with associated URL update.
1.16 Update to accountancy firm with access to Xero.
1.15 Update to registered office address.
1.14 Updated url for GoDaddy privacy policy.
1.13 Added details for Nuco Training Ltd.
1.12 Updated correspondence address.
1.11 Added details for Safety Training Awards. Made clear that delivery of IOSH qualifications is via our partnership with Tall Man Solutions Ltd who are an IOSH approved provider.
1.10 Correct broken hyperlinks relating to Microsoft privacy statement for Office 365.
1.9 Included new website https://firstaidcalculator.com. Website backups are stored in North America so GoDaddy do transfer data outside the EEA.
1.8 Monster Insights LLC is no longer used to process Google Analytics data, Google Site Kit is used instead.
Website is now hosted in Europe rather than US. 1.7 Secure removal and destruction of documents now untaken by Humphreys Shredpoint rather than Humphreys Data Management
1.6 Added details for Institution of Occupational Safety and Health (IOSH) & Eventbrite Inc.
1.5 Updated URL for RLSS privacy policy
1.4 Added information relating to Monster Insights LLC
1.3 reCAPTCHA is used to fight spam and abuse on the website originating from contact forms.
1.2 P.A.L.M. Academy confirmed data is not transferred outside the E.E.A.
1.1 Spelling mistake corrections
1.0 (First Publication)