General Information

Download the privacy notice as a PDF
Download the privacy notice as a PDF file.

Who are we?

The terms “we”, “us” or “our” shall refer to Common Sense Training Ltd.

  • We are a company registered in England and Wales with company number 11349758.
  • Our registered office is Rowan House, Hill End Lane, St. Albans, AL4 0RA
  • Our correspondence address is P.O. Box 2530, Watford, WD18 1DA
  • Our website is www.commonsensetraining.co.uk

What’s cover by this privacy notice?

We take your privacy seriously and believe that by being clear about how we use your personal information will allow us to build trust with our customers, suppliers and employees. The privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services. We’ll tell you:

  • why we are able to process your information
  • what purpose we are processing it for
  • whether you have to provide it to us
  • how long we store it for
  • whether there are other recipients of your personal information
  • whether we intend to transfer it to another country, and
  • whether we do automated decision-making or profiling.

If you go to another website from this one, read the privacy policy on that website to find out what the associated owner does with your information.

Registration with the Information Commissioner’s Office

For the purposes of processing of your personal data we act as a data controller, joint data controller (in conjunction with Qualsafe Awards) and data processor (for RLSS UK & P.A.L.M. Academy). We are registered with the Information Commissioner’s Office as a data controller with registration number ZA431777. You can contact our data protection officer by email at info@commonsensetraining.co.uk.

  • data controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed
  • data processor, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller
  • processing, in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:
    • organisation, adaptation or alteration of the information or data,
    • retrieval, consultation or use of the information or data,
    • disclosure of the information or data by transmission, dissemination or otherwise making available, or
    • alignment, combination, blocking, erasure or destruction of the information or data

How do we get information?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have requested information about one of our services.
  • You wish to attend, or have attended one of the courses we deliver.
  • You have made a complaint or enquiry to us.
  • You have applied to, or have delivered services on our behalf as an associate trainer, assessor or in some other capacity.
  • You are a supplier and have provided your details for the fulfilment of a contract.
  • You have consented to receive marketing materials from us.
  • You choose to follow our company via a social media channel e.g. by liking our Facebook page or following our Twitter profile.

We also receive personal information indirectly, in the following scenarios:

  • Your employer has provided your details in order to register you for one of the courses we deliver.
  • Someone involved in the delivery of our services e.g. an associate trainer has given your contact details as an emergency contact or a referee.
  • You have agreed to accept cookies on our website. For further information about the information we collect via cookies, please refer to our cookie policy.
  • Your details were captured by a social media platform you chose to interact with in accordance with their privacy policy.
  • Your image was captured during one of courses, at a networking event or other marketing event and may appear in our marketing materials. In all these situations you can expect to be notified of the potential capture of images/videos to allow you to object to the processing.
  • Your image was captured by our CCTV.

Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. For each of your rights we have provided a link to allow you to obtain the latest information on these rights directly from the Information Commissioner’s Office (ICO) website (https://ico.org.uk).

  • Your right to be informed if your personal data is being used
    This privacy policy provides you with clear and concise information concerning how your personal data is used by Common Sense Training Ltd. (ICO: Your right to be informed if your personal data is being used).
  • Your right of access
    You always have the right to ask us for copies of your personal information. (ICO: Your right of access)
  • Your right to rectification
    You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. (ICO: Your right to get your data corrected)
  • Your right to erasure (right to be forgotten)
    You have the right to ask us to erase your personal information in certain circumstances. (ICO: Your right to get your data deleted)
  • Your right to restriction of processing
    You have the right to ask us to restrict the processing of your information in certain circumstances. For example if you are concerned about the accuracy of the data or how it is being used. (ICO: Your right to limit how organisations use your data)
  • Your right to data portability
    This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. (ICO: Your right to data portability)
  • Your right to object to processing
    You have the right to object to processing (use) in some circumstances. This right applies where we are processing your data for our legitimate interests or direct marketing. (ICO: The right to object to the use of your data).
  • Your right regarding automated decision making/profiling
    We do not process personal data where automated decision-making or profiling is used. (ICO: Your rights relating to decision being made about you without human involvement)

How to raise a concern

You have the right to raise a concern with us about how we are using your data. This allows us the opportunity to respond and demonstrate that we are serious about handling your personal information responsibly. Please raise any concerns by addressing them to our data protection officer who can be contacted at info@commonsensetraining.co.uk. (ICO: Raising a concern with an organisation).

If you are not satisfied with our response you can complain to the Information Commissioner’s Office. (ICO: Make a complaint).

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow SK9 5AF
t: 0303 123 1113
e: casework@ico.org.uk

Subject Access Requests

You are not required to pay any charge for exercising your rights. We have one calendar month to respond to you. Please contact us at info@commonsensetraining.co.uk if you wish to make a request.

Personal Data Processed

Age Restrictions

Our Services are available for purchase only for those over the age of 16. Our Services are not targeted to, intended to be consumed by or designed to entice individuals under the age of 16. If you know of or have reason to believe anyone under the age of 16 has provided us with any personal data, please contact us.

What happens if you don’t provide your data?

You do not have to provide us with any personal information, however failure to do so may result in one of the following issues.

  • We will be unable to register you for a course/training/service. This relates especially to the non-provision of age related information which in some instances must be provided to awarding bodies where the qualification has a legal minimum age restriction.
  • We will be unable to process any course paperwork or action any requests to award qualifications and issue certificates.
  • We will be unable to make payment or query services you have delivered.
  • We may not be able to answer a query/complaint you have raised.

If there is a specific type of data you would prefer not to provide please contact us at info@commonsensetraining.co.uk and we’ll be able to inform you of the exact implication of not supplying the information.

Customer/Learner

Type of data Purpose Legal Basis Retention Period
Learner – Names, addresses, telephone numbers, email addresses, payment details Course administration & billing Performance of a contract 7 years
Learner (P.A.L.M. Academy1) – Names, addresses, telephone numbers, email addresses and course results Award administration Performance of a contract 7 years from the day of assessment
Learner (RLSS2) – Names, addresses, telephone numbers, email addresses and course results Award administration Performance of a contract 7 years from the day of assessment
Learner (Qualsafe Awards3) – Names (first, middle, surname), data of birth, gender, telephone numbers, email address, address, signature, employer, unique learner number (ULN), centre name, centre number, course location (venue), course start/finish date, course time, course duration, answer paper number(s), qualification title, qualification number, learner placement data, data pertaining to learner performance, assessment paperwork, assessment results, learner workbooks, achievement date, certification date, learner certificate, records of achievement, reasonable adjustment and special consideration data. Common Sense Training Ltd, acting as a joint data controller will capture, process and retain Learner data obtained through the registration and assessment processes (including Learner Feedback Forms) for Qualsafe Awards. Qualsafe Awards stated purposes of the data capture:
• assessing evidence provided in support of claims for the Recognition of Prior Learning (RPL) from Learners
• making decisions on whether or not qualifications should be awarded based on assessment evidence
• awarding QA qualifications that have been successfully completed
• issuing certificates for qualifications that have been awarded
• producing a record of Learner achievements on our in-house data systems
• planning, preparing and carrying out quality assurance activity in line with our own policies and regulatory requirements
• complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA)
• checking certificate verification requests received from external sources
• processing appeals received against assessment decisions made which directly affect them
• analysing and producing statistical information for internal review purposes
Qualsafe Awards stated legal basis for processing is one of legal obligation and in some instances legitimate business interest. Qualsafe Awards will retain the data captured indefinitely for the purposes of:
• responding to data requests from the Qualification Regulators
• statistical analysis for business improvement purposes
• responding to certificate verification requests from internal and external parties
• planning and carrying out quality assurance activity.
Learner (IOSH6) – Names, unique learner identifier Award administration Performance of a contract 7 years from the day of assessment.
Complaints data To maintain a record of interaction regarding the query of complaint Legitimate Interest Complaints retained indefinitely so that data is available should a legal dispute arise. Other comments made are not retained and can be removed by the user themselves from the social media platform.
Testimonials / Course Feedback Internal quality monitoring and business promotion. Where a customer/learner provides optional qualitative feedback (descriptive) this information may be incorporated in marketing materials to promote the business. Legitimate Interest Feedback will be kept as long as the related service continues to be delivered.

Employees

Type of data Purpose Legal Basis Retention Period
Recruitment – Names, addresses, telephone numbers, email addresses, web site addresses, qualifications Recruiting staff Legitimate Interest 3 months from date of application decision.
Personnel – Names, addresses, telephone numbers, email addresses, web site addresses, National Insurance Number, qualifications, contract Administration Performance of a contract 7 years after employment ceases
Personnel – Names, payroll number, email addresses, National Insurance Number, Bank account details Administration of payroll Performance of a contract 7 years
Personnel – Special category data Equality & Diversity Monitoring Legitimate Interest 3 months after employment ceases.
Personnel registered with Qualsafe Awards as company director – Names (first, middle, surname, previous, maiden), address, telephone numbers, email addresses, centre name, registered company number, due diligence check (Directory history, disclosure/baring service, passport copy, utility bill copy), bank account name, bank account number, bank account sort code, bank address, insurance certificates & trade references Common Sense Training Ltd, acting as a joint data controller will capture, process and retain data required to complete the Qualsafe Awards Centre application process and/or further information on Centre Approval, in order that Common Sense Training Ltd can register as a Qualsafe Awards Centre. Qualsafe will use this data for the purposes of:  

• processing the Centre Approval Application and carrying out normal due diligence, including requesting any further information required from the applying Centre
• populating our in-house data systems to create a Centre profile
• contacting the Centre (once approved) on matters relating to their account
• arranging QA’s external quality assurance activity
• automatically calculating a risk rating for the Centre. This rating can either be low, medium or high. The rating is calculated based on the risk of the qualifications the Centre is approved to deliver, the quality assurance record of the Centre and the risk rating of the Trainers/Assessors/IQAs approved to deliver QA qualifications at the Centre. The Centre risk rating is used to calculate the level of internal and external quality assurance required for the Centre
• invoicing for payments due and making invoicing enquiries
• issuing reminders regarding insurance policy renewal dates
• processing appeals received from Approved Centres against decisions made by QA which directly affect them
• creating customised course delivery materials and qualification certificates for the Centre
• complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA)
• supporting investigation activity carried out by QA or the Qualification Regulators
• sending updates and marketing materials

Qualsafe Awards stated legal basis for processing is one of legal obligation and in some instances legitimate business interest. Qualsafe Awards will retain the data captured indefinitely for the purposes of:
• responding to data requests from the Qualification Regulators
• statistical analysis for business improvement purposes
• responding to certificate verification requests from internal and external parties
• planning and carrying out quality assurance activity.
Personnel registered with Qualsafe Awards as trainer/assessor/IQA – Names (first, middle, surname, previous, maiden), address, telephone numbers, email addresses, employed status, qualification titles, institution/training organisation(s), awarding organisation, award date, expiry date (if applicable), qualification title(s) (approval granted), curriculum vitae, experience evidence, further information provided to support application, signature, risk rating (approved centre generated), internal quality assurance documentation (contributing to the trainer/assessor/iqa profile), due diligence checks (disclosure and barring service). Common Sense Training Ltd, acting as a joint data controller will capture, process, retain and send Trainer/Assessor/IQA data to Qualsafe Awards. Qualsafe Awards stated purposes of usage:  

• processing the approval application and carrying out normal due diligence
• populating our in-house data systems to create a Trainer/Assessor/IQA profile
• recording training, assessment and internal quality assurance activity carried out at the Centre by the Trainer/Assessor/IQA
• awarding QA qualifications that have been successfully completed by the Trainer/Assessor/IQA
• issuing certificates for qualifications that have been awarded to the Trainer/Assessor/IQA
• making decisions on whether or not qualifications should be awarded to Trainers/Assessors/IQAs based on evidence presented to claim Recognition of Prior Learning (RPL)
• producing a Learner record of achievement for the Trainer/Assessor/IQA on our in-house data systems
• complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA)
• checking certificate verification requests received from external sources
• analysing, producing and exchanging statistical information with external stakeholders
• creating a risk rating profile based on the quality assurance activity carried out at Centre level. This risk rating profile will be used to determine what further quality assurance activity requires to be carried out and also the level of external quality assurance that QA may carry out arranging training and continuing professional development (CPD) events
• sending reminders to Trainers/Assessors/IQAs when requalification is required
• processing appeals received from Trainers/Assessors/IQAs against decisions made by QA which directly affects them
• sending updates and marketing material

Qualsafe Awards stated legal basis for processing is one of legal obligation and in some instances legitimate business interest. Qualsafe Awards will retain the data captured indefinitely for the purposes of:
• responding to data requests from the Qualification Regulators
• statistical analysis for business improvement purposes
• responding to certificate verification requests from internal and external parties
• planning and carrying out quality assurance activity.
Personnel – Names, email addresses, qualifications, photographs Marketing – Employee Biography/Profile Legitimate Interest 3 months after employment ceases

Associates

Type of data Purpose Legal Basis Retention Period
Application – Names, addresses, telephone numbers, email addresses, web site addresses, qualifications Engagement of an Associate – review of relevant qualifications/experience Legitimate Interest 3 months from date of application decision.
Delivery of services by the Associate – Names, addresses, telephone numbers, email addresses, web site addresses, qualifications, contract, bank account details Administration of Associate contract & payment of Associate Invoices Performance of a contract 7 years after associate contract ceases
Special category data e.g. race, ethnic origin Equality & Diversity Monitoring Legitimate Interest 3 months after associate contract ceases.
Personal – Names, email addresses, qualifications, photographs Marketing – Employee/Associate Bio Legitimate Interest 3 months after associate contract ceases
Personnel registered with Qualsafe Awards as trainer/assessor/IQA – Names (first, middle, surname, previous, maiden), address, telephone numbers, email addresses, employed status, qualification titles, institution/training organisation(s), awarding organisation, award date, expiry date (if applicable), qualification title(s) (approval granted), curriculum vitae, experience evidence, further information provided to support application, signature, risk rating (approved centre generated), internal quality assurance documentation (contributing to the trainer/assessor/iqa profile), due diligence checks (disclosure and barring service). Common Sense Training Ltd, acting as a joint data controller will capture, process, retain and send Trainer/Assessor/IQA data to Qualsafe Awards. Qualsafe Awards stated purposes of usage:  

• processing the approval application and carrying out normal due diligence
• populating our in-house data systems to create a Trainer/Assessor/IQA profile
• recording training, assessment and internal quality assurance activity carried out at the Centre by the Trainer/Assessor/IQA
• awarding QA qualifications that have been successfully completed by the Trainer/Assessor/IQA
• issuing certificates for qualifications that have been awarded to the Trainer/Assessor/IQA
• making decisions on whether or not qualifications should be awarded to Trainers/Assessors/IQAs based on evidence presented to claim Recognition of Prior Learning (RPL)
• producing a Learner record of achievement for the Trainer/Assessor/IQA on our in-house data systems
• complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA)
• checking certificate verification requests received from external sources
• analysing, producing and exchanging statistical information with external stakeholders
• creating a risk rating profile based on the quality assurance activity carried out at Centre level. This risk rating profile will be used to determine what further quality assurance activity requires to be carried out and also the level of external quality assurance that QA may carry out arranging training and continuing professional development (CPD) events
• sending reminders to Trainers/Assessors/IQAs when requalification is required
• processing appeals received from Trainers/Assessors/IQAs against decisions made by QA which directly affects them
• sending updates and marketing material

Qualsafe Awards stated legal basis for processing is one of legal obligation and in some instances legitimate business interest. Qualsafe Awards will retain the data captured indefinitely for the purposes of:
• responding to data requests from the Qualification Regulators
• statistical analysis for business improvement purposes
• responding to certificate verification requests from internal and external parties
• planning and carrying out quality assurance activity.

Suppliers

Type of data Purpose Legal Basis Retention Period
Supplier – Names, addresses, telephone numbers, email addresses, bank account details Supplier and procurement administration Performance of a contract 7 years – records for HMRC

Image Data

Type of data Purpose Legal Basis Retention Period
CCTV Images Crime prevention Legitimate Interest 7 days unless images are required by law enforcement/courts for the purpose of prosecution.
Images/Videos captured during course delivery, business fairs, networking events, team training and other events where images are generated suitable for marketing purposes. Marketing (Website, newsletters, brochures, social media) Legitimate Interest  

In all these situations you can expect to be notified of the potential capture of images/videos to allow you to object to the processing.

For internal marketing material e.g. website/brochures/newsletters 1 year after we stop marketing the service. For social media platforms please refer to the privacy policy of those processors detailed below. For images/videos posted to social media platforms indefinitely unless a request is received to delete/remove an image/video by the user contacting us at info@commonsensetraining.co.uk.

User Engagement (Social Media/Website/Marketing)

Type of data Purpose Legal Basis Retention Period
Social media engagement: Likes, follows, retweets, interaction statistics Marketing – Build understanding of customer base, deliver relevant content and understand the effectiveness of our advertising. Legitimate Interest Insights downloaded from social media sites are held for 38 months.5
Social media direct engagement: Comments, direct messages, user identifiers e.g. twitter handle Answer queries / complaints raised. Legitimate Interest Complaints retained indefinitely so that data is available should a legal dispute arise. Comments made are not retained and can be removed by the user themselves from the social media platform. Copies of direct messages are removed after 38 months.
Website engagement: Names, addresses, email addresses, telephone numbers, comments via contact form or comments on blog posts. Marketing – Build understanding of customer base, answer queries, resolve complaints, understand the effectiveness of our advertising. Not used to provide direct marketing material via SMS, phone email, post unless explicitly requested by the user. Legitimate Interest 38 months.
Marketing material requests e.g. for newsletter – Names, addresses, email addresses, telephone numbers, website addresses Marketing – provision of requests marketing material by the contact method that the user consents to. Consent Until consent is withdrawn by the user contacting us at info@commonsensetraining.co.uk

Technical (Website)

Type of data Purpose Legal Basis Retention Period
Website: IP address gives us a sense of the country, state or city a user comes from (also known as “IP geolocation”), device type, browser type, interaction statistics, app instance IDs Provide and protect the security of the website (www.commonsensetraining.co.uk), deliver relevant website content and understand the effectiveness of our advertising. Legitimate Interest 38 months, with data exceeding the retention basis removed automatically on a monthly basis.

Health & Safety

Type of data Purpose Legal Basis Retention Period
Accident/Incident – Name, job title, address, telephone numbers, email addresses, incident detail, (gender, age, injury details)5 Record of work-related injuries/Management of H&S Legal obligation (Health and Safety at Work etc. Act 1974 / The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) Retained indefinitely.
  1. Physical Activity and Leisure Management Academy Ltd. (P.A.L.M. Academy) provide the programme of training and qualifications related to swimming pool water treatment. We are a customer of P.A.L.M. acting in the role of a data processor when delivering their training and qualifications.
  2. The Royal Life Saving Society UK (RLSS) is the Drowning Prevention Charity and the UK’s leading provider of water safety and drowning prevention education. We are a member of the RLSS and a training provider. We act in in the role of a data processor when delivering their training and qualifications and have detailed the retention period they specify for regulated awards above. If we are delivering a non-regulated award the retention period is reduced to 2 years after all membership and awards have expired.
  3. Qualsafe Awards is one of the largest Ofqual recognised Awarding Organisations in the UK and are a joint data controller for the delivery of our First Aid qualifications. If your interaction with us relates to a course we deliver as a Qualsafe Awards registered centre or you are one of our employees, associates, trainers, assessors or IQAs delivering Qualsafe Awards qualifications you should review the Qualsafe Awards Privacy Policy.
  4. If you opt to engage with Common Sense Training Ltd via a social media platform you should be aware that the platform may process other personal data for their own purpose in their capacity as a data controller. You should familiarise yourself with the privacy policy of the relevant platform so you can make an informed decision on whether to interact with us via this means.
  5. Special category data requested in the HSE (Health and Safety Executive) RIDDOR (The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) injury report form.
  6. Institute of Occupational Safety and Health (IOSH) are the biggest health and safety membership organisation in the world. They are also the only Chartered body for health and safety professionals. We act in in the role of a data processor when delivering their training and qualifications.

Data sharing / Sub-contract processing

Organisation / Purpose / Transfer outside EEA

Organisation name / Categorisation of organisation Purpose of sharing / processing Transferred
outside EEA1?
Further information
Microsoft Data storage: Office 365 services e.g. email, document storage (SharePoint/OneDrive). Yes European Union (EU) model clauses legitimise the transfer of personal data outside of the EU. ISO 27018 compliant. ISO 27001 security benchmark for many products in Office 365 ISO 27001. Further info:
Office 365 – Continuous compliance from Office 365, Certification information, Privacy Statement
Xero Accounting: Storage of supplier & customer data/payments Yes Signed Data Processing Addendum in place. Further info: Privacy notice, GDPR centre
LK Partnership LLP Accounting: Our account who has access to Xero to prepare accounts, assist with payroll and provide professional services. No2  
Qualsafe Awards Service Delivery: We are a joint data controller along with Qualsafe Awards and share data to deliver qualifications primarily relating to first aid. No Signed Data Management Contract in place where we and Qualsafe Awards agree to act as Joint Data Controllers and agree to manage all data in line with GDPR requirements. Privacy Policy. Qualsafe Awards (QA) (a trading name of Qualsafe Limited), are registered with the ICO with registration number Z9738727.
Qualifications Regulator (Ofqual) Service Delivery: As joint data controller with Qualsafe Awards we must respond to requests from Ofqual to meet our regulatory obligations. No Personal information charter. Data transfers outside the EEA performed by Ofqual are not relevant to the data we may be required to share with them for the stated purpose.
RLSS UK Service Delivery: We are a data processor for RLSS UK and share data to deliver qualifications primarily relating to lifeguarding. No Data is stored in UK data centres operated by organisations with ISO 270001 certification. Privacy Policy
P.A.L.M. Academy Service Delivery: We are a data processor for P.A.L.M. Academy and share data to deliver qualifications primarily relating to pool plant operation. No  
Associates Service Delivery: We share customer data with our associate trainers for the purpose of service delivery. Yes3 Personal data is either transferred using Microsoft Office 365 products or is paper based. Paper records are returned to us at the completion of the service delivery for processing. All our Associates deliver services under a written contract with defines that they must comply with our data privacy requirements.
Santander UK plc Banking: Bank sort codes and account numbers are stored for the efficient processing of payments. Yes Privacy statement including details of the safeguards put in place to protect data that is transferred outside the EEA. Privacy Statement
Holly Small Design Marketing: Website/advertising material development. Images/videos, testimonials, comments shared for inclusion as content. No Privacy Policy
Printers Marketing: Advertising material development. Images/videos, testimonials, comments shared for inclusion as content. No  
GoDaddy.com, LLC Marketing (Web hosting): Storage of data entered into our website, images/videos, testimonials, comments & technical data. Usage insights are extracted and stored in Microsoft Office 365. Yes Website is hosted in a datacentre in Scottsdale, Arizona, USA. Privacy Policy
Google Marketing: Tracks website usage data. Usage insights are extracted and stored in Microsoft Office 365.  

Security: reCAPTCHA is used to fight spam and abuse on the website originating from contact forms.

Yes Google Privacy Policy.
Google Analytics data privacy and security
Google comply with the EU-US and Swiss-US Privacy Shield Frameworks and incorporate EU model contract clauses with regard to transfer of data outside the EEA. Legal framework for data transfers.
Monster Insights LLC Marketing: MonsterInsights is the most popular Google Analytics plugin for WordPress. It is used to integrate the Google website usage data tracking into our website. Yes Privacy Policy
Facebook Marketing: Usage insights are extracted and stored in Microsoft Office 365. Yes Data Policy
What is the General Data Protection Regulation (GDPR)?
Pages, Groups and Events Policies
Information controlled by Facebook Ireland will be transferred or transmitted to, or stored and processed in, the United States or other countries outside where you live for the purposes as described in their Data Policy.
Twitter Marketing: Usage insights are extracted and stored in Microsoft Office 365. Yes Privacy Policy
Twitter for Business FAQ
See “Our Global Operations and Privacy Shield” in the Privacy Policy for details of data transferred to the United States, Ireland and other countries where Twitter operate.
Humphreys Data Management Document Destruction: Secure removal and destruction of paper documentation. No Compliant with BS EN 15713. Data processing schedule agreement in place with this supplier.
Government Bodies e.g. HMRC, ICO, law enforcement, courts Legal Requirement: To comply with legal requests for information. Yes HMRC Privacy Notice
ICO Privacy Notice
Law Enforcement / Courts Legal Requirement: To comply with legal requirements and for the administration of justice. Yes4  
Netgear CCTV: Netgear provide the security cameras and secure on-line storage for images we capture for the purpose of crime prevention. Yes Privacy Policy
GDPR and Privacy
Apple Inc. Data transfer: Where images/email are transferred using Apple Inc products the data will be processed in the Apple iCloud product. Yes Privacy Policy
iCloud Security Overview
IOSH Service Delivery: We are a data processor for IOSH and share data to deliver qualifications primarily relating to health & safety. Yes Privacy Notice
GDPR
Eventbrite Inc. Service Delivery / Marketing: Advertising of course availability and on-line booking. Yes Privacy Policy
  1. EEA – European Economic Area
  2. No – Data is not transferred out of EEA by this organisation for processing, but information accessed is held in Xero which does hold the data outside the EEA.
  3. Yes as data is transferred using Microsoft Office 365.
  4. Data may be transferred outside the EEA as The Court of Justice of the European Union, in certain circumstances can be used to settle legal disputes.

Keeping your data secure

We exercise great care in providing secure transmission of your information. Personal information collected is stored in secure operating environments or disposed of securely where it is not received in electronic format. We ensure that we review the privacy policies where we share your information or rely on sub-processors. Our security procedures mean that we may occasionally request proof of identity before we disclose your personal information to you. Please understand, however, that while we try our best to safeguard your personal information once we receive it, no transmission of data over the internet or any other public network can be guaranteed to be 100% secure.

Automated decision-making / profiling

We do not use automated decision-marking / profiling.

Changes to this privacy notice

We may from time to time publish changes to this privacy notice here. In these instances the changes made will be documented so that you can make an informed decision as to whether you wish to continue to engage with us under the terms of the revised privacy notice. If you do not agree to the revisions you should cease you engagement with us immediately.

Last Updated: 24th February 2019
Version: 1.6
Changes:
1.6 Added details for Institution of Occupational Safety and Health (IOSH) & Eventbrite Inc.
1.5 Updated URL for RLSS privacy policy
1.4 Added information relating to Monster Insights LLC
1.3 reCAPTCHA is used to fight spam and abuse on the website originating from contact forms.
1.2 P.A.L.M. Academy confirmed data is not transferred outside the E.E.A.
1.1 Spelling mistake corrections
1.0 (First Publication)