Privacy Notice Download

Download our privacy notice as a PDF

Download the privacy notice as a PDF file.

General Information

Who are we?

The terms “we”, “us” or “our” shall refer to Common Sense Training Ltd.

What’s covered by this privacy notice?

We take your privacy seriously and believe that by being clear about how we use your personal information will allow us to build trust with our customers, suppliers and employees. The privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services. We’ll tell you:

  • why we are able to process your information
  • what purpose we are processing it for
  • whether you have to provide it to us
  • how long we store it for
  • whether there are other recipients of your personal information
  • whether we intend to transfer it to another country, and
  • whether we do automated decision-making or profiling.

If you go to another website from this one, read the privacy policy on that website to find out what the associated owner does with your information.

Registration with the Information Commissioner’s Office

For the purposes of processing of your personal data we act as a data controller, joint data controller and a data processor. Further details can be found in the section, “Personal Data Processed”.

We are registered with the Information Commissioner’s Office as a data controller with registration number ZA431777. You can contact our data protection officer by email at [email protected].

  • data controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed
  • data processor, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller
  • processing, in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:
    • organisation, adaptation or alteration of the information or data,
    • retrieval, consultation or use of the information or data,
    • disclosure of the information or data by transmission, dissemination or otherwise making available, or
    • alignment, combination, blocking, erasure or destruction of the information or data

How do we get information?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have requested information about one of our services.
  • You wish to attend, or have attended one of the courses we deliver.
  • You have made a complaint or enquiry to us.
  • You have applied to, or have delivered services on our behalf as an associate trainer, assessor or in some other capacity.
  • You are a supplier and have provided your details for the fulfilment of a contract.
  • You have consented to receive marketing materials from us.
  • You choose to follow our company via a social media channel e.g. by liking our Facebook page or following our Twitter profile.

We also receive personal information indirectly, in the following scenarios:

  • Your employer has provided your details in order to register you for one of the courses we deliver.
  • Someone involved in the delivery of our services e.g. an associate trainer has given your contact details as an emergency contact or a referee.
  • You have agreed to accept cookies on our website. For further information about the information we collect via cookies, please refer to our cookie policy.
  • Your details were captured by a social media platform you chose to interact with in accordance with their privacy policy.
  • Your image was captured during one of courses, at a networking event or other marketing event and may appear in our marketing materials. In all these situations you can expect to be notified of the potential capture of images/videos to allow you to object to the processing.
  • Your image was captured by our CCTV.

Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. For each of your rights we have provided a link to allow you to obtain the latest information on these rights directly from the Information Commissioner’s Office (ICO) website (https://ico.org.uk).

  • Your right to be informed if your personal data is being used
    This privacy policy provides you with clear and concise information concerning how your personal data is used by Common Sense Training Ltd. (ICO: Your right to be informed if your personal data is being used).
  • Your right of access
    You always have the right to ask us for copies of your personal information. (ICO: Your right to get copies of your data)
  • Your right to rectification
    You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. (ICO: Your right to get your data corrected)
  • Your right to erasure (right to be forgotten)
    You have the right to ask us to erase your personal information in certain circumstances. (ICO: Your right to get your data deleted)
  • Your right to restriction of processing
    You have the right to ask us to restrict the processing of your information in certain circumstances. For example if you are concerned about the accuracy of the data or how it is being used. (ICO: Your right to limit how organisations use your data)
  • Your right to data portability
    This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. (ICO: Your right to data portability)
  • Your right to object to processing
    You have the right to object to processing (use) in some circumstances. This right applies where we are processing your data for our legitimate interests or direct marketing. (ICO: The right to object to the use of your data).
  • Your right regarding automated decision making/profiling
    We do not process personal data where automated decision-making or profiling is used. (ICO: Your rights relating to decision being made about you without human involvement)

How to raise a concern

You have the right to raise a concern with us about how we are using your data. This allows us the opportunity to respond and demonstrate that we are serious about handling your personal information responsibly. Please raise any concerns by addressing them to our data protection officer who can be contacted at [email protected]. (ICO: Raising a concern with an organisation).

If you are not satisfied with our response you can complain to the Information Commissioner’s Office. (ICO: Make a complaint).

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow SK9 5AF
t: 0303 123 1113
e: [email protected]

Subject Access Requests

You are not required to pay any charge for exercising your rights. We have one calendar month to respond to you. Please contact us at [email protected] if you wish to make a request.

Personal Data Processed

Age Restrictions

Our Services are available for purchase only for those over the age of 16. Our Services are not targeted to, intended to be consumed by or designed to entice individuals under the age of 16. If you know of or have reason to believe anyone under the age of 16 has provided us with any personal data, please contact us.

What happens if you don’t provide your data?

You do not have to provide us with any personal information, however failure to do so may result in one of the following issues.

  • We will be unable to register you for a course/training/service. This relates especially to the non-provision of age related information which in some instances must be provided to awarding bodies where the qualification has a legal minimum age restriction.
  • We will be unable to process any course paperwork or action any requests to award qualifications and issue certificates.
  • We will be unable to make payment or query services you have delivered.
  • We may not be able to answer a query/complaint you have raised.

If there is a specific type of data you would prefer not to provide please contact us at [email protected] and we’ll be able to inform you of the exact implication of not supplying the information.

Customer / Learner

Type of dataPurposeLegal BasisRetention Period
Learner – Names, addresses, telephone numbers, email addresses, payment detailsCourse administration & billingPerformance of a contract7 years
Learner (P.A.L.M. Academy1) – Names, addresses, telephone numbers, email addresses and course resultsAward administrationPerformance of a contract7 years from the day of assessment
Learner (RLSS2) – Names, addresses, telephone numbers, email addresses and course resultsAward administrationPerformance of a contract7 years from the day of assessment
Learner (Qualsafe Awards3) – Names (first, middle, surname), data of birth, gender, telephone numbers, email address, address, signature, employer, unique learner number (ULN), centre name, centre number, course location (venue), course start/finish date, course time, course duration, answer paper number(s), qualification title, qualification number, learner placement data, data pertaining to learner performance, assessment paperwork, assessment results, learner workbooks, achievement date, certification date, learner certificate, records of achievement, reasonable adjustment and special consideration data.Common Sense Training Ltd, acting as a joint data controller will capture, process and retain Learner data obtained through the registration and assessment processes (including Learner Feedback Forms) for Qualsafe Awards. Qualsafe Awards stated purposes of the data capture: • assessing evidence provided in support of claims for the Recognition of Prior Learning (RPL) from Learners • making decisions on whether or not qualifications should be awarded based on assessment evidence • awarding QA qualifications that have been successfully completed • issuing certificates for qualifications that have been awarded • producing a record of Learner achievements on our in-house data systems • planning, preparing and carrying out quality assurance activity in line with our own policies and regulatory requirements • complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA) • checking certificate verification requests received from external sources • processing appeals received against assessment decisions made which directly affect them • analysing and producing statistical information for internal review purposesQualsafe Awards stated legal basis for processing is one of legal obligation and in some instances legitimate business interest.Qualsafe Awards will retain the data captured indefinitely for the purposes of: • responding to data requests from the Qualification Regulators • statistical analysis for business improvement purposes • responding to certificate verification requests from internal and external parties • planning and carrying out quality assurance activity.
Learner (IOSH6&7) – Names, unique learner identifierAward administrationPerformance of a contract7 years from the day of assessment.
Learner (STA8) – Name, address, date of birth, contact detailsQualification administrationPerformance of a contractFor lifetime of qualification
Learner (Nuco Training Ltd.9) Name, email address and date of birth. Gender and a postcode are only collected if a learner requests entry of their achievement onto their Personal Learning Record.
Collection of learner’s special category data when a reasonable adjustment is granted.
Administration and certification of Nuco Training courses and FAA qualifications and data that is collected during qualification delivery and on official course paperwork/documentation.Refer to:
Nuco Training Learner Privacy Policy

Nuco Training Data Protection Policy
Full course paperwork packs are retained for three years and six months from the final date of the course to provide evidence of a learner’s achievement.
Complaints dataTo maintain a record of interaction regarding the query of complaintLegitimate InterestComplaints retained indefinitely so that data is available should a legal dispute arise. Other comments made are not retained and can be removed by the user themselves from the social media platform.
Testimonials / Course FeedbackInternal quality monitoring and business promotion. Where a customer/learner provides optional qualitative feedback (descriptive) this information may be incorporated in marketing materials to promote the business.Legitimate InterestFeedback will be kept as long as the related service continues to be delivered.

Employees

Type of dataPurposeLegal BasisRetention Period
Recruitment – Names, addresses, telephone numbers, email addresses, web site addresses, qualificationsRecruiting staffLegitimate Interest3 months from date of application decision.
Personnel – Names, addresses, telephone numbers, email addresses, web site addresses, National Insurance Number, qualifications, contractAdministrationPerformance of a contract7 years after employment ceases
Personnel – Names, payroll number, email addresses, National Insurance Number, Bank account detailsAdministration of payrollPerformance of a contract7 years
Personnel – Special category dataEquality & Diversity MonitoringLegitimate Interest3 months after employment ceases.
Personnel registered with Qualsafe Awards as company director – Names (first, middle, surname, previous, maiden), address, telephone numbers, email addresses, centre name, registered company number, due diligence check (Directory history, disclosure/baring service, passport copy, utility bill copy), bank account name, bank account number, bank account sort code, bank address, insurance certificates & trade referencesCommon Sense Training Ltd, acting as a joint data controller will capture, process and retain data required to complete the Qualsafe Awards Centre application process and/or further information on Centre Approval, in order that Common Sense Training Ltd can register as a Qualsafe Awards Centre. Qualsafe will use this data for the purposes of: • processing the Centre Approval Application and carrying out normal due diligence, including requesting any further information required from the applying Centre • populating our in-house data systems to create a Centre profile • contacting the Centre (once approved) on matters relating to their account • arranging QA’s external quality assurance activity • automatically calculating a risk rating for the Centre. This rating can either be low, medium or high. The rating is calculated based on the risk of the qualifications the Centre is approved to deliver, the quality assurance record of the Centre and the risk rating of the Trainers/Assessors/IQAs approved to deliver QA qualifications at the Centre. The Centre risk rating is used to calculate the level of internal and external quality assurance required for the Centre • invoicing for payments due and making invoicing enquiries • issuing reminders regarding insurance policy renewal dates • processing appeals received from Approved Centres against decisions made by QA which directly affect them • creating customised course delivery materials and qualification certificates for the Centre • complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA) • supporting investigation activity carried out by QA or the Qualification Regulators • sending updates and marketing materialsQualsafe Awards stated legal basis for processing is one of legal obligation and in some instances legitimate business interest.Qualsafe Awards will retain the data captured indefinitely for the purposes of: • responding to data requests from the Qualification Regulators • statistical analysis for business improvement purposes • responding to certificate verification requests from internal and external parties • planning and carrying out quality assurance activity.
Personnel registered with Qualsafe Awards as trainer/assessor/IQA – Names (first, middle, surname, previous, maiden), address, telephone numbers, email addresses, employed status, qualification titles, institution/training organisation(s), awarding organisation, award date, expiry date (if applicable), qualification title(s) (approval granted), curriculum vitae, experience evidence, further information provided to support application, signature, risk rating (approved centre generated), internal quality assurance documentation (contributing to the trainer/assessor/iqa profile), due diligence checks (disclosure and barring service).Common Sense Training Ltd, acting as a joint data controller will capture, process, retain and send Trainer/Assessor/IQA data to Qualsafe Awards. Qualsafe Awards stated purposes of usage: • processing the approval application and carrying out normal due diligence • populating our in-house data systems to create a Trainer/Assessor/IQA profile • recording training, assessment and internal quality assurance activity carried out at the Centre by the Trainer/Assessor/IQA • awarding QA qualifications that have been successfully completed by the Trainer/Assessor/IQA • issuing certificates for qualifications that have been awarded to the Trainer/Assessor/IQA • making decisions on whether or not qualifications should be awarded to Trainers/Assessors/IQAs based on evidence presented to claim Recognition of Prior Learning (RPL) • producing a Learner record of achievement for the Trainer/Assessor/IQA on our in-house data systems • complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA) • checking certificate verification requests received from external sources • analysing, producing and exchanging statistical information with external stakeholders • creating a risk rating profile based on the quality assurance activity carried out at Centre level. This risk rating profile will be used to determine what further quality assurance activity requires to be carried out and also the level of external quality assurance that QA may carry out arranging training and continuing professional development (CPD) events • sending reminders to Trainers/Assessors/IQAs when requalification is required • processing appeals received from Trainers/Assessors/IQAs against decisions made by QA which directly affects them • sending updates and marketing materialQualsafe Awards stated legal basis for processing is one of legal obligation and in some instances legitimate business interest.Qualsafe Awards will retain the data captured indefinitely for the purposes of: • responding to data requests from the Qualification Regulators • statistical analysis for business improvement purposes • responding to certificate verification requests from internal and external parties • planning and carrying out quality assurance activity.
Personnel registered with STA8 as a member – Name, address, data of birth, contact information, email address, membership numberAdministrationPerformance of a contractOne year after subscription lapses
Personnel – Names, email addresses, qualifications, photographsMarketing – Employee Biography/ProfileLegitimate Interest3 months after employment ceases

Associates

Type of dataPurposeLegal BasisRetention Period
Application – Names, addresses, telephone numbers, email addresses, web site addresses, qualificationsEngagement of an Associate – review of relevant qualifications/experienceLegitimate Interest3 months from date of application decision.
Delivery of services by the Associate – Names, addresses, telephone numbers, email addresses, web site addresses, qualifications, contract, bank account detailsAdministration of Associate contract & payment of Associate InvoicesPerformance of a contract7 years after associate contract ceases
Special category data e.g. race, ethnic originEquality & Diversity MonitoringLegitimate Interest3 months after associate contract ceases.
Personal – Names, email addresses, qualifications, photographsMarketing – Employee/Associate BioLegitimate Interest3 months after associate contract ceases
Personnel registered with Qualsafe Awards as trainer/assessor/IQA – Names (first, middle, surname, previous, maiden), address, telephone numbers, email addresses, employed status, qualification titles, institution/training organisation(s), awarding organisation, award date, expiry date (if applicable), qualification title(s) (approval granted), curriculum vitae, experience evidence, further information provided to support application, signature, risk rating (approved centre generated), internal quality assurance documentation (contributing to the trainer/assessor/iqa profile), due diligence checks (disclosure and barring service).Common Sense Training Ltd, acting as a joint data controller will capture, process, retain and send Trainer/Assessor/IQA data to Qualsafe Awards. Qualsafe Awards stated purposes of usage: • processing the approval application and carrying out normal due diligence • populating our in-house data systems to create a Trainer/Assessor/IQA profile • recording training, assessment and internal quality assurance activity carried out at the Centre by the Trainer/Assessor/IQA • awarding QA qualifications that have been successfully completed by the Trainer/Assessor/IQA • issuing certificates for qualifications that have been awarded to the Trainer/Assessor/IQA • making decisions on whether or not qualifications should be awarded to Trainers/Assessors/IQAs based on evidence presented to claim Recognition of Prior Learning (RPL) • producing a Learner record of achievement for the Trainer/Assessor/IQA on our in-house data systems • complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA) • checking certificate verification requests received from external sources • analysing, producing and exchanging statistical information with external stakeholders • creating a risk rating profile based on the quality assurance activity carried out at Centre level. This risk rating profile will be used to determine what further quality assurance activity requires to be carried out and also the level of external quality assurance that QA may carry out arranging training and continuing professional development (CPD) events • sending reminders to Trainers/Assessors/IQAs when requalification is required • processing appeals received from Trainers/Assessors/IQAs against decisions made by QA which directly affects them • sending updates and marketing materialQualsafe Awards stated legal basis for processing is one of legal obligation and in some instances legitimate business interest.Qualsafe Awards will retain the data captured indefinitely for the purposes of: • responding to data requests from the Qualification Regulators • statistical analysis for business improvement purposes • responding to certificate verification requests from internal and external parties • planning and carrying out quality assurance activity.
Personnel registered with STA8 as a member – Name, address, data of birth, contact information, email address, membership numberAdministrationPerformance of a contractOne year after subscription lapses

Suppliers

Type of dataPurposeLegal BasisRetention Period
Supplier – Names, addresses, telephone numbers, email addresses, bank account detailsSupplier and procurement administrationPerformance of a contract7 years – records for HMRC

Image Data

Type of dataPurposeLegal BasisRetention Period
CCTV ImagesCrime preventionLegitimate Interest7 days unless images are required by law enforcement/courts for the purpose of prosecution.
Images/Videos captured during course delivery, business fairs, networking events, team training and other events where images are generated suitable for marketing purposes.Marketing (Website, newsletters, brochures, social media)Legitimate Interest In all these situations you can expect to be notified of the potential capture of images/videos to allow you to object to the processing.For internal marketing material e.g. website/brochures/newsletters 1 year after we stop marketing the service. For social media platforms please refer to the privacy policy of those processors detailed below. For images/videos posted to social media platforms indefinitely unless a request is received to delete/remove an image/video by the user contacting us at [email protected].

User Engagement (Social Media/Website/Marketing)

Type of dataPurposeLegal BasisRetention Period
Social media engagement: Likes, follows, retweets, interaction statisticsMarketing – Build understanding of customer base, deliver relevant content and understand the effectiveness of our advertising.Legitimate InterestInsights downloaded from social media sites are held for 38 months.5
Social media direct engagement: Comments, direct messages, user identifiers e.g. twitter handleAnswer queries / complaints raised.Legitimate InterestComplaints retained indefinitely so that data is available should a legal dispute arise. Comments made are not retained and can be removed by the user themselves from the social media platform. Copies of direct messages are removed after 38 months.
Website engagement: Names, addresses, email addresses, telephone numbers, comments via contact form or comments on blog posts.Marketing – Build understanding of customer base, answer queries, resolve complaints, understand the effectiveness of our advertising. Not used to provide direct marketing material via SMS, phone email, post unless explicitly requested by the user.Legitimate Interest38 months.
Marketing material requests e.g. for newsletter – Names, addresses, email addresses, telephone numbers, website addressesMarketing – provision of requests marketing material by the contact method that the user consents to.ConsentUntil consent is withdrawn by the user contacting us at [email protected]

Technical (Website)

Type of dataPurposeLegal BasisRetention Period
Website: IP address gives us a sense of the country, state or city a user comes from (also known as “IP geolocation”), device type, browser type, interaction statistics, app instance IDsProvide and protect the security of the website (www.commonsensetraining.co.uk / www.firstaidcalculator.com), deliver relevant website content and understand the effectiveness of our advertising.Legitimate Interest38 months, with data exceeding the retention basis removed automatically on a monthly basis.

Health & Safety

Type of dataPurposeLegal BasisRetention Period
Accident/Incident – Name, job title, address, telephone numbers, email addresses, incident detail, (gender, age, injury details)5Record of work-related injuries/Management of H&SLegal obligation (Health and Safety at Work etc. Act 1974 / The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013)Retained indefinitely.
  1. Physical Activity and Leisure Management Academy Ltd. (P.A.L.M. Academy) provide the programme of training and qualifications related to swimming pool water treatment. We are a customer of P.A.L.M. acting in the role of a data processor when delivering their training and qualifications.
  2. The Royal Life Saving Society UK (RLSS) is the Drowning Prevention Charity and the UK’s leading provider of water safety and drowning prevention education. We are a member of the RLSS and a training provider. We act in in the role of a data processor when delivering their training and qualifications and have detailed the retention period they specify for regulated awards above. If we are delivering a non-regulated award the retention period is reduced to 2 years after all membership and awards have expired.
  3. Qualsafe Awards is one of the largest Ofqual recognised Awarding Organisations in the UK and are a joint data controller for the delivery of our First Aid qualifications. If your interaction with us relates to a course we deliver as a Qualsafe Awards registered centre or you are one of our employees, associates, trainers, assessors or IQAs delivering Qualsafe Awards qualifications you should review the Qualsafe Awards Privacy Policy.
  4. If you opt to engage with Common Sense Training Ltd via a social media platform you should be aware that the platform may process other personal data for their own purpose in their capacity as a data controller. You should familiarise yourself with the privacy policy of the relevant platform so you can make an informed decision on whether to interact with us via this means.
  5. Special category data requested in the HSE (Health and Safety Executive) RIDDOR (The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) injury report form.
  6. Institute of Occupational Safety and Health (IOSH) are the biggest health and safety membership organisation in the world. They are also the only Chartered body for health and safety professionals. In partnership with Tall Man Solutions7 Ltd who are an IOSH approved provider we provide IOSH courses. We act in the role of a data processor when delivering their training and qualifications.
  7. Tall Man Solutions Ltd (company number 10465311) work in partnership with us to deliver IOSH6 qualifications that we advertise to our clients. We act in the role of a data processor when delivering IOSH training and qualifications. Tall Man Solutions Ltd have signed an associate agreement with us.
  8. Safety Training Awards (STA) are the awarding organisation of The Swimming Teachers’ Association. They are a registered charity number 1051631 in England and Wales and SC041988 in Scotland. We act in the role of a data processor when delivering their training and qualifications.
  9. Nuco Training Ltd. (company number 03684918) is an approved centre with First Aid Awards Ltd, an Ofqual and SQA regulated awarding organisation. We act in the role of a data processor when delivering their training and qualifications.

Data sharing / Sub-contractor processing

Organisation / Purpose / Transfer outside EEA

Organisation name / Categorisation of organisationPurpose of sharing / processingTransferred outside EEA1?Further information
MicrosoftData storage: Office 365 services e.g. email, document storage (SharePoint/OneDrive).YesEuropean Union (EU) model clauses legitimise the transfer of personal data outside of the EU. ISO 27018 compliant. ISO 27001 security benchmark for many products in Office 365 ISO 27001. Further info: Privacy Statement
XeroAccounting: Storage of supplier & customer data/paymentsYesSigned Data Processing Addendum in place. Further info: Privacy notice, GDPR centre
RWR Bookkeeping Services LimitedAccounting: Our account who has access to Xero to prepare accounts, assist with payroll and provide professional services.No2
Qualsafe AwardsService Delivery: We are a joint data controller along with Qualsafe Awards and share data to deliver qualifications primarily relating to first aid.NoSigned Data Management Contract in place where we and Qualsafe Awards agree to act as Joint Data Controllers and agree to manage all data in line with GDPR requirements. Privacy Policy. Qualsafe Awards (QA) (a trading name of Qualsafe Limited), are registered with the ICO with registration number Z9738727.
Qualifications Regulator (Ofqual)Service Delivery: As joint data controller with Qualsafe Awards we must respond to requests from Ofqual to meet our regulatory obligations.NoPersonal information charter. Data transfers outside the EEA performed by Ofqual are not relevant to the data we may be required to share with them for the stated purpose.
RLSS UKService Delivery: We are a data processor for RLSS UK and share data to deliver qualifications primarily relating to pool safety.NoData is stored in UK data centres operated by organisations with ISO 270001 certification. Privacy Policy
P.A.L.M. AcademyService Delivery: We are a data processor for P.A.L.M. Academy and share data to deliver qualifications primarily relating to pool plant operation.No
STAService Delivery: We are a data processor for STA and share data to deliver qualifications primarily relating to pool safety.Refer to latest STA privacy policySTA Privacy Policy
AssociatesService Delivery: We share customer data with our associate trainers for the purpose of service delivery.Yes3Personal data is either transferred using Microsoft Office 365 products or is paper based. Paper records are returned to us at the completion of the service delivery for processing. All our Associates deliver services under a written contract with defines that they must comply with our data privacy requirements.
Santander UK plcBanking: Bank sort codes and account numbers are stored for the efficient processing of payments.YesPrivacy statement including details of the safeguards put in place to protect data that is transferred outside the EEA. Privacy Statement
Holly Small DesignMarketing: Website/advertising material development. Images/videos, testimonials, comments shared for inclusion as content.NoPrivacy Policy
PrintersMarketing: Advertising material development. Images/videos, testimonials, comments shared for inclusion as content.No
GoDaddy.com, LLCMarketing (Web hosting): Storage of data entered into our website, images/videos, testimonials, comments & technical data. Usage insights are extracted and stored in Microsoft Office 365.YesPrivacy Policy
Website hosted in Europe but backups are stored in North America.
GoogleMarketing: Tracks website usage data. Usage insights are extracted and stored in Microsoft Office 365. Security: reCAPTCHA is used to fight spam and abuse on the website originating from contact forms.YesGoogle Privacy Policy. Google Analytics data privacy and security Google comply with the EU-US and Swiss-US Privacy Shield Frameworks and incorporate EU model contract clauses with regard to transfer of data outside the EEA. Legal framework for data transfers.
FacebookMarketing: Usage insights are extracted and stored in Microsoft Office 365.YesData Policy What is the General Data Protection Regulation (GDPR)? Pages, Groups and Events Policies Information controlled by Facebook Ireland will be transferred or transmitted to, or stored and processed in, the United States or other countries outside where you live for the purposes as described in their Data Policy.
TwitterMarketing: Usage insights are extracted and stored in Microsoft Office 365.YesPrivacy Policy Twitter for Business FAQ See “Our Global Operations and Privacy Shield” in the Privacy Policy for details of data transferred to the United States, Ireland and other countries where Twitter operate.
Humphreys ShredpointDocument Destruction: Secure removal and destruction of paper documentation.No
Government Bodies e.g. HMRC, ICO, law enforcement, courtsLegal Requirement: To comply with legal requests for information.YesHMRC Privacy Notice ICO Privacy Notice
Law Enforcement / CourtsLegal Requirement: To comply with legal requirements and for the administration of justice.Yes4
NetgearCCTV: Netgear provide the security cameras and secure on-line storage for images we capture for the purpose of crime prevention.YesPrivacy Policy GDPR and Privacy
Apple Inc.Data transfer: Where images/email are transferred using Apple Inc products the data will be processed in the Apple iCloud product.YesPrivacy Policy iCloud Security Overview
IOSHService Delivery: We are a data processor for IOSH and share data to deliver qualifications primarily relating to health & safety.YesPrivacy Notice GDPR
Eventbrite Inc.Service Delivery / Marketing: Advertising of course availability and on-line booking.YesPrivacy Policy
Nuco Training Ltd.Service Delivery: We are a data processor and share learner data to deliver qualifications primarily relating to mental health first aid.No, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Nuco Training Learner Privacy Policy

Nuco Training Data Protection Policy
  1. EEA – European Economic Area
  2. No – Data is not transferred out of EEA by this organisation for processing, but information accessed is held in Xero which does hold the data outside the EEA.
  3. Yes as data is transferred using Microsoft Office 365.
  4. Data may be transferred outside the EEA as The Court of Justice of the European Union, in certain circumstances can be used to settle legal disputes.

Keeping your data secure

We exercise great care in providing secure transmission of your information. Personal information collected is stored in secure operating environments or disposed of securely where it is not received in electronic format. We ensure that we review the privacy policies where we share your information or rely on sub-processors. Our security procedures mean that we may occasionally request proof of identity before we disclose your personal information to you. Please understand, however, that while we try our best to safeguard your personal information once we receive it, no transmission of data over the internet or any other public network can be guaranteed to be 100% secure.

Automated decision-making / profiling

We do not use automated decision-marking / profiling.

Changes to this privacy notice

Last Updated: 12th June 2022
Version: 1.18
Changes:
1.18 Updated URL for Xero Privacy Policy.
1.17 ICO “Your right of access” updated to “Your right to get copies of your data” along with associated URL update.
1.16 Update to accountancy firm with access to Xero.
1.15 Update to registered office address.
1.14 Updated url for GoDaddy privacy policy.
1.13 Added details for Nuco Training Ltd.
1.12 Updated correspondence address.
1.11 Added details for Safety Training Awards. Made clear that delivery of IOSH qualifications is via our partnership with Tall Man Solutions Ltd who are an IOSH approved provider.
1.10 Correct broken hyperlinks relating to Microsoft privacy statement for Office 365.
1.9 Included new website https://firstaidcalculator.com. Website backups are stored in North America so GoDaddy do transfer data outside the EEA.
1.8 Monster Insights LLC is no longer used to process Google Analytics data, Google Site Kit is used instead.
Website is now hosted in Europe rather than US. 1.7 Secure removal and destruction of documents now untaken by Humphreys Shredpoint rather than Humphreys Data Management
1.6 Added details for Institution of Occupational Safety and Health (IOSH) & Eventbrite Inc.
1.5 Updated URL for RLSS privacy policy
1.4 Added information relating to Monster Insights LLC
1.3 reCAPTCHA is used to fight spam and abuse on the website originating from contact forms.
1.2 P.A.L.M. Academy confirmed data is not transferred outside the E.E.A.
1.1 Spelling mistake corrections
1.0 (First Publication)

Home > More Info > Privacy Notice