General Data Protection Regulations (GDPR) 2018: Privacy Notice.
The General Data Protection Regulations (GDPR) apply to any person or organisation that collects, processes, stores or shares personal data about individuals.
Under the regulations people own their own data and other people are not allowed to col-lect, process, store or share personal data without permission. They must explain why they want to collect the data, what they are going to do with it, how long they keep it, how they protect it, and how they will safely dispose of it. If they hold any personal data, for which they do not have permission, they need to get permission or dispose of it.
A Data Controller is any person with responsibility for acquiring personal data and deter-mining the purposes and means of the processing of that data under the terms of the General Data Protection Regulations (GDPR).
A Data Processor is any person who manages, modifies, stores, or analyses personal data on behalf of, or in conjunction with, the data controller.
In the case of Lincs Nicola Beattie is the Data Controller and the Data Processor.
Lincs is entitled to collect data, for example in order to comply with contractual obligations, to comply with other legal requirements and in the pursuit of its legitimate business interests. Wherever possible we want to obtain the consent of clients and course members to enable us to do this.
These days people are rightly becoming more concerned about the amount of detailed information companies have been gathering about us and how it is being traded and used to control the information we see and the choices we make.
Lincs does not trawl for data to trade with other commercial companies but we do need some information to enable us to provide a good service. For example, we need contact details to contact you with information about training or developments or any work we are doing for you. We need to share these with the post office or courier services if we send you letters or parcels.
This Privacy Notice explains in detail the types of personal data we at Lincs may collect about you when you interact with us in various ways. It also explains how we’ll store, handle and protect that data.
We want you to be fully informed about your rights, and how Lincs may use your data, so we have included some information here. We hope the following sections will answer any questions you have but if not, please do get in touch with us.
Lincs is an education consultancy based in Lancashire.
The Legal Framework
The law on data protection sets out a number of different reasons why a company may collect and process your personal data.
• Consent – In specific situations, we can collect and process your data with your consent. (For example, when you tick a box to receive emails and/or newsletters, or when you sign up for a course).
• Contractual obligations – In certain circumstances, we need your personal data to comply with any contractual obligations. (For example, if an Associate is delivering training for you we’ll collect your address details and pass them to the trainers delivering your course so that they can find you, or contact you prior to the training).
• Legal compliance – If the law requires us to, we may need to collect and process your data. (For example, we can pass on details of people involved in fraud or other criminal activity affecting our business to law enforcement. We may also be asked to provide in-formation in relation to civil cases and child protection investigations).
• Legitimate interest – In specific situations, we may require your data to pursue our legiti-mate interests in a way which might reasonably be expected as part of running our business which does not materially impact on your rights, freedom or interests.
When we collect your personal data
Data can be collected in a variety of ways.
• When you visit our website, call us on the phone, or email us.
• When you contact us by any means with queries, comments, compliments, complaints etc.
• When you complete signing-in sheets as part of a training course.
• When you complete course registration documents at the beginning of a training course.
• When you complete an evaluation at the end of a training course.
• When trainers complete their training record of what was taught on your course.
• When trainers write out course certificates on successful completion of a training course.
• When you complete surveys or questionnaires we send you.
• When you fill in any forms in relation to our business with you.
• We may collect data from publicly-available sources (such as Land Registry and Google Maps) when you have given your consent to share information or where the information is made public as a matter of law.
What sort of personal data we collect
A variety of data may be collected.
• Details of your interactions with us. For example, we may keep notes from our conversations with you, details of any compliments, comments or complaints you make, and records of communications by email.
• Details of your visits to our website and contributions to online conversations.
Why we need to collect your personal data
We collect your personal data to enable us comply with our legal obligations and to con-tact you as part of the services we deliver. Your details may need to be passed to a third party to supply or deliver the product or service that you ordered (e.g. Team-Teach Train-ing) and we may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as refunds, guarantees and so on. Training may be delivered on our behalf by independent contractors who are also responsible for complying with GDPR.
We need to keep records to inform future communications (for example to respond to queries, refund requests and complaints and, more commonly, to provide references, advice and support).
We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service.
It is important that course members on Team-Teach training understand that we cannot provide certificated training unless course members agree to provide the necessary information in accordance with the regulations. When tutors complete the Summary Evaluation Form they are signing an undertaking to comply with GDPR and protect all related data.
We also need to protect our business and you from fraud and other illegal activities.
How we protect your personal data
Data security matters to all our clients. We treat your data with the utmost care and take all appropriate steps to protect it.
How long will we keep your personal data?
Whenever we collect or process your personal data, we only keep it for as long as is necessary for the purpose for which it was collected.
With regard to Team-Teach training, we need to retain individual course evaluations and training records for a period of 7 years. This is to enable us to provide ongoing support to course members, to ensure that refresher schedules are adhered to, to enable performance management, and to provide evidence of training to employers, regulators, investigators and the Courts should they be required. Training records are stored, secured, protected and safely disposed of after 7 years.
Who do we share your personal data with?
We sometimes need to share your personal data with trusted third parties. For example, delivery couriers, consultants visiting you, and trainers all need your contact details. We provide only the information they need to perform their specific services. They may only use your data for the exact purposes we specify in our contract with them. We work closely with them to ensure that your privacy is respected and protected at all times.
If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
• we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
• We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
For further information please contact our Data Protection Officer – Nicola Beattie.
What are your rights over your personal data?
You have the right to request access to the personal data we hold about you, free of charge in most cases. You are also able to correct any of your personal data if it is incorrect, out of date or incomplete. For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
You have the right to request a copy of any information about you that Lincs holds at any time, and have that information corrected if it is inaccurate. To ask for your information, please email firstname.lastname@example.org If we choose not to action your request we will explain to you the reasons for our refusal.
If you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue pro-cessing your personal data.
To protect the confidentiality of your information, we will ask you to verify your identity be-fore proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113, or go online to www.ico.org.uk/concerns.
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will normally respect your wishes.