GDPR Privacy Policy – January 2023
This document outlines how Annie’s Training Company handles personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).
GDPR means the UK General Data Protection Regulation, as outlined in the Data Protection Act 2018. This document will describe the type of data we collect, store and how we use this data. We describe how we will use the data when liaising with third parties and your rights as a data subject.
We are registered with ICO reference number: A8242157
We shall only process personal data for the purposes expressly specified in your Terms & Conditions Agreement and for the duration of, but in no event longer than necessary to deliver, our obligations under your Terms & Conditions.
We shall comply with all applicable Data Protection Legislation in the processing of Company Personal data.
Annie’s Training Company will use the following data about our clients for legitimate business interests:
| Data | Reason for collection | Where do we keep the data? | How long do we keep the data for? |
| Relevant client name, email address, telephone number and work address of relevant personnel | Legitimate interest | MacMail (password protected) | 12 months |
| Company and course details | Legitimate interest | Giraffe Pad | 6 months |
| Forenames, surnames and job titles of delegates attending courses | Legitimate interest | MacMail | 1 month |
| Sign in sheets | Legitimate interest | MacMail (password protected) and hard copy (transported securely) | 1 month |
| MBTI Profiles | Legitimate interest | OPP Assessment website | 12 months |
We will request permission to add client data to our third-party training system Giraffe Pad.
We do not operate a mailing list or newsletter. We will never use individual data for marketing purposes unless express consent is obtained.
Procedures and privacy
We have the following procedures in place to protect our client’s privacy:
- We shall take reasonable steps to ensure the reliability, integrity and competence of any of our Personnel who may have access to the Client Personal Data and obtain a commitment of confidentiality from any such Personnel, unless that person is already under such a duty by statute.
- We shall implement appropriate technical and organisational measures to ensure that access to the Client Personal Data is strictly limited to those individuals who need to access the Client Personal Data, and that those individuals only have access to such part or parts of the Client Personal Data as is necessary for the performance of their duties as required for our performance of obligations under the Terms & Conditions Agreement.
- We shall ensure that our Personnel authorised to process personal data are aware of the confidential nature of the personal data, have received appropriate training on the handling of personal data, and are aware of their responsibilities in relation to the processing of personal data.
- We may not transfer, or authorise the transfer of, any Client Personal Data without the prior consent of the Client.
- We shall notify the Client without undue delay upon becoming aware of any potential Personal Data breach affecting Company Personal Data, providing sufficient information to allow the Client to assess the impact of such Personal Data Breach and to meet any obligations on the Client to report the Personal Data Breach to the relevant supervisory authority and/or to notify the affected Data Subjects under the Data Protection Legislation.
- We shall give to the Client our full cooperation and assistance, and take reasonable commercial actions as required by the Client, in order to investigate, evaluate, mitigate and remediate any such Personal Data Breach.
Client Data
- We will get permission from clients to hold their names, email address, telephone number and work address in our Terms and Conditions, which we will issue for every new piece of work.
- Where an organisation asks us to sign their contract or Terms and Conditions, we will supply them with this Privacy Policy to outline how we will process their data.
- Sign in sheets, both hard copy and electronic will be destroyed after one month. Hard copies will be given back to the client if possible or scanned and sent electronically where not possible.
- We will keep all Myers Briggs Type Indicator (MBTI) profiles for a period of 12 months on the OPP Assessment website, which is password protected.
Website
- We will only use contact information supplied to us via our website to reply to the query sent.
- We have a cookies policy featured on the website that details how data is processed.
- Our website has a SSL certificate.
Associates
- Associates sign a separate GDPR policy that acknowledges they have read and will comply with the conditions in this policy.
Third parties
- All our third-party service providers and other entities are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Data Security
Our data security is ensured by:
- Password access to all work electronic devices including iPhone and MacBook Air or equivalent. · Laptop is up to date with anti-virus software and regularly scanned.
- Registered office has secure broadband.
- Packages are regularly updated to ensure security.
- Laptops are stored securely when not in use.
Your rights
You have the right to access any personal information that ATC processes about you and to request information about:
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information. We will strive to update/correct it as quickly as possible, unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request deletion of your personal data or to restrict processing in accordance with data protection laws.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request this is to ensure that your data is protected and kept secure.
If you wish to contact us in relation to any of your information rights, please contact Annie Clarke via annie@anniestrainingcompany.com
If you wish to complain about how your personal information has been handled by ATC please contact:
The Information Commissioner’s Office Telephone 0303 123 113