GDPR Privacy Policy – May 2018
This document outlines how Annie’s Training Company handles personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR). It will describe the type of data we collect, store and how we use this data. We describe how we will use the data when liaising with third parties and your rights as a data subject.
We are registered with ICO reference number: A8242157
Basis for processing personal data
Annie’s Training Company will use the following data about our clients for legitimate business interests:
| Data | Reason for collection | Where do we keep the data? | How long do we keep the data for? |
| Relevant name, email address, telephone number and work address of relevant personnel | Legitimate interest | Encrypted database / MacMail (password protected) | 24 months |
| Company and course details | Legitimate interest | iCal | 6 months |
| Forenames and surnames of delegates attending courses | Legitimate interest | MacMail | 1 month |
| Sign in sheets | Legitimate interest | MacMail (password protected) and hard copy (transported securely) | 1 month |
| Evaluation forms | Legitimate interest | MacMail (password protected) and hard copy (transported securely) | 1 month |
| MBTI profiles | Legitimate interest | OPP Assessment website | 12 months |
We do not operate any CRM system, mailing list or newsletter. We will never use individual data for marketing purposes unless express consent is contained.
Procedures and privacy
We have the following procedures in place to protect our client’s privacy:
Client data
- We will get permission from clients to hold their names, email address, telephone number and work address in our Terms and Conditions, which we will issue for every new piece of work.
- Where an organisation asks us to sign their contract or Terms and Conditions, we will supply them with this Privacy Policy to outline how we will process their data.
- Sign in sheets, both hard copy and electronic will be destroyed after one month. Hard copies will be given back to the client if possible or scanned and sent electronically where not possible.
- Paper copies of training session evaluation forms will be scanned and sent to the organisation within one week. All scanned and paper versions will be deleted by ATC within one month of the course date.
- We will keep all Myers Briggs Type Indicator (MBTI) profiles for a period of 12 months on the OPP Assessment website, which is password protected.
Website
We will only use contact information supplied to us via our website to reply to the query sent.We have a cookies policy featured on the website that details how data is processed.Our website has a SSL certificate.
Associates
• Associates sign a separate GDRP policy that acknowledges they have read and will comply with the conditions in this policy.
Third parties
• All our third-party service providers and other entities are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third- party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Data Security
Our data security is ensured by:
- Password access to all work electronic devices including iPhone and MacBook Air or equivalent.
- Laptop is up to date with anti-virus software and regularly scanned.
- Registered office has secure broadband.
- Packages are regularly updated to ensure security.
- Laptops are stored securely when not in use.
Your rights
You have the right to access any personal information that ATC processes about you and to request information about:
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information. We will strive to update/correct it as quickly as possible, unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request deletion of your personal data or to restrict processing in accordance with data protection laws.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request this is to ensure that your data is protected and kept secure.
If you wish to contact us in relation to any of your information rights, please contact Annie Clarke via annie@anniestrainingcompany.com
If you wish to complain about how your personal information has been handled by ATC please contact:
The Information Commissioner’s Office
Telephone 0303 123 113