About this Policy
We will always comply with the EU General Data Protection Regulation (GDPR) for as long as it is applicable and the ‘UK GDPR’ [UK Data Protection Act (DPA) 2018 and Data Protection, Privacy and Electronic Communications (amendment etc) (EU Exit) Regulations 2019] when dealing with your personal data. Further details on the GDPR can be found at www.ico.gov.uk.
Who are we?
ACT Associates Ltd, we are a UK private limited company with company number 02606201.
Victoria House, 32 Lower High Street
Stourbridge, West Midlands, DY8 1TA.
We can be contacted by phone (+44(0)1384 447915) or email (firstname.lastname@example.org). We are the data controller of the website https://www.actassociates.co.uk.
We are registered with the Information Commissioner’s Office – Registration number Z5767196.
What data we collect and why
|Type of data||Purposes/use||Legal basis of processing|
|Invoice payers’ name, address, telephone number, email address||Processing your payment. This will be processed by Stripe, our payment processor.||Performing our contract with our customers.
For the purpose of our legitimate interests.
|Delegates’ name, address, telephone number, email address||Managing attendance on our training courses and providing data to Awarding Bodies.||Performing our contract with our delegates. Provision of this data may be a mandatory Awarding Body requirement.
For the purpose of our legitimate interests.
|Photos and videos of delegates||To meet awarding body requirements, to use as a promotional tool on our website and on social media||Consent. We will always ask your consent before taking and using photos. Consent may be a mandatory Awarding Body requirement.|
|Subscribers’ name and email address||To meet awarding body requirements. Sending email newsletters. Data will be processed by MailChimp, Campaign Monitor or other our chosen email marketing service providers.||Consent. We will seek consent and make it clear at the point of data capture (and under “Email newsletter” section in this policy) how your data will be used. Consent may be a mandatory Awarding Body requirement.|
- We will never transfer your personal data outside the EU without prior consent, with the exception of transfers to our email marketing service providers (for example, MailChimp, campaign Monitor, Crisp Chat), awarding bodies and Google [see “Third parties” section]
- We have taken a number of steps to protect your personal data from loss, misuse and unauthorised access.
- For payments taken on our website we use the secure, recognised online payment system Stripe. Click here for more details on Stripe’s website.
- We will never sell your personal data.
- We will not share your personal data with any third parties without your prior consent. However, we may need to pass your personal data to third parties for the purpose of fulfilling services you have requested (for example passing your details to awarding bodies such as NEBOSH and CITB in order for you to complete your qualification).
- We will notify you promptly in the event of any breach of your personal data.
Note: please be aware that we cannot guarantee that transferring information over the internet will always be 100% secure.
How long do we keep your data?
- We will hold your personal data for as long as you are an ACT customer and for as long afterwards as it is in our legitimate interest to do so. This will generally be for up to 5 years, but may vary in order to meet awarding body requirements applicable at the time.
- We review collected personal data annually to establish whether we are still legally entitled to process and retain it.
- We will never store payment information for orders processed on this website. If you choose to store your payment information in your ACT website account, the details will be stored securely with Stripe, our payment processor.
- For payments completed via telephone, we will securely destroy your payment information as soon as we have used it to process your order.
Like almost all websites, we use Google Analytics (GA) to track how you interact with our website. This helps us understand how people find and use our website, allowing us to make changes to improve usability and user experience.
GA stores data such as your location, device, internet browser and operating system. This does not enable us to identify you personally.
Furthermore, GA record’s your device’s IP address. This could allow Google to personally identify you but we do not have access to this information.
You can disable cookies on your internet browser to stop GA from tracking your usage of this site.
We consider Google to be a third party data processor. See “Third Parties” section below.
This website enables you to sign up to our email newsletter. Any details you submit will be forwarded to our own Customer Relationship Management (CRM) system and also to our chosen email marketing service providers. If you choose to sign up to our email newsletter, your personal details will not be stored in a database on our own website or on any of our internal computer systems.
Your personal details will remain within our chosen email marketing service providers until you request removal from the newsletter. We provide unsubscribe links in every email newsletter than we send to you. You can also request that we remove you by contacting us.
If you would like your personal details to be removed from our own CRM system, please contact us.
We consider each of our chosen email marketing service providers to be a third party data processor. See “Third Parties” section below.
If you choose to contact us using any enquiry forms on our website, none of the data that you enter will be stored by this website. Instead, the data you enter will be sent to us in an email over a secure mail server.
Our blog and news
Our blog and news pages allow you to leave comments on posts we have published. The name and email address you enter when leaving a comment will be saved to this website’s database as well as your computer’s IP address. This allows us to monitor and ban users who are misusing or spamming our blog’s comment system.
You are able to delete your own comments. If you would like us to delete the comment and any associated personal data, please contact us.
External websites and social networks
Additionally, our website may include social networking features such as Facebook “Like” or “Share” widgets. Plus, you may be given the option to register or login to our website or related services using your social media accounts. If you choose this option, we may receive and store personal information from that service which will enable you to log in and other information that you may choose to share.
If you don’t want your personal information shared between this website and your social media account, please do not connect your social account with this website.
Cookies are useful because they allow our website to recognise your device. This allows us to remember your preferences and tailor our website and other media to you.
You can disable cookies on your internet browser if required.
This website is hosted by CWCS within a UK data centre.
All traffic handled by this website is encrypted and delivered over HTTPS.
We use third parties to provide services that are crucial to the management and growth of our business. These third parties process personal data on our behalf.
We have carefully selected these third parties.
Google Analytics: https://support.google.com/analytics/answer/6004245?hl=en
|This third party is EU-U.S Privacy Shield compliant.|
|MailChimp||https://mailchimp.com/legal/privacy/||This third party is EU-U.S Privacy Shield compliant.
|Crisp (live chat)||https://crisp.chat/en/privacy/||Data is stored in Europe.|
|Campaign Monitor||https://www.campaignmonitor.com/trust/gdpr-compliance/||Campaign Monitor has designated Campaign Monitor Holdings (UK) Limited (UK Company Number 09446000) as its EU Representative in compliance with Article 27 of the GDPR. Any contact to the above physical address or email will constitute notification to both Campaign Monitor and its Article 27 representative.|
|Stripe||https://stripe.com/gb/privacy||This third party is EU-U.S Privacy Shield compliant. https://www.privacyshield.gov/welcome|
In addition, we use third parties to provide awarding body services that are crucial to the management and growth of our business. These third parties process personal data on our behalf and that of the learners who use our services.
We have carefully selected these awarding bodies as third parties:
- Chartered Institute of Environmental Health (CIEH)
- City & Guilds
- Construction Industry Training Board (CITB)
- Engineering Construction Industry Training Board (ECITB)
- Institution of Occupational Safety and Health (IOSH)
- International Accreditation Society(iAS)
- National Examination Board in Safety and Health (NEBOSH)
We will report any unlawful data breach of our own data or our third party’s data to all relevant people and authorities within 72 hours of the breach.
Under EU GDPR and UK GDPR, you have the right to:
- request access to your personal data
- to be provided with information about how your personal data is processed and used by us
- to have your personal details corrected
- to have your personal data removed from our systems
- in certain circumstances have your personal data transferred to another business if required
- to object to how your personal data is processed
You are able to complain to the Information Commissioner if you feel we have unlawfully processed your personal data: https://ico.org.uk/concerns/
Updating your preferences
If at any time you would like to change how we are able to communicate with you please visit our preference centre which you will find a link to at the bottom of every marketing email we send to you. Alternatively you can contact us and we will be happy to discuss your current contact preferences and make any changes required.
Specific changes will be mentioned below this point.
07/01/2020 Reviewed and updated.
17/12/2020 Reviewed and updated to take into account the end of ‘Brexit’ transition period.
To be reviewed January 2022, or if the effects of Brexit necessitate further change.