We need to process some personal data in order to provide our training courses and consultancy. We understand that when you share personal data with us, we must look after it. This privacy notice outlines what we do, how we do it, what we use it for and why use it.
A LITTLE BIT ABOUT US
We are Leadership Through Data, a Limited company registered in England (Company No. 11087569). Our Registered address is 122 Feering Hill, Feering, Colchester, Essex, CO5 9PY.
Our business is to provide training and consultancy to our clients on areas of Information Governance, Data Protection and Microsoft 365 Information Management.
We are what is known as the ‘Controller’ of the personal data and other information collected and we are registered as a data controller with the Information Commissioners Office (ICO) (registration no. ZA303412).
We have an appointed Data Protection Officer who can be contacted by email at firstname.lastname@example.org.
WHAT PERSONAL DATA TO WE PROCESS AND WHY?
We collect your personal data when you book a course or training with us, and we may collect additional information for invoicing purposes.
We will retain personal data for difference lengths of time, depending on why we collected it. We have to identify a lawful basis for processing your personal data and these are shown in the ‘Processing Conditions’ in the table below.
THIRD PARTIES AND STORING YOUR PERSONAL DATA
Our website is managed by an external developer, who is based in the UK. They have a contract with us which covers the limited personal data that they may process on our behalf.
We use a training management system that processes all of the personal data or delegates that book onto our courses. The system is based in the UK and we have a contract in place with them.
Access is controlled by unique logins and a one-time passcode process.
We use an external marketing company, who is based in the UK to conduct Search Engine Optimisation. They do not process any personal data on our behalf.
We use Click4Assistance as our online chat facility. They are a UK company that stores data in the UK. We have a contract in place with them.
All our trainers are self-employed, but we have a contract in place with them for the processing of any personal data.
We hire venues to provide face-to-face training courses. We will share allergen information that could result in you being identified when collecting a meal, however, we do not pass on any names for this purpose. We are sometimes required to share the training delegate list to some of the venues for the purpose of health and safety reasons. Venues may also have their own methods of collecting data such as signing in books and CCTV for the prevention and detection of crime. Unfortunately, we have no control over this information, and you must contact the individual venue when exercising any of your rights.
We use MS Teams and Zoom to deliver our virtual training and webinars. We have contracts for both and ensure that the minimum data is processed to enable us to deliver the sessions using these.
DO YOU TRANSFER MY PERSONAL DATA OVERSEAS?
We do not knowingly transfer or process data outside the EEA. To the best of our knowledge, all information we have created is stored within the UK.
DO YOU SHARE MY PERSONAL DATA?
We do make delegate names available to our trainers to enable them to confirm attendance on courses. Where the course is virtual, we will also make email addresses available to enable them to contact delegates if this is necessary. Trainers have access to this information via our ESB booking system to enable them to see who is booked on the training course. They do not retain this information.
We do not sell or trade your personal data in any way.
We may be legally required to share certain
personal data. This includes if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority such as HMRC.
WHAT ARE MY RIGHTS?
You have a number of rights under the applicable data protection legislation. These are:
- a right of access to your personal data held by us.
- a right to rectify any personal data held by us that you believe is incorrect.
- a right to erase any personal data that we no longer have a legitimate purpose to process.
- a right of access to a machine-readable version of your data (data portability). There are conditions that apply to this right, but we will endeavour to give you a portable version of any of your data where possible.
- a right to stop us processing any of your data that we do not have a legal or contractual obligation to process.
- a right to prevent any wholly automated decisions involving your data – We do not use wholly automated decision-making techniques.
In general, we do not charge for exercising your rights and we are obliged to respond with one month (subject to exceptions). You can exercise any of these rights by contacting us at DPO@leadershipthroughdata.co.uk.
If you have any cause for complaint about our use of your personal data we would like the opportunity to resolve this with you. You can contact our Data Protection Officer at DPO@leadershiptrhoughdata.co.uk. If you feel that we cannot resolve this for you or you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office via their online form at www.ico.org.uk.
We may change this Privacy Notice from time to time and recommend that you revisit this when you next contact us. (Last reviewed 25 January 2021).