In this policy Online Safety Training Ltd can be referred to as “OST”, “the Company”, “our”, “us” or “we”.
What Is Personal Data?
Personal data means any information relating to any living individual (also known as a ‘data subject’) who can be identified (directly or indirectly) by reference to an identifier (e.g. name, IP address, reference number, email address, physical features etc.). Personal data can be both factual (e.g. contact details or date of birth), or an opinion about a person’s actions or behaviour, or information that may otherwise impact on that individual. It can be personal, or business related.
What Does ‘Processing’ Personal Data Mean?
‘Processing’ personal data means any activity that involves the use of personal data (e.g. obtaining, recording or holding the data, amending, retrieving, using, disclosing, sharing, erasing or destroying). It also includes sending or transferring personal data to third parties.
Who Is the Controller?
Online Safety Training Ltd, registered office Suite 7, The Eco Centre, Hebburn, NE31 1SR is the “controller” for the purposes of data protection law. This means that we are responsible for deciding how we hold and use personal data about you.
What Type of Personal Data Do We Hold About You?
We hold and use various types of personal data about you, including, for example: name, job title, contact information (including email address), demographic information (such as post code) and any other information you provide us with.
Why Do We Hold Your Personal Data and On What Legal Grounds?
We hold and use your ordinary personal data for a number of reasons and Data Protection law specifies the legal grounds on which we can hold and use personal data. Most commonly, we rely on one or more of the following legal grounds when we process your personal data:
- Where we need it to perform the contract we have entered into with you (performance of the contract) whether this is a contract for services or another type of contract. This may include, for example, fulfilling orders or purchases you have made (including processing of payment); contacting you in relation to any issues with your order; in relation to the provision of the Services including when you take training and training tests or assessments; where we need to provide your Personal Data to a third party, such as a certification authority to produce a certificate for training you have completed.
- Where we need it to comply with a legal obligation (legal obligation). Typically, this may include legal obligations such as the obligation to meet health and safety requirements but also to comply with UK laws, regulations, court orders or any other legal obligation the Company has.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (legitimate interest). This may include, for example:
- Communication. To communicate with you regarding the Services, including to provide you important notices regarding changes to our Terms and also to address your requests, enquiries, and complaints. We may send strictly necessary communications, including emails, even if you have opted out of receiving other OST emails or communications. These types of communications do not require consent. We also process your Personal Data for our legitimate interests when you communicate with us, including when you sign up for promotional materials and we have not asked you for your consent in that regard.
- Respond to Your Requests. To respond to your requests for technical support, online services, product information or to any other communication you initiate. This could include accessing your current test progress to address technical support requests.
- Compliance with Law and Public Safety. To assist in the investigation of suspected illegal or wrongful activity, including tracking and sharing information with other entities for fraud, loss, and crime prevention purposes. To protect and defend our rights and property, or the rights or safety of third parties.
- Improvement and Development. To develop, provide, enhance, and improve our Services and your experience, when we collect, use, or otherwise leverage cookies, device IDs, Location Data, data from the environment, and other tracking technologies; when you connect with us through social media. For internal purposes related to certain research, analytics, innovation, testing, monitoring, customer communication, risk management, and administrative purposes.
- Enforcement. To enforce the terms covered in this Policy or our Terms & Conditions.
In some cases, we will also ask for your consent to process your personal data. If this is the case, it will strictly be done on an “opt-in” basis and will involve ticking a box, or some other affirmative action. This will generally be done when you first register to purchase one of our products or services but can be done at any time.
How Do We Collect Your Personal Data?
If You Give Us Someone Else’s Personal Data
Sometimes, you might provide us with another person’s personal data – e.g. to sign one of your employees up for a course. In such cases, we require you to inform the individual what personal data of theirs you are giving to us. You must also give them our contact details and let them know that they should contact us if they have any queries about how we will use their personal data. Any actions you take should also be in line with any Data Protection Policies or rules your organisation has.
Who Do We Share Your Personal Data With?
We will only share your personal data with third parties where we have an appropriate legal ground under data protection law which permits us to do so. This could include complying with our contractual duties (e.g. to provide your details to a certification body so they can issue you with a certificate after completing training.), or where it is necessary in our legitimate interest (e.g. to our IT service provider to resolve IT issues). We may also share your data with any other 3rd party when we are legally or contractually obliged to do so.
Consequences of Not Providing Personal Data
We only ask you to provide personal data when we have a good reason and there may therefore be consequences if you do not provide particular information to us. You have the right to choose not to provide us with personal data, however, if you do so, this will limit the services we can provide you.
How Long Will We Keep Your Personal Data?
We will not keep your personal data for longer than we need it for our legitimate purposes. We take into account the following criteria when determining the appropriate retention period for personal data:
- the amount, nature, and sensitivity of the personal data
- the risk of harm from unauthorised use or disclosure
- the purposes for which we process your personal data and how long we need the particular data to achieve these purposes
- how long the personal data is likely to remain accurate and up-to-date
- any applicable legal, accounting, reporting or regulatory requirements that specify how long certain records must be kept
In situations where we no longer need to process your personal data for any purposes described in this policy, we will delete it from our systems. We can also delete your data upon request where permissible to do so (see Your Rights section for information)
We implement appropriate technical and organisational safeguards to protect against unauthorised or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
We do not knowingly collect or process any Personal Data from any children aged under 16 years. If you think a child has provided us with personal data, please contact our support team immediately. If we discover a child has provided us with personal data, we will take steps to remove that data.
A cookie is a small file, which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website or the courses we offer.
You have a number of legal rights relating to your personal data, which are outlined here:
- The right to make a subject access request. This enables you to receive certain information about how we use your personal data, as well as to receive a copy of it and to check that we are lawfully processing it.
- The right to request that we correct incomplete or inaccurate personal data that we hold about you.
- The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing
- The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- The right to request that we transfer your personal data to you or to another party, in a structured format. This right applies in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).
If you would like to exercise any of the above rights, please contact us in writing at Suite 7, The Eco Centre, Hebburn, NE31 1SR. Note that these rights are not absolute and in some circumstances, we may be entitled to refuse some or all of your request.
Note too that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website: https://ico.org.uk