KEEPING YOUR DATA SAFE
If you are asked to provide information when enquiring about our products or services or using our website it will only be used in the ways described in this policy.
If you have any questions about this policy email email@example.com or mail us at: Data Protection Officer, Diversiti UK, 60 Gold Street, Northampton, NN1 1RS
1. WHAT DATA DO WE COLLECT AND WHERE FROM?
1.1 We collect some data directly from you when you contact us via the contact form (Contact Data). This includes:
1.1.1 your name;
1.1.2 your email address;
1.1.3 your phone number;
1.2 We collect information about how you use this website using cookies and similar technology. This includes your viewing history, IP addresses, device identifiers and information about how long you have stayed on certain pages or what pages you have clicked on (Behavioural Data).
1.3 We collect booking data via a third-party application (Booking Hound) when you register for safeguarding training (Booking Data). This includes:
1.3.1 your full name;
1.3.2 your date of birth;
1.3.3 contact information – address, postcode, email, phone number;
1.3.4 licensing information – unique ref, badge number, employer, licensing district
2. WHAT DO WE USE YOUR DATA FOR?
2.1 It is important that you understand how and why we use the personal data that we collect about you. This section sets out the different purposes for which we process personal data and which types of personal data we need for each purpose.
2.2 Contacting you about our services
2.2.1 We use your Contact Data to send you information you request or which we believe will be of interest or useful to you.
2.2.2 We use your Contact Data to contact you by phone or email with promotional initiatives or for market research purposes.
2.2.3 We use your Contact Data to enable us to respond to queries, complaints or comments that you have, and to make sure that these are appropriately dealt with.
2.3 Improving our services
2.3.1 We use Behavioural Data to improve your experience when using our website, by recording your preferences when using the site, and by tailoring our content based on your use of browser or geographical location.
2.3.2 We use Contact Data and Behavioural Data to help us monitor, analyse and improve our website and our services. We use this data to help us understand which content and services are most interesting and enjoyable for our users and to help us identify errors and test features. This helps us to make sure that we are providing you with the best possible products and services.
2.4 Administering safeguarding training on behalf of Oxfordshire County Council
2.4.1 We use your Booking Data in order to provide safeguarding training on behalf of Oxfordshire County Council.
2.4.2 The Booking Data we collect is used to inform Oxfordshire County Council who is attending the safeguarding training, and their licensing details.
2.4.3 On occasion, we may use this Booking Data to contact you by phone or email regarding your booking, in order to request further information required by Oxfordshire County Council, or to inform you of any changes to the training (such as a change of time, venue, or cancellation).
2.4.4 We archive your Booking Data to keep a record of who has taken our safeguarding training and whether they passed or failed the training. This allows us to answer any queries about who has booked for or attended our training.
2.4.5 We do not use your Booking Data for marketing purposes, unless you have explicitly given us permission to do so.
3. HOW DO WE USE YOUR DATA FOR MARKETING PURPOSES?
3.1 Email marketing
3.2.1 We will use your email address to send you email marketing (including our newsletter and information about new products and services) where you have signed up to receive this from us.
3.2.2 You can opt out of receiving marketing emails at any time by following the instructions to unsubscribe in any of our email marketing communications.
4. WHAT IS OUR LEGAL BASIS FOR USING YOUR DATA?
4.1 Data protection law says that we have to tell you the legal basis that we rely on to process your personal data for the purposes that we have notified to you. This section tells you what that legal basis is in relation to each of the purposes set out above.
Purpose: Contacting you about our services
Legitimate interests: To ensure our customers enjoy the best experience possible, and to help us deliver our services to you.
Purpose: Improving our services
Legitimate interests: To make sure that we continue to improve our service and provide our users with the best and most effective service possible.
Purpose: Administering safeguarding training on behalf of Oxfordshire County Council
Public Interest: To aid Oxfordshire County Council in the administration of taxi driver, coach driver, and passenger assistant licensing.
4.2 You have the right to object to us processing your personal data for the purposes set out above. Unless we can show that we have a compelling legitimate reason to continue processing your personal data, we will stop processing it.
4.3 In respect of the use of your email address for email marketing purposes, we process this on the basis that we have your consent to do so. You can withdraw your consent at any time by following the instructions to “unsubscribe” in any email marketing communications.
5. WHO DO WE SHARE YOUR DATA WITH?
5.1 We do need to share your personal data with some third parties in some circumstances. This includes where we use third party suppliers to perform various services for us. The third party suppliers we share your personal data with are as follows:
5.1.1 third party service providers who help us to manage our booking system;
5.1.2 other service providers such as information security service providers who help us to manage our IT systems and ensure that they are secure; and
5.2 We share Booking Data with Oxfordshire County Council as it is within their remit to collect this data.
5.2.1 under data protection law, Oxfordshire County Council is considered the “collector” for this data, and we are considered a “processor” for this data.
5.3 We will also share your personal data with third parties in the following circumstances:
5.3.1 where you have specifically consented to us sharing your data with a particular third party; and
5.3.2 where we are required or permitted to do so by law or to protect or enforce our rights or the rights of any third party.
5.4 We do not transfer or store your personal data outside the European Economic Area (EEA). If we do carry out any further transfers of your data outside the EEA, we will inform you and we will ensure that the recipient provides an adequate level of protection of your personal data.
6. WHAT RIGHTS DO YOU HAVE?
6.1 You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
6.2 We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information.
6.3 A right to access your information
6.3.1 You have a right to ask us to send you a copy of all personal data that we hold about you (subject to some exceptions). A request to exercise this right is called a “subject access request” and must be made in writing to: firstname.lastname@example.org or to: Data Protection Officer, Diversiti UK, 60 Gold Street, Northampton, NN1 1RS
6.4 A right to object to us processing your information
6.4.2 If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
6.4.3 You can exercise this right by emailing email@example.com.
6.5 A right to ask us not to market to you
6.5.1 You can ask us not to send you direct marketing. You can do this by opting out using the “unsubscribe” option in any of our email marketing communications.
6.6 A right to have inaccurate data corrected
6.6.1 You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
6.7 A right to have your data erased
6.7.2 By data protection law, this right does not apply to Booking Data we hold on behalf of Oxfordshire County Council as it is held for the purposes of Public Interest.
6.7.3 If you would like to make a request to exercise this right, please contact firstname.lastname@example.org. If we are required by law to comply with your request, we will delete or fully anonymise your data it so that it is no longer personal data and cannot be used to identify you.
6.8 A right to have processing of your data restricted
6.8.1 You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights.
6.8.2 Restricting your personal data means that we only store your personal data and don’t carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.
7.1 We will always hold your information securely. To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards.
7.2 We also follow stringent procedures to ensure we work with all personal data in line with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR).
8. HOW CAN YOU CONTACT US?
9. WHAT IF YOU HAVE A COMPLAINT?
9.1 You have a right to complain to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data.
9.2 You can find out how to do this by visiting ico.org.uk (opens in a new window).
10. WHAT IF THIS POLICY CHANGES?
Policy updated on 24 May 2018