Privacy Notice – Using Your Personal Information
Intended purposes for processing
In order to provide you with training services, for the administration of our files and records and, if you agree, to enable us to send you information about other services Proactive Training Scotland Limited offers, we will be processing (using and storing) your personal data, which includes information that identifies you, such as your name, address, job title and contact information. In some cases, we may also process special categories of personal data, such as your health records, racial or ethnic origins, political or religious beliefs and/or criminal conviction and offence records.
Lawful bases for processing
The Data Protection Act 2018 and General Data Protection Regulation (GDPR) are the primary pieces of legislation defining your rights over our processing of your personal information. The GDPR requires us to declare which of six lawful reasons we are relying on when we are processing your personal data:
• We may be required to process your personal data in order to comply with our legal obligations under legislation such as the Proceeds of Crime Act 2002, the Money Laundering Regulations 2017, the Criminal Finances Act 2017 and under common law. We may, on occasion, be required to share your personal data with the relevant authorities. This processing of your personal data is to comply with the law, and we may be unable to act for you without doing so.
• In addition, we may process your personal data on the basis that we have a contract with you.
• Alternatively, in some instances we may have a legitimate interest in processing your personal data.
Whenever we are processing special categories of personal data, and/or criminal conviction and offence records, we will only use that data to deliver the services you have instructed us to provide.
All your personal data will be processed, and erased, in accordance with our Data Retention and Erasure Policy, a copy of which is available upon request from our Data Protection Co-ordinator, Steven Morrison, who is can be contacted at 79 West Regent Street, Glasgow, G2 2AW; info@proactivetraining.co.uk
Recipients of your personal data
In addition to Proactive Training Scotland Limited we may, when required and necessary, share your personal data with other organisations. Depending on the work we are undertaking for, and/or the services that we are providing for you, the other organisations may include:
• Our firm’s ‘data processors’ who are contractors from whom we obtain operational services including IT, typing and secretarial support, secure document storage and shredding.
• Other ‘data controllers’ that provide professional or commercial services, such as solicitors, accountants, and medical practitioners.
• Providers of insurance, financial and banking services to Proactive Training Scotland Limited.
• Your employer.
• Awarding Bodies e.g. Laser Awards.
• HMRC, HM Courts & Tribunals Service.
• If you agree, to organisations providing marketing services to our firm.
All the above are located in the UK.
Marketing
We should like to send you information about our services which we believe may be of interest to you. If you consent to being contacted on this basis, please tick the Marketing Opt-In box below. Please also sign, and date the document before returning it to us. We may contact you by mail, telephone, email, or text. If, at a later date, you change your mind you may opt-out of receiving marketing information from us. To opt-out please either write to our Data Protection Co-ordinator, whose name and address are above, or send an email to info@proactivetraining.co.uk with “Stop Marketing” in the subject line.
Your rights in relation to your personal data
You have the right of access to your personal data and to verify the lawfulness of the processing. If you would like a copy of your personal data that we are processing please contact our Data Protection Co-ordinator, whose name and address are above. Kindly note, we will need to verify your identity before responding to your request. Normally we make no charge for doing this and will endeavour to send it to you within 1 month of receipt of your request. If you notice that any of the information we send you is inaccurate or incomplete, please tell us and we will rectify it promptly.
If you are dissatisfied with our response you may complain to a supervisory authority which, in the UK, is the ICO, 45 Melville St, Edinburgh EH3 7HL. The ICO’s website is at https://ico.org.uk/ There may also be judicial remedies available to you.
Erasure of personal data
We will not erase or restrict the processing of your personal data during the period in which we have a legal obligation to retain that data under the applicable Act, Regulations or in common law.
Where we obtained your personal data to fulfil our contractual obligations to you, or if we have a legitimate interest for processing your personal data for the exercise or defence of legal claims, we will erase that data as soon as it is no longer necessary to retain it in relation to the purpose for which it was originally collected, this will normally be after seven years.
If you consented to our using your personal data for marketing purposes, we will erase the data used for that purpose if and when you inform us that you wish to withdraw your consent.
Security
We are committed to ensuring that all information we hold about you is secure. In order to prevent unauthorised access or disclosure we have implemented appropriate physical, electronic, and managerial procedures to safeguard and protect that information. All electronic data is securely stored on a password protected hard drive that is kept in a lockable cabinet when not in use. Data that is stored on laptops and other portable devices is password protected. All hard copy documentation is stored in lockable cabinets when not in use.
Other data controller recipients of your personal data are each responsible for implementing appropriate physical, electronic, and managerial procedures to safeguard and protect that information, and to keep it secure.
Data processor recipients of your personal data have provided sufficient guarantees that they have implemented measures to ensure compliance with the GDPR and to protect your rights.
Transferring your personal data
We will not transfer your personal data overseas.
Personal data concerning a third party
You should only give us personal data about someone else with their permission. Where you provide us with personal data about someone else, or someone discloses to us personal data about you, it may be added to the personal data we already hold and may be used in the ways described in this Privacy Notice.