Who’s getting your data?
The information you provide via our website or via email will be held by The IT Service Ltd – the “Data controller” under the GDPR and related data protection legislation. If you want to get in touch with us, you can do so at any time either through the contact forms on this site, or by emailing email@example.com.
What’s your data used for?
We process the data you provide in a number of ways, depending on where you provide it to us:
- Feedback forms and post-training surveys
- Firstly, we use this information in order to gauge and maintain the quality of the service we provide, and to understand where we can improve. It is within our legitimate interests (under Article 6(1)(f) of the GDPR) to use this data in this way to improve our service.
- If you were booked onto a course by your organisation, and the organisation also paid for the course, we may be required by your organisation to supply them with a copy of all feedback received from their staff. We will provide such information as you supply because we are required to do so for the performance of our contract with your organisation.
- We may use the information collected in the post-training feedback survey in order to keep in touch with people who have attended our courses, which we would do via an occasional email (typically no more than one to two per month), containing information about our courses, and tips and tricks relating to software. You may opt out of providing your name, and / or your email address should you not wish to be contacted. Furthermore you may opt out of all further communications at any time via the link which appears in every email.
- At your request only, we may also use your email address to contact you at your request to discuss the feedback you provide on our courses.
In cases (c) and (d) above, our lawful basis for processing your data is your consent, which you may withdraw at any time as described.
We will retain information from our post-training feedback form for a period of two years, in order that we can track changes in our performance, and understand where we need to improve. However, we will anonymise data after 6 months. We will then only retain email addresses and names to keep in touch via our newsletter, unless you have not provided these details, or have subsequently unsubscribed.
- Course registers
- If the course you attended was organised and paid for by your organisation, we may be required to supply the organisation with a list of attendees. In this case, we will do so because we are required to do so for the performance of our contract with your organisation.
- If the course you attended offers a certificate of attendance, we will use this course register to you your certificate, under our contract with you.
In either case, we will only hold your data for long enough to send to your organisation, or to send you your certificate. We will then delete the data. We will not use information you supply on the course register for marketing purposes.
- Booking information
- If you book on a course via our website, but do not have to pay (as the course was either free, or paid for by your organisation) the details relating to that booking will be held for 12 months. This is to allow us to send a reminder to you on the anniversary of your course, in case you want to refresh the information received in the course. You may choose not to receive these reminders at the time of your booking and may unsubscribe from them at any time by clicking the link in the emails. Our lawful basis for doing this is consent, and as detailed, you may withdraw your consent at any time.
- If you book on a course via our website for which payment is taken, we will retain financial records of the transaction, including your details provided as part of this booking, for a period of seven years, or as long as we are required to do so by law. We must do this in order to comply with our legal obligation.
Who do we share your information with?
The simple answer to this question is that we will never share your information with anyone else who has the right to do anything with it without our consent (in other words, we don’t give it to any other “data controller”. We don’t sell, rent, give or loan our data to anyone, at any time, for any reason.
We do, however, use other companies to help us do our work, and this may involve sending your data onto their systems – although again, we want to make it clear, they’re not then allowed to use your data for their own purposes. Which are these other organisations?
- We use a company called Cognito Forms to create many of the forms on our website. When you fill in these forms, the data is held on their servers
- We use MailChimp to send email to our customers, and we have customer lists and campaigns stored on their servers.
- We use SurveyMonkey to generate and analyse the post-training feedback forms. When you fill in the post-training feedback form, your information is hed on their server.
- We use Xero to process our invoicing and financial details.
It may be that under our agreements with these companies, they process your information, either themselves, or through their own processing agreements with the likes of Microsoft and Amazon, within the USA, which counts as a transfer to a third country under GDPR. In all cases, however, the organisations involved are part of the “Privacy Shield” self-certifying mechanism, the aim of which is to protect the security of your data.
What are your rights, with regard to your data?
- If the information we hold about you is incorrect, you have the right to have it corrected – just ask us.
- In some situations, such as where we no longer need to hold it, or if the processing we’re doing is based on your consent (as outlined above), then you have the right to have your data erased. Just ask, and we’re happy to provide more information about when this right applies.
- You have the right to “data portability” – that is, if you ask, we will supply you with an electronic copy of the information we’ve gathered from you as part of any contract we’ve had with you, or because you consented to us processing your information.
- You have the right to make a complaint at any time about what we’re doing with your data. Please let us know if you’re unhappy, but you also have the right to contact the Information Commissioner’s Office with your complaint. Their website is at www.ico.org.uk.
If any of the information here is unclear, or you have any questions, please do get in touch and we’ll do whatever we can to help.