If you're looking for info about the cookies on this site, you'll want this page instead...
Who’s getting your data?
The information you provide via our website or via email will be held by The IT Service Ltd – the “Data controller” under the GDPR and related data protection legislation. If you want to get in touch with us, you can do so at any time either through the contact forms on this site, or by emailing firstname.lastname@example.org.
What’s your data used for, and for how long?
We process the data you provide in a number of ways, depending on where you provide it to us:
- Feedback forms and post-training surveys
- Firstly, we use this information in order to gauge and maintain the quality of the service we provide, and to understand where we can improve. It is within our legitimate interests (under Article 6(1)(f) of the GDPR) to use this data in this way to improve our service.
- If you were booked onto a course by your organisation, and the organisation also paid for the course, we may be required by your organisation to supply them with a copy of all feedback received from their staff. We will provide such information as you supply because we are required to do so for the performance of our contract with your organisation.
- We may use the information collected in the post-training feedback survey in order to keep in touch with people who have attended our courses, which we would do via an occasional email (typically no more than one to two per month), containing information about our courses, and tips and tricks relating to software. You may opt out of providing your name, and / or your email address should you not wish to be contacted. Furthermore you may opt out of all further communications at any time via the link which appears in every email.
- At your request only, we may also use your email address to contact you at your request to discuss the feedback you provide on our courses.
In cases (c) and (d) above, our lawful basis for processing your data is your consent, which you may withdraw at any time as described.
We will retain information from our post-training feedback form for a period of two years, in order that we can track changes in our performance, and understand where we need to improve. After this point, we will then only retain email addresses and names to keep in touch via our newsletter (unless, of course, you have not provided these details, or have subsequently unsubscribed).
- Course registers
- If the course you attended was organised and paid for by your organisation, we may be required to supply the organisation with a list of attendees. In this case, we will do so because we are required to do so for the performance of our contract with your organisation.
- If the course you attended offers a certificate of attendance, we will use this course register to you your certificate, under our contract with you.
In either case, we will only hold your data for long enough to send to your organisation, or to send you your certificate. We will then delete the data. We will not use information you supply on the course register for marketing purposes.
- Booking information
- If you book on a course via our website, the details relating to that booking will be held in order for us to process your booking (ordering materials, sending you joining instructions, ensuring catering is organised and suchlike). We need to do this in order to fulfil our contract with you, so it's done under Article 6(1)(b) of the GDPR.
- We will also use your name and email to keep in touch about the courses that we offer. This is done on the basis of your consent to such emails - but you can opt out of receiving these emails when you book, and also by using the "unsubscribe" link on any of the emails we send to you. This is known as the "soft opt-in" under the Privacy and Electronic Communications Regulations.
We will retain the information you provide to us via our web booking system for a period of 12 months from your booking, unless you make subsequent bookings with us, in which case we may process other information for other periods as outlined in this document.
- If you book on a course via our website for which payment is taken, we will retain financial records of the transaction, including your details provided as part of this booking, for a period of seven years, or as long as we are required to do so by law. We must do this in order to comply with our legal obligation.
- Financial records
- If you purchase a product or service from us, we are obliged to maintain financial records of the transactions involved, and to share them with other bodies such as HMRC for the processing of VAT. We will hold such records for seven years, as we are required to do so in compliance with our legal obligations, so this is done under Article 6(1)(c) of the GDPR.
Who do we share your information with?
The simple answer to this question is that we will never share your information with anyone else who has the right to do anything with it without our permission (in other words, we don't give it to any other "data controller". We don't sell, rent, give or loan our data to anyone, at any time, for any reason.
We do, however, use other companies (our "processors" in GDPR-speak) to help us do our work, and this may involve sending your data onto their systems - although again, we want to make it clear, they're not then allowed to use your data for their own purposes. Which are these other organisations?
- We use a company called Cognito Forms to create many of the forms on our website. When you fill in these forms, the data is held on their servers
- We use MailChimp to send email to our customers, and we have customer lists and campaigns stored on their servers.
- We use SurveyMonkey to generate and analyse the post-training feedback forms. When you fill in the post-training feedback form, your information is hed on their server.
- We use Xero to process our invoicing and financial details.
It may be that under our agreements with these companies, they process your information, either themselves, or through their own processing agreements with the likes of Microsoft and Amazon, within the USA, which counts as a transfer to a third country under GDPR. In all cases, however, the organisations involved are part of the "Privacy Shield" self-certifying mechanism, the aim of which is to protect the security of your data.
What are your rights, with regard to your data?
- If the information we hold about you is incorrect, you have the right to have it corrected - just ask us.
- In some situations, such as where we no longer need to hold it, or if the processing we're doing is based on your consent (as outlined above), then you have the right to have your data erased. Just ask, and we're happy to provide more information about when this right applies.
- You have the right to "data portability" - that is, if you ask, we will supply you with an electronic copy of the information we've gathered from you as part of any contract we've had with you, or because you consented to us processing your information.
- You have the right to make a complaint at any time about what we're doing with your data. Please let us know if you're unhappy, but you also have the right to contact the Information Commissioner's Office with your complaint. Their website is at www.ico.org.uk.
If any of the information here is unclear, or you have any questions, please do get in touch and we'll do whatever we can to help.