Our Commitment to Privacy
This privacy statement explains what information we gather about you, what we use that information for and who we give that information to. It also sets out your rights in relation to your information and who you can contact for more information or queries.
Please read this privacy statement carefully. If you have any requests concerning your personal information or any queries with regard to our processing, please contact us at firstname.lastname@example.org
Your privacy is important to us. To protect your privacy, we have provided this notice explaining our information practices, ensuring that we shall be responsible for, and be able to demonstrate, compliance with the principles of The General Data Protection Regulation (GDPR).
We identify ourselves as a ‘controller’ who determines the purposes and means of processing personal data and a ‘processor’ where we are responsible for processing personal data on behalf of clients that would be identified as the ‘controller’.
We use third party ‘processors’ and ‘controllers’ who are responsible for processing personal data on behalf of M.E.L. (Health & Safety) Consultants Limited (MEL).
‘Personal data’ refers to any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
‘Client’ refers to any client that has entered into a contract for works with MEL.
The Information we may collect
We may collect and process the following data:
- Email address;
- Phone number;
- Date of birth;
- National Insurance Number;
- Training Qualifications;
- Comments and feedback;
- Cookie information.
How we use your information
- to carry out our obligations arising from any contracts entered into between you and MEL and to provide you with the information, products, documents and services that you request from us;
- to make bookings with other training providers where MEL cannot facilitate the request;
- to notify you of any training courses that we run and any subsequent discounts offered for training;
- to update you and keep you informed of Health & Safety legislation or good practice in the form of regular “Information Bites”;
- to process and acknowledge any job application that you may make;
- to notify third party training bodies such as CITB for the purpose of student registration. This information will not be shared with other third-party organisations. Such training bodies will be considered a ‘controller’ for processing personal data and advice should be sourced from the relevant training body for further details;
- to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
- to upload your personal information onto third party Health & Safety accreditation portals such as CHAS, Construction Line, EXOR where we have been contracted to assist with completing applications and where information has been passed to us for this purpose, we will not share this data with anyone else;
Legal basis for processing your information
MEL rely on one or more of the following processing conditions in order to process your personal information:
- to perform our obligations under any contracts that have been agreed with you; or our legitimate interests in the effective delivery of information, documentation and services to you and in the effective and lawful operation of our businesses (provided these do not interfere with your rights);
- to satisfy any legal and regulatory obligations to which we are subject;
- where no other condition for processing is available, if you have agreed to us processing your personal information for the relevant purpose.
Sharing your data
- Your personal information may be transferred to external training bodies that produce certification for courses that have been attended, external training providers where courses are attended that cannot be facilitated by MEL and third party accreditation portals such as CHAS, Construction Line – all these instances are a direct consequence of the contract for works between MEL and the Client;
- Your personal information may be transferred to third party service providers who process information on our behalf; providers of information technology, website hosting and management, data analysis, data back-up, security and storage services. The third party providers may use their own third party subcontractors that have access to personal data. All of our back-up data that is stored off site is encrypted;
- We may disclose your personal information to law enforcement, regulatory, or other government agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
Where clients or their employees provide MEL with the personal data of employees, other than themselves, for the purpose of placing them on a training course or for including their personal data within documentation or evidence used for questionnaires or for auditing or monitoring purposes that may be a requirement of the Company’s. It will be considered that it is the client’s responsibility, as controller, for ensuring that the data subject’s consent is provided for the processing of the personal data.
Clients that require details of MEL personnel qualifications by way of a CV, copies of qualifications or copies of professional memberships to assist with pre-qualification questionnaires or tender applications must have policies or contracts in place with other third party processors to ensure that the personal data of MEL employees is safeguarded for unintended use.
- MEL do not transfer any data to countries or territories outside the European Economic Area (EEA).
Keeping your details up to date
MEL always endeavour to make sure that the information we hold about you is accurate and up to date. If you have a change of name and/or contact details, please contact us on email@example.com or call us on 01708 555544.
Retention of personal information
We will retain your personal information only for as long as it is required for the purposes for which it was collected, until the expiry of any certification, as a requirement of an accredited training body or as required to do so by law.
Our retention period will be 5 years. All data kept after this time will be stored by encrypted backup.
Direct marketing and unsubscribing from marketing
Where we are legally required to obtain your consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so for the following:
- Training courses that may be of interest to you and relevant to your undertakings;
- “Information Bites” that provide you with updates to legislation and good practice;
- Where your company Health & Safety Policy requires an annual update.
If you do not wish to receive emails or marketing communications from us, you can at any time contact us to request that such communications cease. If you choose to unsubscribe from any or all mailings, we may retain information sufficient to identify you so that we can honour your request.
Rights in relation to your information
You may have certain rights in relation to the personal information we hold about you. In particular, you may have a right to:
- request a copy of personal information we hold about you;
- ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete;
- ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information;
- object to our processing of your personal information; and/or
- withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing).
- If you would like to exercise these rights, please contact us by sending an email or by one of the means set out at the end of this privacy statement.
Access Data Requests
Where any subject access requests are received MEL will respond within one month of your request. MEL will require evidence to be able to confirm your identity. MEL will require that the person requesting access of their personal data attends the offices of MEL in person with a copy of their photographic ID, to confirm identity. The relevant contact details will be established at this time to enable MEL to issue the personal data.
Our Commitment to Data Security
To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the personal information we collect.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the Internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.
Any personal information you give to us will only be used by MEL and by its controllers or processors and service providers. We do not sell or share personal information with third parties unrelated to it. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
We have contracts in place with our data controllers and processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Personal Data Breach
A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. A personal data breach will occur whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted, or accidentally lost or destroyed.
Where a security incident takes place MEL will quickly establish whether a personal data breach has occurred and, if so, promptly take steps to address it.
MEL will establish the likelihood and severity of the resulting risk to the subject’s rights and freedoms. If it is likely that there will be a risk the breach will be reported to the ICO within 72 hours after becoming aware of the breach.
Where a breach is likely to result in a high risk to the rights and freedoms of individuals, MEL will inform the individual directly without undue delay.
Further Information Regarding GDPR
Further details about The General Data Protection Regulation (GDPR) is available from the Information Commissioner’s Office. https://ico.org.uk/global/contact-us/
How to Contact Us
If you have any questions or complaints about this privacy statement or the way your personal information is processed, or would like to exercise one of your rights set out above, please contact us by email firstname.lastname@example.org or call us on 01708 555544.
Review of Privacy Notice
This privacy notice will be regularly reviewed and was last updated on 25th July 2018.
Copies of future reviews of the privacy notice will be displayed on our website (currently under construction and due to be completed by September 2018).