SmallLogoBW.png

PRIVACY POLICY AND GDPR

LECTOR TRAINING SOLUTIONS LTD

General Terms and Conditions of

Lector Training Solutions Ltd

 

SECTION III “PRIVACY POLICY & GDPR”

 

“This document was created in order to deliver our services with full acknowledgement of our customers and enclose information on data stored on our Customer Management Systems (CMS)”

 

1. CONTEXT AND OVERVIEW

 

 

KEY DETAILS

 

Policy prepared by Data Protection Leader

Approved by Board: 07/08/2019

The policy became operational on 07/08/2019

Next review date: 01/08/2020  

 

INTRODUCTION

 

Lector Training Solutions Ltd (Lector) needs to gather and use certain information about individuals. Information can be held by Lector relating to customers, suppliers, instructors, business contacts, course delegates, employees and other people that the organisation has a relationship with or may need to contact. We need to gather above information’s to preserve basic functionality of the operation and be able to produce formal certification that has to be audited by Accredited Bodies responsible for quality and legality of services provided by Lector.

 

2. PERSONAL DATA HELD AND REASONS FOR PROCESSING

 

Lector holds electronic data required to:

 

  • Carry out its day to day functionality.

  • Produce a certificate for an individual who has attended a course.

  • Produce ‘delegate reports,’ when requested, by a company wanting to have details of their employees who have been on a course provided by Lector.

  • Share the individual’s details with the appropriate accrediting body for the type of training undertaken.

  • Process sales invoices to companies or individuals for services or training materials provided by Lector.

  • Process purchase invoices for services or materials provided to Lector.

  • Lector holds electronic data on individuals in the CMS (Customer Management System), accounting package, Office 365 and within the file structure on the server.

  • Lector records and stores data on paper forms required to: carry out its day to day functionality, to test delegates who attend its courses, to produce a certificate for an individual who has attended a course.

 

CMS: Lector holds information in its CMS system. Data can be collected/stored for:

 

  • The company and company contacts with whom the Lector Administration Teams and other departments communicate.

  • The individual contacts, employed by these companies, who attend a training course.

 

3. DATA COLLECTION AND STORAGE

 

Data held on the CMS system consists of:

 

Company contacts

  • The company whom the individual is employed by

  • Name

  • Job title and role within the company

  • Contact’s phone numbers

  • Contact’s company email address

  • Company address

  • Opt-in/opt-out of which type of marketing communications

 

 

Individual’s data

  • The company whom the individual is employed by

  • Name

  • Employee Number

  • Date of birth

  • Course dates

  • Course details

  • Scores

  • Passed / failed

 

Individuals’ data is collected through the completion of forms known as test sheet, risk assessment…………………….. These forms are completed by the individual on the course and by a sub-contracted instructor who is authorised as a sub-processor by Lector.

 

There will be a one-page form that will include a statement explaining why we need to collect the data and with whom we share it and this document has to be signed by every delegate.

 

Data collected is used to create a certificate for the individual (delegate) which is then either sent to the contact at the individual’s workplace or a central contact, dependent upon the terms agreed in the contract between the company and Lector.

 

Individual’s data shared with the following people/organisations

 

  • With the company that ordered the training in the form of a certificate and/or badge. This information will only include:

  • Name

  • Employee number

  • Truck details (for the truck used during testing)

  • Dates of training

  • Instructor / Examiner that carried out the training/testing

 

Tracking online activity

 

Lector track activity on their website and engagement with their online marketing via cookies and marketing analysis tools, for example, Google Analytics. Data retention controls are in place to periodically remove user data over time.

 

Cookies are also used on the Lector website to track shopping basket contents and remember where users are in the order process. Users can disable any cookies stored on their computer, but this may limit the functionality of the Lector website.

 

The following are necessary for the website to function properly - the Lector website will:

 

  • remember what is in your shopping basket

  • remember where you are in the order process

  • remember that you are logged in and that your session is secure. You need to be logged in to complete an order

 

The website will not share any personal information with third parties.

 

4. SHARING OF DATA

 

It is a function of all training companies that they share data about who has been trained with the appropriate accrediting body.

 

The individual’s data is shared with the appropriate accrediting body as required by Health and Safety Law. This will include:

 

  • Name

  • Date of birth

  • Course start date

  • Course end date

  • Length of course

  • Duration of course

  • Test date

  • Instructor / Examiner name and registration number

  • Course type

  • Truck type

 

All the data that we hold on individuals who have done courses with us is classed as low risk. We hold no financial records or home addresses for these individuals.

 

5. ACCURACY OF DATA

 

COLLECTION OF NEW CONTACTS AND ACCURACY OF DATA

 

Lector will endeavour to accurately collect the data it needs and provide clear and transparent justification for doing so, referenced at the point of collection, including a privacy policy that is accessible via the website.

 

New contacts and sales leads must be constantly brought in to the company to ensure survival and growth. 

 

Lector aim to bring in new contacts through the following ways, although this is not an exhaustive list

  • Website

  • Cold calling

  • Visits

  • Leads across company groups

  • Leads through trade union groups

  • Marketing – online and trade magazines

  • Trade shows

 

Lector will only market to / contact companies where we believe content will be of legitimate interest to the company/individual but will always provide them with the opportunity to opt-out via links contained in every email.

 

6. DATA SECURITY AND DATA BREACHES

 

Lector will protect itself to the best of its ability against data breaches through staff training and by keeping its IT systems up to date with the latest anti-virus, ransomware and firewall protection, and by complying with the latest best practice for data storage and protection. Lector's website will also be tested against hackers ensuring that there is no ‘backdoor’ entry to gain access to the IT system and individual’s data.  If Lector does suffer a personal data breach, the Data Protection Leader will notify the ICO and the affected parties within 72 hours of the breach. Lector considers a breach to be an occurrence involving a loss of data which presents a risk to the rights and freedom of any individuals involved, and could result in:

  • Discrimination

  • Damage to reputation

  • Financial loss

  • Loss of confidentiality

  • Any other significant economic or social disadvantage.

 

7. DISCLOSING DATA FOR OTHER REASONS

 

In certain circumstances, GDPR allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.

 

Under these circumstances, Lector will disclose requested data.  However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.

 

8. PROVIDING INFORMATION

 

Lector aims to ensure that individuals are aware that their data is being processed and that they understand:

 

  • How the data is being used

  • How to exercise their rights

 

To these ends, the company has a privacy statement, setting out how data relating to individuals is used by the company.

 

This is available on request. A version of this statement is also available on the company’s website.

 

9. RIGHT TO BE FORGOTTEN

 

Due to the nature of the industry in which Lector operates, we believe in the Right to be Forgotten. 

 

  • Attendees of a course: if an individual employed by a company requests the right to be forgotten, Lector will first check with the company to ensure that they approve this data removal from their training records. Once approved, the data can be removed from the CMS.

  • CMS Contact: if a contact no longer wishes to be contacted then we can remove that individual’s data from the CMS. If we have provided training for their company, then we cannot delete their company record from our CMS as individual training records will be associated with it.

  • Tracked online activity: anyone who would like records of their online activity removed can request to do so by emailing the Data Controller.

 

10. DELETING DATA

 

If a contract ends between Lector and the customer, Lector can provide all the personal data that they hold about the customer and the individuals within the organisation, if requested.

 

Lector will not delete the associated training records as this data may be requested as evidence of training if, for example, an individual has an accident.

 

  • Personal data for people who have attended one of our courses have to be stored and recorded to meet standards set by the Health and Safety Executive. The industry standard for keeping this data is a minimum of 7 years. After 7 years all paper copies of the personal data collected will be shredded on-site by an approved shredding company. Electronic data is stored back to 2018. Our customers use this data to prove compliance to the standards set within the ACOP L117.

 

Last update: 07/08/2019

 

TEL:   01622 682 010

WEB:   lectortraining.co.uk

EMAIL: info@lectortraining.co.uk

 

 

All rights reserved by LECTOR TRAINING SOLUTIONS LTD

(+44) 01622 682 010

©2020 by LECTOR TRAINING SOLUTIONS LTD.