Data Protection Academy

Privacy policy 

The Data Protection Academy® is a trading style of the Griffin House Consultancy Limited a company registered in England No: 9028231.

 

How we use your personal information …

As data protection specialists you would expect us to take privacy issues very seriously, and you are absolutely right. Here at the Griffin House Consultancy (GHC) we are 100% committed to protecting your personal information and we shall always be transparent with you about how we are using your details.

The UK General Data Protection Act (GDPR) and UK Data Protection Act 2018 (DPA2018), states that organisations must be open about what information they collect, and how they intend to use it. This ‘Fair Collection Notice’ also called a Privacy Policy explains how we obtain, collect, process and store information about you.

 

How do we obtain your information & why?

In most cases you will volunteer your personal details to us, however, if you work for an organisation your details will have been shared with us by them. We will always tell you before we capture your information why we need the information and how we will use it, or if it is supplied by another party we will advise you as swiftly as possible afterwards that we are processing your information.

Learners - if you have enrolled onto one of our training courses then we will need to know your name, company address and contact details, and in order to support you in your learning journey we may need to ask for other specific information. You may wish to share with us some sensitive information if you require any particular assistance with learning materials or additional help in taking the exam, and if you attend one of our in-person events you may be asked if you have any specific dietary requirements. Finally, we may ask for your ethnicity and other equality and diversity questions so that we can provide statistical analysis to relevant bodies.

The last three elements of information will not be electronically stored against your name, but held anonymously and only referred to in the event of a query. We shall also record details of your grade and pass mark together with any correspondence that may be generated between us.

As we need your information to provide a certified course to you, we shall keep a copy of the data for a minimum of 10 years, but we will remove the entry if you request us to do so.

Business Contacts

If you have made contact with us, or if we have made contact with you, whether that be through networking, via social media or in person, we shall add your name, company and contact details to our CRM together with appropriate relevant notes, such as details of our discussions, meetings, marketing contacts etc.

If you are a learner or business contact we will ask you if you would like to receive regular communications from us, and we shall do this within any guidelines with data protection and PECR Regulations. You can change your preferences at any time, and if you ask us to stop communicating with you, we shall action this request immediately.

 

How we store your information

All client information and files are retained on cloud servers hosted within the EU, and any files containing commercially or personally sensitive information are encrypted before saving to the server. We store our marketing information in a robust CRM system, and ensure that only basic contact information, as stated above, is stored. Only authorised members of the team have access to your personal information, and we back it up regularly to prevent against loss or damage. When email broadcasts are sent we use tracking URL’s within emails to better understand which email links have been used.

 

Who do we share with?

Let me assure you that we will never sell your information, or share it with any third party, save those detailed below, our legal advisors or with any government agency or other party entitled to this information by law, statute or court order. In the event that GHC is ever sold as a going concern, or enters into administration, the database of clients, learners and prospects shall be deemed an asset of the company, and the consents and permissions provided by the data subject shall be transferred to the new owners. You will be advised if this occurs and given the option to opt-out at that time.

For learners, we will share your personal details with an appropriate awarding body as necessary to facilitate the awarding of your certificate or qualification and your information will be available to the Good Ideas Institute with whom we host this site, they in turn are supported by a New Spring who built the software and who also provide technical support to learners on this platform. We may from time-to-time sub-contract elements of our operation to data processors, such as a mailing house, or market research company, but they will be working as a data processor on behalf of GHC who shall at all times remain responsible for the security and confidentiality of your data. Any data and all processors will be vetted, and sufficient contracts will be in place to protect the integrity and privacy of your data.

All data will remain on servers within the UK, the EEA, or in a third country listed on the UK's approved country list.

 

Lawful reason for processing

Where you ask us directly to provide a course to you we shall rely upon your explicit consent to process your information. Where your employer or other third party pays for your course we shall rely upon contractual obligation. We shall manage all communications, invoice and billing functions, and monitoring the system for malicious software and attacks under our legitimate interests.

 

Your Rights

Data Protection legislation provides individuals with rights which are listed below for your convenience:- 

  • You have the right to be informed about how we ensure the ‘fair processing of your information’ and transparency of what we do as stated in this Privacy Policy.
  • You have the right to access a copy of the personal information we hold about you by making a Data Subject Access Request (DSAR) using the contact details below.
  • You have the right of rectification to amend or update your personal information and ensure we maintain accurate and up to date records and or data about you. 
  • You have the right to erasure, also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing by Griffin House.
  • You have the right to restrict processing of your personal data. Processing of your personal information may be restricted in the event it is no longer essential to support the use of services provided to you and or not part of any contractual, legal or financial requirement to do so. Griffin House is permitted to store the personal data, but not further process it.

Note: Griffin House may retain just enough information about you to ensure that any restriction is respected in future.

  • You have the right to data portability which allows individuals to obtain and or reuse their electronic personal data across different platforms. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. 
  • You have the right to object to the processing of your personal information where processing is based on consent, legitimate interests, direct marketing including profiling; and processing for purposes of scientific and or historical research and statistics.
  • You have right to be made aware of any automated decision-making, that made without any human involvement, and or profiling of your personal information by Griffin House – the only automated processed performed by us is the automated marking of quiz and exam questions.
  • You have an absolute right to ask us to stop sending you direct mail or marketing emails.

 

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work or work more efficiently, as well as to provide information to the owners of the site. Click here to see our full cookie policy.

We do not store any personal data in the cookies that we use, and store the cookie information anonymously to assist us in both the running of the site, and also for monitoring the activity and traffic both to and through our website. To do this we use Google Analytics cookies.

Depending on the browser you use, you should be able to control what cookies are placed on your device through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

 

Complaints 

Finally, if you are unhappy with the way we are processing your information you can request compensation for any harm, damage or distress caused to you as a breach of the legislation. You can find out more information from the ICO’s website http://ico.org.uk/for_the_public/personal_information.

 

Contact details 

If you have any questions, do not hesitate to contact us.

Mike Martin - Director
Data Controller: Griffin House Consultancy Limited
Griffin House
Wickenby
England
LN3 5AB
Tel: 01673 885533

Data Protection Register Entry Details: ZA081014

For more information see our full privacy policy

Privacy policy version number 1.2 (20/12/2022)