TBM Training Ltd takes the privacy of all its customers, suppliers, partners and contractors seriously and takes great care to protect their personal information.
The General Data Protection Regulation (GDPR) was adopted into UK law from 25 May 2018. When the UK left the EU the GDPR has been incorporated into UK data protection law as the UK GDPR – so in practice there is little change to the core data protection principles, rights and obligations found in the UK GDPR.
Who controls your personal data?
· The Data Controller is TBM Training Ltd, a company registered in the UK: Company Number 11723422
· Registered office : 470 Green Lanes, Palmers Green, London N13 5PA [not for general correspondence]
· The Data Controller’s data protection representative is the Course Director.
· You can contact them at email@example.com
What is personal data?
Personal data is data that can identify you as an individual. There is general personal data such as name, address, National Insurance number and online identifiers/location data. There is also sensitive personal data which includes information on physical and mental health, sexual orientation, race or ethnic origin, religious beliefs, trade union membership and criminal records. Sensitive personal data must be protected to a higher level.
Who we are, what we do and how we get your data?
TBM Training Ltd is a provider of Radiation Protection and Laser Protection courses and training.
We collect the personal data from the following types of people to allow us to undertake our business;
- Prospective and existing customers;
- Supplier contacts to support our services;
- Employees and consultants;
You may have contacted us directly or we may have your details from our research / information already in the public domain or from third party data suppliers (opt in only). We are able to process your data if we have a legal basis for doing so.
There are six legal bases for processing data, but we will rely on (1) that the processing is necessary for the performance of a contract with you, (2) compliance with legal obligations, (3) that there is a mutual legitimate interest in processing your personal data, for example the courses and training are of direct relevance and importance in your practice, or (4) your consent to send direct marketing messages about products and services.
The data we collect and how we use it:
This section applies to individuals who have expressed an interest in our courses and training services or attended a course or event, and third-party supplier support in the provision of delivering these courses/services such as an individual or business (customer), a marketing prospect with whom we have dealings with or may have in the future, and third party (supplier/contractor) including the transfer of data to other jurisdictions.
The personal data we collect or receive may include the following as applicable:
- Email address
- Telephone and mobile numbers
- Job title
- Employer, organisation or company name
- Business type
- Your marketing preferences
- Bank details are not stored in any of our own databases however the information may be used by the provider of credit card payment services to whom TBM Training Ltd subscribes. Further information can be found at https://squareup.com/gb/en
We may obtain your personal data from the following sources (please note that this list is not exhaustive):
- You (e.g. via ‘opt in’ enquiry forms, website course booking or marketing subscriptions)
- Double opt in third party marketing databases
- The public domain
- Our website and software applications e.g. enquiry form
How we will use your personal data:
The processing of your personal information may include:
- Collecting and storing your personal data, whether in manual or electronic files
- Notifying you of potential new products, services and offers
- To market our products and services
- Retaining a record of our dealings and recording and storing of CPD attendance records for personal, employer or professional body requirements (consent will be sought where applicable)
- Establishing quality, training and compliance with our obligations and best practice
- For the purposes of backing up information on our computer systems
Why we process your personal data and our legal justification for doing so:
Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
We will rely on contract if we are negotiating or have entered into an agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
We will rely on legal obligation if we are legally required to hold information to fulfil our legal obligations.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required.
1. Entering into and performing a contract with you:
In order to provide our products and services, we may enter into a contract with you and/or a third party. In order to enter into a contract, we will need certain information, for example your name and address. A contract will also contain obligations on both your part and our part, and we shall process your data as is necessary for the purpose of those in order to process your order on your behalf.
2. Compliance with legal obligations (regulatory and statutory obligations):
We must comply with a number of statutory provisions when providing our products and services, which necessitate the processing of personal data, which amongst other things requires us to:
- Verify your business details
- Maintain records for specific periods
Where we engage in a contract with a business or person who attends a course or purchases our training services there are other statutory obligations that must be complied with including, tax, HMRC reporting requirements, and any other law or regulation.
We are also required to comply with statutory and regulatory obligations relating to business generally, for example complying with tax, bribery, fraud/crime prevention and data protection legislation, and co-operating with regulatory authorities such as HMRC or the Information Commissioner’s Office. We will disclose your personal information where required to do so by law or in accordance with an order of court or competent jurisdiction. We will also disclose your information if we believe that lawful disclosure is necessary to comply with the law or to protect the security or integrity of our service.
3. Our legitimate interests (carrying on the commercial activity of the provision of products and services):
In providing our products and services, we will carry out some processing of personal data which is necessary for the purpose of our legitimate interests, which include:
- Retaining records of our dealings and transactions and where applicable, use such records for the purposes of:
- establishing compliance with contractual obligations with customers or suppliers
- addressing any query or dispute that may arise, for example relating to, but not limited to evidence of CPD undertaken including establishing, exercising or defending any legal claims
- protecting our reputation
- maintaining a backup of our system, solely for the purpose of being able to restore the system to a particular point in the event of a system failure or security breach
- evaluating quality and compliance including compliance with this Privacy Notice
- Using your personal data to:
- assess suitability and contact you regarding our products and services (opt in customers only)
- collate market information or trends on products and services source potential products and services as part of our overall services
- personalise your experience and our offering, whether via our website or otherwise
This means that for our commercial viability and to pursue these legitimate interests, we may continue to process your personal data. We may use the data to carry out direct B2B email marketing. The lawful basis we use for this processing is “legitimate interest” for “direct marketing”. This is covered in the GDPR. The information Commissioner’s office (ICO) recommends that companies using data on this basis conduct a “Legitimate Interests Assessment” and we have done this.
4. Consent to our processing of your data:
We may process your personal data on the basis that you have consented to us doing so for a specific purpose, for example, if you have attended a course previously you may have consented to our processing of the data that has been provided for the purpose of informing you of new courses and training services considering your suitability either by previous choice of courses attended or by business type. In other cases, you may have provided your written or verbal consent to the use of your data for a specific reason such as receiving marketing updates on some of our additional services.
You may withdraw your consent to our processing of your personal information for a particular purpose at any stage. This is most easily done by clicking on the unsubscribe link at the bottom of our emails we send to you. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations.
What if we obtain your personal data from a third party?
Part of our business activity involves researching information relating to individuals and businesses for the purposes of creating new prospective business contacts. This may include obtaining personal data from online sources already available in the public domain, some information being publicly available but others being from sites or providers to which we subscribe, together with third party suppliers of data (opt in only). We will seek to ensure that all such data has been classified as ‘legitimate interest’ for ‘direct marketing’ and that the company supplying the data has carried out a Legitimate Interests Assessment.
From time to time, we may also receive personal information about you from exhibitions, trade shows and events, universities and colleges, publications (print & online), colleagues and employers, or from persons for whom you have provided services or been otherwise engaged. This list is not exhaustive.
Where information from third party sources is of no use to us, or where you have notified us that you do not want us to provide you with services, we shall discard it. However, we may maintain a limited record in order to avoid the duplication of process. Where we consider that information may be of use to us in pursuance of the provision of our services, any processing will be in accordance with this Privacy Notice. You do have the right to object to processing, please see Section 2 ‘Your rights’.
Sensitive Personal Data (SPD)
Sensitive personal data is information which is intensely personal to you Examples of SPD include information which reveals your name, age, gender, race or ethnic origin, credit/debit card details, and bank details.
Regardless of the basis for your dealings with us, we request that you do not provide us with any sensitive personal data unless absolutely necessary. However, to the extent that you do provide us with any sensitive personal data, such as data which you choose to share with us in conversation, we shall only use that data for the purposes of our relationship with you or for the provision of our product and services. This will be for one or more of the following reasons:
- You have explicitly consented to the processing
- Where processing is necessary for the purpose of obligations to complete your booking.
- To maintain records of our dealings to address any later dispute, including but not limited to the establishment, exercise or defence of any legal claims
Who we share personal data with:
We shall not share your personal information unless we are entitled to do so. The categories of persons with whom we may share your personal information include:
- Any regulatory authority or statutory body pursuant to a request for information or any legal obligation which applies to us
- Legal and professional advisers and professional bodies
If you do not wish to provide us with necessary data
There may be circumstances where we require you to provide data which is necessary for us to meet statutory or contractual obligations or perform our services. If you do not wish to provide us with information, we request then please notify us. However, please be aware that as a result we may be unable to provide you, or the party you represent, with a service, and in some cases, this may result in a breach of the contract we have with you or a third party you represent.
Data Security and Confidentiality
It is our policy to ensure, in so far as is reasonably practicable, that our systems and records are secure and not accessible to unauthorised third parties in line with contemporary practice.
A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website, which enables the website to tailor its offerings to your preferences when you visit it.
- Make our website work as you'd expect
- Remember your settings during and between visits
- Improve the speed/security of the site
- Monitor user traffic patterns
- Understand how our visitors use our website
- Make our marketing more efficient
What all of this means is that you get the best possible user experience and the most relevant information based on your needs. Cookies enable us to constantly evolve, develop and improve functionality to provide you with the best possible user experience.
The cookies we use:
- Strictly necessary cookies
These are the essential cookies to enable you to use the site effectively i.e. placing a booking. Accepting these cookies is a condition of using this portion of the site.
These cookies help our site remember the choices you made, for example, username, and also help make the most of our enhanced features, such as providing news or updates relevant to you.
These cookies help us monitor the performance of our site, providing us with the information to constantly optimise and develop our site to get the best user experience for you, for example site visits or source of visitors.
We use personalisation or targeting cookies to make sure we advertise the products that we think may be of interest to you, making your user experience a personalised one.
- Third party
As you use our site, you will notice that we have content from other sites, e.g., YouTube or Google Maps. We also facilitate the opportunity to engage with us further through social media channels, for example Twitter and Facebook. We use third party cookies to help deliver relevant information to you and integrate content with social networks.
- Google Analytics
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
If the settings on your browser that you are using to view our website are adjusted to accept cookies, we take this, and your continued use of our website, to mean that you are happy to have cookies enabled.
Turning cookies off
Please be aware that by not accepting cookies you will not be able to use some of the key functions of www.tbmtraining.co.uk website.
If you don’t want us to store a cookie on your PC to make your journey on our website the best it can be, you can switch cookies off by adjusting your browser settings to stop it from accepting cookies. Each browser acts differently so remember to check your browsers ‘help’ settings.
Retaining your data
In most circumstances your data will not be retained for longer than 7 years from the last point at which we provided any services or otherwise engaged with you and it is our policy to only store your personal data for as long as is reasonably necessary for us to comply with our legal obligations and for our legitimate business interests. The following sets out the lengths of time we are required by law to retain your data or certain elements of your data:
Data retention period
Customer/Supplier - 7 years.
Client / Marketing Prospect – 7 years
However, we may retain data for longer than the period stated where we have a legal or contractual obligation to do so, or we form the view that there is otherwise a continued basis to do so, for example where your personal information identifies specialist skill sets which may remain in demand, or we are subject to a legal obligation which applies for a longer period.
If however you believe that we should delete your personal data at an earlier date, please inform us in writing of your reasons. Please see Section 2 ‘Your Rights’ below.
Changes to this Privacy Notice
This Privacy Notice is regularly reviewed and may be updated from time to time to reflect changes in our business, or legal or commercial practice. Where an update is relevant to our processing of your data, we shall notify you of the same.
We take the protection of your personal data very seriously and it is important that you know your rights within that context, which include rights to:
- Request a copy of the personal data that we hold about you. If you would like to make a request for information, please contact firstname.lastname@example.org
- Object to our processing of your data where that processing is based upon legitimate interest and there are no compelling grounds for the continued processing of that data
- Request that we restrict processing of your data in certain circumstances
- Request that data is erased where the continued use of that data cannot be justified. Object to any decision, which significantly affects you, being taken solely by a computer or via another automated process
- Withdraw your consent to our processing of your personal data for a particular purpose at any stage. However, please note that we may continue to retain, or otherwise use your personal information thereafter where we have a legitimate interest or a legal or contractual obligation to do so. Our processing in that respect will be limited to what is necessary in furtherance of those interests or obligations
- Request inaccurate or incomplete data is rectified. We will respond to such a request within 1 month.
- Request that data provided directly by you and processed by automated means is transferred to you or another controller; this right only being applicable where our processing of your data is based either on your consent or in performance of a contract
- Make a complaint to the Information Commissioner’s Office https://ico.org.uk
- Request that direct marketing by us to you is stopped:
Please note that should you exercise your right to request that we erase data or cease any processing activity, we may retain a record of this request and the action taken to both evidence our compliance, and to take steps to minimise the prospect of any data being processed in the future should it be received again from a third-party source.
If you have any questions concerning your rights or should you wish to exercise any of these rights please contact: email@example.com
If you are dissatisfied about any aspect of the way in which your data is processed you may, in the first instance refer the matter to: firstname.lastname@example.org This does not affect your right to make a complaint to the Information Commissioner’s Office: https://ico.org.uk
If you have any enquires you can contact us at email@example.com