Main Section » Privacy Policy - Privacy Policy
Privacy Policy
Privacy Policy
1. Introduction
1.1
We are committed to safeguarding the privacy of our website visitors and
company users.
1.2
This policy applies where we are acting as a data controller with respect to
the personal data of our website visitors and users; in other words, where we
determine the purposes and means of the processing of that personal data.
1.3
By using our website and agreeing to this policy, you consent to our use of
cookies in accordance with the terms of this policy.
1.4
In this policy, "we”, "us” and "our” refer to our data controller. [For more
information about us, see Section 13.]
2. Acknowledgement
2.1
This document was created using a template from SEQ Legal (https://seqlegal.com).
3. How we use your
personal data
3.1 In
this Section 3 we have set out:
(a) the general categories of personal
data that we may process;
(b) in the case of
personal data that we did not obtain directly from you, the source and specific
categories of that data;
(c) the purposes
for which we may process personal data; and
(d) the legal
bases of the processing
3.2
We may process data about your use of our website and services ("usage data”).
The usage data may include your IP address, geographical location, browser type
and version, operating system, referral source, length of visit, page views and
website navigation paths, as well as information about the timing, frequency
and pattern of your service use. The source of the usage data is our analytics
tracking system. This usage data may be processed for the purposes of analysing
the use of the website and services. Our legitimate interests, namely
monitoring and improving our website and services.
3.3
We may process your account data. The account data may include your name, email
address, postal address, contact phone number and dietary preferences. The source
of the account data is you, your employer or a person you have authorised to
book you a place on one of our courses. The account data may be processed for
the purposes of operating our website, providing our services, ensuring the
security of our website and services, maintaining back-ups of our databases and
communicating with you. The legal basis for this processing is our legitimate
interests, namely the proper administration of our website and business or the
performance of a contract between you and us and/or taking steps, at your
request, to enter into such a contract.
3.4
We may process your information included in your personal profile on our
website ("profile data”). The profile data may include your name, address,
telephone number, email address, profile pictures, gender, date of birth,
relationship status, interests and hobbies, educational details and employment
details. The profile data may be processed for the purposes of generating
invoices and receipts, enabling and monitoring your use of our website and
services. The legal basis for this processing is our legitimate interests,
namely the proper administration of our website and business or the performance
of a contract between you and us and/or taking steps, at you request, to enter
into such a contract.
3.5
We may process your personal data that are provided in the course of the use of
our services ("service data”). The source of the service data is you, your
employer or a person you have authorised to book you a place on one of our courses.
The service data may be processed for the purposes of operating our website,
providing our services, ensuring the security of our website and services,
maintaining back-ups of our databases and communicating with you. The legal
basis for this processing is our legitimate interests, namely the proper
administration of our website and business and/or the performance of a contract
between you and us and/or taking steps, at your request, to enter into such a
contract.
3.6
We may process information that you post for publication on our website (eg the
workshop listing) or through our services ("publication data”). The publication
data may be processed for the purposes of enabling such publication and
administering our website and services. The legal basis for this processing is
our legitimate interests, namely the proper administration of our website and
business or the performance of a contract between you and us and/or taking
steps, at your request, to enter into such a contract.
3.7
We may process information contained in any enquiry you submit to us regarding
goods and/or services ("enquiry data”). The enquiry data may be processed for
the purposes of offering, marketing and selling relevant goods and/or services
to you.
3.8
We may process information relating to transactions, including purchases of
goods and services, that you enter into with us and/or through our website
("transaction data”). The transaction data may include your contact details,
your card details and the transaction details. We use SecureTrading Financial
Services Ltd as transaction service provider. (Please see section 4.4). The
transaction data may be processed for the purpose of supplying the purchased
goods and services and keeping proper records of those transactions. The legal
basis for this processing is the performance of a contract between you and us
and/or taking steps, at your request, to enter into such a contract and our
legitimate interests, namely our interest in the proper administration of our
website and business.
3.9
We may process information that you provide to us for the purpose of
subscribing to our email notifications and/or newsletters ("notification
data”). The notification data may be processed for the purposes of sending you
the relevant notifications and/or newsletters. The legal basis for this
processing is the performance of a contract between you and us and/or taking
steps, at your request, to enter into such a contract.
3.10 We may process
information contained in or relating to any communication that you send to us
("correspondence data”). The correspondence data may include the communication
content and metadata associated with the communication. Our website will
generate the metadata associated with communications made using the website contact
forms. The correspondence data may be processed for the purposes of
communicating with you and record-keeping. The legal basis for this processing
is our legitimate interests, namely the proper administration of our website
and business and communications with users.
3.11 We may process
data. This data may include course application or purchase details. The source
of this data is your application details. This data may be processed for
application purposes. The legal basis for this processing is our legitimate
interests, namely, your course or coaching application or the performance of a
contract between you and us and/or taking steps, at your request, to enter into
such a contract.
3.12 We may process
any of your personal data identified in this policy where necessary for the
establishment, exercise or defence of legal claims, whether in court
proceedings or in an administrative or out-of-court procedure. The legal basis
for this processing is our legitimate interests, namely the protection and
assertion of our legal rights, your legal rights and the legal rights of
others.
3.13 We may
process any of your personal data identified in this policy where necessary for
the purposes of obtaining or maintaining insurance coverage, managing risks, or
obtaining professional advice. The legal basis for this processing is our
legitimate interests, namely [the proper protection of our business against
risks.
3.14 In
addition to the specific purposes for which we may process your personal data
set out in this Section 3, we may also process any of your personal data where
such processing is necessary for compliance with a legal obligation to which we
are subject, or in order to protect your vital interests or the vital interests
of another natural person.
3.15 Please do
not supply any other person’s personal data to us, unless we prompt you to do
so.
3.16 Our
website is not intended for young people under 16 years of age. We will
never knowingly gather or use personally identifiable information from anyone
under the age of 16. No person under the age of 16 is allowed to register on
this website.
4.
Providing your personal data to others
4.1
We may disclose your personal data to any member of our group of companies
(this means our subsidiaries, associated centres and faculties, our ultimate
holding company and all its subsidiaries) insofar as reasonably necessary for
the purposes, and on the legal bases, set out in this policy.
4.2
We may disclose your personal data to our insurers and/or professional advisers
insofar as reasonably necessary for the purposes of obtaining or maintaining
insurance coverage, managing risks, obtaining professional advice, or the
establishment, exercise or defence of legal claims, whether in court
proceedings or in an administrative or out-of-court procedure.
4.3
We may disclose relevant data to our suppliers or subcontractors insofar as
reasonably necessary for the purposes of supplying services such as training,
consultancy and coaching.
4.4
Financial transactions relating to our website and services are or may be
handled by our payment services providers, (our Bank and/or SecureTrading
Financial Services Ltd) We will share transaction data with our payment
services providers only to the extent necessary for the purposes of processing
your payments, refunding such payments and dealing with complaints and queries
relating to such payments and refunds. You can find information about the SecureTrading
Financial Services Ltd payment services at: http://www.securetradingfs.com/privacy/
4.5
In addition to the specific disclosures of personal data set out in this
Section 4, we may disclose your personal data where such disclosure is
necessary for compliance with a legal obligation to which we are subject, or in
order to protect your vital interests or the vital interests of another natural
person. We may also disclose your personal data where such disclosure is
necessary for the establishment, exercise or defense of legal claims, whether
in court proceedings or in an administrative or out-of-court procedure.
4.7 We
use a number of different services to communicate with members and event
delegates. This includes Constant Contact. See: Constant Contact privacy
Policy
4.8 For the purposes
of health and safety, event venues may be provided with a register of delegate’s
names. Event caterers may be provided with a list of delegate names and dietary
requirements.
4.9 For the
purposes of website maintenance, our website consultants, may have access to
sufficient data to undertake website maintenance.
4.10 For the
purposes of undertaking surveys we use SurveyMonkey. See: SurveyMonkey Privacy
Policy
5.
International transfers of your personal data
5.1
In this Section 5, we provide information about the circumstances in which your
personal data may be transferred to countries outside the European Economic
Area (EEA).
5.2
We are based in the United Kingdom. The European Commission has made an
"adequacy decision” with respect to the data protection laws of each of these
countries. Transfers to each of these countries will be protected by
appropriate safeguards, namely the use of standard data protection clauses
adopted or approved by the European Commission, a copy of which can be obtained
from their website.
5.3
The website hosting facilities are supplied by Wilson Digital Media Ltd. See www.wilsondigital.co.uk. The European Commission has made an "adequacy decision” with
respect to the data protection laws of each of these countries. Transfers to
each of these countries will be protected by appropriate safeguards, namely the
use of standard data protection clauses adopted or approved by the European
Commission.
5.4
Our contractors are situated in the European Economic Area. The European
Commission has made an "adequacy decision” with respect to the data protection
laws of each of these countries. Transfers to each of these countries will be
protected by appropriate safeguards, namely the use of standard data protection
clauses adopted or approved by the European Commission.
5.5 For the purposes
of email communications we may use Constant Contact Inc. who are based in
California, USA. Their privacy policy can be seen on: www.constantcontact.com/legal/privacy-statement
Constant Contact Inc.
is committed to achieving compliance with the GDPR by May 25th,
2018.
5.6
You acknowledge that personal data that you submit for publication through the
link on our website to twitter or facebook may be available, via the internet,
around the world. We cannot prevent the use (or misuse) of such personal data
by others.
6.
Retaining and deleting personal data
6.1
This Section 6 sets out our data retention policies and procedure, which are
designed to help ensure that we comply with our legal obligations in relation
to the retention and deletion of personal data.
6.2
Personal data that we process for any purpose or purposes shall not be kept for
longer than is necessary for that purpose or those purposes.
6.3
We will retain your personal data as follows:
(a) Basic
personal data (e.g., account data) relating to subscriptions and event
applications shall not be kept for longer than is necessary for that purpose or
those purposes.
6.4
In some cases it is not possible for us to specify in advance the periods for
which your personal data will be retained. In such cases, we will determine the
period of retention based on the following criteria:
(a) The
period of retention of account data will be determined based on what is
considered reasonable.
6.5
Notwithstanding the other provisions of this Section 6, we may retain your
personal data where such retention is necessary for compliance with a legal
obligation to which we are subject, or in order to protect your vital interests
or the vital interests of another natural person.
7.
Amendments
7.1
We may update this policy from time to time by publishing a new version on our
website.
7.2
You should check this page occasionally to ensure you are happy with any
changes to this policy.
7.3
We may notify you of changes to this policy by email.
8. Your rights
8.1
In this Section 8, we have summarised the rights that you have under data
protection law. Some of the rights are complex, and not all of the details have
been included in our summaries. Accordingly, you should read the relevant laws
and guidance from the regulatory authorities for a full explanation of these
rights.
8.2
Your principal rights under data protection law are:
(a)
the right to access;
(b)
the right to rectification;
Grayrock provides CPD events for mental health professionals. We specialise in practical skills-based workshops with material delegates can use immediately. Click on our "Courses" tab above for the full Programme Achieving an average of over 90% in delegate feedback, we enjoy the loyalty of our attendees and our expert trainers. Join our exclusive group of counsellors, psychologists, nurses, social workers, occupational therapists, doctors and coaches by sending us your email address info@grayrock.co.uk |
|