Privacy Notice for Apolline Training
for Clients’ and Students’ Personal Data
Apolline Ltd takes great care to protect the personal data we hold for our Clients and Members in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
As required by law, this privacy notice lays out the following essential information:
- Who we are (our identity)
- The reasons for gathering the data
- The use it will be put to
- Who it will be disclosed to
- If it will be transferred outside the EU
- The legal basis for processing the data
- Retention period (how long we will keep the personal data)
- The right to complain
- Whether the data will be subjected to automated decision making
- Individuals’ privacy rights.
Apolline Ltd, is a company registered at Companies House registration number 07245126 whose registered address is 6 Burnmoor Meadow, Finchampstead, Wokingham, Berkshire RG40 3TX.
Personal Data is held for our Clients and Members.
The personal data we process (processing includes obtaining the information, using it, storing it, securing it, disclosing it, and destroying it) for our Clients and Members may include:
- Name, address
- Email address
- Phone numbers
- GDC number (if relevant)
- Financial information
- Information relating to invoices sent and payments received
- Information relating to the performance of the contract we hold with our client or member
- Details of their compliance and action plans to help achieve compliance
- Details of all contact we have had with our client or member
- Details of any complaints received and how these have been resolved.
Reasons for Processing Personal Data
The purpose of collecting and storing personal data about our Clients and Members is to ensure we can:
- Provide appropriate support services to ensure we fulfil our contractual obligations to our Clients and Members
- Invoice our Clients and Members correctly for services or support
- Collect fees via direct debit or bank transfer
- Obtain feedback from them about their satisfaction levels
- Obtain feedback following the completion of training in line with GDC requirements for verifiable CPD
- Send CPD certificates when verifiable training has been successfully completed
- Respond to complaints.
How we use our Clients’ and Members’ personal data
We use our Clients’ and Members’ personal data to enable us to:
- Administer the contract we have with our client or member
- Provide the service we are contracted to provide
- Administer payments relating to the service we are contracted to provide
- Deal with queries
- Deal with complaints
- Provide continuity of service by recording details of all contact we have with our client or member
- Ensure we comply with our legal obligations
- Update our Clients and Members on any regulatory, legal or statutory requirements.
Some of the above grounds for processing will overlap and there may be several grounds that justify our use of a Client’s or Member’s personal information.
Disclosure to third parties
The information we collect and store will not be disclosed to anyone who does not need to see it. Our employees and those working with us on a self-employed basis or contractual basis are bound by a duty of confidentiality and will never disclose personal information about a client or member to anyone who does not need to see it.
Transferring personal data outside the EU
We may send Clients and Members personal information outside the EU. If we do that, we will ensure that we have written assurances that the data will be subject to the same level of security as required within the EU.
Legal Basis for processing data held about Apolline Clients and Members
The Data Protection Act 2018 and the GDPR require us to state the legal basis upon which we process all personal data for our Clients and Members and it requires us to inform them of the legal basis on which we process their personal data.
The legal bases on which we process personal information for our Clients and Members are:
- Contract – We provide services and support in line with the contract we hold with our Clients and Members. The contract we hold with them requires us to process their personal data.
- Legitimate interest – We have a legitimate interest in processing our Client’s and Members’ personal data to enable us to provide services and support to them and to administer the contract we hold with them.
We only keep our Clients’ and Members’ personal data for as long as we need to in order to fulfil the contract we hold with them or for our legitimate interests or for as long as they give us permission to hold and process it.
Personal Privacy Rights
Under the Data Protection Act 2018 and the GDPR, all individuals who have personal data held about them have the following personal privacy rights in relation to the information held about them.
Our Clients and Members have a right to:
- Access to and copies of their records.
- Have inaccuracies deleted.
- Have information about them erased.
- Object to direct marketing.
- Restrict the processing of their information, including automated decision-making.
- Take their data elsewhere (right to data portability).
It is our Client’s or Member’s responsibility to ensure that any changes to their personal information are notified immediately.
Clients who wish to exercise their rights under GDPR should contact the Operations Director, Samantha Spriggs at email@example.com
Clients or members who wish to have inaccuracies deleted or to have the information erased should contact Patricia Langley, Chief Executive who is the Data Controller at firstname.lastname@example.org
All individuals who have personal data held about them have a right to object to direct marketing and a right to restrict the processing of their information, including automated decision-making.
Automated decision making involves all decisions made automatically i.e. without human intervention. We will always ask our Clients and Members to opt-in to any processes involving automated decision making.
We may send newsletters for direct marketing purposes when we have consent. When new Clients and Members register with us, they are asked to opt-in to receive updated information and newsletters. Existing Clients and Members have been asked to refresh their consent to continue hearing from us. Clients and Members who have not given their specific opt-in consent will not be sent anything they have not consented to receive.
As part of the service we are contracted to provide, we send our Clients and Members with whom we have a contract for services and support regular newsletters that update them on any:
- Changes to Apolline’s compliance policies, protocols and templates
- New policies, protocols or templates as they are developed
- Changes to regulatory, legal or statutory requirements.
We do not need consent to send this information because it forms part of our contractual obligations and the legal basis on which we do this is ‘contract’.
Our Clients and Members are always asked for their opt-in consent to receive direct marketing information such as information about new or planned services, support services or training courses.
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work or to work more efficiently, as well as to provide reporting information.
Apolline.uk.com uses only ‘Essential’ or ‘First Party cookies’ – cookies that are essential in order for our website to operate and remain secure. Apolline does not use any Third Party cookies which collect detailed information about you or your device for marketing or any other purposes.
Withdrawal of Consent
Our Clients and Members may withdraw their consent to receive direct marketing information or to have their data subjected to automated decision making at any time after they have given their opt-in consent. Clients and Members who wish to withdraw their consent should contact Samantha Spriggs, Operations Director at: email@example.com
Security of Personal Data
We take the security of all the personal data we process for our clients and team members very seriously and appropriate security measures are in place to protect it against unauthorised access, loss or destruction. Access to personal information about individual Clients and Members is strictly limited to those people who need to access it. Any contractor or provider who has a legitimate reason for having access to personal data is bound by a duty of confidentiality.
We have clear procedures in place to deal with any data breach and these are described in our Data Protection Policy. Should the breach involve a breach of confidentiality then we will notify the individual involved in addition to the Data Protection Authorities.
Our Clients and Members have a right to complain about how we process their personal data. All complaints concerning the processing of personal data should be made to Samantha Spriggs, Operations Director at firstname.lastname@example.org or to Patricia Langley, Chief Executive at email@example.com All complaints will be dealt with promptly and as described in our Data Protection Policy.
This Policy was reviewed and implemented on: 21.09.2022 and will be reviewed annually.
It is due for review on: 20.09.2023 or prior to this date in accordance with new guidance or legislative changes.