Privacy Notice for Apolline Training
for Clients’ and Students’ Personal Data
Apolline Training takes great care to protect the personal data we hold for our Clients’ and Students’ in line with the requirements of the General Data Protection Regulation (GDPR).
As required by law, this privacy notice lays out the following essential information:
- Who we are (our identity)
- The reasons for gathering the data
- The use it will be put to
- Who it will be disclosed to
- If it will be transferred outside the EU
- The legal basis for processing the data
- Retention period (how long we will keep the personal data)
- The right to complain
- Whether the data will be subjected to automated decision making
- Individuals’ privacy rights.
Apolline Training, is a company registered at Companies House registration number 07245126 whose registered address is 6 Burnmoor Meadow, Finchampstead, Wokingham, Berkshire RG40 3TX.
Personal Data held for our Clients’ and Students’
The personal data we process (processing includes obtaining the information, using it, storing it, securing it, disclosing it, and destroying it) for our Clients’ and Students’ may include:
- Name, address
- Email address
- Phone numbers
- GDC number (if relevant)
- Financial information
- Information relating to invoices sent and payments received
- Details of all contact we have had with our Client or Student
- Details of any complaints received and how these have been resolved.
Reasons for Processing Personal Data
The purpose of collecting and storing personal data about our Clients and Students is to ensure we can:
- Provide appropriate training and support services to ensure we fulfil our contractual obligations to our Clients and Students
- Collect fees via Stripe (online secure payment site)
- Obtain feedback from them about their satisfaction levels
- Obtain feedback following completion of training in line with GDC requirements for verifiable CPD
- Send CPD certificates when verifiable training has been successfully completed
- Respond to complaints.
How we use our Clients’ and Students’ personal data
We use our Clients’ and Students’ personal data to enable us to:
- Administer the contract we have with our Client or Student
- Provide the training service we are contracted to provide
- Administer payments relating to the training service we are contracted to provide
- Deal with queries
- Deal with complaints
- Provide continuity of training service by recording details of all contact we have with our Client or Student
- Ensure we comply with our legal obligations
- Update our Clients and Students on any regulatory, legal or statutory requirements.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of a Clients’ or Students’ personal information.
Disclosure to third parties
The information we collect, and store will not be disclosed to anyone who does not need to see it. Our employees and those working with us on a self-employed basis or contractual basis are bound by a duty of confidentiality and will never disclose personal information about a Client or Student to anyone who does not need to see it.
Transferring personal data outside the EU
We may send Clients and Students personal information outside the EU. If we do that we will ensure that we have written assurances that the data will be subject to the same level of security as required within the EU.
Legal Basis for processing data held about Apolline Clients’ and Students’
The GDPR requires us to state the legal basis upon which we process all personal data for our Clients and Students and it requires us to inform them of the legal basis on which we process their personal data.
The legal bases on which we process personal information for our Clients and Students is:
- Contract – We provide services and support in line with the contract we hold with our Clients and Students. The contract we hold with them requires us to process their personal data.
- Legitimate interest – We have a legitimate interest in processing our Clients’ and Students’ personal data to enable us to provide training services and support to them and to administer the contract we hold with them.
We only keep our Clients’ and Students’ personal data for as long as we need to in order to fulfil the contract we hold with them or for our legitimate interests or for as long as they give us permission to hold and process it.
Personal Privacy Rights
Under the GDPR, all individuals who have personal data held about them have the following personal privacy rights in relation to the information held about them.
Our Clients and Students have a right to:
- Access to and copies of their records.
- Have inaccuracies deleted.
- Have information about them erased.
- Object to direct marketing.
- Restrict the processing of their information, including automated decision-making.
- Take their data elsewhere (right to data portability).
It is our Clients’ or Students’ responsibility to ensure that any changes to their personal information are notified immediately.
Clients or Students who wish to exercise their rights under GDPR should contact the Operations Director, Samantha Spriggs at email@example.com
Clients or Students who wish to have inaccuracies deleted or to have information erased should contact Patricia Langley, Chief Executive who is the Data Controller at firstname.lastname@example.org
Automated decision making
All individuals who have personal data held about them have a right to object to direct marketing and a right to restrict the processing of their information, including automated decision-making.
Automated decision making involves all decisions made automatically i.e. without human intervention. We will always ask our Clients and Students to opt-in to any processes involving automated decision making.
We may send newsletters for direct marketing purposes when we have consent. When new Clients and Students register with us they are asked to opt-in to receive update information and newsletters. Existing Clients and Students have been asked to refresh their consent to continue hearing from us. Clients and Students who have not given their specific opt-in consent will not be sent anything they have not consented to receive.
As part of the service we are contracted to provide, we send our Clients and Students with whom we have a contract for services and support regular newsletters that update them on any:
- Changes to compliance blogs and CPD courses
- New policies, protocols or templates as they are developed
- Changes to regulatory, legal or statutory requirements.
We do not need consent to send this information because it forms part of our contractual obligations and the legal basis on which we do this is ‘contract’.
Our Clients and Students are always asked for their opt-in consent to receive direct marketing information such as information about new or planned services, support services or training courses.
Withdrawal of Consent
Our Clients and Students may withdraw their consent to receive direct marketing information or to have their data subjected to automated decision making at any time after they have given their opt-in consent. Clients’ and Students’ who wish to withdraw their consent should contact Samantha Spriggs, Operations Director at: email@example.com
Security of Personal Data
We take the security of all the personal data we process for our Clients and Students very seriously and appropriate security measures are in place to protect it against unauthorised access, loss or destruction. Access to personal information about individual Clients and Students is strictly limited to those people who need to access it. Any contractor or provider who has a legitimate reason for having access to personal data is bound by a duty of confidentiality.
We have clear procedures in place to deal with any data breach and these are described in our Data Protection Policy. Should the breach involve a breach of confidentiality then we will notify the individual involved in addition to the Data Protection Authorities.
Our Clients’ and Students’ have a right to complain about how we process their personal data. All complaints concerning processing of personal data should be made to Samantha Spriggs, Operations Director at firstname.lastname@example.org or to Patricia Langley, Chief Executive at email@example.com All complaints will be dealt with promptly and as described in our Data Protection Policy.
This Policy was reviewed and implemented on: 23.5.2018 and will be reviewed annually.
It is due for review on: 23.5.2019 or prior to this date in accordance with new guidance or legislative changes.
We are required under data protection legislation to notify our Clients’ and Students’ of the information contained in this Privacy Notice. We do that by placing this Privacy Notice on our website at www.apollinetraining.co.uk
A PDF of our Privacy Notice is also available on request from firstname.lastname@example.org.