Privacy and cookies
A Plus Safety & Training Services Ltd collects information about you in order to provide you, your current or prospective employer or business with training services and training and qualification advice. The personal data that the Company might need to collect can include, but is not limited to, your name, title and address; phone numbers and emails; age and date of birth; nationality (but not ethnicity or race); gender; NI number; financial details; previous qualifications and training; etc. The Company may at times be required to ask for copies of photo ID such as a driving licence or Passport. This data may include both partial numbers and scans/photocopies, but copies will only be held as long as they are needed to identify or register you and will then be disposed of.
The data the Company requests, processes and holds is only that which is considered adequate, relevant and not excessive for delivery of the business, contractual and statutory bases set out below.
We will use the personal data provided to us by you, your employer or a 3rd party (ie a training broker) for the following purposes:
- The administration of training being delivered by the Company, or by one of its trainers, including waiting lists for such training.
- The administration of your membership of and qualifications from industry or statutory training schemes such as that run by CITB or other external organisations.
- Insurances policies or schemes, where they require proof of training and assessment.
- Internal and external course booking management
- Internal and external examination and assessment management.
- Liaison with external training providers, where the Company is arranging your training to be delivered through a 3rd party.
- Liaison with external training accrediting and awarding bodies, such as NEBOSH, IOSH, CITB, NPORS, QUALSAFE, etc. This will include registering you with those bodies; submitting your exams or assessments to those bodies; issuing you with qualifications from those bodies; and subsequently maintaining your qualifications with those bodies.
- Financial records relating to payment for training.
- Your attendance at training courses.
- Your past and current training records and qualifications, and potential future training needs (eg refresher training to maintain those qualifications).
- Internal notification of results from a training event.
- Ongoing business communication.
- Advertising upcoming and potential future training events.
- Anonymised trend reporting for performance measurement and bench marking.
We will inform you before using your data for any other reasons. The Company will only handle, process and store your data for these purposes, or in ways which are directly compatible with these purposes.
The lawful basis for our holding and handling your information in this way is derived from our contractual obligations with you, your employer or business or a third party such as a training broker; or where there is a statutory requirement for your training or qualification (ie the requirement under the FAWR for a 3 yearly refresher course); or, where these two bases are not applicable, with your express and informed consent. For existing clients, the first two purposes form the primary bases for our retention of your data and our ongoing. For prospective clients, the Company will use publicly available contact information, but seek express consent to retain and use personal data deriving from such contact.
If you do not wish to provide any of this data, it may not be possible to register you with a trainer or accrediting/awarding body. This may mean that you do not receive the award or certification at the end of a course or may not even be eligible to take that course under the auspices of that accrediting/awarding body. In such circumstances, the Company reserves the right to decline to deliver the training to you as to do so might jeopardise the Company’s own contractual obligations to those bodies and its compliance with statutory requirements.
We may share your data with 3rd party processors to provide the contracted training services to you. This will be with the trainers that the Company uses; 3rd party training brokers; accrediting and awarding bodies; where required by statute; etc, but only in line with the above bases. Further, the Company has contracts with these 3rd party data processors, confirming that they will themselves then handle any such data in line with the requirements of GDPR. We will not share your data with any other parties out-with the previously stated lawful bases, without your express consent.
The data the Company holds is stored on a secure local IT system within the Company premises in Swindon. It is backed up through a contract with GHS (UK) Ltd and held on their secure servers in the UK. GHS store the data and do not process it. The information the Company holds will not be transferred to a country outside the EU.
Data held by the Company will be retained for a duration dictated by the lawful bases set out above. Specifically, but not exclusively, this will include the duration of a course; the lifetime of a qualification or award; for the refresher period of such a qualification or award; a period dictated by statute; or until you request that the Company amend, restrict, supress or erase such data.
The person referred to in data provided to and held by the Company has certain rights in relation to that data. The rights of an individual in relation to their personal data are;
- Be informed what data is held on them.
- Access their personal data and any supplementary information and to be aware of and verify the lawfulness of the processing.
- Have inaccurate personal data rectified or completed if it is incomplete.
- Have personal data erased
- Request the restriction or suppression of their personal data
- Data portability (the provision of their data in a machine-readable form).
- Object to the processing of their data (Individuals must have an objection on “grounds relating to his or her particular situation” and in certain circumstances the Company may still continue to process the data).
- Not to be subject to automated decision-making including profiling without their consent (the Company does not use automated data profiling and decision making).
In certain circumstances some of these requests can be refused or not complied with fully, but the Company will set out any reasons for this so that you can understand why it has taken that decision. If you wish to exercise any of these rights, you can contact the company via any of its email addresses or postal address. If you make a request verbally, eg by phone, the Company will start to look into the matter, but will ask that you confirm the request in writing.
If you are unhappy with the way in which the Company is handling your data, you should raise that concern with the Company initially through your normal contact (or by email to firstname.lastname@example.org ). You can also take your concern to the Information Commissioner’s Office at https://ico.org.uk/concerns .