General Data Protection Regulations 2018
In response to changes in regulations, Splat training has produced this document in line with Information Commissioner’s Office (ICO) recommendations
The following covers our:
Data Handling Policy
Data Consent Process
Subject access/deletion requests
Security and emergency procedure (breach)
Data Handling Policy and Procedure
At Splat we need to handle a basic amount of information about you in order to book you on your required course and to ensure we can get information to you by the appropriate means. We also need to process address information for invoicing purposes. As well as booking and invoicing for courses carrying a qualification we will use your email address to contact you with an automated reminder when/if your qualification is due for renewal. Finally, we would like to be able to add you to our emailing list, you can opt into this at booking or by visiting our website and completing a sign-up form.
You (or a representative with your consent) will give this data in an online booking form or over the phone. This is deemed to be consent to data handling. Within the booking process there is an ‘opt in’ option to give consent to marketing emails.
We will send you a reminder email if a retraining course is due. This email is not considered marketing rather it is sent within the ‘legitimate interest’ clause.
Our Awarding Organisations (Qualsafe Awards) keep a database of all learners for legal reasons (information you give at training) and we store the same course information, including any documents you completed on the day, as a paper record. These are stored securely and disposed of properly after 3 years.
We store as little information as possible and use trusted third parties with high-level security in place to store your personal data. We choose these third parties carefully and make every reasonable check of their security.
All third parties have permission to store your data on our behalf but do not have access to your personal information and cannot sell it or pass it to other parties.
Bookings are made using the Zoho Bookings platform or Jotforms
Customer information will be stored on Zoho CRM for marketing, reminder and/or track and trace purposes.
Online Learning is supplied by Videotile and/or Talent LMS
Meetings and online check ins will be held via Zoom
Invoicing is done through Freeagent and Zoho
Payments are taken by Stripe, Paypal or BACS with your own bank
Accredited courses are stored by Qualsafe Awards (First Aid)
Web analytics by Google Analytics
Marketing is carried out by email using Mailchimp and Zoho, (the leading email marketing platform) and you will only be added to marketing lists with your explicit consent, gained either by a tick box on the Zoho booking platform or a sign up (Mailchimp) on a Splat website. Occasionally a quiz and prize draw may be carried out on Survey Monkey or Zoho Survey. You will be asked to sign up to win the prize: we will not automatically sign you up.
We will always provide an easy ‘unsubscribe button’.
Data Consent Process (Lawful Basis)
By booking with us using our websites or by phone we assume that you consent to using these third parties by way of it being necessary in order to carry out the processes. If you are not happy with this please inform us in advance and we will try to accommodate you. We do not assume your consent to further marketing contact – this will be asked for explicitly.
Occasionally we may ask if we can use your photograph on social media or other marketing material. These photographs will not be associated with your name at any time and will only be used/stored with your written permission.
If at any time you would like to be deleted from our systems please contact us by phone or email (see www.splattraining.co.uk for latest contact details).
Subject Access Request
If at any time you would like access to the details we hold about you please contact us by phone or email (see www.splattraining.co.uk for latest contact details). We will provide you with the information free of charge and within the lawful timescale.
Security and emergency procedure (breach)
Because we take security seriously, we use third parties to store your data. These third parties have a legal requirement to inform the ICO within 72 hours of any breach.
Please be aware that online transactions are never guaranteed to be 100% secure, however, we take security very seriously and measures are in place to make it as safe as possible. If you ever feel your data is at risk please stop the transaction and inform Splat training immediately.
This policy will be updated regularly. Please return to our website to check for changes. Date of recent changes will be posted at the top of the page.