StayAhead Training
Privacy
Policy
 

StayAhead Training - Privacy Policy

 

StayAhead Training is a leading independent IT Technical Training company in the UK. As a leading provider of IT Technical Training, we are committed to providing high quality training for all of our clients, as part of that we take data compliance extremely seriously and are pro-active in ensuring the compliance of the services we provide to our customers as well as ensuring compliance as a business entity in our own right. The purpose of this statement is to provide information regarding how and why StayAhead Training collect, process and store data, as well as providing the appropriate contact information should you wish to request the information we hold about you, withdraw from processing or request deletion of any data we hold about you.

Our Users' privacy and data protection is very important to us and we have therefore taken technical and organisational protection measures to protect your privacy. The information you provide us will therefore be processed and protected in accordance with applicable law and this privacy policy ("Privacy Policy").

Under the EU General Data Protection Regulation (GDPR) there are six lawful basis for processing personal data. These are detailed as follows:

  • Consent – the individual has given clear consent for you to process their personal data for a specific purpose
  • Contract – the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract
  • Legal Obligation – the processing is necessary for you to comply with the law (not including contractual obligations)
  • Vital Interests – the processing is necessary to protect someone's life
  • Public Task – the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law
  • Legitimate Interests – the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

Children's personal data : The site is not intended for people under the age of 16 and we will not deliberately collect Personal Data about persons under the age of 16.

Further information regarding the lawful basis for processing personal data can be found at ico.org.uk

StayAhead Training and Personal Data

As an organisation that primarily processes business related data, StayAhead Training has assessed all six grounds for lawful processing of personal data and has selected ‘Legitimate Interests' as the most suitable lawful ground for the processing of data for the purposes of StayAhead Training's marketing and sales.

StayAhead Training's collects, processes and stores data relating to businesses and decision makers. We believe that the individuals that we process the data of, are likely to have an interest in the StayAhead Training training / room hire product. Deemed as ‘Legitimate Interest' this is based upon the basis that the majority of businesses / companies have IT computer systems and/or a web presence. These companies will have associated hardware and computer application requirements to run their core business and will have a perpetual need to have skilled IT personnel to run and maintain these systems. Our typical segmentation includes those within IT / Computer departments, HR departments, Procurement, Accounts for our Oracle Financial Courses, MD and owner related job functions, we will also use individual's job function to help ascertain the suitability of contacts, although this list is not exhaustive and other variables may apply.

We collect, process and store the essential information required for making contact with the data subjects within a business environment. The personal data we collect is generally limited to first name, last name, email address, telephone number, and social profiles (LinkedIN and Facebook). Other business related data also processed may include business name, job function and business address, however we will never collect further personal data such as those classed under 'Sensitive Personal Data'.

StayAhead Training also collects information relating to Delegates booked to attend courses, this information is generally limited to first name, last name, email address and telephone number. We may also collect information provided to us by the Delegate on persons they believe may have an interest in our products. Under the lawful basis of Legitimate Interest within the B2B arena we will look to introduce our sevices to the contacts provided.

We'll sometimes share data with third parties to help us provide a better service for you, for example, in servicing an order for a course, we may also collect additional information such as personal address and phone number if supplied to us by the bookee / delegate to deliver goods to the delegate, e.g. course manuals. This information will be supplied to us and where necessary we will pass on the minimum details required to the printer/courier company to source this request.

While StayAhead Training primarily offer our own technical IT training courses, we also market a small subset of third party courses that complement our portfolio. We will also source courses for a client with other third parties if they so specifically request us too. Where we are requested to source a course provided by a third party company, we will provide the minimum details to the third party company so they can process the course booking accordingly.

The business data collected will be used to communicate marketing and sales messages relating to the StayAhead Training product, based upon the job function held by the data subject. StayAhead Training specifically only sends messages to those we believe are likely to be interested in the StayAhead Training product based upon the organisation they are employed by and based upon their job function within that organisation. Messages from StayAhead Training could be delivered via email, social media, via telephone or any other business to business (B2B) marketing methods that may be relevant.

When StayAhead Training receive an enquiry or booking form via our website, or via other portals where we market our course detail, we request or are provided basic contact details such as name, contact number, address and job function. We will use the data provided to process the request and may use it to inform the recipient by email or telephone about other StayAhead Training products and services that we feel may be of interest. It is deemed that as our website or the 3rd party portal has been visited and we have been provided with contact information that the person entering the details is legitimately interested in our products and services. A person has the right to object from any method of correspondence at any time, using the unsubscribe button on an email, by informing the telephone operator or by contacting us via any of the methods below.

Where a course is booked by an individual, i.e. not a Corporate enquiry/booking, we will process the details on our systems on the basis of either lawful basis of 'Contract' or 'Consent', with regards to us communicating marketing and sales messages relating to the StayAhead Training products, as this is not a B2B contact, we will ensure that the individual in question has first provided opt-in consent before providing information outside the scope of the initial enquiry by the individual.


Legitimate Interest Assessment (LIA)

StayAhead Training has carried out a Legitimate Interest Assessment (LIA) as advised by the ICO. Based upon that assessment it is deemed that the rights and freedoms of the data subjects would not be overridden in our correspondence regarding StayAhead Training and that in no way would a data subject be caused harm by our correspondence. Based upon our segmentation by organisation and by specific job function, coupled with our processing of personal data within the context of a business environment, we believe that any individual that receives correspondence from StayAhead Training in a direct marketing or sales capacity, could be legitimately interested in the StayAhead Training solution. It is also deemed that direct marketing and sales is necessary in the context of promoting StayAhead Training to professionals in business in order to increase awareness of our IT Technical training in the marketplace.

Per the ICO guidance, StayAhead Training can confirm:

  • We have checked that legitimate interests is the most appropriate basis
  • We understand our responsibility to protect the individual's interests
  • We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision
  • We have identified the relevant legitimate interests
  • We have checked that the processing is necessary and there is no less intrusive way to achieve the same result
  • We have done a balancing test, and are confident that the individual's interests do not override those legitimate interests
  • We only use individuals' data in ways they would reasonably expect
  • We are not using people's data in ways they would find intrusive or which could cause them harm
  • We do not process the data of children
  • We have considered safeguards to reduce the impact where possible
  • We will always ensure there is an opt-out / ability to object
  • Our LIA did not identify a significant privacy impact, and therefore we do not require a DPIA
  • We keep our LIA under review every six months, and will repeat it if circumstances change
  • We include information about our legitimate interests in our privacy notice

StayAhead Training sales and administration teams are responsible for ensuring the validity and quality of the data contained within the StayAhead Training CRM system. The team continually cleanse the data held within the CRM system.

When we need your consent to use personal information?

Whilst we always want you to be aware of how we are using your personal information, this does not necessarily mean that we are required to ask for your consent before we can use it. In the day to day running of our business we may use your personal information without asking for your consent where:

  • We are entering into and carrying out our obligations under a contract with you; or
  • We need to use your personal information for our own legitimate purposes (or those of a third party) and our doing so will not interfere with your fundamental privacy rights.
  • We need to comply with a legal or regulatory obligation.

In exceptional circumstances we may wish to use your personal information for a different purpose which does require your consent. In these circumstances, we will contact you to explain how we wish to use your personal information and to ask for your consent. You are not required to give consent just because we ask for it. If you do give consent you can change your mind and withdraw it at a later date.


How we Procure Data

At StayAhead Training we procure data in a variety of ways, collected in line with the lawful basis of 'Legitimate Interests'. If you have received correspondence from us, we will have procured your data in one of the following ways:

  • You have requested information from StayAhead Training on a previous occasion
  • We have been sent your details such as your e-mail address requesting information about our services be sent to you
  • You or someone else (B2B) has expressly shared your contact details with us for the purpose of receiving information now and/or in the future
  • We have previously met at an event and your business card or contact details were handed to us willingly
  • You have previously connected with a member of our team via socail media portals, such as LinkedIN and discussed our services
  • We have found your business and contact details online, believing that your business would genuinely be interested in the StayAhead Training product, based upon your job function aligning with our typical customer profiles they have made contact to introduce you to our product
  • We may obtain Identity and Contact Data from publicly available sources such as Companies House, the Electoral Register or search engines or third-party websites
  • We have been provided your business contact details within email correspondence returns from contacts within your organisation, for example Left Company responses. Based upon the response aligning with our typical customer profiles we will endeavour to make contact to introduce you to our product
  • By providing us with your phone number and/or email address, you expressly permit us, or someone designated by us, to contact you using the phone number / email address provided

How do we keep your personal information safe

We take every care to ensure that your personal information is kept secure. The security measures we take include:

We limit access to personal information to those employees, agents, contractors or third parties who have a business need to know;
  • only storing your personal data on our secure servers or in a secure cloud environment;
  • ensuring that our staff receive regular data security awareness training;
  • keeping paper records to a minimum and ensuring that those we do have are stored in locked filing cabinets on our office premises;
  • maintaining up to date firewalls and anti-virus software to minimise the risk of unauthorised access to our systems; and
  • enforcing a strict policy on the use of mobile devices and out of office working.

Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of personal information sent to our website; you send us personal information at your own risk. Once we have received your personal data, we will use strict procedures and security features (some of which are described above) to try to prevent unauthorised access.

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


How long do we keep your personal information

We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. In practice this means that we will keep: client details e.g. your name and contact details for 6 years, account information, invoices and payment records for 7 years and complaint records for 3 years.


Automated Decision Making And PRofiling

We will not use your personal information to make automated decisions about you or to profile you.


Disclosing Your Information

StayAhead does not sell, trade or otherwise transfer to outside parties any personally identifiable information, this does not include trusted third parties or subcontractors who assist us in conducting our business or service your requirements. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.

We may disclose your personal information as follows:

  • Feedback to your employer, or the bookee of the course, if they have provided the funds for the course
  • Any third party we contract to act on our behalf
  • Partners with whom we work to provide Services
  • Any third party that purchases all or substantially all of our assets and business;
  • Any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to
  • comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.

Social Networking

The Website may offer you the opportunity to share or follow information about us (or the Website or our Services) using third party social networking functionality (such as through "share this", "like" or "follow" buttons).

We offer this functionality in order to generate interest in us, the Website and our Services among the members of your social networks, and to permit you to share and follow opinions, news and recommendations about us with your friends. However, you should be aware that sharing personal or non-personal information with a social network may result in that information being collected by the social network provider or result in that information being made publicly-available, including through Internet search engines.

Please note that we do not exercise any endorse or control the policies or practices of any third party social network whose functionality you may access through the Website.

You should always read the privacy policy of any social network through which you share information carefully in order to understand their specific privacy and information usage practices.


Use of Cookies

Please see our Cookies page for more details.


WebSite Access

When someone visits www.stayahead.com we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Search Engine

Search queries and results are logged anonymously to help us improve our website and search functionality. Data collected are: KeyWord Search, Results Count, Date/Timestamp, no user-specific data is collected.


E-newsletter/ StayAhead Communications

We gather statistics around pages opened and subsequent tracking of pages you visit on our website to help us monitor and improve our services to the recipient of the newsletter.


Email

We monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.


Complaint

People who make a complaint to us;

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide.

We usually have to disclose the complainant's identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person's record is in dispute. If a complainant doesn't want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the 'need to know' principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.




Job applicants, current and former StayAhead employees

What will we do with the information you provide to us?

All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us whether the information is in electronic or physical format. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The information we ask for is used to assess your suitability for employment. You don't have to provide what we ask for but it might affect your application if you don't.

Application Stage

We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.

Assessments

We may ask you to undertake telephone interviews or interviews at our location in London; to undertake a presentation; to provide a dummy training session (for Trainer positions); to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by StayAhead Training. If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.

Conditional Offer

If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

You will therefore be required to provide: Proof of your identity – you will be asked to attend our office with original documents, we will take copies. Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies. You will be asked to complete a criminal records declaration to declare any unspent convictions. We may provide your email address to the Government Recruitment Service who will contact you to complete an application for a Basic Criminal Record check via the Disclosure and Barring Service, or Access NI, which will verify your declaration of unspent convictions. We will contact your referees, using the details you provide in your application, directly to obtain references We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work.

If we make a final offer, we will also ask you for the following: Bank details – to process salary payments, Emergency contact details – so we know who to contact in case you have an emergency at work

How long is the information retained for?

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references. If you are unsuccessful at any stage of the process, the information you have provided until that point may be retained for 6 months from the closure of the position. Information generated throughout the assessment process, for example interview notes, maybe retained by us for 6 months following the closure of the position.




Right of Access

Commonly referred to as a subject access request. You may request that we send you all of the data we hold that relates to you. Preferably please make your request in writing so we can ascertain the necessary information to process your request;

By emailing: sales@stayahead.com

Or by writing to:

Data Compliance, StayAhead Training, 6 Long Lane, Barbican, London, EC1A 9HF

We will process and respond to your request within 30 days, this service will be free of charge.

StayAhead Training tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a 'subject access request' under the Data Protection Act 1998. If we do hold information about you we will: give you a description of it; tell you why we are holding it; tell you who it could be disclosed to; and let you have a copy of the information in an intelligible form. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone. If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the relevant Business Development Manager or writing to the address provided above.

Right of Rectification

The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. An individual can make a request for rectification verbally or in writing. We will process and respond to your request within 30 days, this service will be free of charge. In certain circumstances we can refuse a request for rectification. This right is closely linked to the controller’s obligations under the accuracy principle of the GDPR (Article (5)(1)(d)).

Right of Erasure

Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.

It is important to understand the difference between a right to restrict / object and a right of erasue. If you make a request for erasure, we will remove any data we hold about you from the StayAhead Training CRM system. This will also mean that we will remove you from our suppression files. If you are removed from our suppression files, there is a risk that your data may be processed again in the future if your details are re-added to our CRM system by a member of our sales team who genuinely believes that your business would benefit from StayAhead Training. If you do not wish for us to contact you again about StayAhead Training, we would recommend you request to restrict / object rather than a request for erasure, as this will ensure that your details are always suppressed from processing.

The option however is yours, and in either case we will process your request within 30 days.

Preferably please make your request in writing so we can ascertain the necessary information to process your request.

Email Requests can be sent to: sales@stayahead.com

Or by writing to:

Data Compliance, StayAhead Training, 6 Long Lane, Barbican, London, EC1A 9HF


Right to Restrict

Individuals have the right to request the restriction or suppression of their personal data.

This is not an absolute right and only applies in certain circumstances. When processing is restricted, we will be permitted to store the personal data, but not use it.

An individual can make a request for restriction verbally or in writing.

Preferably please make your request in writing so we can ascertain the necessary information to process your request.

Email Requests can be sent to: sales@stayahead.com

Or by writing to:

Data Compliance, StayAhead Training, 6 Long Lane, Barbican, London, EC1A 9HF

We have one calendar month to respond to a request.

This right has close links to the right to rectification (Article 16) and the right to object (Article 21).


Request to Object

In all correspondence with you we will give you the right to object from receiving further correspondence from StayAhead Training. On any emails you receive from StayAhead Training there will be the option to 'unsubscribe' from receiving any further email correspondence. If you receive a telephone call from us, you have the right to request not to receive any further calls. StayAhead Training has a companywide CRM system, your request to object will be logged within our CRM system to ensure that you do not receive any further calls.

Should you wish to object to receiving communication from StayAhead Training, you can do so in a variety of ways:

  • Please click the 'unsubscribe' link at the bottom of every sales email or use the UnSubscribe option on the website
  • If you have received a call, please tell the representative that you do not wish to receive any further communication
  • Please call 0207 600 6116 and you will be directed to a nominated person to deal with your request

You can also make your request by emailing: sales@stayahead.com

Or by writing to:

Data Compliance, StayAhead Training, 6 Long Lane, Barbican, London, EC1A 9HF

All requests will be processed within 30 days. Your details will be added to a suppression file to ensure that your details cannot be processed by the StayAhead Training CRM system in the future. Please note this applies only to the processing of your personally identifiable data, not that of the business data which does not fall under the remit of GDPR.




Payment Card Transactions

For payment card transaction, StayAhead Training use the services of PayPal, these transactions are subject to the PayPal Privacy Policy. StayAhead Training will employ reasonable administrative, technical and physical measures to maintain the security and confidentiality of any and all PayPal data and information, including data and information about PayPal users and PayPal.

Compliance with Data Protection Laws. With regard to any personal data processed by PayPal and StayAhead Training in connection with this Agreement, PayPal and StayAhead Training will respectively each be a controller in respect of such processing. PayPal and the merchant agree to comply with the requirements of the Data Protection Laws applicable to controllers in respect of the provision of their respective services and otherwise in connection with this Agreement. For the avoidance of doubt, PayPal and StayAhead Training each have their own, independently determined privacy policies, notices and procedures for the personal data they hold and are each a data controller (and not joint data controllers). In complying with the Data Protection Laws, PayPal and StayAhead Training shall, without limitation:

  • implement and maintain at all times all appropriate security measures in relation to the processing of personal data
  • maintain a record of all processing activities carried out under this Agreement
  • not knowingly do anything or permit anything to be done which might lead to a breach by the other party of the Data Protection Laws


Your consent

By using our site, you consent to this Privacy Policy.


Changes to the Privacy Policy

We may change this Privacy Policy from time to time by updating this document. The online version is available at: www.stayahead.com/About_SA/privacy.cfm

You should check this page from time to time to ensure that you are happy with any changes.

If you do not agree to the changes we make, please do not continue to use our Websites or our Services. If material changes are made to this Privacy Policy, we will notify you by placing a prominent notice on the Website.

For questions relating to this policy, please contact sales@stayahead.com

StayAhead Training is registered with the Information Commissioner’s Office under registration reference: ZA331293


This policy was last reviewed and updated on the 24th May 2018. Policies are periodically reviewed to ensure compliance with the current compliance environment.

 

 

 
+44 (0)20 7600 6116
Copyright © 2018 StayAhead Training Ltd
Cookies   /   Privacy Policy
sales@stayahead.com