Privacy Notice - For general users and clients
Sage Safety & Training Ltd (SST) takes your privacy very seriously. This Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data. If you need more information, please contact: firstname.lastname@example.org
1. What information do we collect?
We obtain and process personal data about you when you interact with us and our products and when you purchase goods and services from us. The personal data we process includes:
- your name;
- your username and password;
- your home or work address, email address and/or phone number;
- your job title;
- your payment and delivery details, including billing and delivery addresses and credit card details, where you make purchases from us;
- recordings of calls you make to our training team;
- and/or any other information you provide
2. How do we use this information and what is the legal basis for this use?
We process the personal data listed in paragraph 1 above for the following purposes:
- as required to establish and fulfil a contract with you, for example, if you make a purchase from us or enter into an agreement to provide or receive services. This may include verifying your identity, taking payments, communicating with you, providing customer services and arranging the delivery or other provision of products or services. We require this information in order to enter into a contract with you and are unable to do so without it;
- to comply with applicable law and regulation;
- in accordance with our legitimate interests in protecting SST?s legitimate business interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation);
- with your express consent to respond to any comments or complaints we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our website or our products or services;
- we may use information you provide to personalise (i) our communications to you; (ii) our website; and (iii) products or services for you, in accordance with our legitimate interests;
- to monitor use of our websites and online services. We may use your information to help us check, improve and protect our products, content, services and websites, both online and offline, in accordance with our legitimate interests;
- if you provide a credit or debit card, we may also use third parties (such as POS payment providers) to check the validity of the sort code, account number and card number you submit in order to prevent fraud, in accordance with our legitimate interests and those of third parties;
- we may monitor any customer account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law and our legitimate interests;
- in circumstances where you contact us by telephone, calls may be recorded for quality, training and security purposes, in accordance with our legitimate interests; and
- we may use your information to invite you to take part in market research or surveys.
We may also send you direct marketing in relation to relevant products and services. Electronic direct marketing will only be sent where you have given your consent to receive it, or (where this is allowed) you have been given an opportunity to opt-out. You will continue to be able to opt-out of electronic direct marketing at any time by following the instructions in the relevant communication.
3. How do we ensure the security of your personal data?
We have appropriate security measures to prevent your personal data from being accidently lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents and other third parties who have a business need to use your data. They will only your personal data on our instructions and are subject to a duty of confidentially.
Our online systems have security measures in place to help protect against the loss or misuse of any data under our control.
When the websites are accessed by users, data traffic is encrypted using up-to-date secure socket layer (SSL) technology so that it can only be accessed by the end user.
All sensitive information on the website, such as passwords, are encrypted by a proprietary encryption system. All personal data can only be accessed by the relevant end users by way of unique usernames and passwords that must be entered when a user logs in to the systems.
We are PCI DSS (Payment Card Information Data Security Standard) compliant. Credit card information is never stored on our systems and is only used to authorise the specific transaction through our card payment authority (WorldPay & Paypal) and then removed. Under no circumstances will your credit card information be passed to any other third party.
4. With whom and where will we share your personal data?
We only share your personal data with third party agents who have a business need to use your data. We do not share your personal data with any third parties for marketing purposes.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws.
In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the business.
5. How long will you keep my personal data?
We will keep your personal information for as long as you are a customer of SST. Thereafter we may keep your data for up to 7 years to enable us to respond to any questions or complaints and to maintain records where we are required to do so. We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
In the case of any contact you may have with our training / safety team, we will retain those details for as long as is necessary to resolve your query and for 12 months after the query is closed.
In some instances, laws may require us to hold certain information for specific periods other than those listed above.
6. Where is my data stored?
Personal data obtained from you whilst attending training `physical data? shall be securely stored at our centre in Daventry.
All personal data held electronically is stored on a secure set of servers hosted by our hosting provider. The servers reside in the United Kingdom. Data is frequently backed up and stored in the provider?s backup / disaster recovery facility, which is also in the UK.
This is in a secure server hosting facility with the necessary environmental, physical and technical controls in place to ensure unapproved access is prevented
Destruction of physical data
Our employees are trained to destroy all personal data securely. We use a local shredding company to have all paperwork containing personal data securely shredded. Certificates are provided to confirm secure shredding.
7. What are my rights in relation to my personal data?
You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data, clicking the `unsubscribe? / `opt out? button on any communication we have sent to you or by contacting us. Where you have consented to us using your personal data, you can withdraw that consent at any time. If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.
You also have the right to ask us to provide a copy of any personal data we hold about you.
Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.
If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we don't have a good reason to continue to use it; or (d) if we haven't handled your personal data in accordance with our obligations.
8. Where can I find more information about SST's handling of my data?
Should you have any queries regarding this Privacy Notice, about SST?s processing of your personal data or wish to exercise your rights you can contact SST?s Privacy Team using this email address: privacy@sagesafetyandtraining. co.uk . If you are not happy with our response, you can contact the Information Commissioner's Office: https://ico.org.uk