Customer privacy notice
Data controller: Centre for Strategy and Communication 020 7490 3030
Data protection officer: Jodie Caya, Head of Operations, email@example.com
As part of any booking process, the organisation collects and processes personal data relating to enquiries, booking agent and attending delegate(s). The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
The Centre for Strategy and Communication (hereafter known as ‘The Centre’) understands that your privacy is important to you and that you care about how your personal data is used. The Centre respects and values the privacy of all our customers and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
What information does the organisation collect?
The organisation collects a range of information about you. This includes:
- your name, address and contact details, including email address, telephone number, employer details;
- whether or not you have a disability for which the organisation needs to make reasonable adjustments for the training event;
- information when you voluntarily complete customer services, provide feedback and participate in competitions
- website usage information is collected using cookies
The organisation collects this information in a variety of ways. For example, data might be contained in booking forms, events, enquiry e-mails or collected through evaluations, customer feedback / surveys.
In some cases, the organisation also collects personal data about you from third parties, such as your employer. The organisation will seek information from third parties only relevant to the training event.
Data will be stored in a range of different places, including on your delegate record, event booking system and on other IT systems (including email).
Why does the organisation process personal data?
The organisation needs to process data for the purposes of managing our service to you, including providing you with information and access to our training course(s). The organisation has a legitimate interest in processing personal data as part of us managing our service to you and for keeping records of the service.
The organisation processes health information, only on consent, if it needs to make reasonable adjustments to the booking and training event(s) for delegates who have a disability. This is to carry out its obligations and exercise specific rights in relation to training.
We collect information about you to process your booking(s), manage your training event(s), processing payments, where applicable, and, if you agree, to contact you about further training and services we think maybe of interest to you. The organisation will ask for your consent before it keeps your data for marketing purposes and you are free to withdraw your consent at any time.
No processes are based solely on automated decision-making.
Who has access to data?
Your information will be shared internally for the purposes of managing our service to you, including the coordination of the booking and training event. This includes members of The Centre team.
The organisation may share your information with third parties, including training associates for the purpose of managing our service to you, including the coordination of the booking, training event and evaluation feedback. In addition the organisation may share your information with your employer for the purpose of managing our service to you, including coordination of the booking, training event, course evaluation and feedback. We may also process your personal data if required by law, including responding to requests by government or law enforcement authorities, or for the prevention of crime or fraud.
The Centre will not share your information for marketing purposes, with any third party.
The organisation will not transfer your data outside the European Economic Area.
Other than as set out in this Privacy Notice, we do not share your personal information to third parties save where this is necessary to comply with the law.
How does the organisation protect data?
The organisation takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees and our associates in the proper performance of their duties. The process in place are as outlined in the; Data Protection Policy and Procedures and the ICT Acceptable Use Policy.
For how long does the organisation keep data?
The organisation will hold your data in relation to your booking enquiry and / or training event on record for 7 years after the date of the last booking enquiry / training event. At the end of that period your data in relation to the booking and / or training event is deleted or destroyed.
Based on your consent for marketing, we will keep the information held on you until you tell us not to, or in line with your consent provided. If you wish to withdraw your consent for the organisation to hold your personal details e-mail firstname.lastname@example.org, to opt out or select the unsubscribe option on the marketing e-mail.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require the organisation to change incorrect or incomplete data;
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing; and
- ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation's legitimate grounds for processing data.
If you would like to exercise any of these rights, please contact Jodie Caya, Head of Operations, email@example.com or in her absence the HR Department. You can make a subject access request by completing the organisation’s form (Subject Access Request Form) for making a subject access request. Further information is available in the organisations Data Subject Requests under GDPR Response Procedures.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to the organisation during the booking and training event process. However, if you do not provide the information, the organisation may not be able to process your booking and training event properly or at all.
The Centre, and sister company, Itec Training Solutions Limited, would like to send you information about our activities and training events which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes or giving information to other members of our group.
We may use licenced third parties to provide us with regulated personal data for sales and marketing purposes.
If you have signed up for our e-newsletter, you can also receive occasional emails for example with information, updates and special training offers. We will always give you the opportunity to unsubscribe.
If you would like to amend your information or if you no longer wish to be contacted for marketing purposes, please e-mail firstname.lastname@example.org or use the unsubscribe line.
You can set you browser not to accept, reject or delete cookies, the websites below provide information on how to remove cookies from your browser. Further information: www.aboutcookies.org or www.allaboutcookies.org
Our site also uses Google Analytics, a third party web analytics service provided by Google, Inc. Google Analytics sets cookies in order to evaluate your use of our site and to compile reports for us on visitor activity. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website.
Social Media Platforms
We participate with social media platforms subject to their privacy policies and terms. Note that the social media platform may track and save your request to share a web page through your social media platform account. You should use social media platforms wisely and communicate / engage upon them with due care and caution in regards to your own personal data.
We will not request personal data through social media platforms.