At Mind Matters we take your privacy extremely seriously, and are fully committed to ensuring that any information that we hold is processed securely, and in a way that you can reasonably expect. This policy provides more detail on the information that you provide or that we collect from you, how we use it, and your rights in relation to our processing of your information.
This policy is written in accordance with the following legislation:
- The Data Protection Act 1998, which will be replaced by the General Data Protection Regulation (EU) 2016/679 from 25 May 2018 (“GDPR”)
- The Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”)
- Directive 2009/136/EC of 25 November 2009 (“The European Union Cookie Directive”)
Mind Matters Training Ltd T/A Mind Matters (“Mind Matters”, “we”, “us”, “our”) is a company registered in England and Wales with registration number 09944950. Our registered office is Kendray Business Centre, Thornton Road, Kendray, Barnsley, S70 3NA
Why does Mind Matters collect information?
We will always ensure that there is a legal basis for collecting and processing data. The main reasons for processing your data will be:
- Because you have given us consent to process your data for a specific reason/s;
- To ensure that we are able to perform or fulfil a contract with you (or a contract made with someone else on your behalf that requires us to collect data from you, such as attending or completing a training course);
- To comply with our legal obligations and regulatory requirements; or
- For our legitimate interests, including:
- being able to effectively administer our business;
- to provide information to our clients e.g. course delegates; and
- to promote our business, products or services.
When processing data using the ‘legitimate interests’ condition, we will carry out a balancing test of our interest to ensure that our interest is not overridden by your rights, interests or freedoms.
The information we collect from you
On occasion, we need to collect ‘Personal Data’ and ‘Special Category Data’ as defined by the GDPR. This may include:
Personal Data
Name, address and postcode, email address, telephone number, date of birth, gender, payment details (for online purchases or BACS payments) and employment information (employer and/or job role).
Special Category Data
Information on disabilities and learning needs will also be collected and processed in relation to reasonable adjustments or special considerations for our training courses.
How we collect information
There are several ways that we use to collect and obtain data. These include…
- Our website (online forms)
- Telephone
- SMS
- Paper-based documents (workbooks, contracts, registration forms)
- Face-to-face
- Social media
- Via third parties (see section ‘third parties’)
How we use your information
Provision of goods and services
We will use the information that is provided to us to ensure that we are offering the best possible service to our customers and clients. This may include generic uses, such as acting upon customer feedback to change elements of our offer or developing a new product, or specific uses, such as using information provided as part of a client brief to ensure that we are providing a solution that is fit for purpose.
Certification
We will use data to support the development, delivery, assessment and renewal of qualifications, the provision of training and the issue of certificates. For regulated qualifications, this will include sharing your data with an Awarding Organisation (see section ‘third parties’).
Updates
We will send clients and customers updates relating to our products and services, industry news, updates and changes to legislation. This information will be relevant to the products or services that have been provided previously, and we hope will be useful. If you would rather not receive these updates, you can either opt-out from any email communications and/or object to your data being used in this way (see section ‘your rights’).
Marketing
From time to time, we may send you marketing information (unless you object) by email, post, telephone, social media or SMS. We will always be careful to contact you in a way which is non-intrusive, and can be reasonably expected for the message being conveyed. We will always give you the opportunity to opt-out from receiving future communication.
Third parties
Providing data to third parties
To enable us to perform or fulfill our contract with you (or a contract made with someone else on your behalf), we sometimes need to pass your data to third parties. Examples of this include passing your information to Awarding Organisations in order to award a regulated qualification, or storing data on cloud-based systems (i.e. online bookings or eCommerce).
Where data needs to be passed to third parties, we will always ensure that due diligence checks have been conducted prior to commissioning / entering into a contract with the third party, and any data transferred will be done so securely (see section ‘how we protect your information’). If data is transferred or stored outside the EU, we will ensure that appropriate safeguards are in place and that data security standards are comparable to those of the EU.
We will never sell your data to third parties. If we use your data to develop or market our products and services (i.e. case studies, testimonials or statistics), we will always ask for your content, or ensure that data is anonymised pseudonymised prior to publication.
Obtaining data from third parties
We may process data that has been collected by a third party. Sources of this data may include:
- Someone who has personally provided us with your details (referrals);
- Social media platforms;
- Partners with whom we are engaged with joint campaigns or we offer joint services; or
- Business-to-business information that is available in the public domain, such as company / organisation websites, public registers and databases (e.g. Companies House).
Where data is obtained from third parties, it is the responsibility of the third party to ensure that it has obtained your consent to share your personal information with us. Where possible, we will ask a third party to confirm that it has the right to pass this information to us.
When contacting you using information obtained via third parties, we will always ensure that you have the opportunity to opt-out from receiving future communication.
Associates
From time-to-time, we enter into contracts with associate / freelance providers to deliver training and services on our behalf. Individuals and organisations working with us in this way will be familiar with this policy and will have agreed to process data only for our purposes.
How we protect your information
Physical storage and transfer
We will store and transfer all paper-based records securely and ensure that it is only accessible by authorised individuals. We will also ensure that records are promptly and securely transported by either authorised individuals or through a secure carrier, and are not left unattended at any time.
Digital storage and transfer
We will ensure that any data stored electronically is protected by suitable security measures and can only be accessed by authorised individuals. Computers will be located in secure locations and mobile devices will have suitable protection (passwords, PIN numbers, encryption etc).
Retention
We store and retain data for a reasonable period of time in relation to our business activities, or in accordance with our regulatory or contractual obligations. Training and assessment documentation will be retained for one year.
Disposal
Any paper-based records will be disposed of securely. They will either be shredded on site by an authorised individual or collected by a specialist confidential waste provider, with a certificate of disposal provided.
Electronic records will be permanently deleted (including secondary and cloud based backups).
Data breaches
The GDPR define a data breach as the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. In the highly unlikely event of a breach, we are legally obliged to notify the Information Commissioner’s Office and any data subjects who may be adversely affected.
Your rights
Legally, you have rights in relation to the personal information that we hold about you, and can:
- Request a copy of the information being held;
- Request that we correct any personal information that is inaccurate or out of date;
- Withdraw your consent to processing (if we have relied on your consent to process your personal information);
- Request that we transmit your data so that you can use it for your own purposes (data portability);
- Object to us processing your personal information. If you do this, we will stop processing your personal information if we are doing so for our legitimate interests, processing it for direct marketing or research purposes (unless such processing is necessary for the performance of a contract); and
- Restrict the processing of your personal information if you contest the accuracy of the personal information that we hold about you. In this instance, we will stop any processing whilst verifying the accuracy of the personal information.
If you would like any further information on this policy, you would like to make any changes to the data that we hold or you object to us processing your data, please contact us as soon as possible in one of the following ways…
By email: [email protected]
By phone: 01226 777520 / 07833 470979
By post: Mind Matters, Kendray Business Centre, Thornton Road, Kendray, Barnsley, S70 3NA
This policy will be reviewed and amended annually and also as required, so please check back regularly to for updates.