Eliesha Training Ltd – Website Privacy Notice
This is the Privacy Notice for Eliesha Training Ltd (or “we”).
We are a company incorporated in England and Wales. Our company number is 04161029 and our registered office is at Newcastle House, Albany Court, Newcastle Business Park, Newcastle Upon Tyne, NE4 7YB.
This Privacy Notice outlines how we manage personal data. If the website you are using is not hosted by us, then the hosting IT administrator of your website will have separate Privacy Law obligations to you. In such circumstances you will need to check directly with your hosting IT administrator as to how your personal data is being managed by them.
This Privacy Notice has the intent to outline how Eliesha manages any of your personal data in its control, in a clear and straightforward way.
Who are we? The Data Controller and Data Protection Officer
The Data Controller for data processed under this Notice is: Systems Manager, Eliesha Training Ltd.
Our Data Protection Officer is: Finance Director, Eliesha Training Ltd. [email protected]
What is covered by this Privacy Notice?
Your privacy protection is central to us. This is why we have adopted the EU’s General Data Protection Regulation 2016/679 (“GDPR”) as our global standard. It is the most advanced and protective Privacy Law globally.
We are committed to ensuring that your privacy is protected and we strictly adhere to the provisions of the UK GDPR (UK General Data Protection Regulation), together with the Data Protection Act 2018, any national implementing laws, regulations and secondary legislation as amended or updated from time to time in the UK, and any successor legislation to GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (Data Protection Legislation).
To provide our products and services, we need to process a certain amount of data, some of which is personally identifiable.
Under GDPR personal data is defined as: “any information relating to an identified or identifiable natural person (‘Data Subject”) and a Data Controller determines the purpose and means of processing personal data, whereas a Data Processor is responsible for processing data on behalf of the Data Controller.
This Privacy Notice relates to everyone whose personal data is processed by us on this website.
What data do we collect / Why do we need to collect and store personal data?
We process data on the following categories of individuals:
- Learners/ System Users
- Customers & prospective customers
- Website visitors
- Newsletter/ marketing subscribers
- Suppliers, sub-contractors & freelancers
- Staff (and 3rd party personal data they provide)
- Prospective staff (job applicants)
To provide learners with access to Eliesha’s learning platform, track progress and inform delegates of course information, material and timing, we require to collect a minimum of personal information. This is limited to:
- First Name and Surname.
- Organisation.
- Email address.
- Work phone contact details.
- Course of study.
The privacy notice for our learning platform is located on the Learning Management System.
We always process your personal data for specific purposes, with the nature of the data collected depending on your interaction with us. We are committed to transparency in this.
Our legal bases for the processing of personal data are:
- Article 6.1(a), GDPR, Consent
- Article 6.1(b), GDPR, Contract
- Article 6.1 (c), GDPR, Legal Obligation
- Article 6.1(f), GDPR, Legitimate Interest
We only rely on ‘legitimate interests’ as the legal basis for processing by us, or third parties we use.
Learners/ System users – for information
In order to access our Learning Management System (LMS), and complete training and other associated activities, users require an LMS account. Having an account means Eliesha is storing the personal data you provide, and we further process this to determine training outcomes and retain certification records as well as analyse content and system usage, improve our products and services and respond to support queries and evaluation comments. Where a learner has accessed or is allocated an Eliesha course, directly from Eliesha, Eliesha is the data controller.
If your login details or training has been provided by a 3rd party (e.g. your employer, another training organisation or an Eliesha learning partner/3rd party reseller) then they will be joint data controller along with Eliesha, where applicable, and also have access to and will be processing your personal data. Should you require any further information you should contact them directly. If you are unsure who to contact, Eliesha may be able to assist, please email our Data Controller – the Systems Manager – [email protected]. Where a 3rd party has provided system access, and no Eliesha content is allocated to the user, then Eliesha is a data processer, and the relevant 3rd party sole data controller.
Eliesha retains learning records under its commitment to lifelong learning and in compliance with learning contracts. This is to enable us to provide factual information on what a learner has studied and achieved, i.e. name, courses studies, CPD gained, test results etc. This is in line with industry professional best practice.
Where learners complete one of our accredited/qualification courses, personal data is shared with the relevant and appropriate professional awarding body e.g. ILM, CMI, IOSH, RoATP, ESFA to enable them to validate and issue their certification.
Website visitors & online customers
When you make an enquiry via our website (www.eliesha.com), we will ask you to provide certain personal information, for example:
- your name; and
- your email address
Please note that we require this information to be able to process your request and fulfil our contractual obligations (our condition for processing under UK GDPR). We may be unable to fulfil the requested information or contract without your personal data.
If individual learners purchase services, we will require additional personal information in order to process such payment (e.g. your home address).
We will share your personal details with our internal Marketing and Accredited Centre team in order to enable you to evaluate or review of our products and services, register you on appropriate qualifications with relevant professional accreditation bodies and to help us continually improve.
Your personal information will then be used by us to provide you with the services you ordered and to communicate with you regarding the provision of those services. We also monitor website usage for the purposes of improving and developing our website and the services we provide via our website. Please note that any such statistics and/or information provided is made on a confidential basis and will not include information that can be used to identify any individual.
Our use of cookies
Any data we collect from this site is only used as an aid to contact you once an enquiry is made. We will never send on your details to any third party and any details collected are stored on secure systems.
General cookies policy
By using this website you are consenting to our use of the cookies outlined below.
What are cookies?
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies are not programs and therefore cannot contain viruses or other malicious software. They are purely a string of text and numbers. Your personal data will not be stored for any other reasons than those stated. This website uses cookies as outlined below to make our website and your browsing experience better.
What cookies we use on this website and why we need to use them? PHPSESSID cookie (“PHPSESSID”)? This is a session ID cookie which is stored to allow the CMS system which renders each page in the website know which pages it has rendered during your browsing session. It stores a random number ID which has nothing to do with you or your browsing behaviour.
Anonymous analytics cookies – [Google Analytics] (“__utma, __utmb, __utmc, __utmz”)? Google Analytics is a system used by many website to record anonymous information about who visits a website. Google set five different cookies with expiry dates ranging from 1 day to 2 years. These cookies are used mainly to differentiate between first time visitors to a website and repeat visitors. They do not contain any personally identifiable information. Some helpful links to find out more about Google’s policies.
Find out more about how Google use cookies at http://www.google.com/intl/en/analytics/privacyoverview.html. Review Google’s Privacy Policy on analytics here http://www.google.com/analytics/learn/privacy.html. You can opt out of Google Analytics on all sites by installing this browser plugin http://tools.google.com/dlpage/gaoptout.
Newsletter / marketing subscribers
When you fill out a webform to sign up to a newsletter, download a resource, such as an infographic, or enquire about a product, we may ask you to provide certain personal information, including your:
- first name and surname;
- email address;
- job title & the organisation you work for; and
- telephone number
By completing the form and ticking the relevant boxes you are providing your consent for Eliesha to process your personal data, and this is the legal basis we are relying on to do so.
We will use the information that you give us to send you relevant emails containing Eliesha news, market trends, thought leadership & marketing communications. Your information will be stored by Eliesha only.
In addition, if you have enquired about a product or service we will use the information you have given to update our customer relationship management system so one of our consultants or advisors can contact you.
Some automation and profiling may be used to send emails or a series of emails based on your indicated preferences and your interactions with the emails we send to you. For example, if you have enquired about a particular product we may send you a series of emails outlining features or benefits of that particular product.
We regularly review your interactions with the emails we send you and remove any subscribers who request it. You can withdraw your consent and unsubscribe at any time by clicking the link at the bottom of our email communications or by emailing your request to this address. [email protected]
If you continue to interact with our emails or website, we will retain your data so we can continue to support and send you emails.
We will not sell or pass your information to third parties other than those set out above.
Suppliers, sub-contractors & freelancers
Personal data provided by suppliers is only used for purposes related to the supply of goods or services for which we have contracted.
Prospective staff (job applicants)
Should you apply for an advertised job vacancy, or submit a speculative application, either directly or through a recruitment agency or other 3rd party, we will process your data solely for this purpose. We hold all applications on file for a finite period, in order to contact applicants regarding other similar potential opportunities of interest that become available within this time.
How do we safeguard your personal data?
Protecting your security and privacy is extremely important to us and we make every effort to secure your information and maintain your confidentiality in accordance all relevant Data Protection Legislation. Our systems are protected by various levels of security technology, which are designed to protect your information from any unauthorised or unlawful access, processing, accidental loss, destruction and damage.
Please note that we may need to disclose your personal information where we:
- are under a legal duty to comply with any legal obligation or in order to enforce or apply our terms and conditions; or
- need to disclose it to protect our rights, property or safety of our customers or others, including the exchange of information with other companies, organisations and/or governmental bodies for the purposes of fraud protection and credit risk reduction
Your rights
How does Eliesha Training Ltd use my personal data?
The UK GDPR provides you with the following rights.
We will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (“GDPR”). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain certain information in accordance with the Law, such as information needed for audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Can I find out the personal data that the organisation holds about me?
The right of access
We at your request, can confirm what information we hold about you and how it is processed. If we hold personal data about you, you can request the following information:
- identity and the contact details of the person or organisation that has determined how and why to process your data;
- contact details of our Data Protection Officer, where applicable;
- the purpose of the processing as well as the legal basis for processing;
- if the processing is based on our legitimate interests or a third party, information about those interests;
- the categories of personal data collected, stored and processed;
- recipient(s) or categories of recipients that the data is/will be disclosed to;
- If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The European Union has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information. These will rely on measures approved by the EU Commission;
- how long the data will be stored;
- details of your rights to correct, erase, restrict or object to such processing;
- information about your right to withdraw consent at any time;
- how to lodge a complaint with the relevant supervisory authority;
- whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data;
- the source of personal data if it wasn’t collected directly from you;
- any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
We will process your request to access your information and provide this information to you free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge if you request more than one copy of the same information.
We will provide the information you request as soon as possible, unless there are extenuating circumstances. If we need more information to comply with your request, we’ll let you know.
How does Eliesha Training Ltd use my personal data?
We will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (“GDPR”). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain certain information in accordance with the Law, such as information needed for audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Can I find out the personal data that the organisation holds about me?
At your request, we can confirm what information we hold about you and how it is processed. If we hold personal data about you, you can request the following information:
- identity and the contact details of the person or organisation that has determined how and why to process your data;
- contact details of our Data Protection Officer, where applicable;
- the purpose of the processing as well as the legal basis for processing;
- if the processing is based on our legitimate interests or a third party, information about those interests;
- the categories of personal data collected, stored and processed;
- recipient(s) or categories of recipients that the data is/will be disclosed to;
- If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The European Union has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information. These will rely on measures approved by the EU Commission;
- how long the data will be stored;
- details of your rights to correct, erase, restrict or object to such processing;
- information about your right to withdraw consent at any time;
- how to lodge a complaint with the relevant supervisory authority;
- whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data;
- the source of personal data if it wasn’t collected directly from you;
- any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
The right to rectification
If you believe personal data we hold about you is inaccurate or incomplete, or any of the information you provide to us changes, please let us know as soon as possible so that we can make the necessary changes to the information we hold for you on our database. If you wish to make any changes to your information, please contact our Data Controller – the Systems Manager at [email protected].
We will comply with your request, unless we don’t feel it’s appropriate for us to do so, in which case we’ll let you know why. We’ll also let you know the time to comply with your request.
The right to erasure
In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:
- where we no longer need your personal data for the purpose for which we collected it;
- where we have collected your personal data on the grounds of consent and you withdraw that consent;
- where you object to the processing and we don’t have any overriding legitimate interests to continuing processing the data;
- where we have unlawfully processed your personal data (i.e. we have failed to comply with UK GDPR);
- where the personal data has to be deleted to comply with a legal obligation; and
- where the personal data we process relates to the offer of online services to a child.
There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we’ll let you know.
Our website may contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other websites. This privacy policy applies solely to information collected on our website.
Please note that we may change our Privacy Policy from time to time. If we make any changes, these will be shown on our website and will immediately supersede any previously posted information.
We have appointed a Data Protection Lead who is responsible for overseeing questions in relation to this privacy notice and is monitoring and leading on data protection and UK GDPR compliance. Our Data Protection Officer is the Finance Director, Ann Burnhope. If you have any queries or comments about this Privacy Policy, including any requests to exercise your legal rights, please contact our Data Protection Officer, the Finance Director at Eliesha Training Ltd. [email protected] or write to us at Eliesha Training Ltd, Newcastle House, Albany Court, Newcastle Business Park, Newcastle Upon Tyne, NE4 7YB. We always welcome your views about our website and our Privacy Policy.
Complaint
Should you wish to lodge a complaint with the Information Commissioner’s Office, you can do by contacting the ICO directly via one of the options on their website https://ico.org.uk/global/contact-us/
Eliesha Ref: ICO (Information Commissioner’s Office) Registration Number: Z5971132