We are committed to:
- ensuring that we comply with General Data Protection Regulation
- ensuring that data is collected and used fairly and lawfully
- processing personal data only in order to meet our operational needs or fulfill legal requirements
- taking steps to ensure that personal data is up to date and accurate
- establishing appropriate retention periods for personal data
- ensuring that data subjects' rights can be appropriately exercised
- providing adequate security measures to protect personal data
- ensuring that all staff are made aware of good practice in data protection
- ensuring that everyone handling personal data knows where to find further guidance
- ensuring that queries about data protection, internal and external to the organisation, is dealt with effectively and promptly
- regularly reviewing data protection procedures and guidelines within the organisation.
In specific situations, we can collect and process your data with your consent.
For example, when you tick a box to receive email newsletters.
In certain circumstances, we need your personal data to comply with our contractual obligations.
If you order a training course from us which has an exam at the end of it we collect your name and email address to enrol you for the exam session.
If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity affecting SYSOP to law enforcement .
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
3. What do we store?
Customers and Suppliers
- Contact First name
- Contact Last Name
- Company Name
- Address – usually work - could be home for an Attendee who books directly
- Telephone numbers – could be work, home, mobile
- Email – could be work could be personal
- Exam board and candidate number
- Exam results
- Courses enrolled for.
- Payment details from customer -if payment is by card – these are only kept whilst the payment is being processed then it is destroyed in line with PCISS compliance
- Bank details for Supplier to make payment
4. When do we collect your data?
- When you are booked on to one of our events
- When you fill in an appraisal form
- When you register on our web site
- When you request us to send you information
- When a colleague of yours provides your information and requests we contact you
5. Where do we store it and in what form?
- Sysop files are stored in the cloud and on paper for the administration of all sales, purchases and all company activity
- Information is also stored on supplier portals, and customer portals.
6. How do we protect your information?
We know how much data security matters to all our customers. And so we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption.
We regularly monitor our system for possible vulnerabilities and attacks.
7. What do we do with it?
- Information is used to enrol students on to training courses and exams.
- Information is used to invoice and receive payments from our customers.
- Information is used to pay our suppliers and staff.
- Information is used to promote our goods and services via email, social media, telephone etc.
From February 2018 all Attendees will be asked whether they wish to receive our mailers. There has been an unsubscribe method available on all our mailers for over 10 years.
8. How long do we store it for?
- Data on administrate is kept indefinitely,
- Accounts data is kept for a minimum of 7 years
- Payment card details are kept until the payment is in our bank account and then destroyed in accordance with the PCI Compliance regulations
9. Who do we share it with? (all data is treated as personal)
- Only the information required to book an exam is shared with the exam boards (Peoplecert, APMG BCS)
- Only Name and email address are supplied, verification and amendment is then required by the candidate direct with the exam board.
- Only the information required to book an attendee on an external course run by one of our partners is shared with the relevant partner – name and email address. They may only use your data for the exact purposes we specify in our contract with them.
- Law enforcement agencies, HMRC where legally obligated .
- IT companies who support our website and other business systems.
10. What are your rights and how do you amend your data?
It is likely that you will have opted in to our marketing emails at some time in the past and you are able to unsubscribe from any marketing by letting us know by email (email to firstname.lastname@example.org) or by following our unsubscribe instructions.
You have the right to request access to your information and to have any inaccuracies corrected or in certain instances deleted.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we may ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act
If we choose not to action your request we will explain to you the reasons for our refusal.
You can also complain to us and to the data protection regulator.
Information Commissioners Office. https://ico.org.uk/concerns/