Your privacy is important to you and us at Atrium. We understand that you care about how your personal data is used and stored. Atrium, as both the Data Controller1 and the Data processor 2 of your data are committed to protecting your individual rights to privacy. The term “processing” covers virtually everything that can be done with data, including collection, recording, storage, disclosure by transmission, erasure and destruction. Your data will be processed in accordance with the Data Protection Act (DPA) 2018 and the new General Data Protection Regulations (GDPR) 2018.
If you have any questions about this Privacy Notice, please contact us by emailing email@example.com or by telephone on 01978 660 000
The following data may be collected, held and shared by Atrium
• Information about you that may include name, address, e-mail, contact details, bank details, photographs and sensitive (or special category) information.
• You (the data subject)
• Your employer, e.g. Human Resources, Management
• A third party3 course organiser or facilitator
• Websites- online form
• Paper forms
• Face to face
• Atrium’s core admin staff4 and your employers/course organisers/facilitators
• We may process your personal information to comply with our legal requirements (for example, to contact you if there is an urgent safety or product recall notice and we need to tell you about it).
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation to our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
• We may process your data to send direct marketing of similar products including prompt letters. We will not do this without your prior consent. You are able to opt out at any point by informing us of your preferences via email or phone (information stated on the Contact Us section of Website) or by replying to any of our emails.
Other grounds for processing
• Sometimes we will need to process your personal information if, for example, there is an urgent safety or product recall notice and we or the manufacturer of the product needs to tell you about it, or for life saving medical diagnosis and treatment purposes.
Change of purpose
• We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose for example a change in the law. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Sharing Your Data
Your data will not be shared with any third party without your prior consent.
· Give you the services, information or products you have requested or required.
· Keep you in touch with our work, for example by sending you updates of when your certificate is due to expire. You will have an option to opt in to this communication when you attend your course.
We retain personal data relating to payments, VAT, tax and accounts for the minimum statutory periods required by UK law.
We retain personal data relating to training records and consultancy work for the minimum required to fulfil our legal requirements and those of awarding bodies (e.g. British Safety Council, First Aid Industry Body).
We retain historic information relating to bookings, consultancy, events and purchases to enable us to analyse the performance of the business over time and plan for the future success of the company.
We only keep this information for as long as is necessary to perform this task.
Our data and the data we collect are stored on a secure server based in the United Kingdom. Although transmission of information over the Internet cannot be guaranteed as one hundred per cent safe, once we have received your data we will use strict security procedures, data protection tools and anti-virus/hacking technology to prevent data loss or unauthorised access.
Hard copies of personal data are retained for legal purposes. These are stored in suitable locked cabinets for fire and theft. Our unit is always staffed when open and locked at all other times. The building that consists of Atrium’s unit (Redwither Tower) is staffed 24 hours.
Erasure and Destruction of data
Personal data will be destroyed by secure electronic file deletion and/or cross shredding at prescribed interval.
You are guaranteed certain rights under UK and EU data protection law which Atrium will make every effort to meet. Not all of these rights are absolute – for example where there is a statutory obligation to retain data. The rights conferred to you are as follows.
In the event of a data breach or serious complaint you can contact the ICO (Information Commissioner’s Office) directly via their website: www.ico.org.uk
We are registered with the ICO. Our registration number is Z2259934
This policy will be reviewed and/or revised as necessary in order to meet any changes in statutory duty or best practice.