Privacy

Throughout this privacy policy, there are words and phrases that have a specific meaning or that we are using in a special way. They are:

"Personal data" “Personal Data” means any information relating to an identified oridentifiable natural person (“data subject”); an identifiable natural person isone who can be identified, directly or indirectly, in particular by referenceto an identifier such as name, an identification number, location data, anonline identifier or to one or more factors specific to the physical,physiological, genetic, mental, economic, cultural or social identity of thatnatural person.

Please note this set of characteristics above is not exhaustive:any information that could be used to identify you, “the data subject” ispersonal data, and this information can be found in any format. This canencompass photographs, correspondence, physical media and so on.
"Special category data" meanspersonal data about a person’s race, ethnic origin, politics, religion, tradeunion membership, genetics, biometrics (where used for ID purposes), health,sex life or sexual orientation.
"You", “Your”, “The data subject” means theperson whose personal data is being processed.
"Data controller" means the organisation which is responsible for processing dataand ensuring that personal data is processed in accordance with data protectionlaw.
"Data Processor" means a natural or legal person, public authority, agency or anyother body which processes personal data on behalf of the controller
“Processing” means any operation or set of operations whichis performed upon personal data or sets of personal data, whether or not byautomated means, such as collection, recording, organisation, structuring,storage, adaptation or alteration, retrieval, consultation, use, disclosure bytransmission, dissemination or otherwise making available, alignment orcombination, erasure or destruction.

OUR TRAINING DEPARTMENT LTD: 06038472 (“OTD”, “We”, “Us” or “Our”) are committed to protecting and respecting our user’s privacy. When you use our services, you are entrusting us with your information. OTD Ltd understands that this is a big responsibility, and we work hard to protect the information shared with us.

RATIONAL AND SCOPE

This privacy policy is intended to help you understand what information we collect about you, when you use our services, or otherwise interact with OTD, requesting information in electronic form, buying our products on-line, or by participating in our training, coaching or apprenticeship programmes, unless a different policy is displayed at that time. We refer to all of these services and products in this Privacy Policy as our “Services.”

It covers all learners, employees, prospects, customers, suppliers, associate business coaches, affiliates and volunteers.

It describes what rights you have with regards to your personal data and how you can exercise those rights, how you can object to certain uses of your personal data and how you can update information about you, as well as the steps we take to protect your privacy in line with the General Data Protection Regulation and Data Protection Act 2018.

The following companies and websites are within scope of this privacy policy:

It includes personal data that is collected through our websites, by telephone, through Live Chat and through any related social media applications.

OTD Ltd is the data controller for all the companies and websites named above. This means that OTD Ltd determines what data is collected, how this data is going to be used and how this data is protected.

Where we provide our services under contract with an organisation for example your employer, that organisation may be the “controller” of the personal data processed, we maybe a joint data controller with other organisations, or we maybe processing data about you on behalf of another organisations, but when this is the case, we will make you aware of this when the information is collected.

If you have questions about how we process personal data, or would like to exercise your data subject rights, please email us at GDPR@otd.uk.com.

If for any reason after reading this policy you are hesitant about our data handling processes or procedures, please seek further advise before you access our services.

‍

You have the following rights in relation to the personal data we hold on you:

the right to be informed; this means we must tell you how your data is being used. When processing your personal data, we will make clear what we are processing, why, and who else the data may be passed to;
the right of access; this is your right to see what data we retain on our files. To do so, you should make a subject access request.
the right to rectification; the right to have your data corrected or amended if what is held is incorrect in some way. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it;
the right to erasure; under certain circumstances you can ask for your personal data to be deleted. This is also called ‘the Right to be forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been withdrawn, or the personal data has been unlawfully processed;
the right to restrict processing; this gives you the right to ask us for a temporary halt to the processing of personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected;
the right to data portability; you have the right to transfer the data that we hold on you for your own purposes. This will to be provided in a structured, commonly used, and machine-readable format;
the right to request the transfer; you have the right to request the transfer of your personal data from us to another party;
the right to object to the inclusion of any information; you have the right to object to further processing of their data which is inconsistent with the primary purpose for which it was collected, including profiling, automation, and direct marketing.

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time.

Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.

If you wish to exercise any of the rights explained above, please contact Our Data Protection Officer named above in Roles and Responsibilities.

“Special categories” of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing, and using this type of personal data.

Special categories of data are data relating to you:

medical and health – information that describes your health and medical conditions or health care, including; physical and mental health, health records, disabilities, family or individual health history.
sexual – information that describes your sex life, including; gender identity, preferences, proclivities, history etc.
ethnicity – information that describes your origins and lineage, including; race, national or ethnic origin, languages spoken, dialects and accents.
public life – information about your public life, including; character, general reputation, interactions, communications meta-data, political affiliations.
knowledge and belief – information about your believes and what you know, including; religious beliefs, philosophical beliefs, thoughts, what you know and don’t know, what you think.
social network – information about your social connections, including; trade union membership, connections, associations.
genetic and biometric data – information resulting from specific technical processing which relates to physical, phycological or behavioural characteristics, including; gene sequences, fingerprints, facial recognition, retinal scan, photographs.

Although the above are indicated as special categories by GDPR, OTD Ltd will only collect such information necessary for the performance of your contract and legitimist interest. Occasionally, special categories of data may be processed where you are not capable of giving your consent, where you have already made the information public or in the course of legitimate business activities or legal obligations and in line with the appropriate safeguards.

Examples of the circumstances in which we will process special categories of your particularly sensitive personal data are listed below (this list is non-exhaustive):

in order to protect your health and safety
to assess your physical or emotional fitness to work
to determine if reasonable adjustments are needed or are in place
to monitor and manage sickness absence, family leave or other absences from work (including time off for dependents)
to administer benefits
In order to fulfil equal opportunity monitoring or reporting obligations

Most commonly, we will process special categories of data when the following applies:

Consent: you have given clear consent for the processing of your personal data for a specific purpose.
Contract: the processing is necessary for compliance with a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations) and meets the obligations under our data protection policy.
Vital interests: the processing is necessary to protect someone’s life.
Public task: the processing is necessary for us to perform a task in the public interest, or for our official functions, and the task or function has a clear basis in law and meets the obligations under our data protection policy. (For example, in the case of equal opportunities monitoring)
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of third party unless there is a good reason to protect your individual’s personal data which overrides those legitimate interests (For example, to assess your capacity to work on the grounds of ill health)

Where appropriate, we may seek your written authorisation to process special categories of data. Upon such an occasion we will endeavour to provide full and clear reasons at that time in order for you to make an informed decision. In any situation where consent is sought, please be advised that you are under no contractual obligation to comply with a request. Should you decline to consent you will not suffer a detriment.

Prospect

Most of the information we process comes from you. We process it so we can reply to you, and when you contact us again, we know what you asked before, what you were sent, and what you told us.

Typically, we are collecting name, contact details, how we came across you, and background information from you or published by you on social media or freely accessible on the internet, on why you might be interested in our services or a relevant contact for our business.

If we email you or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.

If you make an enquiry via our website, we will keep details of that enquiry and response for our data retention period.

We do not routinely keep special category data. To the extent we hold this, it was supplied or made publicly available by you.

Customers

Once you buy something from us, we will collect information from you at the point of sale. This will include the information we collect from Prospects (above). We collect your email address, phone number and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.

We process your data to support the delivery of the services you have bought. We keep records of the services provided to you, and information you give us, so we can support you when needed and advise you of any additional services you may need.

When we are processing data about you on behalf of a customer, we are operating under the banner of our customer’s data privacy policy. We will refer any enquiry from you to them, as they are the “data controller” responsible for dealing with your query. But we will support that by providing relevant information to our customer for passing to you.

Associate Business Coaches & Suppliers

We collect information on potential and actual Associate Business Coaches and suppliers. This is mostly provided by you, but we do add to it the same kind of data we use for Prospects (see above).

If you become an Associate Business Coach or supplier, we keep a copy of the contract between us and your bank details so we can pay you. We also keep a record of invoices/payments for accounting purposes.

We keep a record of the work you undertook for us/our customers along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution.

This information is all needed to manage our customer relationships and our supply chain.

Learners

We collect information about potential and actual Learners, in the first instance this information may be passed to us by your employer. Depending on the type of learning programme you embark on with OTD Ltd, you may add to this over time. This could be in the form of application forms or learning portals or other necessary documentation to sustain the learning.

The data we hold on you is added to during the course of your learning journey, such data will be added by your Associate Business Coach and / or Assessor.

Unless otherwise agreed at the beginning of your learning journey, your information will not be shared with another third party, or your employer unless the reasons for doing so are to enable us to continue your development, and to fulfil our contract with your employer.

We will keep a record of the learning you undertook with us, with any comments, reviews or suggestions to support your learning journey. This information will be held securely on a learner management system.

Employees

We collect information on potential and actual Employees through the application and recruitment process. This is mostly provided by you or via an employment agency or third party who undertakes background checks. Further information will be collected from you during the enrolment period, and when you complete forms at the start of your employment.

This will include your bank and next of kin details. Other details may be collected directly from you in the form of official documentation such as, your driving licence, passport or other right to work evidence. This data is added to during the course of your engagement with us, to enable its continued existence or development.

All employee data will be held in accordance with this policy and the Privacy Notice for Employees.

Financial and credit card details

We do not receive or store your credit card details. Credit card payments are handled by an external secure processor in accordance with their data security policies. We receive limited information from our processor for us to tie up your payment with your invoice.

When you pay us by BACS or direct transfer, we know only what the bank tells us, which is usually the name of the person (Company) who paid us and how much and the reference number.

We do not keep credit scores nor use credit reference agencies.

‍

Your data will be shared within OTD Ltd where it is necessary for Individual workers to undertake their duties. This includes, for example, Managers / Assessors / Tutors / Associate Business Coaches for their management of you, for maintaining personnel records and with finance personnel for administering payment under your contract.

It may be necessary for us to share your personal data with a third party or third-party service provider (including, but not limited to, contractors, agents or other associated / group companies) within, or outside of, the European Union (EU). Data sharing may arise due

to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest (including a legitimate interest of a third party) to do so.

The list below identifies which activities are carried out by third parties on our behalf (this list is non-exhaustive):

Payroll / finance
HR advisors
pension providers / administrators
IT service providers / platforms
legal advisors
regulators and law enforcement agencies
marketing
security
insurance providers
postal companies

Data may be shared with third parties in the following circumstances:

in the process of regular reporting activities regarding our performance;
with regards to a business or group reorganisation, sale or restructure;
in relation to the maintenance support and/or hosting of data;
to adhere with our legal obligations;
in the process of obtaining advice and help in order to adhere with legal obligations;
in obtaining and securing funding. E.g. for apprenticeship and functional skills delivery;
to adhere with our legal obligations under the Education Act 2011.

Your personal data is held in the strictest confidence. If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data of yours that they process. We do not permit any third parties to process personal data for their own reasons. Where they process your data, it is for a specific purpose according to our instructions.

We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.

‍

OTD Ltd has a robust complaints and appeals procedure in place. Should you have any questions regarding this policy, or how we process your personal data, please feel free to contact us using the details provided above.

All workers either employed or contracted at OTD Ltd are made aware of policies and procedures and are aware of how to report any concerns over data process and access. The Company Directors and SLT reserve the right to enforce disciplinary procedures if issues and concerns have not been reported in line with company policy and procedures. All workers employed or contracted must attend any mandatory GDPR and Data Protection training as requested by OTD Ltd.

As a member of the OTD team, if you are unsure of the data processing and access management process, you must refer to the Data Protection Champion or the Company Directors for support and guidance.

All information shared with the Data Protection Champion, the Company Directors or SLT will be treated with appropriate levels of confidence and confidentiality. We are duty bound to report problems or concerns to external agencies, such as the police, local authority organisations or other external agencies as we feel would be most appropriate to the situation and in the best interest of the individual concerned and to protect the reputation and integrity of OTD Ltd and any associated businesses.

OTD Ltd will take all necessary steps to remedy any issues arising out of a failure to comply with the General Data Protection Regulations and will treat all such complaints in a confidential manner. The following steps will be taken to manage a data breach:

Follow incident response plan
Preserve data breach evidence
Contain the data breach
Disconnect from the internet
Disable remote access capability
Preserve firewall settings
Restrict internet traffic
Change access control credentials
Handle public communication about a breach

However, should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union.

For the UK, this is the ICO (Information Commissioner’s Office), which is also our lead supervisory authority.

Its contact information can be found at https://ico.org.uk/global/contact-us/.