We are committed to safeguarding the privacy of all our customers.
This policy outlines how we handle personal information.
We are registered as a Data Controller with the Information Commissioners Office (ICO) Registered reference: Z1742938.
The Training Room is also authorised and regulated by the Financial Conduct Authority (FCA) under reference 723720. This authorisation also carries a responsibility to ensure that we protect personal information.
The lawful basis for most of our activity as a Data Controller is driven the mutual intent to create and fulfil a contract with our customers, which will include a reasonable period during which there is relevant contact and marketing activity.
There may be times when a contract is not created with potential customers and we may still process personal information for marketing purposes. However, in these instances we will have asked for specific consent.
Our privacy framework
As part of our commitment to ensure the protection of your personal information we adopt the following privacy principles which ensure personal information remains private and is processed lawfully:
- We will only request and store the personal information we require to provide you with our products and services, including those you may be interested in, or where we have a legal obligation
- We will only request and store special category personal information, including health and financial information when you request a related service or where we have a legal obligation
- We will only share information with third parties as set out within this policy
What Information do we collect?
We may collect and store the following types of personal data:
- Information about the use of our websites (including your IP address, geographical location, browser type, referral source, length of visit and number of page views)
- Information that you provide to us for the purpose of engaging our products and services and when requesting contact from us (including name, email address, date of birth, address and telephone number)
- Any other information that you choose to send to us
- Special category information required to provide requested services, including financial products, and health-related information allowing us to facilitate special considerations and facilitate our equal opportunities policy, conviction information where required for safeguarding and by law
- Information about learning journeys including examination and qualification results
Special category data
Some of our courses carry a duty of care which requires us to ask about health conditions that might be affected. There is no obligation for you to provide health information to us, but it may affect the service we can make available and any subsequent recourse.
In line with The Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 we may require you to disclose offences related to sexual or violent offences, when your training or placement will bring you into contact with persons under the age of 18 or vulnerable adults.
How we use personal information
We will use personal information to:
- Contact you regarding your application or enquiry
- Provide you with our products and services, including passing necessary information to third parties who form part of the products or services. We may not be able to provide products or services if you do not disclose the required personal information
- Given the lawful basis detailed above: provide marketing communications, relating to our business, which are relevant to the product and service engaged by yourself. This may be by post, email or similar technology.
- Provide and service financial products, including but not limited to, application for credit, account maintenance, notification of changes to accounts, debt collection, and legally or regulatory required communications
- Administer our website
- Provide third parties with statistical information about our users – this information will never be provided in a format which can be used to identify any individual
- Handle customer learning journeys including enquiries and complaints
- Analyse and profile your information to identify trends and to tailor our communications and services, including preventing you from receiving unwanted material
Aggregated or meta data may be used to identify trends and for gap analysis. In these instances, the data will be anonymised and not attributable to a particular person
We will not keep personal information for longer than is necessary. However, the length of time information is retained will depend on the type of information and the contractual relationship we have with you.
Our record retention policy is regularly reviewed and updated to ensure we anonymise or delete information that is no longer required.
Third parties we work with
Personal information will be shared with our third parties where necessary to:
- Fulfil our contract for product and service delivery
- Service financial agreements
- Where you have opted in to receive marketing material from our third parties
We employ a robust due diligence process when choosing to work with a third-party. This includes ensuring they have the same high standards in processing your data as we do. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it, which will always be in line with this Policy They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Should you require details of any of our third parties and their privacy policies, these can be requested by contacting our Customer Services:
In addition, we may disclose information in the following circumstances:
- When we are required to do so by law
- In connection with legal proceedings or prospective legal proceedings
- To establish, exercise or defend our legal rights (Including providing information to others for the purposes of fraud prevention, anti-money laundering and reducing credit risk)
- For the purposes of litigation
- To provide regulatory bodies with reports if a breach in regulation occurs (customers will also receive notification of the details being provided prior to submission if there is any identifying data included within the report).
- For the purposes of payment processing. We maintain full compliance with the Payment Card Industry Data Security Standard (PCI DSS). More information can be found at: https://www.pcisecuritystandards.org/pci_security/
Third party websites
The Training Room website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
We do not transfer information outside of the European Union unless it is relevant to our product or service and is specifically requested by you.
When applying for credit
Credit reference agencies
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). Where you take financial services from us we may also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. We will use this information to:
- Assess your creditworthiness and whether you can afford the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the Credit Reference Agency Information Notice (This notice is the same across the three agencies):
Automated decision making
When applying for finance through us we will create and assess a credit application based on your personal circumstances. In the first instance this may involve an element of automated decisioning which is governed by our internal policies and credit industry standard practice.
Applications will never be declined without human review.
Most browser software can be set up to deal with cookies. You may modify your browser preference to provide you with choices relating to cookies. You have the choice to accept all cookies, to be notified when a cookie is set or to reject all cookies. If you choose to reject cookies, certain functions and conveniences of our Web site may not work properly, and you may be unable to use those services that require registration in order to participate, or you will have to re-register each time you visit our site. Most browsers offer instructions on how to reset the browser to reject cookies in the "Help" section of the toolbar. We do not link non-personal information from cookies to personally identifiable information without your permission.
Security of personal information
We always take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of any personal data we hold on our systems.
We will store all personal information provided to us on our secure (password-protected and firewall-protected) servers. Where we use a third party to provide us with these solutions, the third party is subject to additional data security checks which include confirmation the provider is a relevant International Organization for Standardization (ISO) Certificate holder and registered with the ICO. As part of our due diligence process we always review our third party’s privacy / data security policies prior to engaging them.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to us in this manner.
You may instruct us to provide you with any personal information we hold about you. Provision of such information is normally free of charge.
You have the right to withdraw consent for us to use your personal information at any time. There may be instances where this is not practical or reasonable; for instance, where we have an ongoing contractual relationship with yourself. However, if for any reason we cannot facilitate a consent withdrawal, we will provide you with a full explanation including the lawful basis under which we would continue to use your information.
The above does not include use of your information for marketing activity. If you have consented to receive marketing material you can remove this consent at any time.
To withdraw consent to use your personal information in full or in part, contact our Customer Services: firstname.lastname@example.org
You have the right to raise a complaint about the use of your personal information with the Information Commissioner’s Office. Further details can be found at: https://ico.org.uk/
Updating your information
We have a responsibility to ensure the information we store about you is relevant and up to date. Please let us know if the personal information which we hold about you needs to be corrected or updated.
Or write to us by post:
TTR PT LTD
Update: 14th April 2019