We are committed to safeguarding the privacy of all our customers.
This policy outlines how we handle personal information.
We are registered as a Data Controller with the Information Commissioners Office (ICO) Registered reference: Z1742938.
The Training Room is also authorised and regulated by the Financial Conduct Authority (FCA) under reference 723720. This authorisation also carries a responsibility to ensure that we protect personal information.
Our primary lawful basis to process your information as a Data Controller is our mutual intent to create and fulfil a contract with you, which will include a reasonable period during which there is relevant contact and marketing activity.
There may be times when a contract is not created, and we may still process personal information for marketing purposes. However, in these instances we will have asked for specific consent.
Our privacy framework
As part of our commitment to ensure your personal information is protected and processed lawfully we adopt the following privacy principles:
- We will only request and store the personal information we require to provide you with our products and services, including those you may be interested in, or where we have a legal obligation
- We will only request and store special category personal information, including health and financial information when you request a related service or where we have a legal obligation
- We will only share information with third parties as set out within this policy
What Information do we collect?
We may collect and store the following types of personal data:
- Information about the use of our websites (including your IP address, geographical location, browser type, referral source, length of visit and number of page views)
- Information that you provide to us for the purpose of engaging our products and services and when requesting contact from us, including name, email address, date of birth, address, and telephone number
- Information required to deliver our training journeys, which may include examination and qualification results
- Information required to deliver our recruitment products and services, which may include education and employment history, psychometric testing results
- Special category information required to provide the requested services, including financial products, and conviction information where required for safeguarding or by law. We may also request, but you are not obligated to provide, health information allowing us to facilitate special considerations or adjustments, and gender information allowing us to maintain our equal opportunities policy
- Any other information that you choose to send to us
Special category data
Some of our courses carry a duty of care requiring us to ask about health conditions that might be affected. There is no obligation for you to provide health information to us, but it may affect the service we can make available and any subsequent recourse.
In line with The Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 we may require you to disclose offences related to sexual or violent offences, when your training, placement, or recruitment will bring you into contact with persons under the age of 18 or vulnerable adults.
How we use personal information
We will use personal information to:
- Contact you regarding your application or enquiry
- Provide you with our products and services, including passing necessary information to third parties who form part of the products or services. We may not be able to provide products or services if you do not disclose the required personal information
- Given the lawful basis detailed above: provide marketing communications, relating to our business, which are relevant to the product and service engaged by yourself. This may be by post, email or similar technology
- Provide and service financial products, including but not limited to, application for credit, account maintenance, notification of changes to accounts, debt collection, and legally or regulatory required communications
- Administer our website
- Provide third parties with statistical information about our users – this information will never be provided in a format which can be used to identify any individual
- Analyse and profile your information to identify trends and to tailor our communications and services, including preventing you from receiving unwanted material
Aggregated or meta data may be used to identify trends and for gap analysis. In these instances, the data will be anonymised and not attributable to an individual
We will not keep personal information for longer than is necessary. However, the length of time information is retained will depend on the type of information and the contractual relationship we have in place with you.
Our record retention policy is regularly reviewed and updated to ensure we anonymise or delete information that is no longer required.
Third parties we work with
Personal information will be shared with our third parties where necessary to:
- Fulfil our contract for product and service delivery
- Service financial agreements
- Where you have opted in to receive marketing material from our third parties
We employ a robust due diligence process when choosing to work with a third-party. This includes ensuring they have the same high standards in processing your data as we do.
Should you require details of any of our third parties and their privacy policies, these can be requested by contacting our Customer Services:
Our technology and learning management system partners form an integral part of our training and recruitment services. Our key partners and their privacy policies are:
IT Education and Recruitment
In addition, we may disclose information in the following circumstances:
- When we are required to do so by law
- In connection with legal proceedings or prospective legal proceedings
- To establish, exercise or defend our legal rights (Including providing information to others for the purposes of fraud prevention, anti-money laundering and reducing credit risk)
- For the purposes of litigation
- To provide regulatory bodies with reports if a breach in regulation occurs (customers will also receive notification of the details being provided prior to submission if there is any identifying data included within the report).
- For the purposes of payment processing. We maintain full compliance with the Payment Card Industry Data Security Standard (PCI DSS). More information can be found at: https://www.pcisecuritystandards.org/pci_security/
Third party websites
The Training Room website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
The Training Room does not directly transfer information outside of the EEA unless it is relevant to our product or service and is confirmed with yourself. Our technology partners may pass encrypted personal information to servers in other countries around the world for the purposes of business continuity, upgrades, and testing. This will mean your personal information may be securely processed on a server located outside the country where you live – please refer to their individual privacy policies for more detail.
When applying for credit
Credit reference agencies
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). Where you take financial services from us we may also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs, and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. We will use this information to:
- Assess your creditworthiness and whether you can afford the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the Credit Reference Agency Information Notice (This notice is the same across the three agencies):
Automated decision making
When applying for finance through us we will create and assess a credit application based on your personal circumstances. In the first instance this may involve an element of automated decisioning which is governed by our internal policies and credit industry standard practice.
Applications will never be declined without human review.
Most browser software can be set up to deal with cookies. You may modify your browser preference to provide you with choices relating to cookies. You have the choice to accept all cookies, to be notified when a cookie is set or to reject all cookies. If you choose to reject cookies, certain functions and conveniences of our Web site may not work properly, and you may be unable to use those services that require registration in order to participate, or you will have to re-register each time you visit our site. Most browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar. We do not link non-personal information from cookies to personally identifiable information without your permission.
Security of personal information
We always take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of any personal information held on our systems.
We will store all personal information provided to us on our secure (password-protected and firewall-protected) servers. Where we use a third parties to provide they are subject to additional data security checks which include confirmation the provider is a relevant International Organization for Standardization (ISO) Certificate holder and registered with the ICO. As part of our due diligence process, we always review our third party’s privacy / data security policies prior to engaging them.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to us in this manner.
You may instruct us to provide you with any personal information we hold about you. Provision of such information is normally free of charge.
You have the right to withdraw consent for us to use your personal information at any time. There may be instances where this is not practical or reasonable; for instance, where we have an ongoing contractual relationship with yourself. However, if for any reason we cannot facilitate a consent withdrawal, we will provide you with a full explanation including the lawful basis under which we would continue to use your information.
The above does not include use of your information for marketing activity. If you have consented to receive marketing material, you can remove this consent at any time.
To withdraw consent to use your personal information in full or in part, contact our Customer Services: firstname.lastname@example.org
You have the right to raise a complaint about the use of your personal information with the Information Commissioner’s Office. Further details can be found at: https://ico.org.uk/
Updating your information
We have a responsibility to ensure the information we store about you is relevant and up to date. Please let us know if the personal information which we hold about you needs to be corrected or updated.
Or write to us by post:
The Training Room - CUSTOMER SERVICES
2nd Floor Waterloo House,
Fleets Corner, Waterloo Road,
Poole, Dorset BH17 0HL
Reviewed: 4th August 2021.
Download a PDF copy here