ITEC is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy explains how we use the personal data you provide in compliance with UK data protection law and the General Data Protection Regulation EU 2016/679 (GDPR). For the purposes of the GDPR, ITEC is the ‘controller’ of the personal data you provide to us.
Who do we process personal data about?
As a data controller, we process personal data about our customers, potential customers, business contacts, tutors, learning centre staff, our learners, third party service provider staff, consultants, legal advisors, our staff and other business partner contacts.
Why do we need to process personal data?
• We only process personal data where this is necessary for the purposes of fulfilling a service you have contracted to receive
• Establishing or negotiating agreements to providing the services you have requested,
• Promoting our own goods and services
• Managing our accounts and records
• If required by law, including responding to law enforcement authorities and competent bodies to prevent or detect crime, fraud and money laundering
Uses of your Personal Information
ITEC uses your personal information to:
• Operate, maintain and monitor the ITEC Web sites to ensure the quality, security and continual improvement of the service
• Provide you with help, support and administration of any accounts you create to use our online software tools
• Establish and deliver the products and services you have contracted to receive, including fulfilment of our own record keeping and regulatory reporting obligations
• Complete payment transactions for goods and services you have ordered such as replacement qualification certificates or badges.
• Email you with routine service updates or issues relating to your use of our services
• Respond to your requests to be contacted or answer your queries including if you telephone, email or write to us
• Resolve any complaints or disputes
• Send you offers and promotional material relating to our own products and services if you have given us your consent to do so, including industry updates, awards, events and news which may be of interest to you.
Sharing Personal Information
ITEC does not sell, rent or lease its customer lists to any third parties.
ITEC may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you but only where we have your consent to do so. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party.
ITEC may share data with trusted partners including:
• Legal and regulatory bodies, advisers, consultants and professional experts
• When we are required to do so by law or similar obligation placed upon ITEC or its affiliate companies.
• Service providers who to help us deliver our goods and services, perform statistical analysis, manage email or postal mail services, provide customer support, or arrange for deliveries. All service providers are prohibited, under contract from using your personal information for any purpose except to provide these services to ITEC or a member of the ITEC group, and they are required to maintain the confidentiality, security and lawful use of your information.
Special category (sensitive) personal data
ITEC may collect and process special category data, only where necessary. The special category data we use is limited to:
• Evidence of physical or mental health or condition required to provide confirm eligibility for special learner adjustments. This may include evidence of your condition or needs such as a medical report, details of your needs relating to a disability, or learning difficulties. ITEC will not process this information for any other purpose. You have a right to withdraw your consent for processing this special category information at any time except where the processing relates to an overriding legal or regulatory obligation placed upon ITEC. Withdrawing consent for processing medical data may result in the withdrawal or refusal for learning support arrangements.
• ITEC may collect and process information such as race, religion and ethnicity where we are legally required to report on statistics relating to equal opportunities, discrimination and diversity.
• ITEC does not include special category personal information in relation to any automated processing or profiling activities.
Where you have given your express consent to receive marketing communications, we may use your personal data to send you newsletters, surveys, information about our awards and events, offers, and promotions, related to products and services offered by ITEC which may be of interest to you.
Where you have consented to marketing communications, you may change your preferences or unsubscribe from marketing communications at any time by clicking the unsubscribe link in an email from us.
Where a third party recipient is located outside of the European Economic Area, we ensure that adequate safeguards are in place to protect your rights over the processing of your personal data, including approved EU contract clauses if the recipient country has not been previously approved by the EU data protection authorities.
How long do we retain your personal data?
We will retain your personal data for the duration of any contract between us, and for a period of seven years following its termination or expiry, to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements.
Security of your Personal Information
ITEC secures your personal information from unauthorised access, use or disclosure. ITEC has adopted internationally recognised best practice standards and techniques to manage the security of your personal information throughout its lifetime, from creation to destruction and our security controls independently audited. We have robust processes in place to deal with any suspected security incidents that include notifying you and any regulatory bodies where we are legally required to do so.
Our computer servers and applications operate in a controlled, secure environment, protected from unauthorised access, use, disclosure, damage or destruction. When personal information (such as a credit card number) is transmitted to other Web sites, it is protected through the use of encryption. Our computers that process your personal data online are routinely monitored and tested to protect against cybercrime.
Where you create an account to use our online services and software tools, you are responsible for keeping your password confidential. We advise you not to share your password or use a password you commonly use on other websites as the transmission of information over the internet is not guaranteed to be secure.
Under the GDPR, and UK data protection law, you have specific rights over the processing of your personal data. These include:
• A general right to be informed about the processing of your personal data
• A general right to have your information processed securely
• A right to request access (e.g. receive a copy of the personal data ITEC holds about you).
• A right to have inaccurate personal data corrected (rectification).
• A right to be informed about how long your personal information will be retained.
• A right to request erasure of your personal data if ITEC has no legal, statutory or regulatory reason for processing it.
• A right to restrict the processing of your personal information causing, or likely to result in harm or distress (subject to ITEC’s legal obligations for processing).
• A right to portability in certain circumstances (i.e. to have your personal data provided in machine readable format to another organisation without constraint)
• A right to object to the processing conducted by ITEC (e.g. for direct marketing purposes)
• A right to have any automated processing and the logic used explained to you.
• A right to complain to the UK data protection supervisory authority (the UK Information Commissioner if you believe your rights have been breached and ITEC have been unable to resolve the issue, and a further right to obtain judicial remedy through the courts if your complaint is upheld. For more information in how to make a formal complaint to the regulator, visit www.ico.gov.uk)
If you would like to exercise any of the rights listed above, please write to the ITEC Data Protection Officer at the address below. We will explain any applicable exceptions to these rights in our response.
Changes to this Statement
ITEC will occasionally update this Statement of Privacy to reflect company and customer feedback. ITEC encourages you to periodically review this Statement to stay informed of how ITEC is protecting your information.
ITEC welcomes your comments regarding this Statement of Privacy. If you believe that ITEC has not adhered to this Statement, or have any concerns about how we process your personal data please contact ITEC at firstname.lastname@example.org. Or write to us. We will use commercially reasonable efforts to promptly determine and remedy the problem.
Data Protection Officer,