About this Policy
We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at www.ico.gov.uk.
Who are we?
Oak Tree Management & Training Ltd, the data controller of this website. We are a UK private limited company with company number 3961023.
We can be contacted by phone (+44(0)1284 763040 or email firstname.lastname@example.org)
What data we collect and why
|Type of data||Purposes/use||Legal basis of processing|
|Invoice payers’ name, address, telephone number, email address||Processing your payment. This will be processed by Worldpay, our payment processor.||Performing our contract with our customers.
For the purpose of our legitimate interests.
|Delegates’ name, address, telephone number, email address.
On occasion date of birth
|Managing attendance on our training courses.
For Awarding Body Registrations
|Performing our contract with our delegates.
For the purpose of our legitimate interests.
|Photos and videos of delegates||To use as a promotional tool on our website and on social
|Consent. We will always ask your consent before taking
and using photos.
|Subscribers’ name and email address||Sending email newsletters. Data will be processed by MailChimp, our chosen email marketing service provider.||Consent. We will seek consent and make it clear at the point of data capture (and under “Email newsletter” section in this policy) how your data will
|Automatically collected data as outlined in “Visitor tracking” section||Processed by Google Analytics to help us monitor usage of our website.||Consent. When you first visited our site, you were asked to consent to the use of
- We will never transfer your personal data outside the EU without prior consent with the exception of MailChimp and Google (see “Third parties” section)
- We have taken a number of steps to protect your personal data from loss, misuse and unauthorised
- For payments taken on our website we use the secure, recognised online payment system Worldpay. For more details see Worldpay
- We will never sell your personal
- We will not share your personal data with any third parties without your prior consent. However, we may need to pass your personal data to third parties for the purpose of fulfilling services you have requested (for example passing your details to awarding bodies such as NEBOSH, ILM, HABC, CSkills, BSC, RTITB, ITSSAR, IPAF, PASMA, LANTRA in order for you to complete your qualification).
- We will notify you promptly in the event of any breach of your personal data, see Data Breach ‘your rights’ below..
Note: please be aware that we cannot guarantee that transferring information over the internet always be 100% secure.
How long do we keep your data?
- We will hold your personal data for as long as you are an Oak Tree Management & Training Ltd customer and for as long afterwards as it is in our legitimate interest to do so. This will generally be for up to 5
- We review collected personal data annually to establish whether we are still legally entitled to process and retain
- We will never store payment information for orders processed on this website. If you choose to store your payment information in your website account, the details will be stored securely with Worldpay, our payment
- For payments completed via telephone, we will securely destroy your payment information as soon as we have used it to process your
Like almost all websites, we use Google Analytics (GA) to track how you interact with our website. This helps us understand how people find and use our website, allowing us to make changes to improve usability and user experience.
GA stores data such as your location, device, internet browser and operating system. This does not enable us to identify you personally.
Furthermore, GA record’s your device’s IP address. This could allow Google to personally identify you but we do not have access to this information.
You can disable cookies on your internet browser to stop GA from tracking your usage of this site. We consider Google to be a third party data processor. See “Third Parties” section below.
This website enables you to sign up to our email newsletter. Any details you submit will be forwarded to our own Customer Relationship Management (CRM) system and also MailChimp (who we use for email marketing services). If you choose to sign up to our email newsletter, your personal details will not be stored in a database on our own website or on any of our internal computer systems.
Your personal details will remain within MailChimp until you request removal from the newsletter. We provide unsubscribe links in every email newsletter than we send to you. You can also request that we remove you by contacting us.
If you would like your personal details to be removed from our own CRM system, please contact us. We consider MailChimp to be a third party data processor. See “Third Parties” section below.
If you choose to contact us using any enquiry forms on our website, none of the data that you enter will be stored by this website.
External websites and social networks
Additionally, our website may include social networking features such as Facebook and Twitter “Like” or “Share” widgets. Plus, you may be given the option to register or login to our website or related services using your social media accounts. If you choose this option, we may receive and store personal information from that service which will enable you to log in and other information that you may choose to share.
If you don’t want your personal information shared between this website and your social media account, please do not connect your social account with this website.
Cookies are useful because they allow our website to recognise your device. This allows us to remember your preferences and tailor our website and other media to you.
This website is hosted by Simpleclick within a UK data centre.
All traffic handled by this website is encrypted and delivered over HTTPS.
We use third parties to provide services that are crucial to the management and growth of our business. These third parties process personal data on our behalf.
We have carefully selected these third parties.
|Google: https://policies.google.com/p rivacy?hl=en&gl=uk
|This third party is EU-U.S Privacy Shield compliant.|
|MailChimp||https://mailchimp.com/legal/ privacy/||This third party is EU-U.S Privacy Shield compliant.
We will report any unlawful data breach of our own data or our third party’s data to all relevant people and authorities within 72 hours of the breach.
Under GDPR, you have to right to:
- request access to your personal data
- to be provided with information about how your personal data is processed and used by us
- to have your personal details corrected
- to have your personal data removed from our systems
- in certain circumstances have your personal data transferred to another business if required
- to object to how your personal data is processed
You are able to complain to the Information Commissioner if you feel we have unlawfully processed your personal data: https://ico.org.uk/concerns/
Updating your preferences
If at any time you would like to change how we are able to communicate with you please visit our preference centre which you will find a link to at the bottom of every marketing email we send to you. Alternatively you can contact us and we will be happy to discuss your current contact preferences and make any changes required.
Specific changes will be mentioned below this point.