Welcome to our privacy notice which sets out how we collect, look after and process your personal data, together with some information about your rights, and how the law protects you.
This privacy notice applies to information that we collect about visitors to our websites; our clients; attendees at our training workshops and also people making enquiries about our workshops.
This privacy notice was last updated on 8 September 2020.
We collect personal information in a number of ways:
- We collect technical data about visitors to our websites including IP addresses, browser type and version, time zone setting and location, and other details using Google Analytics cookies and software. This enables us to record and analyse visitors to our website so that we can make improvements to it, and gain a better understanding of our visitors. It is also used by our anti-spam and data security services to filter out spam and for cybersecurity measures.
- We will collect your personal data when you contact us, or through direct interactions with us. The nature of this data will be dependent on the circumstances, but is likely to be your contact details, and information about your business.
- When you enrol, or are enrolled on an e-learning course you will provide us with certain information to complete your profile, including name and email address. We will record your progress on the course(s) and your usage of the e-learning facilities will be recorded.
- We collect the names and contact details of attendees of our workshops, and keep a record of who has attending which workshops. This enables us to contact you about additional workshops that may be of interest, or updates to the law that may be relevant following on from the workshop. We also keep this information for insurance and accounting purposes.
- Where we are speaking at an event organised by a third party, we will ask for the attendee list to be shared with us if possible so that we can contact you as follow up to the event, for feedback, or where permitted, to let you know about other events or workshops that we are running.
The information that we share with Stripe may include:
- your name;
- your email address;
- your address;
- your phone number (if applicable);
- your city/state/zip details (if applicable);
- a unique payment identifier generated by our site; and
- a payment provider identifier.
We don’t see your payment information, as this is handled directly by Stripe. They just tell us whether payment was successful or not.
Your personal information will be used in a number of ways.
First and foremost, it will be used to provide you with, administer and support any legal training that we have agreed to provide you, whether via an e-learning course or a live workshop.
Secondly it will be used where appropriate as part of our administrative records so that we can meet our legal obligations.
We may use your information for marketing purposes, and more details are set out in the Marketing section below.
We will use certain technical information gained from our website and its tracking features to improve the website and gain a better understanding of how it performs.
We will use any feedback that you provide to help us improve our services (both online and offline).
If you register on our site, then we may send you emails regarding other e-learning courses or live workshops that may be of interest to you.
Where you have attended a workshop run by us or requested information about our workshops, then we may send you emails or call you regarding future events that may be of interest.
If you would rather we didn’t send you marketing information then please let us know, and there will be an ‘unsubscribe’ link on all our marketing emails.
We may also ask visitors to our site if they would like to sign up for updates and newsletters. You can change your mind at any point.
With our suppliers
We use a number of third party service suppliers in our business, and these third parties may be third-party processors of your personal information. This will include:
- our hosting providers;
- venue providers for live events;
- IT consultants and developers;
- marketing consultants; and
- other professional advisors engaged by us in our usual course of business.
These third-parties are not allowed to use your personal information for their own purposes unless they, or we, tell you about it at the time when the information is collected. In practice we can’t see this happening very often, if at all.
With co-hosts or other speakers at live events
Where we are co-hosting or speaking at a live event, then attendee lists are often shared between the hosts and speakers to enable us and them to run the event. This will be made clear on the event registration details.
With third party course providers
Some of our e-learning courses are provided by third parties and sold by us as their agent. In such circumstances we consider ourselves to be joint data controllers. Where a course is provided by us as agent for a third party, their details will be found on the course information page, together with a link to their own privacy notice.
Sharing your personal data with your employer
Where your employer has signed you up for an e-learning course or a live workshop, then we will share with them details of your progress or attendance at the workshop, together with the results of any quizzes or other tests associated with the learning. They will also have access to any personal information that you include within your profile. Their use of this information will be governed by their own privacy notices and any contractual arrangements between you and them.
Other times that we may share your information
We may also share your personal information where we are in the process of selling our business, or a part of it. This would form part of any buyer’s or investor’s due diligence process. We will take reasonable steps to minimise the disclosure of personal information and for many reasons (and not just the protection of your personal information) we would insist upon any personal purchaser or investor signing up to strict confidentiality terms and not using any personal information for any other purpose.
We will also share personal information with any regulatory or law enforcement agencies where we are required to do so by law, or where we believe that it is reasonably necessary in the investigation of an offence.
We have made a conscious effort to ensure that all our servers are based within the UK where possible, but some service providers (noticeably Google Analytics) do not offer that functionality. Where any data is to be transferred outside of the UK then:
if it is to an EU member state or EEA country, then we insist upon GDPR compliant terms are in place; or
if it is outside of the EEA then we will only transfer it to a country where the European Commission or the UK Information Commissioner’s Office have issued a finding of adequacy (i.e. the European Commission or the UK ICO believe that the data protection laws in that country are adequate to protect your data without the need for any further action on our part) or we will use EU approved contract wording to ensure that your personal data is protected.
This depends upon the nature of the personal information concerned, but we work to the following timescales:
Details of any contractual relationships and financial transactions with you will be held for 7 years. This is in order to assist us in complying with any tax investigation or other legal disputes. Such period may be extended by us in the event of any such investigation or dispute.
Your e-learning profile and records will be deleted from our live server one year following the end of your final subscription to our service. Because of the nature of how we back up our servers, backup copies of this information may remain on our servers for a period of no longer than 3 months following this date.
We retain records of attendees at our live workshops and events for a period of no more than 3 years following the date of the event.
Details of sales enquiries are retained for a period of no more than 12 months unless we have agreed with you to hold them for a longer period.
Correspondence between us will be kept for a period not exceeding 7 years, unless legal or regulatory action makes it reasonable for us to retain it for a longer period.
If you have given us some great feedback that we’d like to use in our marketing, then we’d like to hold on to that for as long as possible (it makes us feel warm and fuzzy inside), so will keep that for up to 7 years. Of course we’d like to think that it will be superseded by other fantastic feedback (who wants to rely on a 7 year old recommendation) but we may ask you if we can include such feedback on our marketing material and will let you know if it is going to exceed this period and agree it with you.
We have put in place a number of technical and organisational measures to secure your personal data, and to deal with any suspected personal data breach. We’re not going to publish on the internet exactly what these are, and hopefully you understand the rationale behind this.
Under data protection law, you have certain rights which are summarised below:
- The right to request access to your personal data processed by us;
- The right to request correction of any inaccurate personal data that we hold about you;
- The right to request erasure of your personal data held by us;
- The right to object to our processing of your personal data;
- The right to request a restriction of processing of your personal data;
- The right to request a transfer of your personal data to you or a thrid party; and
- The right to withdraw consent at any time.
Needless to say that these rights are subject to certain limitations, but if you would like to exercise any of them please do get in touch with us via any of the methods set out on our Contact Us page. If you could make it clear that you wish to exercise such rights by marking your request for the attention of our Data Protection Manager, then that would be extremely helpful to us.
We try to respond to all legitimate requests within one month, but on occassions we may need to extend the deadline by up to two months if the information requested is particularly complex or if you have made a number of requests. If this is the case we will let you know and keep you updated.
You also have the right to complain to the UK Information Commissioner’s Office, who are the supervisory authority for data protection law in the UK. Their website is at www.ico.org.uk and contains all relevant contact details. We would of course prefer it if you would contact us first so that we can try to resolve any issues amicably.
Of course if you’d like to know more about data subjects’ rights then we’re pretty sure we can point you in the direction of a live workshop or e-learning course …
Please see our [Complaints Policy] if you have any complaints about how we handle your personal information.