Employment Law Services Ltd
Chequers House, Chequers Lane, Watford, WD25 0LG
Contact: Jennie Hargrove
1.1 We need to gather and use information or ‘data’ about you as part of our business and to manage our relationship with you. This policy sets out the things we must tell you about data protection.
1.2 We take the security and privacy of your data seriously and intend to comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security.
1.3 This policy applies to current and former students of the Virtual Employment Law Academy. If you fall into this category then you are a ‘data subject’ for the purposes of this policy.
1.4 The Company is a ‘data controller’ for the purposes of your personal data. This means that we decide how and why we process your personal data.
1.5 This policy explains how we will hold and process your information. It explains your rights as a data subject.
2 Data Protection Principles
2.1 Personal data must be processed in accordance with the following ‘Data Protection Principles.’ It must:
• be processed fairly, lawfully and transparently;
• be collected and processed only for specified, explicit and legitimate purposes;
• be adequate, relevant and limited to what is necessary for the purposes for which it is processed;
• be accurate and kept up-to-date. Any inaccurate data must be deleted or rectified without delay;
• not be kept for longer than is necessary for the purposes for which it is processed; and
• be processed securely.
We are responsible for ensuring and demonstrating compliance with these principles.
3 How we define personal data
3.1 ‘Personal data’ means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.
3.2 This policy applies to all personal data whether it is stored electronically, on paper, or in/on other materials.
3.3 We will collect and use the following types of personal data about you:
• Your contact details (name, email, organisation)
• The date of your purchase and package information
• Your card payment details will be processed by our payment gateways (either WooCommerce or GuestList, and Stripe). We do not see, nor hold, your payment information.
• Any other category of personal data which we may notify you of from time to time.
4 How we define processing
4.1 ‘Processing’ means any operation which is performed on personal data such as:
• collection, recording, organisation, structuring or storing;
• adaption or alteration;
• retrieval, consultation or use;
• disclosure by transmission, dissemination or otherwise making available;
• alignment or combination; and
• restriction, destruction or erasure.
This includes processing personal data which forms part of a filing system and any automated processing.
5 How will we process your personal data?
5.1 We will process your personal data in line with our obligations under the 2018 Act.
5.2 We will use your personal data:
• for performing the contract between us;
• for complying with any legal obligation; or
• if it is necessary for our legitimate interests (or for the legitimate interests of someone else). However, we can only do this if your interests and rights do not override ours (or theirs). You have the right to challenge our legitimate interests and request that we stop this processing.
We can process your personal data for these purposes without your knowledge or consent. We will not use your personal data for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it.
5.3 We will retain details of your purchase for approximately seven years. We keep it for that long as the normal limitation period for any claims against us is six years.
6 Examples of when we might process your personal data
6.1 We have to process your personal data in various situations during your enrolment on the course.
6.2 For example:
• the details of your purchase (your name, organisation, email address, date of purchase and package)
• your card payment information will be processed by our payment gateways (either WooCommerce or GuestList, and Stripe). We do not see, nor hold, your payment information.
• we share the data in (b) with MailChimp, an online email app that we use to communicate with you.
• we will share your email address and name with Zoom, which we use for transmitting the live sessions
• if you choose to subscribe to our Slack community, any data you enter will be held by Slack subject to their terms and conditions.
• for any other reason which we may notify you of from time to time.
7 How to deal with data breaches
7.1 If this policy is followed, we should not have any data breaches. But if a breach of personal data occurs, we will take notes and keep evidence of that breach. If the breach is likely to result in a risk to the rights and freedoms of individuals then we must also notify the Information Commissioner’s Office within 72 hours, where feasible.
8 Subject access requests
8.1 Data subjects can make a ‘subject access request’ (‘SAR’) to find out what information we hold about them. This request must be made in writing.
8.2 We must respond within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by up to two months.
8.3 There is no fee for making a SAR. However, if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.
9 Your data subject rights
9.1 You have the right to information about what personal data we process, how and on what basis as set out in this policy.
9.2 You have the right to access your own personal data by way of a SAR (see above).
9.3 You can correct any inaccuracies in your personal data by contacting us.
9.4 You have the right to request that we erase your personal data where we were not entitled under law to process it, or where it is no longer necessary to process the data for the purpose for which it was collected.
9.5 During the process of requesting that your personal data is corrected or erased, or while you are contesting the lawfulness of our processing, you can ask for the data to be used in a restricted way only.
9.6 You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
9.7 You have the right to be notified of a data security breach concerning your personal data where that breach is likely to result in a high risk of adversely affecting your rights and freedoms
9.8 In most situations we will not rely on your consent as a lawful ground to process your data. If we do request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later. To withdraw your consent, you should contact the Data Protection Officer.
9.9 You have the right to complain to the Information Commissioner. You can do this by contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has more information on your rights and our obligations.
10.2 Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyse what works and where it needs improvement.
10.3 Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.
Essential: Some cookies are essential for you to be able to experience the full functionality of our site. They allow us to maintain user sessions and prevent any security threats. They do not collect or store any personal information. For example, these cookies allow you to log-in to your account and add products to your basket, and checkout securely.
Functional: These are the cookies that help certain non-essential functionalities on our website. These functionalities include embedding content like videos.
10.4 If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies: https://ico.org.uk/your-data-matters/online/cookies/.
Analytics: These cookies store information like the number of visitors to the website, the number of unique visitors, which pages of the website have been visited etc. This data help us understand and analyse how well the website performs and where it needs improvement.