ABOUT THIS POLICY
HRP Training maintains certain personal data about living individuals for the purposes of satisfying our operational and legal obligations. We recognise the importance of the correct and lawful treatment of personal data in maintaining the reputation of the company as well as meeting legislative requirements. The data we hold are subject to the appropriate legal safeguards as specified in the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003, and the General Data Protection Regulation.
OUR ROLE AS A DATA CONTROLLER
HRP Training controls data in order to meet its legal and operational obligations (legitimate interests) in the provision of forklift truck and materials handling equipment training.
OUR ROLE AS A DATA PROCESSOR
HRP Training processes data on behalf of HSE, ITSSAR and in the case of our own employees, on behalf of Her Majesty’s Revenue and Customs (HMRC).
WHAT PERSONAL INFORMATION DO WE HOLD?
We may hold any of the following personal information relating to our customers and their employees:
Date of birth
National Insurance number
We may not hold all of the information types listed above for every customer.
HOW DO WE USE THIS INFORMATION?
Delegate names, photographs, dates of birth and National Insurance numbers
HRP Training controls these data for the purposes of identification and verification both of trainees’ identities and of the training they have received. In order to provide copy certificates to trainees or to a booking party involved in the scheduling of training on behalf of the trainee, HRP Training must be able to accurately link a record of training with an individual.
Delegate telephone numbers, email addresses and postal addresses are held in physical archive files only and are under lock & key.
Delegates name, company they are employed by, type and date of training only are held as hard copy and digital pc.
HRP Training controls these data for the purposes of customer communication, feedback and in the pursuit of bad debts.
We record these data for our staff in order to meet our legal obligations to them, HSE and to HMRC.
HOW IS THIS INFORMATION SECURED?
HRP Training’s IT systems (including servers, terminals and access to email) are secured in line with our information security policy which enforces organisational and environmental controls to prevent loss, misuse of or unauthorised access to our customers data. Our physical archive files are secured under lock and key, with only those members of the management team who require access granted copies. All internet traffic used to collect personal data is SSL encrypted.
FOR HOW LONG DO WE HOLD PERSONAL INFORMATION?
Data relating to training courses are held in digital format for a period of 20 years. As records of training are not subject to a statutory date of expiry, this period has been selected to allow for records to be retained for the entirety of a trainee’s working life so that we are able to provide certificate copies as required.
Original hard copy test papers are retained for a period of 7 years in order to allow synergy between document disposition processes for both financial and operational documentation including personal data. After this period digital data are used for verification of training.
HRP Training is committed to the preservation and protection of personal information and does not sell any such information to third parties.
Personal information may be shared with a booking party (e.g. a trainee’s employer or a member of their company’s HR or management team) upon delivery of certification, as required to confirm trainee attendance, and in order to assist the booking party in the execution of their legal duties in respect of maintaining records of training. Personal information may also be shared with third parties when HRP Training is legally obligated to do so.
HOW DO WE NOTIFY IN THE EVENT OF A DATA BREACH?
In the event of a data breach, and where practicable, we will notify all parties materially affected via email or phone within 72 hours of such a breach being identified. Where appropriate we will also notify any relevant body of a data breach. Route Cause Analysis (RCA) reports will be compiled and issued to all materially affected parties, and distributed via email without delay.
RIGHT OF ACCESS
You have the right to access your personal data. Within 30 days of receipt of a request for a copy of the personal data we hold on an individual, we will provide confirmation that we are processing that individual’s personal data and a copy of the personal data we hold.
We’re always here to help. If you would like to speak with us in relation to anything privacy‐related please call our admin team on 01458 860588, email us via email@example.com