PRIVACY NOTICE – CourseSight
Reference Point Ltd (company number 02156356) ("We") are committed to protecting and respecting your privacy.
This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. We keep certain basic information when you visit our website and recognise the importance of keeping that information secure and letting you know what we will do with it.
For the purposes of the General Data Protection Regulation (GDPR (EU) 2016/679) and Data Protection Act 2018 (“data protection legislation”):
- if you are an organisation (Booker or Provider or Industry Body) or individual Booker registering an account on CourseSight (Account) we are the data controller for any registration data you enter, information about your use of the system and our services and any correspondence we enter into with you;
- we are a data processor in respect of any data about individuals which such organisations provide to us and/or enter into CourseSight or which an individual Booker enters into CourseSight in order to book a Training Place – for example:
- in relation to Training Places you sell as Provider, the data in respect of individuals who are delegates on courses;
- in relation to Training Places you buy as an organisation Booker, the data in respect of individuals on behalf of whom you are booking a place;
- in relation to Training Places you book directly as an individual, your data you enter which we collect on behalf of the relevant organisation (which is the data controller)
This notice only applies to our site. If you leave our site via a link or otherwise, you will be subject to the notice of that website provider. We have no control over that notice or the terms of the website and you should check their notice before continuing to access the site.
If you are an individual delegate for whom an organisation Booker has booked a Training Place or an individual working for a Provider, details of how your personal data is processed should be available directly from the relevant organisation and/or on the Provider’s organisation page on this website.
Our Contact Details: Reference Point Limited, Technology House, 2-4 High Street, Chalfont St.Peter, Gerrards Cross, SL9 9QA +44 (0) 1753 279 927.
How we will use your personal information
We may collect information that you provide by filling in forms on our site or to gain access to our site. This includes information provided at the time or registering to use our site or requesting further services. We may also ask you for information when you report a problem with our site.
We may collect and process the following data about you and any course delegates you book Training Places for:
- When you book a Training Place, we will pass the following details about you and/or the delegate to the relevant Provider:
- email address;
- National Insurance number, if entered; and
- Other booking details
- If you contact us, we may keep a record of that correspondence;
- We may also ask you to complete surveys, although you do not have to respond to them;
- Details of your visits to our site for system administration and to report aggregated information to Providers and Industry Bodies. This is statistical data about our users' browsing actions and patterns and use of CourseSight and does not identify any individual.
We use information held about you or course delegates for the following purposes and in the following ways:
- to ensure that content on CourseSight is presented in the most effective manner for you and for your computer;
- to provide you with information, products or services we believe may be of interest to you based on your use of CourseSight including courses;
- to carry out our obligations arising from the User Agreement entered into between you and us;
- to help enable Providers to manage Training Place bookings;
- to allow you to participate in interactive features of CourseSight, when you choose to do so;
- to notify you about changes to CourseSight;
- to maintain a record of Training Places that have been booked including for whom and by whom such places have been booked;
- to identify you / the delegate and cross reference your or their CourseSight account or registered details with any account you or the delegate or your or their employer has with us in connection with our suite of products which comprise databases of the holders (Cardholders) of construction and related industry smartcards (including but not limited to cards issued by Construction Skills Certification Scheme Ltd (CSCS)). This suite of products includes but is not limited to SkillGuard, SkillSight, Validate and other client own-branded versions thereof. We may also pass such details to Providers so that they can identify and update training records for you / the relevant course delegate. We use information held about Cardholders in the manner set out in the terms and conditions and Privacy Notice for the particular product in question e.g. SkillSight.
We may combine information held about you and/or Cardholders with other information we collect about you and/or Cardholders from other sources. We may use the combined information for the purposes set out above.
Credit or debit card information will not be stored or retained by CourseSight or Providers. All such data will be securely stored within the payment processor’s environment.
The recipients or categories of recipients of personal data:
We will share your personal data with third parties where required by law or where we have another legitimate interest in doing so. We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- to Training Providers,CSCS and other relevant construction and related industry card certification schemes for the purposes set out above.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation to our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
We may disclose and make available information you give us about Cardholders to our sub-contractors in connection with the provision of our services to you.
Legal basis for processing:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data to perform the contract we have entered into with you (Basis: Art 6(b) GDPR). We and any third parties with whom we share your personal data may also find it necessary to process your data for legitimate interests we pursue (Basis: Art 6(f) GDPR). For example, we may process your data for the legitimate interest of providing you with information, products or services we believe may be of interest to you based on your use of CourseSight including courses.
Where we store your personal data:
All information you provide to us is stored on our secure servers located in the UK. We will not transfer any data that we collect or receive from you that constitutes personal data outside of the EEA unless there are appropriate safeguards or an adequacy decision in relation to the transfer as set out in the data protection legislation or the transfer otherwise complies with the data protection legislation. Such transfers may involve, for example, our use of third party services allowing us to send e-mails or automated SMS messages which make use of facilities in third countries to process data.
By logging in to our site, you agree to this storing or processing.
We will take all steps reasonably necessary to ensure that your data and any data relating to any course delegates you give us are treated securely and in accordance with our terms and conditions.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do what we reasonably can to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use reasonable procedures and security features to try to prevent unauthorised access.
Retention period and criteria used to determine the retention period:
- Information collected will be retained for a period no longer than is necessary to support the purpose of processing personal data set out above.
- Encrypted backups: We will retain encrypted backup tapes for a maximum of 3 years from the termination or our contract with you or from the deletion of your data from our database, whichever is later. This time limit is set in line with the limitation period for possible legal claims which may require such data in order to be investigated and defended against.
You have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information (commonly known as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
Where our processing is based on your explicit consent to our processing, you have the right to withdraw such consent (this will not affect the lawfulness of processing prior to the withdrawal of your consent).
If you wish to exercise any of these rights please contact our Data Protection Officer email@example.com.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and you can withhold your consent to and prevent such processing by not checking certain boxes on the forms we use to collect your data. You can also exercise the right to prevent such processing at any time by contacting us at firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Complaints to Information Commissioner: You have the right to lodge a complaint about our processing with the Information Commissioner.
Consequences of failure to provide personal data: Your provision of personal data to us is a requirement necessary for you to enter into a contract with us. If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you.
What are cookies? Cookies are small text files placed on your computer by us or our partners. They let us identify the device you’re using – but not you personally. This information is sent back to our systems as you move around our website.
Cookies are unique to the web browser you’re using – so if you’re using a desktop computer as well as a mobile, different data will be collected for each.
You can find more information on the About Cookies Website
Cookies can be set by the owner of the website you’re on. These are known as 1st Party Cookies. There are also 3rd Party Cookies that can be set by partner websites. Only the owner of the cookie can see the anonymous information it collects.
You can choose to accept all cookies, reject 3rd Party Cookies or reject all cookies by changing your internet browser settings. If you don’t accept cookies, some features of our website won’t work.
We use this information to:
- Make it possible for you to use our website;
- Show you information that is relevant to you;
- Find out more about how you use this site.
You can change your browser settings to accept or refuse all cookies, choose which cookies you want or don’t want, or ask to be notified when a cookie is set. Use the help feature in your browser to see how.
Changes to our privacy notice
Any changes we may make to our privacy notice in the future will be posted on the relevant page on our site and, where appropriate, notified to you by e-mail. However, we advise that you check on our site regularly to keep up to date with any necessary changes.