Privacy Notice - CourseSight
Reference Point Ltd (company number 02156356) ("We") are committed to protecting and respecting your privacy.
This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. We keep certain basic information when you visit our website and recognise the importance of keeping that information secure and letting you know what we will do with it.
For the purposes of the General Data Protection Regulation (GDPR (EU) 2016/679) and Data Protection Act 2018 (“data protection legislation”):
This notice only applies to our site. If you leave our site via a link or otherwise, you will be subject to the notice of that website provider. We have no control over that notice or the terms of the website and you should check their notice before continuing to access the site.
If you are an individual delegate for whom an organisation Booker has booked a Training Place or an individual working for a Provider, details of how your personal data is processed should be available directly from the relevant organisation and/or on the Provider’s organisation page on this website.
Our Contact Details: Reference Point Limited, Shire House, West Common, Gerrards Cross, Buckinghamshire, SL9 7QN, +44 (0) 1753 279 927.
How we will use your personal information
We may collect information that you provide by filling in forms on our site or to gain access to our site. This includes information provided at the time or registering to use our site or requesting further services. We may also ask you for information when you report a problem with our site.
We may collect and process the following data about you and any course delegates you book Training Places for:
We use information held about you or course delegates for the following purposes and in the following ways:
We may combine information held about you and/or Cardholders with other information we collect about you and/or Cardholders from other sources. We may use the combined information for the purposes set out above.
Credit or debit card information will not be stored or retained by CourseSight or Providers. All such data will be securely stored within the payment processor’s environment. For the avoidance of doubt, there may be occasions when a Booker calls us to book a Course and requests that we input credit or debit card information directly into payment processor Stripe’s system on their behalf but we do not record or retain these details in any circumstances.
The recipients or categories of recipients of personal data:
We will share your personal data with third parties where required by law or where we have another legitimate interest in doing so. We may disclose your personal information to third parties:
We may disclose and make available information you give us about Cardholders to our sub-contractors in connection with the provision of our services to you.
Legal basis for processing:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data to perform the contract we have entered into with you (Basis: Art 6(b) GDPR). We and any third parties with whom we share your personal data may also find it necessary to process your data for legitimate interests we pursue (Basis: Art 6(f) GDPR). For example, we may process your data for the legitimate interest of providing you with information, products or services we believe may be of interest to you based on your use of CourseSight including courses.
Where we store your personal data:
All information you provide to us is stored on our secure servers located in the UK. We will not transfer any data that we collect or receive from you that constitutes personal data outside of the EEA unless there are appropriate safeguards or an adequacy decision in relation to the transfer as set out in the data protection legislation or the transfer otherwise complies with the data protection legislation. Such transfers may involve, for example, our use of third party services allowing us to send e-mails or automated SMS messages which make use of facilities in third countries to process data.
We will take all steps reasonably necessary to ensure that your data and any data relating to any course delegates you give us are treated securely and in accordance with our terms and conditions.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do what we reasonably can to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use reasonable procedures and security features to try to prevent unauthorised access.
Retention period and criteria used to determine the retention period:
Personal information collected will be retained for a maximum of 6 years. This retention period allows users returning to the site within this timeframe to view previous activity and continue to use the site without having to recreate their login or resupply their contact details. After this period, any identifying personal information held within CourseSight will be removed from existing user profiles and from any courses with which individuals are associated (as trainer or delegate). This time limit is set in line with the limitation period for possible legal claims which may require such data in order to be investigated and defended against. This retention period will apply from:
Delegates – from date of last course booked (whether by an employer or directly by the delegate themselves) or from last login date (whichever is the later)
Training Provider user accounts - from last login date (or from user profile creation date where no login has occurred)
Employer user accounts - from last login date (or from user profile creation date where no login has occurred)
Course Trainers – from date of last course linked to the trainer or from last login date (whichever is the later)
Encrypted backups: We will retain encrypted backup tapes containing personal data for a maximum of 3 years following deletion of your data from our database.
You have the right to:
Where our processing is based on your explicit consent to our processing, you have the right to withdraw such consent (this will not affect the lawfulness of processing prior to the withdrawal of your consent).
If you wish to exercise any of these rights please contact our Data Protection Officer at email@example.com.
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Complaints to Information Commissioner: You have the right to lodge a complaint about our processing with the Information Commissioner.
Consequences of failure to provide personal data: Your provision of personal data to us is a requirement necessary for you to enter into a contract with us. If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you.
What are cookies?
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer (or internet-enabled device) if you agree.
Cookies allow us to identify the computer or device you are using to access our website – but we cannot identify you personally. This information is sent back to our systems as you move around our website. Cookies are unique to the web browser you are using – so if you are using a desktop computer as well as a smart phone, different data will be collected for each.
Cookies we use
We use the following cookies:
Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website and services.
Analytical/performance cookies: These allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it e.g. which pages are viewed by visitors most frequently. This helps us to improve the way our website and services work, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our site. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region).
We do not set targeting/advertising cookies. Cookies are not used in any Apps we provide.
Who sets cookies?
Cookies can be set by the owner of the website you are on. These are known as first party cookies. Please note that third parties may also set cookies of any type, over which we have no control – however, you can control them by managing your cookies (see below). Only the owner of the cookie can see the anonymous information it collects.
How can I manage cookies?
You may block cookies by activating the setting on your browser which allows you to refuse the setting of all or some cookies. However, if you select this setting you may be unable to access all or certain parts of our site.
You can find more information about cookies on the ICO Website ico.org.uk/global/cookies and you can find detailed information on how you can control cookies at AboutCookies.org
Changes to our privacy notice
Any changes we may make to our privacy notice in the future will be posted on the relevant page on our site and, where appropriate, notified to you by e-mail. However, we advise that you check on our site regularly to keep up to date with any necessary changes.