This is intended for all trainee/delegates who are individual customers of Bywater Training Limited in respect of whom personal information [“data”] is collected or accepted by the company in the ordinary course of business.
In this Policy references to “we”, “us”, “our” and “Bywater” are to Bywater Training, and references to “you” are to individual trainee/delegates . References to “you” are referring to individuals who are not corporate customers of ours. References to “our Website” or “the Website” are to bywater.co.uk
What information we collect and how
Bywater collects, uses and is responsible for the data it collects about you. This makes us the controller of this data for the purposes of the General Data Protection Regulation [“the Regulations”] and the Data Protection Act 2018.
When you apply for registration as a trainee/delegate at one of our training courses, we collect some or all of the following data when you enter it into our online booking form:-
- Your name and usual address;
- Your job title;
- Your employer’s name and address;
- Your telephone number and preferred e-mail address.
Use of our Website will involve Cookies; small text files placed on your computer or mobile telephone which allow us to recognise you and your preferred settings; improve the speed/security of the Website; allow you to “share” pages with social networks; improve the efficiency of our marketing. Cookies save you from re-entering information on return visits to the Website. That data is recorded locally on your computer. Most browsers can be programmed to reject, or warn you before downloading cookies: information regarding this may be found in your browser’s ‘Help’ facility.
We have a policy on the limits to which Cookies can be used for any purpose without your specific permission: see About Our Cookies
What we do with your information: Purposes
We use your personal data only for the supply of training courses and for improving our Website. By “clicking” your consent at the close of the booking process on the Website you agree to the collection and use of data in accordance with this Policy.
We may need to pass the data we collect to third parties [“Sharing Parties”]: –
- for administrative purposes: conference venues and Trainers will need to receive some of your basic personal data (name, contact number) so that we can organise and run our training services efficiently.
- confirmation of standards: professional and vocational bodies who have approved Bywater as a provider of authorised training for their members – such as the Chartered Quality Institute and IEMA – require us to inform them whether delegates have met the standards required for the award of an industry-recognised qualification. Please note, if you are undertaking a Lead Auditor exam remotely/virtually the exam will be recorded. Recordings will be kept for 12 months to assist with invigilating and detecting cheating.
- As a registered charity, the CQI is subject to the UK General Data Protection Regulation (UK GDPR), a UK law that gives you certain rights with respect to your personal data that is shared with the Institute. To exercise your GDPR rights, you must contact the CQI either directly or through Bywater (your training provider) unless you are located in a European Union country when you must contact the CQI’s EU representative – IT Governance Europe Limited at firstname.lastname@example.org. Please ensure you reference ‘CQI’ in any correspondence you send to our representative. For further information on the Chartered Quality Institute’s data processing policy please follow this link,
- for tax and accounting purposes: basic customer data may be required by HM Revenue & Customs so that we can comply with the tax laws and regulations of this country.
- for regulatory compliance purposes: basic customer data may be required by the Information Commissioner’s Office [“the ICO”] in order to test our compliance with the Regulations.
- for public protection purposes: we may be required to share data with the National Crime Agency or the Police in order to comply with the anti-money laundering and anti-terrorism laws of this country.
- for business marketing purposes: we may share some anonymised personal data with our website-host in order to monitor how customers are using our Website, and in order to send/receive e-mails.
Sharing Parties are not allowed to use your shared personal data for their own purposes or to pass on or sell your data without your permission.
In the case of the ICO there is always the risk that in the course of executing their public duties some of your data may lawfully be disclosed by them for the purpose of any civil or criminal proceedings. This form of disclosure would be permitted as a matter of law, without our consent or yours.
What Your Data Rights Are: Amend, Correct, Remove
In accordance with the needs of HMRC and the ICO we shall keep your data for a period of six years, unless of course you ask us to delete it. The GDPR grants the following rights to individual customers irrespective of the meaning and effect of these terms & conditions: –
- The right to ask us what information we hold and what we do with it;
- The right to ask for mistakes to be corrected or to complete missing information;
- The right to ask that personal information is erased (sometimes called “the right to be forgotten”);
- The right to receive a copy of the personal information we hold, or to have it sent to a nominated third person in a commonly-used and machine-readable format; and
- The right to object to our processing of that information, or to withdraw your consent to our collection and use of that information.
If you are an individual customer of Bywater (that is, not a company or business entity) and you want to exercise any of these rights under the Regulations, please use the contact details at the end of this document. We are entitled to request proof of your identity and usual address so that we can verify your entitlement to the right (or rights) that you wish to exercise.
Bywater shall respond to an individual’s request for the exercise of rights under the GDPR within one month from the date when the request is received.
Like many site operators, we collect information that your browser sends whenever you visit our Website (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics. Log Data is not stored by us for use in connection with any other purpose than helping us to improve the design and layout of our Website.
This kind of information does not typically include any other data which could properly be described as “personal”; but you have to the right to ask us to provide you with a copy of any personal data about you which we hold.
The security of your Personal Information is important to us, but remember that no method
of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.