Data Protection and Privacy for In Professional Development Ltd
1.1 This policy sets out how any personal data In Professional Development Ltd (“we”, “us” or “our”) collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it and keep it secure.
1.2 For the purpose of the General Data Protection Regulations (“GDPR”), the data controller is In Professional Development Ltd, a company registered in England and Wales under
company number 10777587, with its registered office at Suite 6A, Blackthorn House, Appley Bridge, Greater Manchester, WN6 9DB
1.3 It is important that any personal data that we hold about you is accurate and current. Please ensure that you keep us informed of any changes in your personal data.
2. Visitors to our Website
2.1 When you visit our website inpd.co.uk (“our site”) we may automatically collect information about your computer, including where available your IP address (using cookies), operating system and browser type, for system administration and to help maintain security and performance of our site and statistical data about your browsing actions and patterns for marketing purposes. The statistical data does not identify any individual user.
2.2 We only collect identifiable personal data or information from visitors to our site that is voluntarily provided by a visitor. For example, when you visit our site, you may choose to provide personal data or information in order for us to contact you with further information, to join our mailing list, sign up to our membership or register for a course or event.
2.2 We use the following third parties to collect and process personal data set out above in the following ways:
2.2.1 Technical Data is received from analytics providers such as Google based outside the EU;
2.2.2 Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Stripe, a payment gateway on our website based outside the EU and Sage, used to issue invoices and store account records based outside the EU;
2.2.3 Identity and Contact Data from data brokers or aggregators such as Livechat, an online chat facility for customers to speak with an advisor based outside the EU and Salesforce and Eventsforce used to collect information from our online enquiry form and used to book courses based outside the EU.
3.1 Cookies are small data files which most website operators place on the browser or hard drive of their user’s computer. Cookies may gather information about the visitor’s use of
our website or enable the website to recognise the user as an existing customer when they returns to the website at a later date. Cookies may also be used to collect information
about the user which allows the website operator or a third party to create a profile of the user, their preferences and their interests for the purpose of serving the user with targeted, interest-based advertising.
4. Personal Information we collect
4.1 We may collect personal data about you in the following ways:
4.1.1 information that you provide to us by:
• filling in forms on our site
• completing our events/programmes/training course booking forms
• telephoning us with an enquiry
• subscribing to our services and offers
• joining as a member of in>The Know
• attending one of our events or training courses
• completing a feedback form or otherwise giving feedback
• completing a survey
• registering to use our site
4.1.2 information we may ask of you when you report a problem with our site,
4.1.3 if you submit a complaint.
4.2 The kind of data we may collect about you:
4.2.1 If you contact us, we may keep an electronic record of that correspondence and/or conversation, including your name, postal address, email address and telephone
4.2.2 We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
4.2.3 Details of transactions you enter into with us either through or in connection with our site or when attending one of our events or training courses, including billing
address and payment card details.
4.2.4 Details of your visits to our site and the resources that you access.
4.2.5 Personal information (such as your name, address, date of birth and email address) you provide to us for the purpose of subscribing to our site services, email
notifications and/or newsletters.
4.2.6 We may ask you to complete a feedback form when you attend an event or training course, although you do not have to complete one.
4.2.7 Marketing preferences, both as regard the marketing information you want to receive and how (by SMS text, telephone, email or post).
4.3 We do not collect the following special categories of personal data i.e. – race, ethnic origin, politics, religion, trade union membership. In the interests of providing you with specific help where you need it, we ask you if you have any special requirements relating to access on the premises or learning or dietary requirements. We hold this information securely and only for the purpose of carrying out any requests for the specific training you may have booked.
4.4 If you fail to provide personal data that we need by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have, or are trying to enter into, with you. In this case, we may have to cancel a product or service you have with us, though we will notify you if this is the case.
5. Information security – Storing Your Personal Data
5.1 All information you provide to us is stored on secure servers. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data you transmit to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent
5.2 All reasonable and appropriate technical and organisational measures will be taken against unauthorised or unlawful processing of personal data and against accidental loss or
destruction of, or damage to, personal data.
5.3 We will ensure that:
5.3.1 only authorised people will be able to access, alter, disclose or destroy personal data;
5.3.2 the authorised people will act within the scope of their authority and will be subject to a duty of confidentiality; and
5.3.3 if personal data is accidentally lost, altered or destroyed, it can be recovered to prevent any damage or distress to the individuals concerned.
5.4 As and when appropriate, we will conduct information risk assessments to ensure personal data is protected to a reasonable and appropriate standard for the nature of the personal data held.
5.5 We have put in place procedures to deal with any breach or suspected personal data breach and will notify you and the applicable regulator of a breach where we are legally required to do so.
6. How we may use your personal data
6.1 We use this information held about you in the following ways:
6.1.1 To ensure that content from our site is presented in the most effective manner for you and for your computer.
6.1.2 To provide you with information that you request from us.
6.1.3 To set you up as a new client and maintain your client record.
6.1.4 To carry out our obligations to provide goods or services arising from any contracts entered into, or about to be entered into, between you and us.
6.1.5 To allow you to participate in interactive features of our goods and services, when you choose to do so.
6.1.6 To notify you about changes to our goods and services.
6.1.7 To ask, and enable, you to complete a survey or feedback form.
6.1.8 To enable us to manage payments and collect and recover monies owed to us.
6.1.9 We may also use your personal data on behalf of selected third parties, to provide you with information about goods and services which may be of interest to you and we
may contact you about these.
6.1.10 If you are an existing customer, we may legitimately contact you (by e-mail, SMS, telephone, post) with information about goods and services similar to those which
were the subject of or is relevant to the goods or services previously provided by us to you.
6.1.11 If you are a new customer, and where you permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to
6.1.12 Where we need to comply with a legal or regulatory obligation.
7. Legitimate interest
7.1 We may process your personal data on the grounds of legitimate interest. We will only process your personal data in this way if we think there is real and genuine interest to both you and us and your interests and fundamental rights do not override those legitimate interests.
7.2 We process personal information for certain legitimate business purposes, which include some or all of the following:
7.2.1 Where the processing enables us to enhance, modify, personalise or otherwise improve our services and/or communications for the benefit of our customers.
7.2.2 To identify and prevent fraud.
7.2.3 To enhance the security of our network and information systems.
7.2.4 To better understand how visitors and our customers interact with our website.
7.2.5 To provide communications (postal, SMS text, telephone, email) containing information, products and/or services which we think will be of interest to you.
7.2.6 To determine the effectiveness of promotional campaigns and advertising.
7.3 Whenever we process your data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of those rights. If you do not want us to process your data in this way or have a specific objection, please notify us by email, [email protected] with the subject line “Data Protection”. Please bear in mind that if you object this may affect our ability to carry out services and the tasks in clause 7.2 for your benefit.
8. International data transfers
8.1 We share your personal data with the companies who provide services to us as set out in clause 2.2 above. This will involve transferring your data outside the European Economic Area (EEA).
8.2 Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is
8.2.1 We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
8.2.2 Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in
Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries;
8.2.3 Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to
personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield
8.3 Please contact us (see section  below) if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
9. Data Retention
9.1 Personal data processed for any purpose or purposes will not be kept for longer than is necessary for that purpose(s) or the purpose of satisfying any legal, accounting or reporting requirements. We will regularly review the personal data we retain, securely deleting where appropriate, anything we no longer need.
9.2 Information that does not need to be accessed regularly, but which still needs to be retained, will be safely stored or archived.
9.3 Further information relating to the retention and deletion of data can be found in our Data Retention, Deletion & Shredding Policy. Please see https://inpd.co.uk/about/your-data.
10. Disclosure of Your Information
10.1 We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.
10.2 We may disclose your personal information to third parties as follows:
10.2.1 In the event that we sell, transfer, merge or reorganise all or any part of our business or acquire all or any part of a third party’s business or assets, in which case we may
disclose your personal data to the prospective seller or buyer of such business or assets.
10.2.2 If our assets or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers is likely to be one of the
transferred assets and the new owners may use that personal data in the same way as set out in this privacy notice.
11. Your Rights
11.1 Under certain circumstances, you have rights under data protection laws in relation to your personal data, for example, the right to request correction of your data, erasure of your data, a right to object to the processing of your data and a right to withdraw your consent. If you wish to exercise any of these rights or any other legal rights, you have in relation to your data please contact us as set out in clause 14 below.
11.2 You have the right at any time to ask us or third parties not to process your personal data for marketing purposes and/or to withdraw any consent you have previously given to us or third parties to use your personal data for that purpose. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing or to withdraw your consent at any time by contacting us via
[email protected] using the subject line “Data Protection – Withdraw Consent”.
11.3 Our site may, from time to time, contain links to and from third party websites (such as those of our partners’ networks, advertisers and affiliates) and also to plug-ins and applications. If you follow a link to any of those websites or enable any of those connections, please note that the websites or connections may allow third parties to collect or share personal data about you and that the owners of those websites have their own privacy policies. We do not accept any responsibility or liability for third party privacy policies and we encourage you to please check those policies before you submit any personal data to those websites.
12. Access to Information
12.1 The Act gives you the right to access information held about you. If you wish to exercise your right of access, please refer to our Subject Access Request policy and contact us as set out in that policy.
12.2 You will not have to pay a fee to access your personal data, unless your request is clearly unfounded or excessive. In those circumstances, we may charge a reasonable fee to meet our costs in providing you with details of the information we hold about you. If having requested your personal data, you then request further copies of that data we may also
charge a reasonable fee for providing those duplicate copies.
14. Contact us
15. Further information
15.2 You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. The ICO’s contact details are below. We would appreciate the opportunity to deal with any concerns you have before you approach the ICO.
In Professional Development Ltd
FAO Data Manager
In Professional Development Ltd,
Blackthorn House, Appley Bridge,
Wigan, Greater Manchester, WN6 9DB
Information Commissioner’s Office
Cheshire SK9 5AF
Reviewed 28th November 2018_V5