Please read this Policy carefully as it contains important information on who we are, how and why we collect, store, use and share your personal data, your rights in relation to your personal data, how to contact us, and how to contact supervisory authorities in the event that you would like to report a concern about the way in which we process your personal data.
Who are we?
For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679), New Broom Training is the ‘controller’ of learner personal data.
New Broom Training is a Private Independent Training Provider. Our registered address is 353 Minster Road, Minster, Sheerness, Kent, ME12 3NR
If you have any queries about this Policy, the way in which we process personal data, or about exercising any of your rights, you may send an email to email@example.com or write to:
New Broom Training
353 Minster Road
What personal data do we collect?
For learners we collect your name, gender, and date of birth and address. We may also collect other personal data if required to change or administer your registration with City and Guilds; our quality assurance processes; investigations, complaints and appeals. This personal data is provided to you.
In exceptional circumstances, you may be required to provide us with sensitive personal data, such as information about your physical or mental health of condition, to enable us to request reasonable adjustments to your qualification, or sensitive personal data relating to an investigation, complaint, or appeal. Such information should only be provided to us if you have provided your explicit consent.
We assign a unique learner number to each learner at the point of learner enrolment that we use in relation to your learning, assessment, and certification. We also receive an additional learner number from City and Guilds that is used by them and us as the main unique personal identifier for you.
If you contact us through our contact form we collect your name, email, company name, address and telephone number.
How do we use your personal data?
We may use your personal data where this is necessary to pursue our legitimate interests as a provider of training, assessment, and certification products and/or services, including to:
- provide you with products and/or services which you have registered, or have been registered, for;
- undertake administration in relation to products and/or services which you have registered for;
- provide you with a certificate, credential or other record of learning;
- contact you directly in relation to our quality assurance processes, investigations, appeals, and complaints;
- contact you directly in relation to our new and existing products, services, news, awards and in addition, qualification offered by City and Guilds
- assess and provide reasonable adjustments in relation to your learning or assessment where requested.
We may also process your personal data if required by law, including to respond to requests by government or law enforcement authorities, or for the prevention of crime or fraud.
Who do we share your personal data with?
We may share your personal data with relevant third parties, where necessary, in relation to your learning, assessment, or certification, including:
- regulatory authorities,
- authorised representatives, and partners;
We may also share your personal data with trusted third-party service providers including:
- legal and other professional advisers, consultants, and professional experts;
- service providers contracted to us in connection with provision of learning, assessment, and training products and services such as markers, moderators, assessors, certification or credentialing providers, IT services and customer relationship management services; We will ensure there is a contract in place with such third parties that include obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them.
We take all reasonable steps to ensure that our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a genuine business need to know it.
We may also share personal data with law enforcement or other authorities if required by applicable law.
How long will we keep your personal data?
We will retain personal data relating to your learning, assessment, and certification to enable us to provide information about your learning or a replacement certificate.
We will retain personal data relating to our quality assurance processes, appeals, or investigations for a maximum period of seven years to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities.
Where do we store your personal data and how is it protected?
We take reasonable steps to protect your personal data from loss or destruction. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Under the GDPR, you have various rights with respect to our use of your personal data:
Right to Access
You have the right to request a copy of the personal data that we hold about you by contacting us at the email or postal address given below. Please include with your request information that will enable us to verify your identity. We will respond within 1 month of request. Please note that there are exceptions to this right. We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person, if we are legally prevented from disclosing such information, or if there is no basis for your request, or if it is excessive.
Right to rectification
We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
Right to erasure
You have the right to request the deletion of your personal data where, for example, the personal data is no longer necessary for the purposes for which it was collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed. If you would like to request that your personal data is erased, please contact us using the contact details provided below.
Right to object
In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes. If you would like to object to the processing of your personal data, please contact us using the contact details provided below.
Right to restrict processing
In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have queried the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. Please contact us using the contact details provided below.
Right to data portability
In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. If you would like to request make such request, please contact us using the contact details provided below.
Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception we will explain this to you in our response.
If you have any queries about this Policy, the way in which New Broom Training processes personal data, or about exercising any of your rights, you can send an email to firstname.lastname@example.org or write to:
New Broom Training
353 Minster Road
If you believe that your data protection rights may have been breached, and we have been unable to resolve your concern, you may lodge a complaint with the applicable supervisory authority or to seek a remedy through the courts. Please visit the UK Information Commissioner’s Office website for more information on how to report a concern.
Changes to our Policy
Any changes we may make to our Policy in the future will be amended on this document and posted on our website and every learner e-portfolio and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Policy.