Purpose of this document
Areas of the GDPR addressed
The following articles of the GDPR are addressed by this document:
Chapter II – Principles
Chapter III – Rights of the data subject
1. Who are we?
In the context of our activities and to operate efficiently, we collect, hold, disclose and/ or otherwise process personal data about people with whom we work and people that use our websites. This may include members of the public, current, former and prospective employees, contractors, agents, collaborators, customers, clients, suppliers and users of our websites (“Data Subjects”, or “you”). In addition, we may be required by law to collect and use information in order to comply with regulatory requirements
In order to send you tailored information of your particular interest (the “Mailings”), we also process your personal data.
Pursuant to applicable data protection and privacy legislation, we qualify as the controller with respect to your personal data that we process.
2. Your privacy is important to us
We value your right to privacy and strive to protect your personal data in accordance with applicable data protection legislation in each relevant country including in particular the EU General Data Protection Regulation (“GDPR”) and its national implementing legislation as well as any UK GDPR regulations coming into force from January 2021. For the avoidance of doubt, we will continue to adhere to all legal and regulatory requirements following any changes to both UK and EU Data Protection Law following the end of the Brexit Transition Period from January 2021.
We consider that the correct treatment of your personal data is integral to our successful operations and to maintaining your trust. We fully appreciate the underlying principles of the GDPR and support and adhere to its provisions.
We will comply with the data protection principles by making sure that all your personal data is:
· Fairly and lawfully processed in a transparent manner;
· Processed for specific and limited purposes;
· Adequate, relevant and not excessive and limited to purpose for which we use your personal data;
· Accurate and kept up to date;
· Not kept longer than necessary;
· Processed in accordance with your rights to information, correction or deletion;
· Protected by technical and organisational safeguards to ensure the security of your personal data;
· Not transferred to countries outside the European Economic area unless the country to which your
personal data is to be transferred has adequate protection for you.
3. Whose personal data do we collect?
In the context of our services or by simply using our website, we may collect personal data relating to members of the public, current, former past and prospective employees, contractors, agents, collaborators, customers, clients, suppliers, visitors to our website and other persons dealing with Improve International.
4. How do we collect personal data relating to you?
We may collect information about you in various ways:
· Directly in connection with an actual or potential business relation or employment relation with us;
· Directly from you when you visit our website www.improveinternational.com or one of our other websites and through social media accounts or memberships with third parties including LinkedIn or Facebook , which may include information you provide to us by means of contact forms on that website or by opting in for our Mailings;
· Uploading a CV;
· From publicly available sources such as Linked-in or the corporate website of the organisation you are working for;
· From other sources such as current and former employees of the company you work for or colleagues or through third parties to which you gave consent to disclose information about you;
· When you visit our website by means of cookies.
5. What personal data do we collect
The information we collect depends on the nature of the Data Subject and the relationship of Improve International with that person. We may collect, included but not limited to, the following information from you:
· Personal details such as name, birth date, gender, marital status and information on partner and children;
· Professional license number/college registration number;
· Contact details such as telephone number, postal or e-mail address or other contact details;
· Business contact information, such as job title, department and name of the company or organisation;
· Payment details, including tax number and bank account number;
· Areas of interest;
· Opt-in / opt-out for marketing materials;
· Opt-in / opt-out for other mailings;
· Content you provide (such as photos, articles, assessments, information, personal details);
· Qualifications, CV, references, education;
· Content you make available through social media accounts or memberships with third parties including LinkedIn or Facebook;
· Photographs and CCTV footage;
· Time registration, attendance and absence information in case you follow a course with usor through third parties to which you gave consent to disclose information about you.
6. For what purposes do we use your personal data?
We will process your personal data for the following purposes which may require your explicit consent:
· Customer or supplier administration;
· Supply and delivery of the services or products ordered by you;
· Administrating payment of invoices and collection of debts;
· Marketing purposes;
· Provide, administer and communicate with you about our products, services, offers or other updates that might be relevant to you;
· Scientific studies and research;
· Continuous improvement of our services;
· Compliance with Data Protection legislation and/or any applicable laws and regulations;
· Protect against and prevent fraud and unauthorised transactions;
· Operate, evaluate and improve our business (including developing new products and services, managing our communications, facilitation the functionality of our website and performing accounting, auditing, billing and collection activities);
· Anonymising personal information;
· Register and follow-up any opt-in or opt-out that you have indicated to us, in order to ensure that Mailings are customized and to ensure that you no longer receive Mailings you have opted-out of;
· Enforce our legal rights, protect our assets, business and staff;
· Comply with regulation;
· Use personal data in an anonymous and aggregate way for survey analysis research purposes;
· Any other purposes of processing of your personal data agreed upon with you;
When we process your personal data on the basis of explicit consent, please note that you have the right to withdraw that consent at any time. You may do so by sending a request to firstname.lastname@example.org.
7. With whom do we share your personal data?
In the context of the purposes as listed above, we may share your personal data with third parties, such as banks, accreditation bodies and IT service providers or transfer the data in an anonymous way to third parties for statistic or research purposes. Your personal data can also be disclosed to all companies within Improve International group.
We will ensure that, where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements with relevant parties (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).
Improve International is a global business. To offer our services we may need to transfer and/or receive your personal data to parties that are located in countries outside the European Economic Area (EEA) and UK, which countries may offer a lower level of data protection than in the EEA and UK.
In such case, it shall be ensured that adequate measures are taken to ensure adequate protection of your personal data in accordance with applicable data protection legislation.
8. How long do we store your personal data?
Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (we refer to the purposes as listed above in paragraph 6). We will implement the necessary administrative, technical and organisational measures for ensuring a level of security appropriate to the specific risks that we have identified.
We protect your personal data against destruction, loss, alteration, unauthorized disclosure of or access. We will normally keep your personal data for the duration of the business relation we have with you and for a period of 7 years after the end of the contract or services delivered to you unless the data relates to professional certifications or qualifications supplied by us to you which you may require evidence of throughout your career, which could be kept for a period of 50 years, as it is for your best interests. Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings, we will store the personal data for longer periods.
For Mailings, we will store your personal information until the moment you have informed us that you no longer wish to receive these Mailings
9. How do we protect your personal data?
We will implement the necessary administrative, technical and organisational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorized disclosure of or access.
These measures shall include the following measures regarding your personal data transmitted, stored or otherwise processed:
· Prevention of unauthorised persons from gaining access;
· Prevention of unauthorised use or disclosure;
· Ensuring that persons entitled to use your personal data gain access only to such personal data as
they are entitled to access in accordance with their access rights;
· Ensuring that your personal data cannot be read, copied, modified or deleted by persons not having
the right authorisation to do so;
· Ensuring that your personal data are processed solely in accordance with the purposes for which your
personal data is collected;
· Protection against alteration;
· Protections against accidental destruction or loss;
· Data recovery procedures;
· Anti-malware controls;
· Security updates.
We will require compliance with behavioural guidelines from our staff, contractors and data processors where we work with to ensure maximum protection of your personal data.
We may employ encryption of your personal data according to formal processes and encryption standards. We also undertake to execute periodical risk assessments of the implemented security controls.
Further, we seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).
10. What are your rights and how you can exercise them?
You have the right to the following, in the circumstances set out below:
· Information about and access to your personal data;
· Rectify your personal data;
· Erasure of your personal data (‘right to be forgotten’);
· Restriction of processing of your personal data;
· Object to the processing of your personal data;
· Receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organisation.
To read more about these rights, and circumstances under which you can use these rights, in particular your right to object, please see below:
Right to information and right to access your personal data: You may at any time request more information on our processing activities and the personal data that we are keeping from you.
Right to Rectification of inaccurate or incomplete personal data of: You have the right to require us to, without undue delay, rectify or complete any of your personal data that is inaccurate or incomplete.
Right to deletion of your personal data (‘right to be forgotten’): You may request us to delete (part or whole of) your personal data in the following situations:
· When the processing is no longer necessary for achieving the purposes for which we collected or otherwise processed it; or
· When the processing was based on your consent and you have decided to withdraw that consent;
· When you have other reasonable grounds to object to the processing of your personal data;
· When we would unlawfully process your personal data;
· When your personal data have to be erased in compliance with a legal obligation directed to us.
In some cases, we may refuse to delete your personal data:
(i) for exercising the right of freedom of expression and information;
(ii) for compliance with a legal obligation; or (iii) for the establishment, exercise or defence of legal claims.
Right to Restriction of processing: You may request us to (temporarily or permanently) restrict the processing of your personal data in the following situations:
· When you have contested the accuracy of your personal data, for a period enabling us to verify this accuracy; or
· When the processing appears to be unlawful and you request us the restriction of use of your data instead of the deletion of this data; or
· When we no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
· Pending verification whether our legitimate grounds override yours in the framework of an objection.
Right to object to the processing of your personal data (free of charge): You may under certain circumstances object to the processing of your personal data, when such processing is based on our “legitimate interests”. If we agree, we will no longer process your personal data, unless we have compelling legitimate grounds to do so, or because such a processing is necessary. You also have the right not to be subject to profiling for direct marketing purposes.
Right to Opt-Out: Where we process your personal data for direct marketing purposes, you may at any time object to the processing thereof or withdraw your consent thereto. You may therefore at any time after consenting to us sending you marketing communication, change your preferences. You may unsubscribe to our newsletters, change your settings in private areas (if applicable) or send us a request to opt-out of Mailings.
Right to data portability: In some cases, you have the right to receive all your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. This right applies:
· In case the processing is based on consent or on the necessity for the performance of a contract; and
· In case the processing is carried out by automated means.
Finally, you have the right to lodge a complaint towards any company within Improve International group with the local data protection authority of that company, relating to the processing of your personal data by us.
If you want to exercise one of the above rights, you can send your request to email@example.com.
We use certain cookies and social media plug-ins on our website. Some of them are essential to make our website work, others serve to provide you a better, faster and safer user experience.
· Improve International, to the attention of the Chief Data Controller, Alexandra House, Whittingham Drive, Wroughton, Swindon SN4 0QJ, United Kingdom; or
· by e-mail at firstname.lastname@example.org.