Legal

Combico UK Privacy Policy

We issue this privacy notice in the interests of transparency over how we use (“process”) the personal data that we collect from our learners.

Personal data for these purposes means any information relating to an identified or identifiable person ie: Name, address, date of birth, NI number, ID Photographs, Email addresses.

“Sensitive personal data” means personal data consisting of information as to –

  1. the racial or ethnic origin of the individual;
  2. their political opinions;
  3. their religious or philosophical beliefs;
  4. their membership of a trade union;
  5. their physical or mental health or condition;
  6. their sexual life;
  7. the commission or alleged commission by them of any offence;
  8. any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings,
  9. genetic data; and
  10. biometric data where processed to uniquely identify a person (for example a photo in an electronic passport).

Data Controller

For data protection purposes the “data controller” means the person or organisation who determines the purposes for which and the manner in which, any personal data is processed.

The role of data controller at First Choice Combico, Blakeney Way, Kingswood Lakeside, Cannock. WS11 8LD has been assigned to Martin Dagnall – Centre Manager.

Data Officers

For employees and learners:
First Choice HR & Quality Manager

For security & breach of data:
First Choice IT Systems Manager

Contact email address: gdpr@firstchoice-cs.co.uk

1. Purpose of processing the data

It is necessary for us to process personal data of learners for the following reasons:

  1. We will need the information to identify the individual for the purpose of training;
  2. Requirements of accreditation bodies to issue certificates;
  3. Requirement of accreditation bodies for re-assessment;
  4. Requirements to be able to offer support during training;
  5. Visiting site – CCTV & Entry Sign systems for health & safety and security purposes; and
  6. Corresponding with us by phone, email or in writing (calls may be monitored or recorded for training, quality assurance and other business purposes).

2. Recipients of personal data

Your personal data may be received by the following categories of people:

  1. Combico training and administration staff;
  2. Logic Certification (ACS Gas Assessment);
  3. City & Guilds (CCEECC training); and
  4. Industry Manufacturers – Product training

3. Duration of storage of personal data

We will keep personal data for no longer than is strictly necessary, having regard to the original purpose for which the data was processed. In some cases, we will be legally obliged to keep your data for a set period.

4. Your rights in relation to your personal data

The right to be forgotten

You have the right to request that your personal data is deleted if:

  1. it is no longer necessary for us to store that data having regard to the purposes for which it was originally collected; or
  2. in circumstances where we rely solely on your consent to process the data (and have no other legal basis for processing the data), you withdraw your consent to the data being processed; or
  3. you object to the processing of the data for good reasons which are not overridden by another compelling reason for us to retain the data; or
  4. the data was unlawfully processed; or
  5. the data needs to be deleted to comply with a legal obligation.

We can refuse to comply with a request to delete your personal data where we process that data:

  1. to exercise the right of freedom of expression and information;
  2. to comply with a legal obligation or the examining board requirements;
  3. for public health purposes in the public interest;
  4. for archiving purposes in the public interest, scientific research, historical research or statistical purposes; or
  5. the exercise or defence of legal claims.

5. The right to data portability

You have the right to receive the personal data which you have provided to us and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (us) where:

  1. the processing is based on consent or on a contract; and
  2. the processing is carried out by automated means.

Note that this right only applies if the processing is carried out by “automated means” which means it will not apply to most paper based data.

6. The right to withdraw consent

Where we process your personal data in reliance on your consent to that processing, you have the right to withdraw that consent at any time. You may do this in writing to: Martin Dagnall – Centre Manager.

7. The right to object to processing

Where we process your personal data for the performance of a legal task or in view of our legitimate interests you have the right to object on “grounds relating to your particular situation”. If you wish to object to the processing of your personal data you should do so in writing to Martin Dagnall – Centre Manager.

Where you exercise your right to object we must stop processing the personal data unless:

  1. we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or
  2. the processing is for the establishment, exercise or defence of legal claims.

8. The right of subject access

So that you are aware of the personal data we hold on you, you have the right to request access to that data. This is sometimes referred to as making a “subject access request”. The right will only apply to your own personal data under the definitions of personal data by the GDPR and not access to any other data

9. The right to rectification

If any of the personal data we hold on you is inaccurate or incomplete, you have the right to have any errors rectified. In these circumstances, please contact Martin Dagnall – Centre Manager in writing.
Where we do not take action in response to a request for rectification you have the right to complain about that to the Information Commissioner’s Office (ICO).

10. The right to restrict processing

In certain prescribed circumstances, such as where you have contested the accuracy of the personal data we hold on you, you have the right to block or suppress the further processing of your personal data.

11. Security of Data

First Choice Group handles sensitive customer data including cardholder information daily. Sensitive Information must have adequate safeguards in place to protect them, to protect cardholder privacy, to ensure compliance with various regulations and to safeguard First Choice Group. First Choice Group commits to respecting the privacy of all its customers and to protecting any data about customers from outside parties. Employees will ensure they:

  • Handle customer information in a manner that fits with the sensitivity of the data;
  • Do not disclose personal data unless security questions & account verification is completed;
  • Action immediately any requests for data to be removed from First Choice Group systems unless systems are unavailable in which case as soon system functionality is restored;
  • Keep Information no longer than required, including emails which will be evaluated on a 6-month basis and removed as applicable;
  • Protect the sensitivity of cardholder information by never physically writing down or electronically storing any cardholder information;
  • Report any data breach to the Data Controller so that the severity of the breach can be determined by following guidelines in Data Breach Procedure QP13001;
  • Follow guidelines of the First Choice Group – Information Security Policy FCD0138 and User Password Policy FCD0136 to protect and secure the First Choice Group network.

12. Firewalls / Network Security

  • Firewalls will be implemented at each internet connection and no direct connections from internet to the data environment will be permitted. All traffic must traverse through the First Choice Group firewall. Firewall rules will be reviewed on a six months basis to ensure validity.
  • All machines will be configured to run the latest anti-virus software as approved by the Company and automatic updates will be set up and periodic scans.
  • Staff will take responsibility to be vigilant for new threats which automated scanning tools may not detect and staff will have periodic awareness training to detect malicious and what action to take if their computer is infected.

13. Complaints

Where you take the view that your personal data is processed in a way that does not comply with the GDPR, you have a specific right to lodge a complaint. Please contact the First Choice Group Data Officers:

For personal data issues & complaints:
First Choice HR & Quality Manager

For security & breach of data:
First Choice IT Systems Manager

at gdpr@firstchoice-cs.co.uk

If we are unable to resolve your concern, you may lodge a complaint with the relevant supervisory authority. The supervisory authority will then inform you of the progress and outcome of your complaint. The supervisory authority within the UK is the: Information Commissioner’s Office (ICO).

FCD0140 – Combico Privacy Notice – 2018-01

At the heart of catering equipment service