We are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection.
We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR.
How We Have Prepared for GDPR
Live and Learn Consultancy Ltd already have a consistent level of data protection and security across our organisation, however it is our aim to be fully compliant with GDPR by 25th May 2018 and to continually monitor and update our policy and procedure with a formal review every 6 month to ensure we remain complaint. Our preparation included:
We carried out a company wide information audit to identify and asses what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
- POLICIES AND PROCEEDRES
We have revisited our data protection policy, privacy statements and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws to include:
Our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR with a focus on privacy of the rights of the individuals.
DATA RETENTION AND REMOVAL
We will ensure that all data of a personal nature is held securely and respect the rights of the individuals to have this removed from our records. Removal of information electronically with be done immediately at the request of the client and comply with the timescales outlined in GDPR in EU Law. Any personal data held on paper will be destroyed confidentially within the same time scale. Please contact us immediately or complete the form attached here.
Our breach procedure ensures that we have safeguards and measures in place to identify, assess and investigate any data breach. Our procedures are robust and understood by all members of staff via the employee handbook and training.
INTERNATIONAL DATA TRANSFER AND THIRD-PARTY DISCLOSURES
We currently store no data outside of the EU. If at any stage this changes we will review our policy immediately and further statements and policies will be written. Live and Learn Consultancy Ltd utilise the services of partners which can be viewed below in this document. They are required to adhere to our GDPR statement in providing their services to us.
(SAR) SUBJECT ACCESS REQUEST
We will comply with the 30-day time frame for providing the requested information and will provide this to our customers free of charge.
We have updated our consent mechanisms for obtaining personal data ensuring that individuals understand what they are providing, why and how we store their data.
We have updated our direct marketing to ensure that all direct marketing includes clear opt-in mechanisms for marketing subscriptions, a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
DATA PROTECTION IMPACT ASSESSEMENTS
We do not process high risk information. Should this change in the future we will update our statement.
Where we use a third party to process personal information on our behalf (e.g. – payroll) we have drafted a compliant processor agreement and due diligence procedures for ensuring that they meet and understand their/our GDPR obligations.
SPECIAL CATEGORY DATA
In areas where we process any special category data, we will only process this data where the data subject has provided explicit consent to the processing of those personal data.
- DATA SUBJECT RIGHTS
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via our office, our website and via our nominated staff members to ensure the individuals right to access any personal information that we at Live and Learn Consultancy Ltd process about them.
This will include the right to question:
- What personal information we hold
- The purpose of processing
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data abut them corrected or removed
- The right to opt out
- GDPR ROLES AND EMPLOYEES
We have designated a data privacy team to ensure the compliance of GDPR Law the following roles within our organisation to ensure compliance with GDRP:
- DATA PROTECTION LEAD – Paul Kitchen
- DATA PROTECTION OFFICER – Lisa Kitchen
- DATA PROTECTION COMPLIANCE – Lesley Holmes
All our employees are committed to ensuring the protection of personal data. The removal of personal data will be carried out by Lesley Holmes and the review of our compliance will be carried out every 6 months and approved by Paul Kitchen. The review will ensure all team members are continually updated on GDPR and compliance and informed of any changes and understand their responsibilities.
- PARTNERS / 3RD PARTIES
Our 3rd party partners should never access our data without our specific consent and with due cause. Should they have need to do so on our behalf they will be asked to specifically comply with our GDPR compliance policy.
- Panda IT look after our server, our website, our telephone system, internet and security. This is a managed service and they take every step to ensure all data is held securely on our behalf and that security settings are high. They constantly monitor and carry out checks to ensure no breeches occur and will inform us immediately should this happen.
- Should data breeches happen Panda IT will be instructed to take steps on our behalf to secure the breech and ensure all data is protected.
T77 Accountants Ltd
- T77 Ltd are our accountants and have access to staff files for payroll purposes along with all financial information.
SOFTTEXT LTD (ACT PARTNER)
Our CRM which houses our data is ACT, our partner for ACT is Softtext Ltd who support us in managing our data along with the team at ACT. Our ACT CRM is held securely on our server and is carefully monitored by Panda IT. With our authority on occasion, Softtext can access the CRM remotely. This is only with our consent to provide system updates at agreed times.
For purposes of debt collection for non-payers Advocate Legal are named in our terms and conditions as our debt collection partner. Clients are informed as part of our debt collection process that their details are being forwarded to Advocate and given 7 days’ notice to make payment to avoid this action.
TAYLOR ROSE LAW
Taylor Rose Law are our legal partner for disputes and have produced our Terms and Conditions. No data is currently shared with them, and we reserve the right to do so should a legal matter arise.
CITRUS HR AND ALBION LEGAL
Citrus HR are our HR partner, all our employee information is held on their secure on-line system. All staff have access to their own data with only department heads and business owners having further access. All personal information is stored here.
Albion Legal provide legal services for employee disputes. Should a dispute take place, Live and Learn Consultancy Ltd will share all relevant data held on Citrus HR for them to be able to support us legally in the matter.
Xero is our financial accounting software, information on staff salaries and expenses are held here.
We use office 365 and outlook to keep a history of conversations, record meetings and notes.
ENSIS SOLUTIONS (APPRENTICESHIP CUSTOMERS ONLY)
Live and Learn Consultancy Ltd act as a learning broker, our only partner is Ensis Solutions. When a corporate client contacts us to arrange apprenticeships on their behalf we only pass the information onto Ensis once we have written confirmation from the client they are happy for us to do so. The information is transferred via email to Ensis on the form you can access here (insert form link). Ensis DO NOT have direct access to our data and are only given what you agree we can share.
Once the data has been passed to Ensis the responsibility to keep that data safe will fall under their GDPR guidelines and strongly advise our clients to make themselves aware of their policy.
Any data held by us will remain securely stored on our server/ACT CRM. Clients have the right to ask for this to be removed at anytime in line with GDPR guidelines.
- CUSTOMER INFORMATION
As a business customer or individual customer, we will take every step necessary to ensure your data is held securely.
WHAT INFORMATION WE REQUEST AND WHY
- General information
- Learner details
The information you provide is to ensure we can:
- Quote accurately on services you require
- Send out joining instructions, venue updates, training updates, trainer details and generally manage your booking and delivery of training.
- Deliver training to the highest standards by understanding your requirements.
- Forward feedback from the training session, send certificates of attendance, gain your feedback on our delivery.
- Keep you updated on future courses, provide hints and tips on training, provide you with the latest learning.
For regular clients, keeping a history allows us to maintain and build our partnership by understanding your business. Furthermore, clients will often ask us to access our records on them and provide copies of information e.g.: feedback sheets, attendance lists, past invoices etc.. Being able to do this means we can provide our clients with the very best service and support their needs.
Your data is held by us and is NEVER shared with third parties. For apprenticeship customers we will request your authority to share with our partner Ensis Solutions before we do so.
We will send you direct emails and contact you via telephone from time to time. This is with the intent of maintaining a partnership and providing services that are helpful and non-intrusive. We will endeavour to provide information that is relevant, useful and worthwhile by both telephone and direct mail (post and email). All forms of communication will give you the option to:
- Opt out of 1 or all forms of contact
- Have your data removed from our system
PAYMENTS TO LIVE AND LEARN
We accept the following methods of payment:
- Bacs Transfer
- Stripe – online card payment
We hold no financial card details for our clients. Should you require further information or clarification please contact :
Live and Learn Consultancy Ltd
08448 119 463