R38a Privacy Policy

The EU General Data Protection Regulation was introduced in May 2018. Our privacy policy has therefore been revised in order to comply with the new legislation.

 On our website we do not collect or process any personal data from visitors.

If you contact us to request a meeting or use our service, and provide us with your personal data, your providing of this information will constitute your consent to us having and handling this data.

We will keep all such data according to the standards set out below.

 The data privacy policy below explains how we fulfil our obligations of the GDPR, how we process the personal data of clients, and what their rights are.

 DATA PROTECTION AGREEMENT –

Compliance of the EU General Data Protection Regulation (GDPR)

LAWFUL BASIS FOR PROCESSING DATA

We agree with clients either verbally or in writing to provide a service. The processing of personal data is necessary for us to fulfil this agreement.

We may hold your data for a short period of time before providing a service because you have provided us with the data and asked us to act in your behalf.

INTENDED PURPOSES FOR PROCESSING DATA

To fulfil services agreed.

To comply with regulations and laws set out by English law and our regulatory bodies, City & Guilds and the CIEH. To meet the requirements of ISO 9001.

SOURCE OF PERSONAL DATA

All personal data we hold will be supplied by you, the client, or your previous accountant.

We do not source your personal data from anywhere or anyone else.

 DATA WE HOLD AND WHO HAS ACCESS

It is necessary for us to hold and process certain personal data about our clients. This includes, but is not limited to, the following: name, date of birth, address, contact details, business name and details.

We regularly review the data we hold for you and destroy any that is not necessary.

We store this data securely on site, where is only accessed by the directors and members of administrative staff.

THIRD PARTY DATA SHARING

It may be necessary for us to share or store your personal information with third parties. These may include: CIEH, SQA, our software providers including Quickbooks, and Microsoft. We check all of our third party providers to ensure that they too comply with the GDPR and we do not establish working relationships with providers that are not compliant.

SQA – RETENTION POLICY

We will retain records for three calendar years following completion of SQA Street Works qualifications.

We will retain records for six calendar years following completion of Ofqual regulated SQA Working in Confined Spaces qualifications.

These records are:

¨ a list of candidates registered with SQA for each qualification offered in the centre

¨ details of candidate assessment, including the name of the assessor, location, date and outcome

¨ internal verification activity

¨ certificates claimed

These records will be made available to the external verifier and SQA on request. Records will be stored securely and in a retrievable format. In the case of an appeal against an internal assessment result, we will retain records, including all materials and evidence, until the appeal has been resolved. For appeals to SQA against an internal assessment result in a regulated qualification — assessment and internal verification records for appeals cases will be retained for six years thereafter, unless there is a legitimate reason to retain records for a further period. Where an investigation of suspected malpractice is carried out, the centre will retain related records and documentation for three years for non-regulated qualifications and six years for regulated qualifications. In the case of an appeal to SQA against the outcome of a malpractice investigation, assessment records will be retained for six years. In an investigation involving a potential criminal prosecution or civil claim, records and documentation will be retained for six years after the case and any appeal has been heard. If there is any doubt about whether criminal or civil proceedings will take place, we will keep records for the full six year period.

We store all paper and electronic documentation securely. We review our data security annually.

Restriction of access to physical data is relatively simple as all physical data can be accessed only by us, the directors (Wesley and Rachel Fullman).

We use up to date anti-virus software, and IT protection to ensure that digital files are kept secure. 

YOUR RIGHTS

RIGHT TO BE FORGOTTEN – You may contact us at any time to request that all your personal data be forgotten. We have 28 days to respond to this request. This right is not absolute, and we will decide whether or not we can comply, depending on whether this request conflicts or contradicts with our existing obligations to our regulatory bodies.

 If you do not agree with our decision you can submit a complaint to the ICO at https://ico.org.uk.

RIGHT TO RESTRICT PROCESSING – You may contact us at any time to request restriction or suppression of your personal data so that we can store it but not process it. We have 28 days to respond to your request.

RIGHT OF ACCESS – You may at any time request access to all the personal information that we hold for you. We will comply and send you all the information we hold about you within 28 days. This allows us an acceptable amount of time to gather the paper and electronic information and arrange to deliver it to you securely.

RIGHT TO RECTIFICATION – You may at any time request that we rectify incorrect or incomplete personal data that we hold or process for you.

DATA PROTECTION BREACH

Should we suffer a breach and your personal data is at risk, we will notify the ICO and yourself within 72 hours.

CONTACT

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to info@ctsservices.co.uk

Reviewed April 2023