First2train Ltd (“we”, “our” or “us”) is committed to protecting the privacy of all its customers who use our site ([details]) (our “Platform”). We are the “controller” under the General Data Protection Regulations (EU) 2016/679, and are committed to protecting your information and respecting your privacy.
How We Collect Your Information
- We collect your personal information when you interact with us or use our services, such as when you use our Platform to book a course, buy goods or otherwise engage with us.
- We collect information:
- when you create an account with us or you change your account settings;
- when you place an order with us and during the order process (including for payment and order delivery);
- when you contact us directly via email, phone or post.
- When you visit the Platform or place an order through the Platform you are asked to provide information about yourself including your name, contact details, address, order details and payment information such as credit or debit card information.
- We also collect information about your usage of the Platform and information about when you contact us or provide us with feedback, including via e-mail, letter and phone.
- We collect technical information from your mobile device or computer, such as its operating system, the device and connection type and the IP address from which you are accessing our Platform.
- We may also collect technical information about your use of our services through a mobile device, for example, carrier, location data and performance data such as mobile payment methods.
Use Of Your Information
- We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. We will have a lawful basis for processing your information; if we need to process your information in order to provide you with the service or goods you have requested or to enter into a contract; if we have your consent; if we have a justifiable reason for processing your data; or we are under a legal obligation to do so.
Retaining Your Information
- We only hold your information for as long as we need to in order to perform the services or have a valid reason to keep it.
- When determining how long to keep your information, we will take into account factors including:
- our obligations and rights in relation to the information;
- legal obligation(s) under applicable law to keep information for a certain period of time; and
- the need to verify to third parties your attendance on or passing of a course and the date on which you passed a course – accreditations are time-limited.
- Otherwise, we securely erase your information where we no longer require your information for the purposes collected. You may also delete your information by deleting your account. If you delete your account we will no longer store your information other than as required to confirm your attendance on or passing of a course, and the date on which you passed a course.
Disclosing Your Information
- We are very careful and transparent about who else your information is shared with.
- We share your information with third party service providers. The types of third party service providers whom we share your information with include:
- Payment providers (including online payment providers and fraud detection providers): for the purposes of providing services to us, for example when they process information such as credit card payments for us, provide support services to you or carry out fraud checks for us;
- IT service providers (including cloud providers): for the purposes of data storage and analysis;
- Regulators and accreditation bodies : so they can verify your qualifications;
- Customer support partners: who will help us to resolve any issues you may have with our services; and
- Marketing and advertising partners: so that they can ensure that you see advertising which is more relevant to you and send you email and postal marketing on our behalf.
- We may also share your information:
- if we are under a duty to disclose or share your information in order to comply with legal obligation or regulatory requirement;
- in order to enforce our contractual terms with you and any other agreement;
- to protect the rights of our staff, or others, including to prevent fraud.
- In some cases the personal data we collect from you might be processed outside the European Economic Area (“EEA”) in which we operate. These countries may not have the same protections for your personal data as the EEA has. However, we are obliged to ensure that the personal data that is processed by us and our suppliers outside of the EEA is protected in the same ways as it would be if it was processed within the EEA. There are therefore certain safeguards in place when your data is processed outside of the EEA. We ensure a similar degree of protection is afforded to it by ensuring that safeguards are implemented.
- We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.
- Where you have chosen a password that allows you to access certain parts of the Platform, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to the Platform; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- Under data protection law, you may have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact us using the contact details set out above. Your rights include:
- the right to be informed
- the right of access
- the right to erasure
- the right to lodge a complaint
- the right to withdraw consent
- the right to object to processing
- For additional information on your rights please contact the Information Commissioner’s Officer
- If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:
- Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
- Telephone number: 0303 123 1113
- Website: www.ico.org.uk