Your privacy is important to the Online Trainer Education. To protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. We will only use the information that we collect about you lawfully. We collect information about you for 2 reasons: Firstly, to process your order and secondly, to provide you with the best possible service. We will not e-mail you unless you have explicitly opted onto our email list. Every email sent out will also give clear instruction as to how to remove yourself from our email list.
We will never collect sensitive information about you without your consent. The information we hold will be accurate and up to date. You can check the information that we hold about you by emailing us. If you find any inaccuracies or errors, we will delete or correct it promptly.
Data Protection Legislation: the General Data Protection Regulation 2018 (“GDPR”) as amended or updated from time to time, or any successor legislation.
Personal Data: any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
For the purposes of the Data Protection Legislation, the Customer is the data controller and Online Trainer Education is the data processor (where Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation).
Online Trainer Education shall, in relation to any Personal Data processed in connection with the performance by us of our obligations:-
(a) process that Personal Data only on the written instructions of the Customer;
(b) ensure that it has in place appropriate technical and organisational measures (that can be reviewed and approved by the Customer at the Customer’s request) to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
(c) ensure that only those individuals that need to access or process Personal Data will have access to and/or process Personal Data and those individuals are and will continue to be obliged to keep the Personal Data strictly confidential in compliance with the Data Protection Legislation;
(d) assist the Customer, at the Customer’s request and reasonable cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(e) notify the Customer and the Information Commissioner’s Office (“ICO”) without undue delay (and in any event in compliance with the required timescales set out in the Data Protection Legislation) on becoming aware of a Personal Data breach; and
(f) at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by the Data Protection Legislation to store the Personal Data.
The Customer will be required to provide consent to Online Trainer Education to appoint GoCardless/Stripe as a third-party processor of Personal Data. Online Trainer Education confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party’s standard terms of business, but in any event, that such terms will ensure compliance by the third party with the Data Protection Legislation.