1.0 Privacy and Data Protection Overview
Elements First Aid has a legal duty to protect your personal information and we are committed to protecting and respecting your privacy. This policy explains how we, Elements First Aid, may collect and use the information you give us via the website, the conditions under which we may disclose it to others and how we keep it secure.
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Elements First Aid is registered as a Data Controller with the Information Commissioner’s Office (ICO). ICO registration number: ZA121028
- The Data Protection Act (1998 )
- The Privacy and Electronic Communications (EC Directive) Regulations (2003)
- The EU General Data Protection Regulation (Regulation EU 2016/679), (‘GDPR’), effective from 25 May 2018
2.0 Personal Information That This Website Collects and How We Collect It
This website collects and uses personal information for the following reasons:
2.1 Course booking
Information is collected from you when you complete a booking form on the website. The personal information we collect from you is limited to what is necessary to enable us to carry out the purposes for which it is collected. The data we may collect, store and use can include the following:
- Name and contact information. We may collect your first aid last name, title, job title and company name, email address, phone number, home address and other similar data. We store and process this data using Arlo Training Management Software – a third party data processor (see section 6.0 below). All data collected is encrypted at rest and stored in AWS, a provider that is fully compliant with GDPR.
- Payment information. We collect data necessary to process your payment if you purchase one of our services. Your card information is not held by us and we do not store credit card details. We use third-party payment processor Stripe to securely process online card payments and secure accounting software called Zero. We do not take payments over the phone.
You have choices about some of the personal information we collect. When you are asked to provide personal information, you may decline. Please note, that if you choose not to provide personal information that is necessary to enable us to carry out your requests then we may not be able to fulfil that request. If this is the case, we will notify you at the time.
2.2 Site visitation tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you, but Google do not grant us access to this. We consider Google to be a third-party data processor (see section 6.0 below).
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
2.3 Contact & Enquiry forms
Should you choose to contact us using the contact or enquiry forms on our website, none of the data that you supply will be stored by this website. The data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP) and encrypted and stored by AWS via our Training Management Software.
2.4 Email newsletter & marketing communications
If you choose to join our email newsletter, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third- party data processor (see section 6.0 below). The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.
Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
If you are under 16 years of age you must obtain parental consent before joining our email newsletter.
While your email address remains within the MailChimp database, you may receive periodic newsletter-style emails from us.
3.0 Why We Collect This Data
Our lawful ground for this processing is our legitimate interest to enable us to perform the contract between you and us, or take steps at your request to enter into a contract to deliver training services, to properly administer our website and grow our business.
4.0 How We Use This Data
Collecting this data helps us understand what you are looking for from the company, enabling us to deliver improved products and services.
Specifically, we may use data:
- Process orders you have submitted
- Carry out our obligations arising from any contracts entered into by you and us
- Award first aid certificates
- Send reminders about first aid certificates that are about to expire
- Receive important news associated with your qualification
- Seek your views or comments on the services we provide
- Notify you of any changes and/or additions to our services
- For our own internal records
- To improve the products and services we provide
- To contact you in response to a specific enquiry
- To customise the website for you
- To send you promotional emails about products, services, offers and other things we think might be relevant to you
We do not sell, trade or otherwise transfer to outside parties your personal information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
Elements First Aid is a training centre approved and monitored by the Awarding Organisation ‘ITC First Ltd’ to deliver first aid qualifications and training. Information collected may be shared with ITC First to allow them to award first aid certificates and regulated qualifications.
5.0 How We Store Your Personal Information
If you choose to submit some personal information via the website, it will be stored and processed by our Training Management Software. All data is encrypted at rest and stored in AWS, a provider that is fully compliant with GDPR. Read more at https://aws.amazon.com/compliance/gdpr-centre/. If you choose to opt in to email marketing, then your email will be stored in Mailchimp.
6.0 Our Third Party Data Processors
We may need to share your information with third parties in order to deliver the services required (for example to issue a first aid certificate). If we do, you can expect a similar degree of protection in respect to your personal information to that provided by us and we disclose only the personal information that is reasonably necessary to deliver the service.
We require third parties to respect the security of your data and to treat it in accordance with the law. We only permit third parties to process your personal data for specified purposes in accordance with our instructions and do not allow our third-party service providers to use your personal data for their own purposes.
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with GDPR legislation.
- ITC First Ltd
7.0 Links To Other Websites
Our website contains links to other websites, once you have used these links to leave our site, Elements First Aid does not have any control over these other websites. As such Elements First Aid cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You must look at the privacy statement applicable to the website in question.
8.0 Data Breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
9.0 Data Controller
The data controller of this website is: Centre Manager & Head of Training, Elements First Aid who can be contacted by emailing: firstname.lastname@example.org