UKGRS Policy Information
General Data Protection Regulations (GDPR) & UK Global Road Safety Ltd
Personal information is a valuable resource that UK Global Road Safety Ltd (UKGRS) takes measures to protect from loss or corruption, unauthorised access and modification. Such information and the way it may be processed is subject to UK law, specifically the General Data Protection Regulations 2018 (GDPR).
We will collect personal data from you to run and deliver our services. Examples may include:
Upon receipt of an enquiry
In reply to a communication from us
From a customer agreeing to engage in our products and services
From interacting with delegates attending training providing us with contact details, date of birth, driving license information
Information you provide to us when raising a “ticket support” enquiry
Information that you provide when you communicate with us by any means.
Use of data
UKGRS will use the data that is held to provide our services and any certification. In addition we may use the information for one or more of the following purposes:
To provide information that has been requested from us about the products and services available or to address ticket support enquiries
To provide information relating to other products that may be of interest to clients. This information will only be provided where we have consent to do so.
UKGRS staff have received training with regards to processing data under GDPR and we will continue to ensure that refresher training is provided on an annual basis.
We will only process children’s data when relating to specific products and services. We will only do so with consent of an adult who holds parental responsibility.
We will keep the children informed of the use of their data with our Privacy Promise for Young People.
Transfer of data outside the EU
In order to deliver some of our global online training services, it may be necessary to share your data outside of the European Economic Area. Should this be necessary, UKGRS will ensure that the transfer and the third party service provider is compliant with the appropriate data protection laws and that all personal data will remain secure.
Information from third parties.
UKGRS may collect delegates personal information or data from third parties (e.g. employers). The third party will hold the appropriate permission for this. This information will only be used to facilitate the delivery of the agreed training or assessment programmes and for no other purpose.
Disclosing data to third parties
UKGRS will only disclose data to third parties for a limited number of reasons:
Information may be shared with providers of our services to deliver agreed products and services to clients and for certification purposes
Information in the context of a sale of our business however all discussions would be subject to confidentiality agreements
Information as required or permitted by law, or when it is believed that disclosure is necessary to protect our rights, protect an individual’s safety or the safety of others, and/or to comply with a judicial proceeding, court order, or other legal process served upon UKGRS
To protect the risk of fraud
UKGRS will not sell or pass on information for commercial purposes.
Our online services may make decisions about your driving skills from the information you provide. This will determine the level of risk associated with your driving and enable us to deliver the appropriate training. We will only do this if we have been asked to do this by your employer or yourself.
Your personal data is not collected for this purpose.
UKGRS will retain data securely, ensuring the IT infrastructure is covered by appropriate hardware and software maintenance and support.
Personal data will not be retained for any longer than is necessary for its defined purpose. We hold a full data retention schedule and reviewed in accordance with the principles of the GDPR.
You have rights within the GDPR and UKGRS is committed to complying with those rights:
The right to be informed
You have a right to be told about the information we hold on you, why we hold it and what we will do with that information.This must be presented in a clear and transparent way.
2. The right of access
You have a right to ask for a copy of the personal data that we hold about you.
3. The right to rectification
You can ask us to correct or update any information that we hold about you.
4. The right to erasure
You can ask us to delete any personal data we hold about you where we no longer have any legal reason to hold it
5. The right to restricted processing
You can ask us not to continue to process your information although allowing us to still hold it
6. The right to data portability
Where it is technically feasibly possible, you can ask us to transfer your data to you or another service provider or third party.
7. The right to object
You can opt out of any marketing communications we might send you.You can also object to us using or holding your personal data if we no longer have
legitimate reasons to do so.
8. Rights in relation to automated decision-making and profiling
Any profiling does not use your personal data.
UKGRS will verify the identity of the person making any of the above requests. If a request is received by a child, parental consent will be required to complete the request.
In the event of a breach of personal data UKGRS will comply with the duties set down in the GDPR, informing the Information Commissioners Office if necessary. Where feasible, UKGRS will honour its obligations within 72 hours of becoming aware of the breach.
Should the breach be likely to result in a high risk of adversely affecting individuals’ rights and freedoms, UKGRS will also inform those individuals without undue delay.
Information Commissioners Office
Tel: 0303 123 1113 / 01625 545 745
Date of Policy: 1st June 2018. Next review date May 2019.
Privacy Promise for Young People
The law says that we need to tell you some things about the way we use any information that we hold about you. That’s what our Privacy Promise is all about.
How do we collect information about you?
You will need to give us some information about yourself when you log on to complete your Handle It training. We will need the following:
Your email address (or your parents email address)
We will always have received consent from your parents/carers via your school to collect your information.
We will also use “cookies” on our website that tell us how people have used the site. The cookies do not collect any information about you.
What do we do with the information you share with us?
We use the information to provide your training and produce a certificate for you at the end of the course.
We promise that we will not send you any advertising or marketing emails, make any judgements about you, carry out any checks on you or use your information for anything else.
We only collect information that we need for your training and promise never to collect anything that we don’t use.
We promise that we will delete your information when we no longer need it too.
Who we share your information with
We share your information with selected other companies for us to provide you with our training course (these companies are sometimes called “Third Party” companies) but don’t worry, there are agreements in place between us that protect your information.
We promise that we will not share your information with any company that we don’t need to. We promise that we won’t sell your information to anyone at all too.
If you need to contact us, you can email us at firstname.lastname@example.org or telephone us on 01452 347332
Date of Policy: 1st June 2018. Next review date May 2019.