Privacy Notice
Our Commitment to Privacy
Your privacy is important to us. To protect your privacy, we have provided this notice explaining our information practices, ensuring that we shall be responsible for, and be able to demonstrate, compliance with the principles of the UK General Data Protection Regulation (UK GDPR). Within this notice we will cover the following points:
Definitions
The Six Principles of GDPR
The Information We Collect
Sources of Collection
How We Use Information
Keeping your details up to date
Your rights
Our Commitment to Data Security
Our Commitment to Children's Privacy
Further Information Regarding GDPR
How to Contact Us
Review of Privacy Notice
To make this notice easy to find, we will make it available on our homepage and at points where personally identifiable information may be requested.
Definitions
We identify ourselves as a ‘controller’, who determines the purposes and means of processing personal data.
We use third party ‘processors’ and ‘controllers’ who are responsible for processing personal data on behalf of Phoenix Health and Safety.
‘Personal data’ refers to any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
The Six Principles of UK GDPR
Article 5(1) of the UK GDPR requires that personal data shall be:
Processed lawfully, fairly and in a transparent manner in relation to individuals;
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The Information We Collect
This notice applies to all information collected or submitted on this website, via phone calls, webchat, social media platforms, messenger services and email. The types of personal information collected depends on the nature of contact, but may include:
Name;
Address;
Email address;
Phone number;
Date of birth;
Nationality;
Student number;
Employment details;
Payment information;
Educational and employment background;
Comments and feedback;
Cookie information.
Sources of Collection
www.phoenixhsc.co.uk, www.phoenixhsc.co.za and www.phoenixhsc.com websites.
Cookies
We use a third party to automatically collect information through the use of cookies which do not contain personal information. We keep track of browsing patterns and help us to build up a profile of how our customers use the website. A user may choose to set their web browser to disabled cookies.
Contact forms
A contact form on the website is also used to collect name, email, telephone and a comments section for those individuals wishing to gain further details about the services offered. The personal data will be retained for a maximum of 5 years This timescale will be extended if the contact becomes a customer and uses Phoenix’s services. We will seek consent and make it clear at the point of data capture.
Live Web chat
A live web chat service is available on our website for those who wish to engage with a sales person in real time. We use a third-party provider to supply and support the LiveChat service. Individuals may request a transcript of the LiveChat session at the start of the session or prior to the session ending. When using LiveChat we may ask for your name, email address and telephone number should you request further details about a service or product. In providing such information, consent is given for future contact. We will seek consent and make it clear at the point of data capture.
For the purpose of our legitimate interests. we use a third-party service provider to protect against suspicious traffic, viruses and malicious attachments. Emails may also be subject to viewing by third parties, including training bodies and IT Service Providers.
Social Media / Messenger services
We use third party service providers, such as Facebook and Twitter, to engage in various media platforms to connect with individuals. The information gathered via interactions may be used for marketing or sales purposes via consent. Postings on social media may be used within other publications, such as a Facebook posting may be used within the monthly newsletters. We will seek consent and make it clear at the point of data capture.
Webinars / eLearning
We use third-party providers for our webinar and eLearning platforms. Information collected may include names and email addresses. (see under “The Information We Collect” for the full possible list). This information is retained on the Learning Management System (LMS) platform for a maximum of five years. This information is not processed for any other means by these third parties, other than for the legitimate interests of administering your course, and is not used for marketing purposes. Third party training bodies, relevant only to the course being undertaken, may also receive data from the LMS system in the legitimate interests of administering your course.
Online student library
We use a third-party online storage facility, Google Drive, to store training materials and resources for students. No information is collected from individuals that access this source. No personal data is stored on the online storage facility.
Booking consultancy services
No information will be shared with other third parties.
Payments
Payment details are processed when booking training via our website. We use third party Barclays to securely handle the payment. We will never store payment information for orders processed on this website. For payments completed via telephone, information is inputted directly the secure Barclays payment processor. Financial records will be maintained securely for the HMRC required 6 years, thereafter details will be destroyed. Refund information is kept securely for 30 days and then destroyed.
Complaints
We recognise the importance of privacy whilst making a complaint. A copy of our complaints procedure is available on request. For the purpose of our legitimate interests, during the complaints investigation we will gather information related to the case. This normally contains the identity of the complainant and any other individuals involved in the complaint. Upon resolution of the case we will keep personal information contained in complaint files for 12 months, thereafter information will be destroyed.
Telephone
The company records telephone calls for the purposes of training and fact checking.
Hubspot
We use Hubspot to store existing and potential customers' data. Details of your enquiry or your order will be added to Hubspot when you complete a purchase on the website, fill in a 'Contact Us' form or speak to one of our representatives.
The Way We Use Information
On contact with Phoenix Health and Safety, your personal information will be collated and stored for legitimate use of processing training and services. We may also use your personal details to let you know about other services and products that may be of interest and to keep you informed of latest health and safety developments.
Monthly Newsletters
We use a third-party provider to deliver our monthly newsletters. We gather statistics around email opening and clicks using industry standard technologies. We will seek consent for processing such data. Individuals are given the opportunity to un-subscribe at any time.
Marketing promotions
We use a third-party provider to create and deliver our marketing promotions. Email campaigns will contain tracking facilities to gather information, such as opening and click rates, thus ensuring targeted marketing. Individuals are given the opportunity to un-subscribe at any time.
Booking, delivery & processing training
For the purpose of our legitimate interests. where applicable, your information will be disclosed to third party training bodies such as NEBOSH, IOSH, IEMA, ProQual, OAL, and CITB for the purpose of student registration and exam registration purposes. Such training bodies will be considered a ‘controller’ for processing personal data and advice should be sourced from relevant training body for further details. Data may also be shared, for the purpose of legitimate interest, to third party trainers during the course of your training administration. This information will not be shared with other third-party organisations.
Consultancy services
For the purpose of legitimate interests, in the undertaking of consultancy services, certain company data may be gained and/or shared between us and any such third-party consultant(s) undertaking the work. This information will not be shared with other third-party consultants, persons or organisations.
Moderation
As part of our policy, completed TMAs and practical projects may be subjected to an internal moderation process, whereby Phoenix trainers and/or third-party trainers will mark selected papers and be compared with a NEBOSH moderation marking. All personal data (name, student number, company details, date) will be removed from the papers to avoid identification indicators. This process is only used for internal monitoring purposes.
Databases
For the purpose of legitimate interests, we use a third-party provider to manage the infrastructure of our student database which contains personal data such as name, address and contact details. This information is not processed for any other means by the third-party IT provider. For the purposes of legitimate interests, our CMS system, HubSpot, is used to store details of enquiries and orders received. Personal data within this database may be used by Phoenix staff and a third-party marketing company to communicate products and services offered by Phoenix.
IT Service Providers
We use third-party IT service providers for the legitimate purpose of managing our IT infrastructure and our telecommunication channels. For the purpose of our legitimate interests, data can be used for troubleshooting, compliance checks, and data back-up purposes.
Links to other websites
This privacy notice does not cover the links used within material, resources and online services linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Transfer of data to non-EEA Country
Your personal information may be transferred to other countries for processing, which may have different personal data protection rules than the European Economic Area (EEA). If we transfer personal data outside the EEA, we ensure adequate protection remains in place to protect your privacy, including through the use of EU model clauses.
Keeping your details up to date
We always endeavour to make sure that the information we hold about you is accurate and up to date, but we need your help to do this. If you have a change of name and/or contact details, please contact us on [email protected] or call us on 03455008811.
Your rights
The GDPR provides the following rights for individuals:
The right to be informed
Individuals have the right to be informed about the collection and use of personal data. Phoenix Health and Safety is committed to the transparency requirement under the GDPR and will ensure privacy information is provided at the time of collecting personal data. Any questions relating to the collection, processing, storing and disposal of data should be made to [email protected] or call us on 03455008811.
The right of access
Individuals have the right to access their personal data and supplementary information. Such requests will be responded within 30 days of receipt or an extension may be applied up to 90 days for requests that are complex or numerous. A copy of the information will be free of charge. However, a ‘reasonable fee’ may be charged when a request is manifestly unfounded or excessive, particularly if it is repetitive. Any rights of access request should be made to [email protected] or call us on 03455008811.
The right to rectification
The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete. A request for rectification can be made via [email protected] or call us on 03455008811.
Such requests will be responded within 30 days of receipt or an extension may be applied up to 90 days for requests that are complex or numerous. A request for rectification may be denied if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. The rectification will be free of charge. However, a ‘reasonable fee’ may be charged when a request is manifestly unfounded or excessive, particularly if it is repetitive.
The right to erasure
The GDPR UK introduces a right for individuals to have personal data erased. A request for erasure can be made via [email protected] or call us on 03455008811. Such requests will be responded within 30 days of receipt or an extension may be applied up to 90 days for requests that are complex or numerous. A request for erasure may be denied if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. The erasure will be free of charge. However, a ‘reasonable fee’ may be charged when a request is manifestly unfounded or excessive, particularly if it is repetitive.
The right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store the personal data, but not use it. A request for restrict processing can be made via [email protected] or call us on 03455008811. Such requests will be responded within 30 days of receipt or an extension may be applied up to 90 days for requests that are complex or numerous. A request for restrict processing may be denied if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. The restrict processing will be free of charge. However, a ‘reasonable fee’ may be charged when a request is manifestly unfounded or excessive, particularly if it is repetitive.
The right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. We will provide the personal data in a structured, commonly used and machine-readable form. We are not required to adopt or maintain processing systems that are technically compatible with other organisations. A request for data portability can be made via [email protected] or call us on 03455008811. Such requests will be responded within 30 days and provided free of charge.
The right to object
Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics. A request for the right to object can be made via [email protected] or call us on 03455008811. Such requests will be responded within a reasonable timescale and provided free of charge.
Our Commitment to Data Security
To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
Any personal information you give to us will only be used by Phoenix Health and Safety and by its processors and service providers. We do not sell or share personal information with third parties unrelated to it. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Our Commitment to Children's Privacy
Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information at our website from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.
Further Information Regarding GDPR
Further details about The General Data Protection Regulation (GDPR) is available from the Information Commissioner's Office.
How to Contact Us
Should you have other questions or concerns about these privacy policies, please contact [email protected] or call us on 03455008811.
Review of Privacy Notice
This privacy notice will be regularly reviewed and was last updated on 14th of October 2022.