CBD SUCCESS (“We”) are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
• Data controller – A controller determines the purposes and means of processing personal data.
• Data processor – A processor is responsible for processing personal data on behalf of a controller.
• Data subject – Natural person
• Categories of data: Personal data and special categories of personal data
• Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
• Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
• Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
2. Who are we?
CBD SUCCESS will be the data processor for the purposes of providing training services to its clients. Employee personal data may be provided to CBD SUCCESS by the client in order that CBD SUCCESS can fulfil its contract services. In some cases, CBD SUCCESS may be classed as joint data controller with its client. In all cases, this Privacy Notice will be provided to all its employees of the client whose data we process. For all data matters contact Gordon Fozard on 020 7871 0900 or firstname.lastname@example.org.
3. The purpose(s) of processing your personal data
We use your personal data for the following purposes:
• To manage, support and provide design, development and consulting services as requested;
• To provide you with qualified personnel to provide design, development and consulting services;
• To maintain our own accounts and records.
4. The categories of personal data concerned
With reference to the categories of personal data described in the definitions section, we process the following categories of your data:
• Personal details – (name, company postal address, e-mail address and phone number)
The personal data that has been gathered, processed, transferred and stored has been provided by the client in order that CBD SUCCESS can fulfil its contract to provide services.
5. What is our legal basis for processing your personal data?
Our lawful basis for processing your general personal data:
Processing necessary for the performance of a contract
6. Sharing your personal data
Your personal data will be treated as strictly confidential and will take all reasonable precautions to protect such data (such precautions to include, at a minimum, all precautions we employ with respect to our confidential materials). We will not divulge any personal data to any third party (other than to employees or associates. Any employee or associate given access to any personal data will have a legitimate “need to know” for such use.
7. How long do we keep your personal data?
We keep your personal data for the duration of the client relationship. Irrespective of any termination of the Contract, our obligations with respect to personal data expire 5 years from date of receipt of personal data.
8. Providing us with your personal data
We require personal details (name, office address, email address and phone number) as a requirement to enter into a contract and fulfil a contract.
9. Transfer of Data Abroad
Personal Data will only be transferred outside of the EEA if you instruct us to do so, i.e. if any of your employees or those who you would like us to provide training services to are located outside of the EEA. Any such transfer of personal data will be restricted to the data that you provide us with and we will rely on our contract with you in order for us to do so.
We do not use any form of automated decision making in our business.
11. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
13. How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact Toby Branston: email@example.com
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.