1. What are the rights of our customers?
The points below clearly set out the rights each customer is entitled to. Please don't hesitate to ask us for an explanation of each, should you wish to have more information.
1. The right to be informed.
2. The right of access.
3. The right to resolution.
4. The right to erasure.
5. The right to restrict processing.
6. The right to data portability.
7. The right to object.
2. Right to complain
In rare occasions where you believe your data has been wrongfully processed, stored or handled, and we are unable to correct this satisfactorily, you have the right to raise a concern with the Information Commissioner’s Office (ICO).
Details on how to do this can be found here:
In this Policy, there are words and phrases that have a specific meaning or that we are using in a special way. They are:
“personal data” any information about an identifiable living human being.
“process” we “process” your personal data when we do anything with it, which might include: collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it.
“Customers” who have bought goods or services from us.
4. Types of Data we Process and Retain
Name, address, email, phone number, purchase history
5. How we obtain consent to process personal data.
We obtain consent with a clear, specific and explicit request:
Thank you for trusting us with some information about you. We take that trust seriously and we want you to know how we use your information and why.
If you have queries about how we use your data, or comments or questions about this Policy, please do email us.
Policy updates: We keep this Policy under regular review, and this page may be updated from time to time.
6. Security measures and policies in place.
Broad use of encryption
GDPR statement on our website
7. How we meet access requests within a one-month timeframe.
Our small professional team will respond to all access requests quickly and
efficiently according to our standard operating procedures.
8. We train our employees and report a serious breach within 72 hours.
Our employees understand what constitutes a personal data breach. Everybody involved in our business is aware of a need to report any data breach to the person or team responsible for data protection compliance.
9. How we collect information
Once you buy something from us, we will collect information from you at the time of sale.
This will include the information we collect from Prospects (above). We collect your email address, phone number and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.
We keep records of the goods/services provided to you, and information you give us, so we can support you when needed and advise you of any additional services you may need.
Financial and credit card details
We do not receive or store your credit card details. Credit card payments are handled by an external secure processor in accordance with their data security policies.
We receive limited information from our processor for us to tie up your payment with your invoice.
If you pay us by BACS or direct transfer, we know only what the bank tells us, which is usually the name of the person who paid us and how much and the reference number.
We do not routinely keep credit scores nor use credit reference agencies.
10. Data sharing with 3rd Parties
We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.
We keep a list of the software platforms we use to run our business. If you would like a list of all the platforms we use, please email us.
We have an outsourced support team for our own business which may include Virtual Assistants, Web Designers, IT support, Sales and Marketing, Accounting and more. They have limited access to your data, where the service they provide to us means they need it.
For example, if our IT support wants to check the functionality of a laptop or back up, they may need temporary access to information that may include something about you.
For example, if we invoice you, our Accountant needs to process the information on the invoice.
Your information/advice is held in the strictest confidence. Our team are all contracted to strict confidentiality clauses.
11. Where is your data located?
Like most small businesses, we do not have any tailor-made software – we use mainstream packages for everything from our customer records, to email, to accounting.
This means that some of your data may be held in the EEA, and some may be held in services in the USA (with suitable data privacy shields) or elsewhere. We have picked reputable, mainstream suppliers with appropriate security standards.
12. Retention periods
Your information will be kept for a minimum of 8 years.
We need to keep customer information long enough to satisfy HMRC and our insurers. We keep information on prospective customers long enough to make our sales enquiry system effective.
If you subscribed to a newsletter or updates list, you will remain on the list(s) you joined until you unsubscribe from that list.
13. Your rights
You have the right to know what information we are collecting on you, and to amend it if it is inaccurate.
If you feel for some reason we have information we should not be keeping, or it is out of date or otherwise wrong, please let us know and we will take appropriate action.
Most of the information we hold is not based on your individual consent but is based on our needing the information to run our business and provide our products and services.
If you want to know what information we have about you (if any) email us at the email address set out above and give us your name, email address(es) and we will happily do a search and let you know what information we hold on you and how we are using it/have used it.
You have a “right to be forgotten” - but that does have some legal limits to it. If you want us to remove information about you, let us know. If you have been a customer, we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.
If you have a complaint about the way we are handling your information or how we have responded to a request for information or removal, you can take this up in the first instance by emailing us at the email address found on our website.
If we can’t sort it out, the relevant supervisory authority for us is the Information Commissioner for the UK.
16. Data Protection
The information you have provided and held by Westminster Skills Centre is subject to the General Data Protection Regulation (Regulation (EU) 2016/679). (GDPR)
You consent to us or any company associated with us, for example, product providers or platforms we use to provide you with our services, with processing your personal data both manually and by electronic means.
Your data will be used for the sole purpose of providing advice, administration and management.
“Processing” includes obtaining, recording or holding information or data, transferring it to other companies associated with us, such as product providers, the Financial Conduct Authority (FCA) or any other statutory, governmental or regulatory body for legitimate purposes including, where relevant, to solicitors and carrying out operations on the information or data.
You may be assured that we and any company associated with us will treat all personal data and sensitive personal data as confidential and will not process it other than for a legitimate purpose associated with the services we will provide you. Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary.
Measures will also be taken to safeguard against unauthorised or unlawful processing and accidental loss or destruction or damage to the data.
Subject to certain exceptions, you are entitled to have access to your personal data that is held by us. You will not be charged for us supplying you with such data, however, we do reserve the right to apply a ‘reasonable fee’ where requests are deemed excessive.
We will respond to your request as soon as possible and within the maximum time frame of one month.
In order to provide services to you, we may be required to pass your personal information to parties located outside of the European Economic Area (EEA) in countries that do not have Data Protection Laws equivalent to those in the UK. Where this is the case we will take reasonable steps to ensure the privacy of your information.