This privacy policy sets out how CDR Training Ltd uses and protects any information that you give CDR Training Ltd when you use our website (www.cdr-training.co.uk) website and/or our services. By using this site and/or our services, you consent to the processing of your personal data as described in this Privacy Policy.

Data Protection Principles

CDR Training Ltd promise to follow the following data protection principles:

• Processing is lawful, fair, transparent; our processing activities have lawful grounds. We will provide you information regarding processing upon request.
• Processing is limited to the purpose. Our processing activities fit the purpose for which personal data was gathered.
• Processing is done with minimal data. We only gather and process the minimal amount of personal data required for any purpose.
• Processing is limited with a time period. We will not store your personal data for longer than needed.
• We will do our best to ensure the accuracy of data.
• We will do our best to ensure the integrity and confidentiality of data.

Data Subject’s rights

Under certain circumstances, you have the following rights under the General Data Protection Regulation in relation to your personal data:

1. fair and transparent processing/use of your use personal information
2. access to your personal information and to certain other supplementary information that this privacy policy is already designed to address. For a Subject access request ‘SAR’, please contact us
3. require us to correct any mistakes in your information which we hold
4. require the erasure of personal information concerning you in certain situations
5. receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
6. object at any time to processing of personal information concerning you for direct marketing
7. object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
8. object in certain other situations to our continued processing of your personal information and
9. otherwise restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

Data we gather

Information you have provided us with
This might be your e-mail address, name, telephone number, date of birth – mainly information that is necessary for delivering you a service (eg operator training) or to enhance your customer experience with us

Information automatically collected about you
This includes information that is automatically stored by cookies and other session tools. This information is used to improve your customer experience. When you use our services or look at the contents of our website, your activities may be logged.

Publicly available information
We might gather information about you that is publicly available.

Data Sources (places we gather data)

1.   Over the phone
Data comes from: Customer bookings & customer enquiries
Data collected: This may include Name/s, contact number/s, email address/s, business name and address, training site address (we do not share this data information)
How we use the data: to process customer bookings, to offer products and services relevant to the customer via email, text and phone.
Data shared with: Course requirements and contact details are provided to the instructor delivering the training. Contact number & email address shared with Yell.com when sending an email or text message request for an online review

2.   By email (either directly or by submitting a form on our website)
Data comes from: Customer bookings & customer enquiries
Data collected: This may include Name/s, contact number/s, email address/s, business name and address, training site address (we do not share this data information)Booking Information
How we use the data: to process customer bookings, to offer products and services relevant to the customer via email, text and phone.
Data shared with: Course requirements and contact details are provided to the instructor delivering the training. Contact number & email address shared with Yell.com when sending an email or text message request for an online review

3.   From our website
Data comes from: We gather data on customers browsing habits. We also gather email addresses sent to us via customer enquiries on our website
Data collected: This may include Name/s, contact number/s, email address/s, business name and address, training site address
How we use the data: to respond to a request for information, and to offer products and services relevant to the customer via email.

Data shared with: Google to monitor website traffic

4.   Training for Inhouse Certification
Data collected: Trainee names, date of birth, email addresses, telephone numbers, health declaration and passport style photograph (if operator ID cards are required by the customer)
How we use the data: Some of the information is entered onto a certificate database for the purpose of issuing certification and course report sheets. Hard copies of training paperwork are then stored in a secure location at the office of CDR Training Ltd, as proof if required of training. We use email addresses and contact numbers if provided to request on line reviews from each trainee and/or company contact.
Data is shared with: Training data is shared with the customer/trainees’ employer

5.   Training for RTITB Certification
Data collected: Trainee names, date of birth, email addresses, telephone numbers, health declaration and passport style photograph (if operator ID cards are required by the client)
How we use the data: The information is entered onto the National Operators Registration Scheme for RTITB Accredited Training, and also entered on to a certificate database for the purpose of issuing of certification and course report sheets. Hard copies of training paperwork are then stored in a secure location at the office of CDR Training Ltd, as proof if required of training. As part of our accreditation, RTITB will do an annual audit of our training records. We use the email addresses and contact numbers if provided to request on line reviews from each trainee and/or company contact.

Data is shared with: RTITB for accredited training documentation and trainees inclusion on to the National Operators Registration Scheme, you can view the RTITB privacy policy by clicking here

How we use your Personal Data

We use your personal data in order to:

• provide our service to you. This includes for example providing you with services that you have requested; providing you with industry news updates, communications with you in relation to our products and services and notifying you of changes to any services.
• enhance your customer experience;
• fulfil an obligation under law or contract;

We use your personal data on legitimate grounds and/or with your consent.

On the grounds of entering into a contract or fulfilling contractual obligations, we process your personal data for the following purposes:

• to identify you;
• to provide you a service or to send/offer you other training services;
• to communicate either for sales or invoicing;

On the ground of legitimate interest, we process your personal data for the following purposes:

• to send you personalised offers;
• to administer and analyse our client base (purchasing behaviour and history) in order to improve the quality, variety, and availability of services offered/provided;
• to conduct questionnaires concerning customer satisfaction;

We want to provide you with choices when it comes to using certain personal information, particularly around marketing and advertising. You will receive marketing communications from us if you have requested information from us and you have not opted out of receiving that marketing. We do not share or sell your personal information with a view to advertising, to anyone else and you can ask us to stop sending you marketing messages at any time by contacting us unsubscribe@cdr-training.co.uk  

We may process your personal data in order to fulfil an obligation rising from law and/or use your personal data for options provided by law. We reserve the right to anonymise personal data gathered and to use any such data. We will use data outside the scope of this policy only when it is anonymised.

Who else can access your Personal Data

We do not share your personal data with strangers. Personal data is provided to our instructors/contractors so they can deliver the training service requested, and where accredited training and certification is required, personal data is provided to RTITB

We share your data with:

Our processing partners:

• RTITB – To store your data to give you accredited certification and register you or your employees on their national database

Our business partners:

• RTITB – To store your data to give you accredited certification and register you or your employees on their national database

Connected third parties:

• RTITB – To store your data to give you accredited certification and register you or your employees on their national database
• Google – Google Analytics Tracking Code that logs details about the visitor’s browser and computer.
• Facebook – used to promote CDR Training Ltd and allow its customers to give feedback
• Twitter – used to promote CDR Training Ltd and allow its customers to give feedback
• LinkedIn – used to promote CDR Training Ltd and allow its customers to give feedback
• Yell.com - used to promote CDR Training Ltd and allow its customers to give feedback

We only work with processing partners who are able to ensure adequate level of protection to your personal data. We disclose your personal data to third parties or public officials when we are legally obliged to do so. We might disclose your personal data to third parties if you have consented to it or if there are other legal grounds for it. 

How we secure your data

We take the security of your personal information very seriously.

In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to ensure that your information is kept safe and secure.

We limit access to your personal data to those employees, instructors, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Cookies and other technologies we use

We may also collect information about you when you visit our websites through the use of cookies. Cookies are small text files that help our websites to work and us to understand what information is most useful to our users. They can also speed things up when you come back to a site. We do not use them to identify you personally. You can delete cookies stored on your device at any time.

Cookies allow us to gather information about your visits to our site, including your:

1. IP address
2. Geographical location
3. Browser type
4. Device type
5. Operating system
6. Browsing data, such as access times
7. Navigation history
8. Preferences

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

We use Google Analytics to measure traffic on our website. Google has their own Privacy Policy which you can review here. If you’d like to opt out of tracking by Google Analytics, visit the Google Analytics opt-out page.

 In The Event Data Is Lost

When we are aware that data loss has been encountered Nicola Reid shall contact customers within 24 hours to advise them that data has been lost, and the manner in which it was lost. CDR Training Ltd shall also ensure that following data loss it conducts a review of the systems that led to the loss.

Contact Information

If you have any questions regarding processing of your personal data, your rights regarding your personal data or this privacy policy, please contact Nicola Reid at nicki@cdr-training.co.uk

Our procedures mean that we may ask you to prove your identity before we share your personal information with you.

Supervisory Authority
Email: casework@ico.org.uk 
Phone: 0303 123 1113

Changes to this Privacy Policy

Last modification was made: 31st May 2018

This Privacy Policy may be updated from time to time, so you may want to check it each time you provide any personal data to us.