Privacy Policy
Privacy Statement
Your privacy is very important to us, and we are committed to protecting your data and complying with the data regulations to their full extent, whilst ensuring you are in control of your data insofar as possible. Our Privacy Statement explains how we use and protect your personal information, to show that we are adhering to the UK GDPR, Data Protection Act 2018 and other legislation relating to data protection.
Data Privacy Simplified Ltd (DPS) is the data controller for the information being processed, unless otherwise stated.
Data Privacy Simplified is a private limited company, company number 13469302 and registered office at: 31 Rooksmead Bedford MK41 7QX
Our ICO registration number is ZB148373 .
Where DPS trades as DPS & BJM IG Privacy Training, DPS is still the data controller for the information that is being processed unless otherwise stated.
Our promise to you
We are committed to our responsibility to be fair, lawful, and transparent when it comes to managing your information. We endeavour to make our processing activities easy to read and understand and we welcome your feedback. We promise that:
-
We will do everything physically possible to keep your information secure and confidential.
-
You are in control of how we communicate with you – and you can change your preferences at any time by contacting us.
-
We will train our staff to ensure that they know how to manage your information appropriately and in line with regulations.
-
We will only share your data with third parties where it is necessary for us to provide our services to you
-
We have done all checks possible to verify that any third parties comply with data protection legislation and will only use them if we are satisfied that they take your privacy seriously.
What information do we collect about you and how do we use it?
This privacy Statement will cover DPS’ collection and use of personal data for the following categories of data subjects:
-
Website visitors
-
Employees of client organisations
-
IG Course students & alumni
-
Applicants (course or employment)
-
Trainers of IG Course
-
Administrators of IG Course learning portal
-
Contractors
-
Consumers
-
Research Subjects
We use the personal data collected for various processing activities which form part of the functioning of DPS as an organisation, as set out below.
Processing Activities and Legal Bases
We process personal data to support business operations.
For contract negotiations, we collect names, phone numbers, and emails of employees at potential client organisations, based on legitimate interest and contract lawful basis.
For financial management, including transactions and invoicing, we process names, addresses, phone numbers, emails, and financial details of consumers, contractors, and employees under contract performance and legal obligations.
We manage communications (emails, scheduling) involving employees, consumers, contractors, students, alumni, applicants, and research subjects. Processed data includes names, addresses, contact details, identification documents, academic and demographic information, photographs, voice/video recordings, financial details, and NHS numbers. Special category data, such as health information, is processed under GDPR Article 9(2)(h) for health or social care or Article 9(2)(g) for substantial public interest.
For email marketing, we process names, phone numbers, and emails of employees, consumers, and contractors based on consent. Social media content processing (names, emails, and photographs) is based on contract performance or legitimate interest in expanding our presence.
For business events, we process names, addresses, phone numbers, and emails of employees and contractors under contract performance and legitimate interest.
Testimonials involve processing names and photographs of employees, consumers, contractors, students, and alumni based on consent or legitimate interest.
For client onboarding, we process names, phone numbers, and emails under contract performance. We ensure secure data handling in compliance with data protection regulations.
We also collect personal data as part of our IG Practitioner Course for student enrolment, tutor enrolment and other process pertaining to professional course management. Full names, date of birth, ID verification are collected and shared with relevant third parties such as the certification board. All personal data is handled in full compliance with UK GDPR.
Information Sharing, Security and Retention
We will not share your information with any third parties for the purposes of direct marketing.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
DPS may need to share your personal data with third party to support the running of DPS’s day-to-day activities or in some circumstances to be able to carry out some of our services, for example, our training course. We only employ the use of third-party providers with whom we are satisfied comply with their obligations under the UK GDPR and the DPA 2018 and provide a high level of security to the data shared.
DPS uses software systems to store client information, manage staff work, and facilitate internal and external communication, including external email systems like NHS.net for NHS clients. Third-party suppliers handle payroll, business transactions, and training processes, ensuring compliance with UK GDPR and other regulations. DPS also tracks compliance efforts, shares information on social media for business growth, and collaborates with third-party suppliers for financial transactions related to training. Additionally, third-party systems support training delivery, student access to materials, and accreditation, ensuring secure and compliant data processing.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
If you have any further questions on how long we retain your data, please contact us at enquiries@dataprivacysimplified.co.uk
We have strong security controls in place and are compliant with the Data Security Protection Security Toolkit (DSPT).
Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.
International Transfers
We do not normally transfer data outside the European Economic Area (EEA). However, where there is a specific service need for data to be transferred to the EEA through a third party, we will ensure that we and they put appropriate safeguards in place.
Your Data Protection Rights
Under data protection law, you have several rights regarding the personal data we hold about you. These rights include:
-
Right to be informed: You have the right to be informed about how and why we collect and use your personal data.
-
Right of access: You can request a copy of the personal data we hold about you.
-
Right to rectification: If any information we hold is inaccurate or incomplete, you can ask us to correct or update it.
-
Right to erasure ("Right to be forgotten"): You can request that we delete your personal data when it’s no longer necessary for us to hold it, or if you withdraw your consent. This is subject to certain legal obligations.
-
Right to restrict processing: In some circumstances, you can ask us to limit the way we use your data. For example, if you contest its accuracy or if you need the data to defend a legal claim.
-
Right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
-
Right to object: You can object to how we use your data in certain situations, such as for direct marketing.
-
Right to withdraw consent: Where we rely on your consent for processing, you can withdraw that consent at any time.
To exercise any of these rights, please contact us using the details at the end of this notice.
Contact us
You can email our Data Protection Officer (DPO) Tania Palmariellodiviney via tania@dataprivacysimplified.co.uk with any queries or complaints you may have in relation to this privacy statement or your privacy rights as an individual.
You can also write to us, using the following address:
DPO
31 Rooksmead
Bedford
MK41 7QX
If you believe that we have not handled your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). We encourage you to contact us first, so we can try to resolve any concerns directly.
ICO Contact Details:
Website: https://ico.org.uk
Phone: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.