Our approach to Data Protection and Privacy
Hello First Aid is a trading name of Training at Work Group Limited (company number 11379815). We are specialists in workplace training across the UK. In addition to keeping your workforce trained and safe, as the Data Controller of this company we are committed to keeping your data secure and confidential as a visitor to this website and/or as a customer.
2. General Data Protections Regulations
We abide by the principles set out in the GDPR regulations.
3. When we collect your data
We collect personal data in a number of circumstances:
- When you visit this website
- Processing your booking with us whether online or through our customer services team.
- When you contact us to discuss your booking.
- When corresponding with you or contacting you about our services.
- When you take part in surveys or provide us with feedback.
- When someone books a place on a course with us on your behalf.
4. What data do we collect about you
We may collect the following data about you. This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the below personal data is collected directly, for example when you purchase training from us or fill out a contact form. Other personal data is collected indirectly, for example your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.
- Identification – name, age/date of birth. Employer, role (if you contact us on behalf of a company you are employed by).
- Contact details – email address, telephone number, location/postal address.
- Account – your purchase, quotation and communication history with us, and marketing preferences
- Electronic identification – IP address, website cookies, location, browser, device, operating system
- Usage – usage of website, products & services
- Payment details – debit/credit card/invoicing details, billing contact details.
- Training history – course title, qualification type, date taken, validity, expiry, location taken, grade.
5. How we use your data
We only use your data when it is lawful for us to do so. Please find information on how we use your data below, and the lawful basis for processing in each case.
|Type/Purpose of Processing||Lawful Basis for Processing||Data Categories|
|Processing your order||Contract||Identification, Contact, Account, Payment Details|
|Performance of administrative, accounting or customer service tasks relevant to an order, enquiry and/or training||Contract||Identification, Contact, Account, Payment Details|
|Fulfilment of your training, and verification of it after completion.||Contract||Identification, Contact, Training History|
|To fulfil your training in any case where you have medical, disability or other health needs that are necessary to be considered for the successful provision of training||Consent||Health/Medical/Disability information|
|Provide you with information on relevant products, services and offers if you have contacted us||1.Contract/Pre-Contractual Intention 2. Legitimate Interests – To help ensure you fulfill all your training requirements and to market our products & services||Identification, Electronic Identification, Contact, Account, Training History|
|Inform you when the training you have purchased is approaching it’s expiry||Legitimate Interest – To offer you the best possible service we can, and improve brand loyalty||Identification, Contact, Account, Payment Details, Training History|
|Manage your marketing, website and service preferences||Legitimate Interest – To honour your preferences as a user of our website, customer or other interested party||Identification, Electronic Identification, Contact, Account|
|Gather feedback on products, services and experience||Legitimate Interest – To both improve and to ensure you are happy with, our products, services and customer experience.||Identification, Contact, Account, Training History|
|Provide you with relevant information and marketing through personalisation||Legitimate Interest – To offer you the best possible service through relevant information and content, and to grow as a company through improving marketing effectiveness||Identification, Electronic identification, Contact, Account, Training History|
|Analysis of website and product usage, communications, purchase history and marketing data to gain knowledge on service and product performance, user behaviour and marketing effectiveness||Legitimate Interest – Improve our website, customer experience, products, services and marketing in order to improve & grow as a company||Identification, Electronic identification, Contact, Account, Training History|
|Quality assurance testing, monitoring, auditing, market analysis, developing of and training on products, services, business systems and processes||Legitimates interest – To improve products, services, business processes and systems, security and protection of business assets||Identification, Electronic Identification Contact, Account, Training History, Account|
Cookies & IP Addresses
We use your IP address and website cookies to analyse your use of this website, and for internet advertising purposes. These bits of information allow us to track how you use our website as an individual, but don’t give us personal data like your name, email address or phone number.
We analyse user behaviour on this website to improve our services, the user experience of the website and our marketing activities. We also use public & proprietary IP address lookup tables to identify your organisation, if you’re browsing on behalf of a company, to check your customer history and offer you the best possible service as an existing or prospective customer. In some limited cases i.e. single person companies, it may be possible to identify personal data from publicly available ICANN data.
You can opt-out of Google Analytics tracking by using the tool provided at this link: https://tools.google.com/dlpage/gaoptout
6. Retention Periods
We store data on you for different lengths of time depending on the type of user you are and your relationship with the company. We use a combination of criteria to determine how long we keep the different types of data we hold on you.
Some data is required to be held by law and to fulfil our contractual obligations with both you as a customer, and the awarding bodies we work with to certify your qualifications. In other situations, we store your data for as long as we believe their is be a legitimate mutual interest between us, as an existing or prospective customer. You have certain rights under the GDPR to remove, transfer or change this data – please see the ‘Your Data Rights’ section for more information’.
7. Direct Marketing
If allowed by the Applicable Law and/or your consent, we may contact you from time to time to provide you with information which we think you may find of interest, unless you have opted out of such contact.
You can contact us at any time to withdraw your details and consent to processing from our marketing database, by contacting [email protected]
We will not make available or sell your information to third parties for marketing purposes. However, If we sell, assign or transfer the assets of our business, or if our business is merged or enters into a joint venture with another business entity, we reserve the right to sell or transfer the database maintained by us (including any personal information provided by you).
8. Suppliers and Sub-processors
In order for us to provide you with great quality Health and Safety training and an enjoyable browsing experience, we sometimes use services provided by other companies to assist us. These suppliers range from operational (e.g. our accountants), product (e.g. our eLearning providers), to technical (e.g. our Web Hosting provider, online payment providers).
Where necessary, we may share your personal data with these companies for processing in order to fulfil certain services. This is always done in a secure, confidential manner and your data is only held with the company for as long as is necessary in each case. The organisations will also always have appropriate technical and organisational methods in place to protect your data.
A full list of these providers, the personal data they hold, why we send them this data and the length of time they hold the data for can be obtained if required by contacting [email protected]
We may also disclose personal information where information is part of a due legal process and otherwise required or permitted by law.
9. Location and International Transfers
Your data is largely held and processed within the EEA, however some of our third-party suppliers, such as hosting providers and other technology focused service providers, are based in the USA and so store and process data within the USA – certain global providers may also store and process data in other non-EEA countries.
In these cases, agreements with these suppliers will use Standard Contractual Clauses (SCC) / Model Contractual Clauses (MCC) from the European Commission, or similar agreements providing the same or greater levels of protection for international data transfers.
By submitting your data and agreeing to this policy you agree to this transfer, storing or processing.
We employ technical and organisational measures to protect the information provided by you from access by unauthorised persons and against unlawful processing.
This is achieved through a wide range of methods, including but not limited to: data encryption where appropriate, risk analysis, staff training, internal information security policies and other methods recommended under the GDPR.
All third party data processors that we use (as described in section 7, ‘Suppliers and Sub-processors’), have also confirmed that they employ the technical and organisational methods needed to keep your data safe and secure.
Other Collectors of Information
11. Your Data Rights
We adhere to all rights given to individuals under the GDPR. To exercise any of these rights with the personal data we hold on you, please contact [email protected] or write to:
Hello First Aid
Subject Access Requests
This is your right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please email us at [email protected] with sufficient information to enable us to identify you. We will respond to your request within one month of receipt of the request.
Updating and Correcting Information
We want to make sure your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
Objections to processing of personal data
It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims.
It is also your right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
(a) The processing is based on consent or on a contract, and
(b) The processing is carried out by automated means.
Right to be Forgotten
Should you wish for us to completely delete all information that we hold about you for, please either email [email protected] or write to:
Hello First Aid
Please note that if the personal data you wish to delete is needed for lawful purposes and/or contractual fulfilment, it may not be possible for us to remove this.
12. Changes to this Policy
13. Contact us
Or write to us at:
Hello First Aid