Privacy Policy

Privacy Policy

Overview and Purpose

This policy sets out the basis by which any personal data collected from or provided to Issured Limited (hereinafter referred to as “Issured”, “Issured Ltd”, “we”, “us”, “our”) by you, the data subject, will be processed. We are committed to protecting and respecting the privacy of our associates, employees, clients and any users of our services. Please read this privacy policy carefully so you understand our views and practices regarding your personal data and how we will treat it.

This Privacy Policy explains our principles when it comes to the collection, processing, and storage of your information. This policy specifically explains how we hold your information and for what purposes.

As a company we offer a range of products and services that specialise in independent programme assurance, business design and information system development, spanning the full development lifecycle. We provide Programme Design and Management, Business Architecture and Analysis, Information System Design, Business Change and Training Development and Information Assurance and Security Risk Management.

This particular policy applies to the interactions Issured has with you and the Issured Track Training and Development product.

Who we are

This Privacy Policy applies to Issured Limited a company registered in England and Wales (Registration number 08860437) whose registered address is 1-2 Charterhouse Mews, London, EC1M 6BB) and its affiliates, but excludes any products applications or services that have separate privacy notices which do not incorporate this Privacy Notice.

We are registered with the Information Commissioners Office (ICO) as a data controller in the United Kingdom for the purposes of any UK Data Protection legislation resulting from EU General Data Protection Regulations (GDPR). (ICO registration number ZA220733). The Issured Data Protection Officers (DPO) contact details can be found at the end of this document.

What personal information do we collect and why do we do it

We collect personal information when you interact with our Service and these are also shared with our third party training providers to maintain and fulfil our services to you. You provide data to us when you:

  • Sign up to become a registered user of our site(s)
  • Register for virtual, or in-person, events or conferences
  • Download certain publications or materials which are offered
  • Register to take a certificate or certification exam
  • Communicate with Issured staff and provide information to us, such as your email address, or information provided in list in the section - Summary of information captured

We may also use automatic data collection technologies to collect certain information about your device, your activities on our site and your location when visiting our site or using our services as described in our Cookie Policy.

We may collect data about you when you use our services on social media. In addition we use third party payment processors who fully comply with PCI requirements. As such, your online payment data is not captured, stored or used by us.

Summary of information captured

Unless otherwise stated, the information we process is in relation to you the customer only. Also see ‘Retention Period’ section for Review, Retention and Disposal (RRD) details. The following information summarises the information captured when it is provided directly to us by the data subject:

Member if the public using the service - The following information may be requested – First name, surname, email address, job title, date of Birth, telephone contact details and address.

Enquire "let us know how we can help" - Full name, email address, subject, message (Required) Work phone number and Organisational name (optional)

Special Category Data

We do not process special category data on this website. As detailed above we use a third-party payment processor who fully comply with PCI requirements, to process any course payments on this website. As such, your online payment data is not captured, stored, or used by us.

Cookies and Analytical Data

We use cookies on the Training and Development website. Further information regarding the nature and purpose of cookies employed by us are contained in our cookie policy. This is available as a separate document or can be found under cookie policy on our website.

Purpose this information is held, processed, used and disclosed

Our platform is hosted and supported by several third-party service providers, and to this end we share information, including personal information, across the providers platforms, so that they may provide hosting for and maintenance of our websites, application development, backup, storage, payment processing, analytics, and other services to support us.

As the data controller for your information, we do not allow our third-party service providers to use or share any of the personal information you share with us for anything other than (i) to provide, maintain, operate, and update the Service and to provide customer support for the Service, (ii) to prevent or address service, security, support, or technical issues, or (iii) as required by law. For completeness, please see below links to the privacy policies and statements provided by our third-party suppliers.

  • Coassemble – [https://coassemble.com/privacy-policy]
  • Arlo - [https://www.arlo.co/legal/privacy-policy]
  • Zapier -[ https://zapier.com/privacy]
  • PayPal - [https://www.paypal.com/myaccount/privacy/privacyhub]

As part of the Training and Development service, we hold, process, use and disclose your information:

  • To provide, operate, maintain, improve, and promote the Services.
  • Enable you to access and use the Services.
  • Process and complete transactions, and send you related information, including purchase confirmations and invoices.
  • Send transactional messages, including responses to your comments, questions, and requests; provide customer service and support; and send you support and administrative messages.
  • Send promotional communications, such as providing you with information about products and services, offers, promotions, contests, and events; and provide other news or information about us and our partners
  • To register with our accredited professional institution (CMI)
  • To carry out obligations arising from any contracts entered between you as a customer and us
  • To comply with any applicable law and regulatory requirements
  • Where data is contractually required for processing, Issured Limited may processes data without consent to fulfil contractual obligations

Our legal basis for processing personal data

We shall ensure that processing remains lawful to the extent that:

  • The data subject has given consent to process their data for specific purposes detailed above
  • The processing is necessary for the performance of a contract or training course to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • Processing is necessary for compliance with legal obligations to which the controller is subject, this could include for the purpose of detecting crime, fraud and in order to comply with any other applicable law.

Consent

Consent is required for us to process personal data, but it must be explicitly given. Where and if we are asking you for such data, we will always tell you why and how the information will be used and stored.

By consenting to this privacy policy, you are giving us permission to process your personal data specifically for the purposes identified.

You may withdraw consent at any time by contacting our Data Protection Officer and stating: “I, [data subject name], withdraw my consent to process my personal data from Issured Limited. Issured Limited no longer has my consent to process my personal data for the purpose of [specify legitimate reason of processing personal data], which was previously granted”. Once received we shall adhere to the data protection requirements and cease processing your information in line with Article 6, 1 a-f of the lawfulness of processing principle.

Where there is a contractual obligation to process personal information all data processing is carried out in accordance with the handling requirements detailed within each specific contract, with deletion and return of personal data captured as part of the contract.

In addition, where you have provided your details to allow us to contact you regarding services, we believe will be of interest to you, this marketing communication will also contain instructions to "opt-out" or “unsubscribe” of receiving future marketing communications. In addition, if at any time you wish not to receive any future marketing communications or wish to have your name deleted from our mailing lists, contact us as indicated above.

Disclosure

Issured Limited WILL NOT pass on your personal data to any third parties, other than those detailed above as part of the service provider requirements, without first obtaining your consent.

With respect to the registration to an approved CMI training course we will request on the application form that your data can be passed on to CMI for use in registering you on the approved training course.

Retention Period

We implement a Retention, Review and Disposal (RRD) process for all our information not just personal data, with Information Asset Owners (IAO) consulted with regards to suitable retention periods for information assets.

For the purpose of process personal data, the following applies:

  • Our customer data shall be retained for the period of account being present on the platform. If a customer requests that their account be suspended, their account and their information will be held for a further 90 days giving the customer the option to retrieve any related course information or certificates. However, if a customer removed/deletes the account themselves all information will be removed immediately and will not be recoverable.
  • For information provided as part of the Enquiry “Let us know how we can help you” contact/customer information, the request of name, email, phone and message are only retained to allow a response to the data subject. This information is only retained for a maximum of 30 days and then removed from the Issured system.

If there is a business requirement to retain the “Let us know how we can help you” information, i.e. services are requested and/or a contract agreed, then the information will be retained and agreed as part of the customer account retention period. At the end of the agreed retention period your information will be securely and confidentially destroyed. Where there is contractual obligation to process personal information, the retention period of this information will be in line with the contract specification. All personal information will be deleted or returned as per the requirements captured within each contract.

Data Security

We take all reasonable measures to protect any personal information we may hold in order to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. In some areas of our platforms, we may use encryption technologies to enhance data privacy and help prevent loss, misuse, or alteration of the information under Issured’s control.

We cannot guarantee, however, that all information will remain secure. The Internet by its nature is a public forum. We encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your login ID and password from third-party access, and for selecting passwords that are secure.

Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that Issured Limited refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in complaints clause below.

Responsibilities

The Data Protection Officer (DPO) is responsible for ensuring that this privacy notice and Cookie Policy is made available to all data subjects prior to us processing their personal data.

All our employees or associates who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.

Complaints or concerns

If you wish to exercise your rights or raise a complaint or have any concerns with the way we have handled your personal data, you can contact us through:

Issured Data Protection Officer

First Floor Office Suite

Unit 18

Bradbourne Drive

Milton Keynes

MK7 8BE

Email: Compliance@issured.com

In addition, if you are not satisfied with our response or any of our data protection activities, you can make a complaint to the Information Commissioners Office at:

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF