Data Protection Principals
Computeraid will comply with data protection law and principals. This means that your data will be
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up to date
- Kept only as long as necessary for the purposes we have told you about
- Kept securely
The kind of information we hold about you
Customers: In connection with your transactions with Computeraid we will store and use the information you have provided us with when booking training courses either online, by booking form, email, telephone or any other method – electronic or otherwise.
Suppliers: In connection with your transactions with Computeraid we will store and use the information you have provided us with when contracting to deliver services or goods online, by booking form, email, telephone or any other method – electronic or otherwise.
How is your personal information collected?
Computeraid collects personal information from you and your company as well as any appropriate data that can be obtained from a publically accessible source.
Lawful basis for processing data
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
Computeraid will process your data under the grounds of consent, contract, legal obligation or legitimate interest.
How we will use information about you
- Course confirmations and general administration
- Invoicing and financial purposes
- Check eligibility for funding initiatives
- Keeping you updated about Computeraid and relevant information
- Exam registration
- To comply with our legal and regulatory requirements to funding bodies such as (but not limited to) WEFO and Welsh Government.
We are subject to certain rules and privacy laws when marketing to our customers.
For example, a Data Subject’s prior consent is required for electronic direct marketing (for example, by email, text or automated calls). The limited exception for existing customers known as “soft opt in” allows organisations to send marketing texts or emails if they have obtained contact details in the course of a sale to that person, they are marketing similar products or services, and they gave the person an opportunity to opt out of marketing when first collecting the details and in every subsequent message.
The right to object to direct marketing must be explicitly offered to the Data Subject in an intelligible manner so that it is clearly distinguishable from other information.
A Data Subject’s objection to direct marketing must be promptly honoured. If a customer opts out at any time, their details should be suppressed as soon as possible. Suppression involves retaining just enough information to ensure that marketing preferences are respected in the future.
Automated decision making
You will not be subject to automated decision making that will have a significant impact on you based solely on automated decision making.
We will only share your data for the purposes of providing training courses and consultancy services to you that comply with our own rules and regulations. All third party providers such as credit / debit card processing factors and funding bodies are required to take appropriate security measures to protect your personal information.
Who is the data controller and data processor – Funded training?
For the data the Welsh Government/WEFO / UK Government requires beneficiaries (organisations in receipt of ESF / UK money) to collect the Welsh Government is the data controller. If beneficiaries (eg Computeraid or partner organisation) collect any other personal data not required by Welsh Government/WEFO/ Uk Government the beneficiary would be the data controller for that data. As a beneficiary, you would be the data processor for the data Welsh Government requires you to collect. Any third parties you or Welsh Government shares the personal data with would also be data processors. The Data Protection Officer for the Welsh Government can be contacted on [email protected].
Transferring Information outside the EU
We may transfer data outside the EU for marketing purposes (eg emailshot providers such as MailChimp). We will ensure that any data processor used outside the EU has an adequate level of protection and only information that is strictly necessary will be transferred.
We have put in place appropriate security measures to prevent your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal information to those employees, contractors and other third parties (including but not limited to funding bodies) who have a legitimate need to access your data for the purposes of course administration, financial matters or checking funding eligibility. There is a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you use my information for?
We will retain your personal information for no longer than necessary and in accordance with our legal obligations. After this period we will destroy your personal information in accordance with applicable laws and regulations.
Rights of access, correction, erasure and restriction
Your rights in connection with personal information
Under certain circumstances, by law, you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check we are processing it lawfully.
- Request correction of the personal information we hold about you. This enables you to have incomplete or inaccurate information we hold about you to be corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing your information where we are relying on a legitimate interest (or those of a third party) and there is something about your situation that makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing your information. This enables you to ask us to suspend the processing of personal information, for example, if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your data to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your data or request that we transfer a copy of your personal data to another party please contact the Training Manager in writing.
You have the right to make a complaint at any time to the Information Commissioner’s Office, (ICO), the UK supervisory authority for data protection issues.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk