CMBD Privacy Policy

CMBD Privacy Policy

INTRODUCTION

Established in 2009, The Centre for Management & Business Development Ltd (CMBD) is a registered Company in England and Wales (registration number 8669538). Our business provides management and personal development training, coaching and consultancy to a wide range of public, private and third sector business and organisations. We are also an approved Chartered Management Institute centre and provide qualifications on the UK Qualifications and Credit Framework (QCF).

CMBD is committed to ensuring that your privacy is protected, and this privacy policy explains how we collect, manage, use and protect any information that we collect about you. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy policy.

CMBD may change this policy from time to time by updating this statement. You should check this page/document from time to time to ensure you are happy with any changes. This policy is effective from 1^st April 2018. It will be reviewed every three years.

WHOSE DATA DO WE COLLECT

We collect data on delegates on training courses, people undertaking qualifications, employees, associates and clients in connection with providing commercial services.

HOW WE COLLECT YOUR DATA

Most of the information we hold about you has been provided directly to us by you. For example, if you fill out a registration form to complete a course or qualification or if you provide us with details for our accounting system. Occasionally we may be provided with information by a third party that we may be working with. For example, we may be provided with contact details by Nottingham Trent University or one of the other partners on the recent D2N2 Scale Up programme.

WHAT WE COLLECT

CMBD is the ‘controller’ of the personal data you (the ‘data subject’) provide to us. We will usually collect basic personal data about you like your name, postal address, employee address, telephone number and email address. For delegates that require registration for a qualification, we will also collect your National Insurance (NI) number and supply this to the relevant Government body, currently the Skills & Funding Agency (SFA) for the purposes of issuing a Unique Learning Number (ULN) to record your qualification on the UK National Database.

For example, we may collect the following information:

• Name and job title
• Contact and demographic information including email address and telephone number
• Skills, educational attainment and professional accreditations
• Professional activity and network(s)
• Information to publicise (with your specific permission), for example, case study, photographs etc.
• Specific information required by third parties, for example your NI number for the SFA
• Your preferences or interests where relevant to the delivery of our professional services

We do not normally collect or store sensitive data (such as information relating to health, beliefs or political affiliation) about anyone. However, there are some situations where this may occur including, but not exclusively, if:

• An accident or incident occurs on our property or training venue, at one of our events or involving one of our staff or associates
• If you are attending one of our events and have disclosed specific access or dietary needs

WHAT WE DO WITH THE INFORMATION WE GATHER

The law allows us to process your data if it is in our legitimate interest to do so, but only for as long as we need to and your ‘interests or your fundamental rights and freedoms are not overriding’. This means that we ensure that the processing is not overly intrusive and that we do so in a way which is described in this privacy policy.

We will process your personal information for our legitimate business interests, which include:

• Internal record keeping
• To undertake statistical analysis (sensitive data will be anonymised)
• To improve our communication and services
• To occasionally contact you about the services provided by CMBD. You will always have the ability to decline future contact
• To invite you to CMBD hosted events that we think may be of interest to you
• To process applications for employment or associate status
• To make purchases or monitor contracts with our suppliers
• To comply with legal obligations as an employer
• To comply with money laundering regulations
• To monitor equality of opportunity
• To register delegates for training, coaching or qualifications.

WHO WE SHARE YOUR DATA WITH AND PROTECTING YOUR DATA

We are committed to ensuring that your information is secure.

We do not share your data with anyone else or any other organisation unless it is necessary for the purpose for which you give us the data. Examples include:

• Providing information on salary details to HMRC as we are legally obligated to do
• Submitting a Suspicious Activity Report to the National Crime Agency when CMBD knows, or suspects that a person is engaged in, or attempting money laundering, as we are legally obligated to do so under Part 7 of the Proceeds of Crime Act 2002
• Sharing basic information on the attendees at an event or function or meeting with the host
• Providing data to third parties known as Data Processors, to provide specific services for us. For example, to a payroll provider to administer salaries for employees. A contract is in place with the Data Processor and they are not allowed to do anything with your data other than that which we have requested
• If we run an event or service in partnership which other named organisations, your details may need to be shared. We will be very clear what will happen to your data when you register.

In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial processes to safeguard and secure the information we collect.

DATA SECURITY

We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use of or disclosure of, your personal information.

Electronic data and databases are stored on secure computer systems and we control who has access to the information (using both physical and electronic means). Our staff receive data protection training and we are registered with the Information Commission Office (ICO). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.

All information in relation to recording delegates with the CMI for qualification purposes and with the SFA for Unique Learning Numbers is collected in paper format only and then destroyed once the candidate has been registered with these two bodies.

Some electronic data is stored within secure cloud servers in the United States. Paper copies of any personal data is stored in secure locked cabinets.

PAYMENT SECURITY

If you wish to make a payment to CMBD (for example, paying personally for a qualification) we would never request your bank details directly. BACS payments can be made directly to our business bank account or via PayPal (details of which are available on request).

Of course, we cannot guarantee the security of your home computer or the internet, and any on-line communications (e.g. information provided by email or our website) are at the user’s own risk.

RETENTION

We will not retain your information for longer than is necessary. Relationships between clients and partners are often long-term, and so we expect to keep some data for as long as that relationship exists. Where we can be specific about a time-scale, for example registration data for CMI qualifications is destroyed as soon as this has been done (normally within 6 weeks), we will inform you of the criteria used to determine the period.

If you decide to finish a relationship with CMBD, or request that we have no further contact with you, we will keep some basic information to avoid sending you unwanted material in the future and to ensure that we don’t accidentally duplicate information.

LINKS TO OTHER WEBSITES

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy.

CONTROLLING YOUR PERSONAL INFORMATION

We want to ensure that you remain in control of your personal data. The new General Data Protection Regulations (GDPR), which are being brought into force in May 2018, give everyone a number of very important rights. These include:

• The right to ask us to remove your personal data from our records (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
• The right to have inaccurate data rectified
• The right to request a copy of the information we hold about you
• The right to ask us to stop using your information for marketing or profiling, and
• Where technically feasible, the right to obtain and reuse your personal data for your own purposes

You may choose to restrict use of your personal information in the following ways:

• Whenever you are asked to fill in a form look for the boxes that you can click to indicate how you would like us to contact you
• Electronic communications will contain an ‘unsubscribe’ link or instruction
• You can ask us at any time to remove you from our database by contacting CMBD by telephone, email or paper communication

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

If you believe that any information that we hold on you is incorrect or incomplete, please contact us as soon as possible. Contact details are provided below.

LEGITIMATE INTEREST

Under the new GDPR laws starting in May 2018, we have a number of lawful reasons that we can use (or ‘process’) your personal information. One of these lawful reasons is called ‘legitimate interests’. Broadly speaking, ‘legitimate interests’ means that we can process your information if we have a legitimate and genuine reason and we are not harming any of your rights and interests.

So, what does this mean? When you provide your personal details to us we use your information to provide the training, consultancy and coaching that you or your organisation have asked us to supply. This may also mean sharing details with third parties such as CMI, SFA (in connection with qualifications etc.) or with a partner in a jointly delivered service such as the recent D2N2 Scale UP programme delivered in partnership with Nottingham Trent University and the Chamber of Commerce.

We would also share information if required to do so by law, examples include reporting money laundering concerns or information requested by HMRC.

These are what we consider to be our ‘legitimate interests’ for holding and processing your data.

When we process your information for our ‘legitimate interests’, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Remember, you can change the way you hear from us or withdraw your permission for us to process your personal details at any time by contacting:

Brent Warren at brent@cmbd.org.uk, by telephone on 01623 883199 or by post to the address below.

The Centre for Management and Business Development Ltd

Hexgreave Hall, Upper Hexgreave, Farnsfield, Nottinghamshire NG22 8LS