textured background

GDPR Compliance Statement

Introduction

As an organization, we want to meet the requirements of the General Data Protection Regulation (GDPR). We also think it is important to give you as a customer (or potential customer) information about:

In addition, we want to inform you about your rights via this compliance statement. Finally, we want to let you know who you can go to with questions, requests or complaints.

Personal data is any information about an identified or identifiable natural person. For you, this means that that information refers directly to you or this information can be traced back to you.  Please note that business information such as a company address or general email address is not covered by GDPR, but we will hold and process such information within our secure systems, as we do with personal data.

The processing of personal data concerns all actions that we can carry out with your personal data, from collecting the data, through recording, storing, modifying data up to and including destruction.

Grounds on which we are allowed to process your data according to the law

The law is clear on six specific grounds:

  1. Consent: Where you have given clear consent to us to use your data. Note: Supplying your personal data such as name and personal email address to the company or an employee of it implies consent that this information can be used by the business and it will become subject to this policy.
  2. Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. Note: This point includes information supplied for us to conduct our business transactions with you.
  3. Legal Obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
  4. Vital Interests: the processing is necessary to protect someone’s life.
  5. Public Task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
  6. Legitimate Interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. Note: This again covers the use of data in order to transact business with us.

Obligation to provide data

In order to transact business with you for the supply of goods, we will require information such as a name, address and contact details, but those provided can be those of a business rather than an individual.  There is no obligation to supply personal data about an individual should you prefer not to do so.

Where we supply training to individuals, personal data will be required to identify that individual in order to certify or confirm their participation.  Specific details of data collected and its use will be made clear to individuals and their specific consent will be required at the time of training, but training cannot be completed without the provision of such data.

The data that we process from you

The data provided by you and processed by the company may include the following:

The processing of the above data is only for one or more of the following purposes:

 Transfer of your personal data

In principle, we only use your personal data for ourselves (our own business operations) and we only use this information for the purposes for which this data was obtained by us. In some cases, it may be necessary to pass on your details to others, such as to a party that processes data on our behalf.

With parties that process personal data on our behalf (the so-called ‘processors’), we conclude processing agreements (if necessary). We do this so that when we provide data to them, it is, among other things, well established that they also protect these data properly and they must report to us in case of a (presumption of a) data breach.

The storage of your personal data

When storing personal data, our basic principle is that we do not store data longer than necessary for the purpose for which we have processed it. As far as there are, we observe the statutory retention periods. Data may be retained by us for longer if we have a legitimate interest in it (for example, when legal proceedings are underway or have been announced and we must be able to defend ourselves).

We therefore expect to hold personal data that has been held for transactional periods for no longer than 8 years after the last related transaction (that is to hold it for 7 years as required by UK law and up to one further year to allow a period of time for disposal).

Data held in relation to training courses is held for up to one year after the validity of the issued training certificate.

Securing your personal data    

We will operate suitable security measures, software and processes to keep your data safe from data security breaches and will inform you if we believe a potential breach has occurred.

We therefore have in place an appropriate level of protection. We also update this periodically whenever necessary.

Your rights

You have the right under the GDPR to ask us, regarding your personal data, for:

To submit a complaint about your data or any of our use of it, please submit an initial complaint to

Sarah Andrews: sarah.andrews@s1e.co.uk or Olivia Davies: olivia.davies@s1e.co.uk

Alternatively, you can make a formal complaint directly to the Information Commissioner’s Office (ICO).  Current contact details and procedural points can be found at www.ico.org.uk

Contact person(s)

With questions, requests, or complaints about the processing of your personal data, you can contact: Sarah Andrews: sarah.andrews@s1e.co.uk or Olivia Davies: olivia.davies@s1e.co.uk

textured background
Proud to work with:

Copyright © S1E 2024. Registered in England. Company Reg No: 10952447. Company Vat No: 364 4242 05.