Privacy Policy

1. Definitions used in this Policy
2. Who We Are
3. What We Do
4. The Law
5. Data protection principles we follow
6. What rights do you have regarding your Personal Data
7. Where we get your Personal Information
8. The Personal Information we collect and how we use it
9. How long we retain Personal Information
10. How we store and secure your data 
11. Who else can access to your Personal Data
12. Data Transfers
13. Privacy by Design and Data Protection Impact Assessment (DPIA)
14. Training and Audit
15. Children
16. Contact information
17. Complaints
18. Changes to this Privacy Policy

Personal Data – any information relating to an identified or identifiable natural person.

Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.

Data subject – a natural person whose Personal Data is being Processed.
Child – a natural person under 16 years of age.

We/us (either capitalized or not)
This document and references to “SEQM TRAINING” and “we” and “us” apply equally to SEQM TRAINING LTD.

SEQM TRAINING LTD is a company registered in Wales under company number 13207527.

We provide certified and professional training courses to individuals and organisations in the UK and overseas.

We manage and make decisions about personally identifiable information we hold, as well as conducting specific activities using data provided by other companies, on their behalf.

We provide training services to individuals and organisations in the UK and overseas. This often involves receiving personal information from our clients so that we can effectively carry out our services, some of which are externally regulated. We also transfer information to other companies that perform specific actions at our request, and this may involve the transfer of personal data for that purpose.

SEQM TRAINING is committed to safeguarding your privacy. Please contact us if you have any questions or problems regarding the use of your Personal Data.

By using this website and/or our services, you consent to the Processing of your Personal Data as described in this Privacy Policy.

This Privacy Policy is a part of our Terms and Conditions; by agreeing to Terms and Conditions you also agree to this Policy. In the event of collision of terms used in Terms and Conditions and Privacy Policy, the latter shall prevail.

SEQM TRAINING is based in Wales and thus subject to law applicable in England & Wales. In the case of data protection, the primary legislation in effect from 25th May 2018 is Regulation EU 216/679 (the General Data Protection Regulation), as well as the Data Protection Act 2018.

We promise to follow the following data protection principles:

• Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you information regarding Processing upon request.
• Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
• Processing is done with minimal data. We only gather and process the minimal amount of Personal Data required for any purpose.
• Processing is limited with a time period. We will not store your personal data for longer than needed.
• We will do our best to ensure the accuracy of data.
• We will do our best to ensure the integrity and confidentiality of data.

The Data Subject has the following rights:

1. Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
2. Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
3. Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
4. Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
5. Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
6. Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
7. Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
8. Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
9. Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
10. Right for the help of supervisory authority meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
11. Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.

We accept the following forms of ID when information on your personal data is requested:

• Driving license
• Passport
• Email address
• Photograph
• Curriculum Vitae
• Educational & Membership certificates
• Continuous Professional Training Log

If you wish to confirm that SEQM TRAINING is processing your personal data, or to have access to the personal data we may have about you, please contact us.

Information about individuals may originate from different sources, including being collected from the person themselves. We agree to disclose the source of any data we hold about a person upon their request, as long as there is no overriding legal requirement not to do so. Such requests should be directed to the Data Protection Officer (DPO).

8.1) Information that we collect automatically

When you visit our Website, we may collect certain personal information automatically from your device. Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification number, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.

Some of this information may be collected using cookies and similar tracking technology, as explained further in our Cookie Notice.

8.2) What personal information does SEQM TRAINING collect when you engage our Services

SEQM TRAINING stores and uses information that could be used to identify a living person. The information collected will vary depending on the purposes for which that data is used. The purpose of this storage and use will vary depending on the area of the business that it pertains to. Where consent is required or used as the basis for storage and use of personal information, this will be clearly communicated, and the person providing their consent has the right to withdraw it at any time.

8.3) Direct Service Delivery

We Process your Personal Data under the legal basis of :

• ‘Performance of a Contract’ and/or
• ‘Legitimate Interest’

for the following purposes:

In order to deliver services to our clients, we collect, store and use personally identifiable information including names, postal addresses, telephone numbers, email addresses and demographic information, as far as it is necessary for the provision of that service.

This is done in order to process training courses, exam results, certificates and other administrative functions.

8.4) Subcontractors and Associate Tutors

We Process your Personal Data under the legal basis of:

• ‘Performance of a Contract’ and/or
• ‘Legitimate Interest’

for the following purposes:

In order to deliver services to our clients, we often use authorised subcontractors and associate tutors to conduct training and other services.

They collect, store and use personally identifiable information including names, postal addresses, telephone numbers, email addresses and demographic information, as far as it is necessary for the provision of those services.

SEQM TRAINING also processes selected personally identifiable information supplied by our authorised subcontractors and associate tutors which may include names, postal addresses, telephone numbers, email addresses and demographic information.

This is done in order to process training courses, exam results, certificates and other administrative functions.

8.5) Certification Body

In order to provide certified training and certificates to our clients, we disclose selected personal information to a 3rd party certification body – The Chartered Quality Institute (CQI) and International Register of Certificated Auditors (IRCA). They collect, store and use that personally identifiable information including names, postal addresses, telephone numbers, email addresses and demographic information, as far as it is necessary for the provision of those services.

8.6) Human Resources

We Process your Personal Data under the legal basis of :

• ‘‘Performance of a Contract’ and/or
• ‘Legal Requirement’ and/or
• ‘Consent’ and/or
• ‘Vital Interest’ and/or
• ‘Legitimate Interest’ and/or

for the following purposes:

We store information relating to employees and contractors so that we have adequate records to be able to contact, manage and pay them, and meet our legal obligations as an employer.

This information may be sent to another company working on our behalf, where the relationship is defined by a contract, and they are not permitted to use the information in any way we have not explicitly asked them to. Only certain authorised personnel within the company have access to this information.

This information may include name, dob, billing address, home address, e-mail address, telephone, company name, financial and other information.

Under the legal basis of vital interests, we process your Personal Data for the following purposes:

We collect data concerning health relating to employees, so we can make any necessary adjustments for their benefit and so that we may pass relevant information on to emergency services and healthcare professionals in the event of an illness or accident at work in order to protect their vital interests.

This information may include name, dob, billing address, home address, e-mail address, telephone, medical, financial and other information.

8.7) Sales

We Process your Personal Data under the legal basis of:

• ‘Performance of a Contract’ and/or
• ‘Legitimate Interest’

for the following purposes:

Whenever we sell products and services, we collect and store information about the person or people we have dealt with in the course of the sale, including prior to any sale taking place, in order to serve the mutual interests of our own and our clients’ or prospective clients’ companies. This is used for the purpose of completing the sale, managing service delivery, and marketing further products and services in the future.

This information may include name, dob, billing address, postal address, e-mail address, telephone, financial and other information.

8.8) Marketing

We Process your Personal Data under the legal basis of:

• ‘Performance of a Contract’ and/or
• ‘Legitimate Interest’

for the following purposes:

We conduct direct marketing activities in order to obtain new and repeat business, and sometimes this requires that we store and use names and business contact details of specific people whom we know or believe to be the most appropriate recipient of our marketing communications.

Since we obtain published or offered contact details for people in their business role and take steps to ensure that we and our suppliers are compliant with legal requirements such as the provision of a means of opting out of further marketing communications, we believe recipients’ privacy rights are balanced with our business interests.

This information may include name, dob, billing address, postal address, e-mail address, telephone, financial and other information.

8.9) Purchasing

We Process your Personal Data under the legal basis of:

• ‘Performance of a Contract’ and/or
• ‘Legitimate Interest’

for the following purposes:

From time to time we may store names and business contact details of individual people working for our suppliers’ business. This is necessary to ensure we are able to contact the relevant people and maintain a relationship to the benefit of both our and their business.

This information may include name, dob, billing address, postal address, e-mail address, telephone, financial and other information.

8.10) Publicly Available Information

We might gather information about you that is publicly available.

8.11) Other Information

We reserve the right to anonymise Personal Data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymised.

We might process your Personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered. To do this, we will ensure that:

• the link between purposes, context and nature of Personal Data is suitable for further Processing;
• the further Processing would not harm your interests and
• there would be appropriate safeguard for Processing.

8.12) Automated Decision Making

If a decision is to be based solely on Automated Processing (including profiling), then Data Subjects will be informed when we first communicate with them of their right to object. This right will be explicitly brought to their attention and presented clearly and separately from other information. Further, suitable measures will be put in place to safeguard the Data Subject’s rights and freedoms and legitimate interests.

We will also inform the Data Subject of the logic involved in the decision making or profiling, the significance and envisaged consequences and give the Data Subject the right to request human intervention, express their point of view or challenge the decision.

A Data Protection Impact Assessment (DPIA) will be carried out before any Automated Processing (including profiling) activities are undertaken.

However, currently no form of Automated Decision Making is undertaken within SEQM Training LTD.

Except where a legal obligation to retain data exists, SEQM TRAINING LTD does not store personal information for any longer than is necessary for its defined purpose. Wherever an individual has expressed that they no longer wish to have information we hold about them used for the purpose under which we hold it, we may need to continue storing certain identifiers to ensure that person’s information does not re-enter our systems at a later date. This data is stored apart from data that is in current use, is clearly labelled and access to it is restricted.

Data we hold on behalf of our clients will be held for the duration as depicted by SEQM TRAINING LTD retention policy, unless it is needed for longer in order to complete the delivery of the service we have agreed to provide.

When data is no longer to be retained, its removal, deletion or erasure will be performed according to processes suitable for the medium, for example the secure shredding of paper documents, deletion from internal systems, or overwriting (wiping) of hard disks.

Where possible and practicable we store information relating to our business on electronic records rather than on paper records, although it is often necessary to print or write upon certain documents, especially where legal documents are concerned. 

The majority of information is however stored electronically. Critical systems such as those relating to finance and service delivery are regularly backed up and/or continuously mirrored to protect against data loss, and are physically located in secure premises.

We do our best to keep your Personal Data safe.  We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks.

It is our policy that data stored electronically be protected from unauthorised access, accidental deletion and malicious hacking attempts. In addition to internal processes, we employ third party service providers to manage elements of this.

Even though we try our best we cannot guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.

In some cases Personal Data about you is shared with our trusted partners, subcontractors and associates to ensure we can provide our service to you as a client, or to fulfil legal obligations or to enhance your customer experience.

We only work with Processing partners who are able to ensure adequate level of protection to your Personal Data. We disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it.

We share your data with:

• Our certification body The Chartered Quality Institute (CQI) and International Register of Certificated Auditors (IRCA)
• Professional advisors such as our auditors, accountants, and external legal and financial advisors.
• Our suppliers, business partners and sub-contractors and associates.
• Search engines and website analytics.
• Providers of website hosting and maintenance.
• Payment processing providers (Airwallex, Klarna and others as appropriate)
• Email service providers.
• Identity checking companies.
• Project Management, scheduling and other business software tool providers.

SEQM TRAINING may make transfers of personal data outside the United Kingdom, including out of the European Economic Area. Such cases may be due to the physical location of a digital service provider that is storing data on our behalf, whose services are regulated by terms compatible with this policy and our compliance with applicable law. SEQM TRAINING has, where local data protection regulations so require, put in place security measures for the export of personal data from its jurisdiction. Where local data protection regulations so require, SEQM TRAINING has made arrangements with entities receiving your personal data such that they shall ensure that security measures are in place, and that your personal data is processed only in accordance with EU Data Protection laws.

The safeguards we have taken include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information to our non-EEA members operating under SEQM TRAINING, which requires our non-EEA member to protect personal information they process from the EEA in accordance with European Union data protection laws.

We are required to implement Privacy by Design measures when Processing Personal Data by implementing appropriate technical and organisational measures (like Pseudonymisation) in an effective manner, to ensure compliance with data privacy principles.

We will assess what Privacy by Design measures can be implemented on all programs/systems/processes that Process Personal Data by taking into account the following:

(a) the state of the art;
(b) the cost of implementation
(c) the nature, scope, context, and purposes of Processing; and
(d) the risks of varying likelihood and severity for rights and freedoms of Data Subjects posed by the Processing.

Furthermore, SEQM TRAINING will also conduct DPIAs in respect to high-risk Processing.

We will always conduct a DPIA (and discuss the findings with the DPO) when implementing major system or business change programs involving the Processing of Personal Data including:

(e) use of new technologies (programs, systems or processes), or changing technologies (programs, systems or processes);
(f) Automated Processing including profiling and Automated decision making;
(g) large scale Processing of Sensitive Data; and
(h) large scale, systematic monitoring of a publicly accessible area.
(i) an assessment of the risk to individuals; and
(j) the risk mitigation measures in place and demonstration of compliance.

It is our policy to ensure that all SEQM TRAINING Company Personnel have undergone adequate training to enable them to comply with data privacy laws. We must also regularly test our systems and processes to assess compliance. Company Personnel will undergo all mandatory data privacy related training. SEQM TRAINING regularly review all the systems and processes under our control to ensure that we comply with this Privacy Notice and check that adequate governance controls and resources are in place to ensure proper use and protection of Personal Data.

We do not intend to collect or knowingly collect information from children. We do not target children with our services.

Our Data Protection Officer (DPO) is the main contact for anyone who wants to discuss matters covered under this policy or the law, including any person whose personal data we have come into contact with and used or stored, whether for our own purposes or on behalf of another company.

You can send the DPO an email using the email address dpo@seqmtraining.com

If you have any concerns about how your data is being processed by us or any of our third parties please contact us and we will attempt to resolve any issues. We are governed by the Office of the Information Commissioner (ICO) in the United Kingdom. In the event that you wish to make a complaint about how your personal data is being processed by us or any of our third parties, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority, The Information Commissioner’s Office (The ICO) details as below:

Supervisory Authority

The Information Commissioners Office (The ICO)

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113

website: https://ico.org.uk

We reserve the right to make changes to this Privacy Notice at any time, for any reason. However, SEQM TRAINING will review and update this Privacy Notice periodically or from time to time in response to legal, technical or business developments, and will note the date of its most recent revision. If we make material changes to this Notice, we will notify you either by prominently posting a notice of such changes prior to implementing the changes on this website. We encourage you to review this Notice frequently to be informed of how SEQM TRAINING is protecting your information.

Last modification was made: Oct 8th, 2021

Revision No: 1