ABOUT THIS POLICY
Train‐a‐Lift (TAL) maintains certain personal data about living individuals for the purposes of satisfying our operational and legal obligations. We recognise the importance of the correct and lawful treatment of personal data in maintaining the reputation of the company as well as meeting legislative requirements. The data we hold are subject to the appropriate legal safeguards as specified in the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003, and the General Data Protection Regulation.
OUR ROLE AS A DATA CONTROLLER
TAL controls data in order to meet its legal and operational obligations (legitimate interests) in the provision of forklift truck and materials handling equipment training.
OUR ROLE AS A DATA PROCESSOR
TAL processes data on behalf of our accrediting body the Independent Training Standards Scheme and Register (ITSSAR) and, in the case of our own employees, on behalf of Her Majesty’s Revenue and Customs (HMRC).
WHAT PERSONAL INFORMATION DO WE HOLD?
We may hold any of the following personal information relating to our customers:
Date of birth
National Insurance number
Credit/debit card details
ITSSAR instructor number(s)
We may not hold all of the information types listed above for every customer.
In addition to the above, we also record the following personal information relating to our staff members.
Driving licence numbers
We do not collect derived or inferred data about our customers through profiling or data mining.
HOW DO WE USE THIS INFORMATION?
Delegate names, photographs, dates of birth and National Insurance numbers
TAL controls these data for the purposes of identification and verification both of trainees’ identities and of the training they have received. In order to provide copy certificates to trainees or to a booking party involved in the scheduling of training on behalf of the trainee, TAL must be able to accurately link a record of training with an individual. We also process these data on behalf of ITSSAR.
Delegate telephone numbers, email addresses and postal addresses
TAL controls these data for the purposes of customer communication, feedback and in the pursuit of bad debts. We also process these data on behalf of ITSSAR.
Credit and debit card details
We record credit and debit card details when taking payment for courses via telephone. Card details are immediately used to process payments whilst the customer remains on the line and are subsequently held in secure filing/archive for a period of 7 years, in line with our financial record‐keeping obligations.
ITSSAR Instructor Numbers
We record instructor numbers for those instructors trained during our Category 1 ITSSAR Instructor courses in order to facilitate the swift dissemination of this information to customers upon completion of their training.
Passport numbers, driving licence numbers and bank details
We record these data for our staff in order to meet our legal obligations to them and to HMRC.
HOW IS THIS INFORMATION SECURED?
TAL’s IT systems (including servers, terminals and access to email) are secured in line with our information security policy which enforces organisational and environmental controls to prevent loss, misuse of or unauthorised access to our customers’ personal data. Our physical archive files are secured under lock and key, with only those members of the management team who require access granted copies. All internet traffic used to collect personal data is SSL encrypted.
FOR HOW LONG DO WE HOLD PERSONAL INFORMATION?
Data relating to training courses are held in digital format for a period of 50 years. As records of training are not subject to a statutory date of expiry, this period has been selected to allow for records to be retained for the entirety of a trainee’s working life so that we are able to provide certificate copies as required.
Original hard copy test papers are retained for a period of 7 years in order to allow synergy between document disposition processes for both financial and operational documentation including personal data. After this period digital data are used for verification of training.
TAL is committed to the preservation and protection of personal information and does not sell any such information to third parties.
Personal information may be shared with a booking party (e.g. a trainee’s employer or a member of their company’s HR or management team) upon delivery of certification, as required to confirm trainee attendance, and in order to assist the booking party in the execution of their legal duties in respect of maintaining records of training. Personal information may also be shared with third parties when Train‐a‐Lift is legally obligated to do so.
HOW DO WE NOTIFY IN THE EVENT OF A DATA BREACH?
In the event of a data breach, and where practicable, we will notify all parties materially affected via email or phone within 72 hours of such a breach being identified. Where appropriate we will also notify any relevant body of a data breach. Route Cause Analysis (RCA) reports will be compiled and issued to all materially affected parties, and distributed via email without delay.
RIGHT OF ACCESS
You have the right to access your personal data. Within 30 days of receipt of a request for a copy of the personal data we hold on an individual, we will provide confirmation that we are processing that individual’s personal data and a copy of the personal data we hold.
We’re always here to help. If you would like to speak with us in relation to anything privacy‐related please call our admin team on 024 7646 9027, email us via firstname.lastname@example.org or contact us via our social media (@trainalift on Twitter, Facebook or LinkedIn).