Privacy Policy

 

ABOUT THIS POLICY

 

Train‐a‐Lift (TAL) maintains certain personal data about living individuals for the purposes of satisfying our operational and legal obligations. We recognise the importance of the correct and lawful treatment of personal data in maintaining the reputation of the company as well as meeting legislative requirements. The data we hold are subject to the appropriate legal safeguards as specified in the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003, and the General Data Protection Regulation.

 

OUR ROLE AS A DATA CONTROLLER

 

TAL controls data in order to meet its legal and operational obligations (legitimate interests) in the provision of forklift truck and materials handling equipment training.

 

OUR ROLE AS A DATA PROCESSOR

 

TAL processes data on behalf of our accrediting bodies (AITT, ITSSAR and ALLMI) and, in the case of our own employees, on behalf of Her Majesty’s Revenue and Customs (HMRC).

 

WHAT PERSONAL INFORMATION DO WE HOLD?

 

Customers

We may hold any of the following personal information relating to our customers:

Name
Employer
Photograph
Date of birth
National Insurance number
E‐mail address
Postal address
Credit/debit card details
Category 1 instructor number(s)

We may not hold all of the information types listed above for every customer.

 

Staff

In addition to the above, we also record the following personal information relating to our staff members.

Passport numbers
Driving licence numbers
Bank details

We do not collect derived or inferred data about our customers through profiling or data mining.

 

HOW DO WE USE THIS INFORMATION?

 

Delegate names, photographs, dates of birth and National Insurance numbers

TAL controls these data for the purposes of identification and verification both of trainees’ identities and of the training they have received. In order to provide copy certificates to trainees or to a booking party involved in the scheduling of training on behalf of the trainee, TAL must be able to accurately link a record of training with an individual. We also process these data on behalf of our accrediting bodies.

 

Delegate telephone numbers, email addresses and postal addresses

TAL controls these data for the purposes of customer communication, feedback and in the pursuit of bad debts. We also process these data on behalf of our accrediting bodies.

 

Credit and debit card details

We record credit and debit card details when taking payment for courses via telephone. Card details are immediately used to process payments whilst the customer remains on the line and are subsequently held in secure filing/archive for a period of 7 years, in line with our financial record‐keeping obligations.

 

Category 1 Instructor Numbers

We record instructor numbers for those instructors trained during our Category 1 Instructor courses in order to facilitate the swift dissemination of this information to customers upon completion of their training.

 

Passport numbers, driving licence numbers and bank details

We record these data for our staff in order to meet our legal obligations to them and to HMRC.

 

HOW IS THIS INFORMATION SECURED?

 

TAL’s IT systems (including servers, terminals and access to email) are secured in line with our information security policy which enforces organisational and environmental controls to prevent loss, misuse of or unauthorised access to our customers’ personal data. Our physical archive files are secured under lock and key, with only those members of the management team who require access granted copies. All internet traffic used to collect personal data is SSL encrypted.

 

FOR HOW LONG DO WE HOLD PERSONAL INFORMATION?

 

Data relating to training courses are held in digital format for a period of 50 years. As records of training are not subject to a statutory date of expiry, this period has been selected to allow for records to be retained for the entirety of a trainee’s working life so that we are able to provide certificate copies as required.

 

Original hard copy test papers are retained for a period of 7 years in order to allow synergy between document disposition processes for both financial and operational documentation including personal data. After this period digital data are used for verification of training.

 

THIRD PARTIES

 

TAL is committed to the preservation and protection of personal information and does not sell any such information to third parties.

 

Personal information may be shared with a booking party (e.g. a trainee’s employer or a member of their company’s HR or management team) upon delivery of certification, as required to confirm trainee attendance, and in order to assist the booking party in the execution of their legal duties in respect of maintaining records of training. Personal information may also be shared with third parties when Train‐a‐Lift is legally obligated to do so.

 

TAL utilises Cognito Forms to process some personal data for attendees of instructor courses. Cognito participate in the EU‐U.S. & Swiss‐U.S Privacy Shield Frameworks to meet the privacy adequacy provisions of the GDPR. More information on their privacy policy is available here.

 

HOW DO WE NOTIFY IN THE EVENT OF A DATA BREACH?

 

In the event of a data breach, and where practicable, we will notify all parties materially affected via email or phone within 72 hours of such a breach being identified. Where appropriate we will also notify any relevant body of a data breach. Route Cause Analysis (RCA) reports will be compiled and issued to all materially affected parties, and distributed via email without delay.

 

RIGHT OF ACCESS

 

You have the right to access your personal data. Within 30 days of receipt of a request for a copy of the personal data we hold on an individual, we will provide confirmation that we are processing that individual’s personal data and a copy of the personal data we hold.

 

FURTHER INFORMATION

 

We’re always here to help. If you would like to speak with us in relation to anything privacy‐related please call our admin team on 024 7646 9027, email us via info@tal.uk.net or contact us via our social media (@trainalift on Twitter, Facebook or LinkedIn).