Privacy Policy

Who we are

Our website address is: https://www.safeandtrained.com.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Depending on your relationship with us (for example, as a learner or client who has employees who you are putting forward for training; or other person relating to our business), in order for us to provide training course quotes, provide funding support,  provide training, and/or certificate your learning, we need to collect and process personal data about you. The types of personal data that are processed may include:

We will take all reasonable steps to ensure that we only collect the minimum personal information that is necessary to achieve our objectives and will not use it for any other purpose not envisaged in this privacy policy or as otherwise notified to you. If we do not collect the personal information we need it will severely restrict our ability to provide our services to you.

Personal Information can be collected in a variety of ways, for example, through our website or the website of one of our business partners, completion of an application form, or completion of an enrolment form, submission of a letter and sent by various methods including by email, telephone, and post.

Information from other sources:

We may also acquire your personal information from reputable third party companies who operate in accordance with EU data protection legislation. We will only take receipt of such personal information where they have a lawful basis to pass it on. We may also obtain information from other sources such as:

• Other training providers
• Sanctions lists, court judgments
• Government agencies such as the ESFA, SLC and HMRC
• Public sources
• Social media

We collect certain types of information from your web browser via cookies when you use our website. To find out more information please refer to our cookie policy.

Additional information

What We Use Personal Information For, Categories Of Personal Information, Lawful Basis For Processing, And Recipients Of Your Personal Data 

Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside of Safe and Trained and The Tess Group Company. The law says we must have one or more of the following “lawful basis” to use personal information:

• Performance of our contract
• Compliance with a legal obligation
• In the substantial public interest (eg. to assist with the prevention of crime and fraud)
• Where processing is necessary to protect a vital interest of an individual
• Where there is a legitimate interest (eg. when we have a business or commercial reason to use your information, but even then, it must not unfairly go against what is right and best for you.
• Your consent

If we rely on our legitimate interest, we will tell you what that is.

If you provide data that is specified as special category, we will rely on one of the “lawful basis” above and an additional processing condition “in the substantial public interest for the provision of training services.

Please find below a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are, where this is one of our reasons.

This list is not necessarily exhaustive as changing business needs or external factors may influence the use of the information we hold.

4. How we use your information to make automated decisions 

When collecting information about you, we may compare your personal data against industry averages. Your personal data may also be used to create industry averages. This is known as profiling and is used to measure the inclusion of specific sectors in learning.

Profiling may also be used by us to assess information you provide to understand fraud patterns. Where special categories of personal data are relevant, such as medical history or learning support needs, your special categories of personal data may also be used for profiling. We might make some decisions based on profiling and without staff intervention (known as automatic decision making). The types of automated decision we make are as follows:

• Tailoring products and services – We may place you in groups with similar customers. These are called customer segments. We use these to study and learn about our customers’ needs, and to make decisions based on what we learn. This helps us to design products and services for different customer segments, and to manage our relationships with them.

Your rights 

Automated decision making is an integral part of The Tess Group’s product offering to customers. We cannot accept you as a customer if you object to your personal information being used in this way. If you want to know more about how your personal data is used in this process, please contact us.

5. Where will your personal Information be held? 

It may be necessary for us to undertake some of the processing of your personal data in other countries outside of the European Economic Area where data protection safeguards may not be as high as they are in the UK. However, where this is necessary we will ensure that your personal information is treated with the same level of protection as required by the data protection regulations in the UK and EU.

It is also possible that some of our service providers will process your data in other countries. They are also responsible for ensuring your personal information is treated with the same level of protection as required by the data protection regulations in the UK and EU.

If you would like further details of how your personal data would be protected if transferred outside the EEA, please contact our Data Protection Officer at [email protected] in the first instance.

6. How long will Personal Information be held for?

As part of our commitment to your privacy, we will not hold your personal information for any longer than is necessary. Your personal information will be retained in accordance with our retention policy. This is based on the relevant legal and business requirements and, accordingly, the retention periods for personal information will vary according to the nature of the information held.

7. Consent

In most cases when we process your personal information, we will not contact you for consent, for example:

• When we are under a contract with you to provide our services
• When we are complying with a legal obligation
• When processing is in the substantial public interest
• When we believe it is in our legitimate interests and proportionate to our objective, and that the use of the personal information is not overly intrusive.

However, if your consent is required for the processing of any personal information, for example access to medical records (that do not fall under the low value protocol for personal injury claims following a road traffic accident), we will contact you for your explicit consent. You will have the right to withdraw consent at any time by contacting our Data Protection Officer at the details below. In certain circumstances we do need access to your personal data as part of a statutory or contractual obligation, so any withdrawal of consent may mean we will have to cancel your policy.

8. Marketing 

From time to time we may send existing customers details of new promotions, ask for feedback and provide other information about our products, where we feel this may be of interest to you. This will be by e mail phone or SMS. We may also work with carefully selected partners to bring you offers and information related to other learner services. If you wish to opt out of this communication, please advise us by e-mail to tesscs@thetessgroup.com

9. Security

We are committed to ensuring that your personal information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information we collect.

10. Keeping Personal Information up to date

Please let us know if your personal information changes as it is important that the information we hold about you is accurate and up to date. We will not be responsible for any errors or personal information losses because of not being informed of a change in personal information.

11. Your rights regarding Personal Information 

You have the following rights under current legislation:

• The right to be informed – This privacy policy provides our obligation to provide “fair processing information”. We may also provide information to you during a telephone call, notes as part of an application form, and prompts during an e commerce journey
• The right of access – Access to personal data and supplementary information we hold on you
• The right to withdraw consent – Where we require explicit consent to process your data, you are able to withdraw this
• The right to rectification and data quality – To have personal data rectified if it is inaccurate or incomplete
• The right to erasure including retention and disposal – To request the deletion or removal of personal data where there is no compelling reason for its continued processing, provided that we do not need to retain the personal information to provide you with the services
• The right to restrict processing – Where you have highlighted an issue with the data
• The right to data portability – This allows you to request certain categories of data we hold
• The right to object – Where you have an objection on grounds relating to a situation particular to you

In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime). If you wish to exercise any of your rights, please email [email protected] 

12. Cookie policy

A “cookie” is a small piece of data that is stored on your web browser or hard disk by a web server. This data usually contains encoded information that informs the web server how and when you used the site. Cookies are commonly used on the Internet and do not harm your computer system.

The cookies used on this site do not include any information that others could read and understand about you, such as your name or any account or policy number. They contain no personal Information about you.

Cookies we use:

Google Analytics – We use this to monitor the total number of users visiting the Safe and Trained website, and the links they have clicked on to arrive at the site.

Mobile Website Cookie – A temporary cookie is used to enable the mobile version of the Safe and Trained website; it allows the user of a mobile device to return to the full site once they have been redirected to the mobile version of the website.

13. Complaints

In the event of a complaint regarding the Personal Information we hold, please refer to our Complaints Procedure, which can be found at https://www.safeandtrained.com/terms-conditions

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, or if you think that we have breached the GDPR, then you have the right to complain to the ICO. Their contact options can be found at  https://ico.org.uk/concerns/ 

14. Data Controllers and Data Protection Officers 

The Data Controller for Safe and Trained and The Tess Group is its Business Operations, who can be contacted on [email protected]

The Learner/Training lifecycle involves the sharing of your personal data between learning providers and funding organisations, some of which you will not have direct contact with. Where data is provided to our business partners in relation to the service you have requested, they may also be acting as Data Controllers and Data Processors. If you would like more information about how any of our partners process data, please contact our Data Protection Officer through info@thetessgroup.com in the first instance. We will then notify you of the business partners for your data and their contact details, if required.