Find a Training Provider is a product of AllAboutGroup Holdings Ltd.

 

This privacy policy sets out how AllAboutGroup Holdings Ltd uses and protects any information that you give to AllAboutGroup Holdings Ltd when you use or register with Find a Training Provider.

 

AllAboutGroup Holdings Ltd is committed to ensuring that your privacy is protected.

 

Should we ask you to provide personal data by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

 

AllAboutGroup Holdings Ltd may change this policy from time-to-time by updating this page. If you opt in to receive emails from us, we will notify you of any changes or updates we make. If you do not opt in to receive emails, you should check this page occasionally to ensure that you are happy with any changes. This policy was last updated on 01.09.2020.

 

If you have any questions, please email us at: mydata@allaboutgroup.org

 

About GDPR

 

As of 25 May 2018, all organisations that process personal data on citizens of the EU are required to comply with the EU General Data Protection Regulation (GDPR).

 

The GDPR replaced the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way that organisations, which operate within the region, approach data privacy.

 

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular reference to an identifier. A broad range of personal identifiers constitute personal data, including: name, location data and IP address.

 

Our commitment to GDPR

 

AllAboutGroup Holdings Ltd has always been committed to data protection and the new regulations have provided us with a welcome opportunity to review our already robust data protection policies and procedures, and strengthen our commitment to data protection.

 

Everybody at AllAboutGroup Holdings Ltd, at the highest management level and throughout the organisation, understands the need for stringent data protection policies and procedures, and we all take responsibility for complying with the GDPR.

 

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

 

We take a data protection by design and default approach, and put appropriate data protection measures in place throughout the entire lifecycle of our processing operations.

 

We are also committed to ensuring that all third party data processors that process personal data on our behalf fully comply with the GDPR. We do not enter into contracts with other data processors unless they can demonstrate the steps they have taken towards compliance.

 

Please note: as the personal data we process is not sensitive or likely to result in high risk to individuals’ interests, it has not been necessary for us to conduct any data protection impact assessments or appoint a data protection officer.

 

As an organisation, however, we are dedicated to continually reviewing and improving our data protection procedures and accountability measures. If you have any questions relating to data protection and/or our privacy policy, please send us an email at mydata@allaboutgroup.org

 

What personal data do we collect?

 

When you sign up to Find a Training Provider as an employer, we collect and store the following data:

 

- Your full name;

 

- Your company name;

 

- Your job title;

 

- Your phone number (optional);

 

- Your email address;

 

- Your password.

 

When you sign up to Find a Training Provider as a Training Provider, we collect and store the following data:

 

- Your full name;

 

- Your company name;

 

- Your job title;

 

- Your phone number (optional);

 

- Your email address;

 

- Your password.

 

When you sign up to Find a Training Provider as a Training Provider and pay for a Standard or Premium subscription, we collect and store the following additional data:

 

- Your debit/credit card details;

 

When you use Find a Training Provider generally, even as an unregistered user, we may process data on your use of the website, including:

 

- Which pages you visit;

 

- The time of your visit;

 

- How long you spend on each page;

 

- How long you remain on the website;

 

- The method/ by which you were referred to our website, e.g. via Google or social media channel;

 

- Your general site browsing habits;

 

- The type of device you used to access the website;

 

- The type of web browser you used to access the website;

 

- The type of operating system you used to access the website;

 

- Your network location and IP address.

 

Our lawful basis for collecting this data

 

Before we process any of your personal data, we obtain active, clear consent from you. According to the GDPR, this should be explicit and requires a very clear and specific statement of consent.

 

When we ask you to opt in or opt out of our Privacy Policy, we provide you with all of the information you need on how and why we process this data.

 

This is hugely important, as we want to offer all individuals real choice and control when using our websites.

 

How do we obtain your consent to process your personal data?

 

We have always obtained active consent from the users of our websites, explicitly asking them to allow us to process their data when signing up to receive our advice emails and job alerts.

 

We have, however, recently updated our sign up and account settings pages, along with our cookie consent modules, to make it even easier for you to control and update how we process your personal data.

 

These data processing consent requests are separate from our general Terms & Conditions and we always try to make sure these requests are communicated in a clear and concise way. They require you to provide a positive opt-in and we don’t use pre-ticked boxes or any other methods of default consent.

 

Please note: there are no third party controllers who rely on this consent. All of the information you share with us is solely controlled by AllAboutGroup Holdings Ltd. We do use third party data processors to help us process some of your personal data. A list of these can be found below.

 

We are committed to ensuring that all of the third party data processors that process personal data on our behalf fully comply with the GDPR. Indeed, we do not enter into contracts with other data processors unless they can demonstrate the steps they have taken towards compliance.

 

Please note: even if you provide us with consent initially and choose to receive email communications from us, you can remove your consent at a later date and opt out of emails too.

 

In some cases, you can do this by logging into your account and changing your preferences on your account settings page. Alternatively, you can unsubscribe directly from one of the emails we send you, or just send us an email to make your request at: mydata@allaboutgroup.org

 

We will act on these withdrawals of consent as soon as we can and will not penalise any individuals who wish to withdraw their consent.

 

When you use our website generally, even as an unregistered user, we may place cookies on your browser to log your session, record user traffic via Google Analytics, or for the purposes of remarketing our clients promotional messages to you on other websites once you leave Find a Training Provider. We do this via Facebook, Instagram, YouTube or Google adverts.

 

You can control which cookies we place on your browser via our cookie control module. This allows you to accept some cookies and reject others.

 

Age restrictions

 

You must be aged 13 or older to register with Find a Training Provider. We will ask you to verify your age when completing the sign up form, and this is why we ask for your date of birth.

 

Should we become aware that any site users under 13 are using the site, we will remove their profile and the personal data that we have collected.

 

Any personal information you choose to share on the site is at your own risk, but if you are concerned at all, and are aged between 13 and 17, we recommend that you seek advice from your parents or guardians before deciding to share your personal data with us.

 

Why do we collect this personal data and what do we do with it?

 

We require your personal data to understand your needs and provide you with a better service. In particular, for the following reasons:

 

- We may use the information to improve our products and services.

 

- We may periodically send promotional emails to you containing recommendations of training providers, or other information that we think you may find interesting or useful in your search for a training provider. We will only use the email(s) you have provided and only if you give us consent to email you.

 

- From time-to-time, we may also use your information to contact you for market research purposes. We will contact you by email.

 

- We may use the information to customise the website according to your interests.

 

We also use this information to allow our clients to target particular groups with their promotional messages, based on particular users’ general trends, i.e. this page is the most popular page for apprenticeship employers.

 

We may also sell aggregate information from time-to-time about our users, i.e. not personal data specific to an individual user, but data about our user group as a whole.

 

Your personal data will only be shared with other people that you have opted to share it with, i.e. your colleagues who are helping you to create a shortlist, or training providers to whom you would like to submit an enquiry.

 

Please note: we do not transfer your personal data to any third countries or international organisations, and we do not process personal data for the purposes of automated individual decision making or profiling.

 

Reasons for processing - breakdown by data category

 

We collect and store the following data for specific reasons. Here’s a breakdown for you:

 

- Your full name - we’re a friendly bunch and like to address our users by name where possible. This allows us to personalise your account and the emails that we send you.

 

- Your job title - this allows us to send targeted information to you which is specific to your job role. After all, we like to keep the communications we send out to our users relevant and useful.

 

- Your company name - this allows us to send targeted information to you which is based on your company’s size, profile or sector. We like to keep the communications we send out to our users relevant and useful.

 

- Your email address - we can’t send you useful emails unless you give us your email address. If you decide to opt out of receiving emails, your email address still acts as your username, so that you can login and update your preferences. It’s also vital that we have this if you forget your password and need to reset it.

 

- Your password - security is incredibly important and you will need a password to access your account and update your settings. Your password is fully encrypted in our database, so nobody else should be able to access your account and your personal data.

 

- Your phone number (optional) - if there is a problem with your account your phone number may help us to contact you more quickly. If you are a training provider, we may also share this information with our sales team who may contact you about special offers or promotions from time-to-time.

 

- Your debit/credit card details - these are stored by our secure third party payment system, Stripe. We use your debit/credit card details to process your payment for a Standard or Premium profile. We store your debit/credit details to help you make future purchases and for subscription renewals. Please read our Terms & Conditions for further details on managing your subscription.

 

We use the following information to improve our products and services, customise the website according to your interests:

 

- Which pages you visit;

 

- The time of your visit;

 

- How long you spend on each page;

 

- How long you remain on the website;

 

- The method/ by which you were referred to our website, e.g. via Google or social media channel;

 

- Your general site browsing habits;

 

- The type of device you used to access the website;

 

- The type of web browser you used to access the website;

 

- The type of operating system you used to access the website;

 

- Your network location and IP address.

 

We may use the following data for purposes of remarketing our clients promotional messages to you on other websites once you leave Find a Training Provider. We do this via Facebook, Instagram, YouTube or Google adverts:

 

- Which pages you visit;

 

- Your network location and IP address.

 

Where is this personal data stored?

 

All of the data you give us consent to process when you sign up to Find a Training Provider is securely stored on our dedicated server which is managed by eUKhost at their UK Data Centre.

 

The data centre is independently audited to ISO27001 standard and is protected from both physical and electronic intrusion at all times using some of the most sophisticated technologies.

 

Security is a top priority at the Data Centre. 24 x 7 on-site security guards, ID-based access policy, electronic access controls, external and internal CCTV monitoring, and perimeter fencing with controlled gate access safeguard the data hall from unauthorised access.

 

All of the data you give us consent to use by opting into cookies on your browser is processed by Google Analytics or DoubleClick for Publishers (Google). We also use the Facebook tracking pixel and Google remarketing tracking pixel to serve remarketing adverts.

 

3rd party data processors we may use to help process your data

 

Here is a list of the 3rd party data processors we may use to store or process your personal data:

 

- Google Analytics

 

- DoubleClick for Publishers (Google)

 

- Sprout Social

 

- Survey Monkey

 

- Mailchimp

 

- eUKHost

 

- Heart Internet

 

- Stripe

 

We are committed to ensuring that all of the above third party data processors that process personal data on our behalf are fully compliant with the GDPR.

 

We do not enter into contracts with other data processors unless they can demonstrate the steps they have taken towards compliance.

 

Security measures and procedures

 

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have analysed the risks presented by our processing and have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

 

Find a Training Provider has an SSL Certificate installed. This means when you are browsing on our website a secure connection will be established, and the connection between your browser and our server will be secure. You can see that our SSL Certificate is working correctly because a padlock or green bar will show in the address bar in your browser, depending on which one you use.

 

This is a method of cryptography and encrypts the data that is sent from your browser to our server. This means that if a hacker was to intercept that message, they will only be able to see a cryptographic code that it is impossible for them to break. Only the intended recipient of this data (i.e. our secure server) will be able to understand and process it.

 

You can access and update your own personal data via the Account Settings page once you have logged in. You can only access this data by entering your password. This password is encrypted within our database.

 

We regularly review our information security policies and measures and improve them where necessary. We also conduct regular testing and reviews of our measures to ensure they remain effective. We also make sure that any data processors we use implement appropriate technical measures.

 

How long do we retain your data?

 

The GDPR states that personal data should be stored for no longer than is necessary for the purposes for which the personal data is processed. With that in mind, we only store personal data on our users for a maximum of five years from the date on which they register, unless they request otherwise.

 

We prompt all registered users on an annual basis to update their data processing preferences, so if you would like us to store and process your data for longer than this five years, it is advisable for you to update your consent preferences when prompted.

 

Data breach policy and procedure

 

Since we started our company, we have never suffered any data breaches or attacks on our system. This is because we are fully committed to securing your personal data. We make sure that we constantly review and update our security practices where necessary.

 

In the event that our database is subject to a data breach, however, we have a data breach policy and procedure in place to help mitigate against impact this may have on your personal security.

 

We have prepared a response plan for addressing any personal data breaches and have put a data breach procedure in place. All members of our staff are educated about this procedure and are given access to the guidance and resources required to notify our Head of Operations if they suspect that a data breach has occurred.

 

If it is ascertained that a data breach has, in fact, taken place, we have outlined a process to assess the likely risk to individuals as a result of the breach.

 

We will then notify the ICO of a breach within 72 hours and the individuals affected without undue delay. We will also provide any affected individuals with advice on how to protect themselves from its effects.

 

Links to other websites

 

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information, which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

 

Your rights as a data subject & controlling your personal data

 

Once you have registered as a member of Find a Training Provider, you are entitled to:

 

- Access the data we hold on you;

 

- Rectify the data we hold on you if you believe it to be incorrect;

 

- Request that the data we hold on you be erased;

 

- Request that we restrict the processing of the data we hold on you;

 

- Obtain and reuse the data we hold on you for different services;

 

- Object to the use of your data for direct marketing.

 

To exercise your rights and request any of the above, please email mydata@allaboutgroup.org, or write to us at AllAboutGroup, 25 Corsham Street, London, N1 6DR

 

We will not charge you to request any of the above, unless the request is deemed to be excessive. In the unlikely event of this happening, we may charge you a small fee to cover the costs of this excessive request.

 

If you have any concerns about this Privacy Policy or how we handle your personal data, you have the right to lodge a complaint to the GDPR’s supervisory authority in the UK.