Privacy Policy (v7.0 Jan 2023)
1. Introduction
Red Hawk Training is committed to protecting your privacy and being transparent about what data we hold. This policy sets
out how we, Red Hawk Training will collect, process, and retain information about you through your use of our website,
www.redhawktraining.com and/or where we otherwise obtain or collect information about you.
Red Hawk Training Ltd are the data controllers and we are responsible for your data.
Please read this policy carefully to understand how we collect, process, and retain customer, personal or employee data.
2. Legal basis
Red Hawk Training offers a range of first aid and health and safety training services to customers operating in various
sectors throughout the UK. As such Red Hawk Training has a legitimate business interest in capturing, processing, and
retaining data from data subjects necessary to run our business or to fulfil a contract where services have been requested
from us for a mutually beneficial purpose.
3. Data subjects
Red Hawk Training will capture, process, and retain data from the following categories;
Customer Data:
When you give it to us directly as a customer
Learner Data:
When we obtain it indirectly from a learner
Employee Data:
When you give to us directly or indirectly as an employee
Customer Data:
How do we collect your data?
We collect customer data via telephone, email, online communication through our website or social media when a customer
requests services from us.
Why do we collect your data?
We need to collect your customer data to enable us to provide a service you have requested.
What do we do with your data?
Your customer data will be used for the purposes of sending you emails regarding invoicing, quotes, bookings, collecting
payments, certificates, general customer queries, certificate expiry reminders and marketing communications where you
have not opted out of receiving that marketing.
Who do we share your data with?
We will only share your customer data where we are required to do so by law or to complete a service you have requested.
*Further details on who we share your customer data with is listed under customer data within the Third-party processors
section of this document
How long do we retain your data?
We will retain your customer data for up to 7 years for the purposes of providing an auditable customer transaction trail and
to respond to any requests from the HMRC for financial data relating to customer invoicing.
​
Where do we store your data?
Once we receive your customer data, we have security measures in place to ensure your data is not lost, accidentally
destroyed, misused, or disclosed. All data stored on computer systems have firewalls and are password protected internally
and externally on secure remote servers, and all data stored within our office are secured under lock and key. Your
customer data will then be safely destroyed as soon as the purpose for which it was collected has been completed.
Learner Data:
How do we collect your personal data?
We will collect your personal data when you attend any of our training courses face to face or online.
Your personal data may also be provided to us by your employer, agency, or training provider/third party training partners.
Why do we collect your personal data?
We need to collect your personal data for the purposes of course administration so we can issue certificates to you.
What personal data do we collect?
The personal data we collect will include your first name, surname, date of birth, telephone numbers, email address,
signature, employer, unique learner number, assessment results, certificates, or any disabilities you bring to our attention.
What do we do with your personal data?
We will only collect your personal data for the purposes of course administration and issuing certificates to you. We will also
provide you with a reminder email using the details we have about you to let you know your certificate is due to expire.
*Reminder emails will not apply if you have attended a course through one of our third-party training partners. In this
instance personal data collected will only be used for the purposes of course administration and claiming your certification.
You will not receive any communication from us.
Who do we share your personal data with?
From the personal data we collect from you, we will only share your personal data you have provided during the course
administration process for independent external scrutiny.
*There is no statutory requirement for learners to consent to us to process your personal data. However, if a Learner
chooses to withdraw consent, we will be unable to process any personal data for them to issue certificates to that person.
How long do we retain your personal data?
We will only retain your personal data as long as your certificate is valid (expiry date of your certificate).
Where do we store your personal data?
Once we receive your personal data, we have security measures in place to ensure your data is not lost, accidentally
destroyed, misused, or disclosed. All data stored on computer systems have firewalls and are password protected internally
and externally on secure remote servers, and all data stored within our office are secured under lock and key. Your personal
data will then be safely destroyed as soon as the purpose for which it was collected has been completed.
Employee Data:
How do we collect your personal data?
When you agree to work for us including freelance trainers, we will need to collect personal data about you, therefore much
of the information we hold about you will have been provided by you. We will also collect your personal data from the course
paperwork you complete following training courses you have delivered on our behalf.
Your personal data may also be provided to us by third parties such as references from previous or current employer or
information about your criminal record from the Disclosure and Barring Service or from your employer, agency, or training
provider/third party training partners.
​
Why do we collect your personal data?
We need to collect your personal data for the purposes of meeting our contractual duties with you and our legal obligations
as your employer.
What personal data do we collect?
When you agree to work for us including freelance trainers we will collect your personal data primarily through applications
forms, CV’s and supporting documentation. This will include your name, address, date of birth, contact details including
email address and telephone numbers, and details of your education, qualifications, skills, experience, and employment
history.
We will also collect your National Insurance number, copies of relevant certificates applicable to your role, bank details,
identity documents such as your passport or driving license, and your training insurance details. Your name and signature
will also collected from the course paperwork you complete following training courses you have delivered on our behalf.
What do we do with your personal data?
We will only collect your personal data for the purposes of entering into a contract of employment with you, such as to
provide you with an employment contract, to pay you, to check your references and to meet any other of our administrative
obligations as your employer.
We also have legal and regulatory obligations to meet as your employer, such as processing your personal data to check
your entitlement to work in the UK, to carry out criminal record checks, to respond to any requests from the HMRC for
financial data relating to your pay or invoicing.
​
Who do we share your personal data with?
We will only share information about you to third parties where we are legally obliged to do so or where we need to comply
with our contractual duties as your employer such as to obtain employment background checks from other providers, to
obtain necessary criminal checks from the Disclosure and Barring Service or for independent external scrutiny.
*You are under no statutory obligation to provide your personal data to us. However, if you do not provide your data or
choose to withdraw consent, we will be unable to offer you work.
How long do we retain your personal data?
We will only retain your personal data as long as you continue to work for us. If you no longer work for us your personal data
will be retained for 7 years for the purposes of any requests from the HMRC for financial data relating to your payroll or
invoicing.
Where do we store your personal data?
Once we receive your personal data, we have security measures in place to ensure your data is not lost, accidentally
destroyed, misused, or disclosed. All data stored on computer systems have firewalls and are password protected internally
and externally on secure remote servers, and all data stored within our office are secured under lock and key. Your personal
data will then be safely destroyed as soon as the purpose for which it was collected has been completed.
4. Marketing communications
Customer data:
Generally, we do not rely on consent as a legal ground for processing your data, other than in relation to sending you
marketing communications by email. When you make an enquiry via the contact form on our website you have the option to
agree to this privacy policy for us to provide you marketing communications. We have a legitimate business interest in
sending marketing communications to customers for business purposes. You can stop receiving marketing communications
at any time by following the opt out links to any marketing communications you receive from us. Where you opt out of
receiving our marketing communications, this will not apply to data provided to us as a result of a service provided to you.
​
Learner data:
Your personal data will not be used for any marketing communications.
Employee data:
Employee data is not used for any marketing communications.
5. Third party processors
Customer data:
We will not share your data to any third parties with the exception of those listed below. These third parties will only process
your data with our instruction, as they provide us with a service which is necessary to run our business and to complete a
service you have requested.
Marketing Communications:
We use a third-party provider, Mailchimp, to deliver our marketing communications to our customer database. We gather
statistics around email opening and clicks using industry standard technologies to help us improve our marketing
communications. For more information, please see Mailchimp’s privacy notice. You can unsubscribe to our marketing
communications at any time by clicking the unsubscribe link at the bottom of any our marketing communications.
Website:
We use a third-party provider to host our website.
Email:
We use a third-party email provider to store emails you send us.
Phone:
When you contact us via telephone, we will collect your phone number and any information you provide us during our
conversation. We will also collect any data you leave on our answerphone. We do not record telephone calls.
Contact Form:
We use a third-party provider to manage our contact form online. When you visit our website and contact us using this
service, you will be required to provide us a contact name, email address and any other information related to your enquiry.
When you submit this data, our third-party provider will process this information to us in the form of an email. If you do not
provide the mandatory information required on our contact form, you will not be able to submit your enquiry, therefore we will
not receive it.
Accountants:
We may share invoices we issue and receive with our accountants for the purposes of completing tax returns and our end of
year accounts. Our accountants are located in the UK.
Shredding Service:
We use a third-party service to securely destroy all our paperwork. We will receive a certificate of destruction confirming our
documents have been securely destroyed.
Insurers:
We will only share your information with our insurers where it is necessary to do so, for example in relation to a claim or
potential claim we receive.
Learner data:
We will not share your personal data to any third parties with the exception of those listed below. These third parties will only
process your data with our instruction, as they provide us with a service which is necessary to run our business.
Independent External Scrutiny:
We will appoint (or that are appointed on our behalf) externally individuals to carry out any independent scrutiny of quality
assurance activities, investigations, or complaints as and when required or periodically.
e-learning/online service:
We use third-party partners to manage our e-learning and online training packages.
Website:
We use a third-party provider to host our website.
Email:
We use a third-party email provider to store emails you send us.
Phone:
When you contact us via telephone, we will collect your phone number and any information you provide us during our
conversation. We will also collect any data you leave on our answerphone. We do not record telephone calls.
Contact Form:
We use a third-party provider to manage our contact form online. When you visit our website and contact us using this
service, you will be required to provide us a contact name, email address and any other information related to your enquiry.
When you submit this data, our third-party provider will process this information to us in the form of an email. If you do not
provide the mandatory information required on our contact form, you will not be able to submit your enquiry, therefore we will
not receive it.
Shredding Service:
We use a third-party service to securely destroy all our course paperwork with your personal data. We will receive a
certificate of destruction confirming our documents have been securely destroyed.
Insurers:
We will only share your personal data with our insurers where it is necessary to do so, for example in relation to a claim or
potential claim we receive.
Employee data:
We will not share your personal data to any third parties with the exception of those listed below. These third parties will only
process your data with our instruction, as they provide us with a service which is necessary to run our business.
Criminal Record Checks:
We will share your personal data to obtain necessary criminal checks from the Disclosure and Barring Service.
Independent External Scrutiny:
We will appoint (or that are appointed on our behalf) externally individuals to carry out any independent scrutiny of quality
assurance activities, investigations, or complaints as and when required or periodically.
Accountants:
We may share your invoices and/or payroll details to our accountants for the purposes of completing tax returns and our end
of year accounts.
Shredding Service:
We use a third-party service to securely destroy all our course paperwork with your personal data. We will receive a
certificate of destruction confirming our documents have been securely destroyed.
Insurers:
We will only share your personal data with our insurers where it is necessary to do so, for example in relation to a claim or
potential claim we receive.
*We have not listed all our service providers publicly by name for security and competitive reasons. If you would like further
information on our service providers, please contact us directly and we will provide you with information where you have a
legitimate reason for requesting it.
6. Links to other websites
Our website may contain links to enable you to visit other websites of interest. If you use these links to leave our site, you
should note that we do not have any control over other websites that you visit. Therefore, we cannot be responsible for the
protection and privacy of any information which you provide whilst visiting such sites are not governed by this privacy
statement. We encourage you to read the privacy statements on the websites you visit.
7. Security
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable
regulator of a breach where we are legally required to do so.
We are committed to keeping your personal information safe and secure. Once we receive your data, directly or indirectly we
have security measures in place to protect your data.
8. Your individual rights
You can see your individual rights at:
​
9. How to contact us
In line with your individual rights, you may request details of personal data we hold about you by submitting your request by
email at office@redhawktraining.com for the attention of the Data Protection Officer.
We may need to request specific information from you to help us confirm your identity to ensure your right to access your
personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to
receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your personal data. We may, however, charge a reasonable fee if your request is
clearly unfounded, repetitive, or excessive.
10. Changes to this policy
We may update this policy from time to time. We will notify you of significant changes by contacting you directly where
reasonably possible for us to do so and by placing an update on our website.
This policy was last updated on 12th January 2023, and effective from 12th January 2023.