Privacy Policy (v7.0 Jan 2023)
Definitions:
The term ‘us’, ‘we’, or ‘our’ refers to RedHawk Training Ltd trading as Red Hawk Training.
The term ‘you’ or ‘your’ refers to the viewer of this policy e.g. a learner or organisation.
1. Introduction
Red Hawk Training is committed to protecting your privacy and being transparent about what data we hold. This policy sets out how we, Red Hawk Training will collect, process and retain information about you through your use of our website, www.redhawktraining.com and/or where we otherwise obtain or collect information about you.
Red Hawk Training Ltd are the data controllers and we are responsible for your data.
Please read this policy carefully to understand how we collect, process and retain your customer, personal or employee data.
2. Legal basis
Red Hawk Training offers a range of first aid and health and safety training services to customers operating in various sectors throughout the UK. As such Red Hawk Training has a legitimate business interest in capturing, processing and retaining data from data subjects necessary to run our business or to fulfil a contract where services have been requested from us for a mutually beneficial purpose.
3. Data subjects
Red Hawk Training will capture, process and retain data from the following categories;
Customer Data:
When you give it to us directly as a customer
Learner Data:
When we obtain it indirectly from a learner
Employee Data:
When you give to us directly or indirectly as an employee
Customer Data:
How do we collect your data?
We collect customer data via telephone, email, online communication through our website or social media when a customer requests services from us.
Why do we collect your data?
We need to collect your customer data to enable us to provide a service you have requested.
What do we do with your data?
Your customer data will be used for the purposes of sending you emails regarding invoicing, quotes, bookings, collecting payments, posting certificates, general customer queries, requalification certificate reminders and marketing communications where you have not opted out of receiving that marketing.
Who do we share your data with?
We will only share your customer data where we are required to do so by law or to complete a service you have requested.
*Further details on who we share your customer data with is listed under customer data within the Third party processors section of this document
How long do we retain your data?
We will retain your customer data for up to 7 years for the purposes of providing an auditable customer transaction trail and to respond to any requests from the HMRC for financial data relating to customer invoicing.
Where do we store your data?
Once we receive your customer data we have security measures in place to ensure your data is not lost, accidentally destroyed, misused or disclosed. All data stored on computer systems have firewalls and are password protected internally and externally on ICloud, and all data stored within our office are secured under lock and key. Your customer data will then be safely destroyed as soon as the purpose for which it was collected has been completed.
Learner Data:
How do we collect your personal data?
We will collect your personal data when you attend any of our training courses face to face or online.
Your personal data may also be provided to us by your employer, agency or training provider/third party training partner.
Why do we collect your personal data?
We need to collect your personal data for the purposes of course administration so we can award qualifications and issue certificates to you.
What personal data do we collect?
The personal data we collect will include your first name, middle name, surname, date of birth, telephone numbers, email address, address, signature, employer, unique learner number, assessment results, certificates or any disabilities you bring to our attention.
What do we do with your personal data?
We will only collect your personal data for the purposes of course administration, awarding qualifications and issuing certificates to you. We will also provide you with a reminder using the details we have about you to let you know your certificate is due to expire.
*Reminder emails will not apply if you have attended a course through one of our third party training partners. In this instance personal data collected will only be used for the purposes of course administration, awarding qualifications and claiming your certification. You will not receive any communication from us.
Who do we share your personal data with?
From the personal data we collect from you, we will only share your name and date of birth with our relevant Awarding Organisations for the purposes of awarding qualifications and issuing certificates to you. We may at the request from our qualification regulator also need to share other personal data you have provided during the course administration process to meet any external quality assurance activities.
*There is no statutory requirement for learners to consent to us to process your personal data to Awarding Organisations. However, if a Learner chooses to withdraw consent we will be unable to process any personal data for them to award qualifications and issue certificates to that person.
How long do we retain your personal data?
We will only retain your personal data as long as your qualification is valid (expiry of your certificate) in line with regulatory requirements.
Please note some of our Awarding Organisations require us to store course paperwork which will include your personal data for up to 5 years.
Where do we store your personal data?
Once we receive your personal data we have security measures in place to ensure your data is not lost, accidentally destroyed, misused or disclosed. All data stored on computer systems have firewalls and are password protected internally and externally on ICloud, and all data stored within our office are secured under lock and key. Your personal data will then be safely destroyed as soon as the purpose for which it was collected has been completed.
Employee Data:
How do we collect your personal data?
When you agree to work for us including freelance trainers we will need to collect personal data about you, therefore much of the information we hold about you will have been provided by you. We will also collect your personal data from the course paperwork you complete following training courses you have delivered on our behalf.
Your personal data may also be provided to us by third parties such as references from previous or current employer or information about your criminal record from the Disclosure and Barring Service or from your employer, agency or training provider/third party training partner.
Why do we collect your personal data?
We need to collect your personal data for the purposes of meeting our contractual duties with you and our legal obligations as your employer.
What personal data do we collect?
When you agree to work for us including freelance trainers we will collect your personal data primarily through applications forms, CV’s and supporting documentation. This will include your name, address, date of birth, contact details including email address and telephone numbers, and details of your education, qualifications, skills, experience and employment history.
We will also collect your National Insurance number, copies of relevant certificates applicable to your role, bank details, identity documents such as your passport or driving license, and your training insurance details. Your name and signature will also collected from the course paperwork you complete following training courses you have delivered on our behalf.
What do we do with your personal data?
We will only collect your personal data for the purposes of entering into a contract of employment with you; such as to provide you with an employment contract, to pay you, to check your references and to meet any other of our administrative obligations as your employer.
We also have legal and regulatory obligations to meet as your employer; such as processing your personal data to check your entitlement to work in the UK, to carry out criminal record checks, to respond to any requests from the HMRC for financial data relating to your pay or invoicing, and to register you with our Awarding Organisations so you can deliver regulated training qualifications to our customers.
Who do we share your personal data with?
We will only share information about you to third parties where we are legally obliged to do so or where we need to comply with our contractual duties as your employer such as to obtain employment background checks from other providers, to obtain necessary criminal checks from the Disclosure and Barring Service, and to register you with our Awarding Organisations so you can deliver regulated training qualifications to our customers.
*You are under no statutory obligation to provide your personal data to us. However, if you do not provide your data or you choose to withdraw consent we will be unable to offer you work.
How long do we retain your personal data?
We will only retain your personal data as long as you continue to work for us. Your personal data will then be retained for 7 years for the purposes of any requests from the HMRC for financial data relating to your payroll or invoicing, and for any internal/external quality assurances activities on training courses you have delivered for us in line with regulatory requirements.
Where do we store your personal data?
Once we receive your personal data we have security measures in place to ensure your data is not lost, accidentally destroyed, misused or disclosed. All data stored on computer systems have firewalls and are password protected internally and externally on ICloud, and all data stored within our office are secured under lock and key. Your personal data will then be safely destroyed as soon as the purpose for which it was collected has been completed.
4. Marketing communications
Customer data:
Generally, we do not rely on consent as a legal ground for processing your data, other than in relation to sending you marketing communications by email. When you make an enquiry via the contact form on our website you have the option to agree to this privacy policy for us to provide you marketing communications. We have a legitimate business interest in sending marketing communications to customers for business purposes. You can stop receiving marketing communications at any time by following the opt out links to any marketing communications you receive from us. Where you opt out of receiving our marketing communications, this will not apply to data provided to us as a result of a service provided to you.
Learner data:
Your personal data will not be used for any marketing communications.
Employee data:
Employee data is not used for any marketing communications.
5. Third party processors
Customer data:
We will not share your data to any third parties with the exception of those listed below. These third parties will only process your data with our instruction, as they provide us with a service which is necessary to run our business and to complete a service you have requested.
Marketing Communications:
We use a third-party provider, Mailchimp, to deliver our marketing communications to our customer database. We gather statistics around email opening and clicks using industry standard technologies to help us improve our marketing communications. For more information, please see Mailchimp’s privacy notice. You can unsubscribe to our marketing communications at any time by clicking the unsubscribe link at the bottom of any our marketing communications.
Website:
We use a third-party provider to host our website.
Email:
We use a third party email provider to store emails you send us.
Phone:
When you contact us via telephone, we will collect your phone number and any information you provide us during our conversation. We will also collect any data you leave on our answerphone. We do not record telephone calls.
Contact form:
We use a third party provider to manage our contact form online. When you visit our website and contact us using this service, you will be required to provide us a contact name, email address and any other information related to your enquiry. When you submit this data our third party provider will process this information to us in the form of an email. If you do not provide the mandatory information required on our contact form, you will not be able to submit your enquiry, therefore we will not receive it.
Accountants:
We may share invoices we issue and receive with our accountants for the purposes of completing tax returns and our end of year accounts. Our accountants are located in the UK.
Shredding Service:
We use a third party service to securely destroy all of our paperwork. We will receive a certificate of destruction confirming our documents have been securely destroyed.
Insurers:
We will only share your information with our insurers where it is necessary to do so, for example in relation to a claim or potential claim we receive.
Learner data:
We will not share your personal data to any third parties with the exception of those listed below. These third parties will only process your data with our instruction, as they provide us with a service which is necessary to run our business.
Qualsafe:
We use a third-party partner, Qualsafe, to award qualifications and issue our certificates to our learners. For more information, please see Qualsafe Awards Privacy notice.
e-learning/online service:
We use a third-party partner to manage our e-learning and online training packages.
Website:
We use a third-party provider to host our website.
Email:
We use a third party email provider to store emails you send us.
Phone:
When you contact us via telephone, we will collect your phone number and any information you provide us during our conversation. We will also collect any data you leave on our answerphone. We do not record telephone calls.
Contact form:
We use a third party provider to manage our contact form online. When you visit our website and contact us using this service, you will be required to provide us a contact name, email address and any other information related to your enquiry. When you submit this data our third party provider will process this information to us in the form of an email. If you do not provide the mandatory information required on our contact form, you will not be able to submit your enquiry, therefore we will not receive it.
Shredding Service:
We use a third party service to securely destroy all of our course paperwork with your personal data. We will receive a certificate of destruction confirming our documents have been securely destroyed.
Insurers:
We will only share your personal data with our insurers where it is necessary to do so, for example in relation to a claim or potential claim we receive.
Employee data:
We will not share your personal data to any third parties with the exception of those listed below. These third parties will only process your data with our instruction, as they provide us with a service which is necessary to run our business.
Qualsafe:
For the purposes of registering you as a trainer to deliver our regulated training qualifications.
Criminal Record Checks:
We will share your personal data to obtain necessary criminal checks from the Disclosure and Barring Service.
Accountants:
We may share your invoices and/or payroll details to our accountants for the purposes of completing tax returns and our end of year accounts.
Shredding Service:
We use a third party service to securely destroy all of our course paperwork with your personal data. We will receive a certificate of destruction confirming our documents have been securely destroyed.
Insurers:
We will only share your personal data with our insurers where it is necessary to do so, for example in relation to a claim or potential claim we receive.
*We have not listed all of our service providers publicly by name for security and competitive reasons. If you would like further information on our service providers please contact us directly and we will provide you with information where you have a legitimate reason for requesting it.
6. Links to other websites
Our website may contain links to enable you to visit other websites of interest. If you use these links to leave our site, you should note that we do not have any control over other websites that you visit. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites are not governed by this privacy statement. We encourage you to read the privacy statements on the websites you visit.
7. Security
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We are committed to keeping your personal information safe and secure. Once we receive your data, directly or indirectly we have security measures in place to protect your data.
8. Your individual rights
You can see your individual rights at:
9. How to contact us
In line with your individual rights, you may request details of personal data we hold about you by submitting your request in writing to our Data Protection Officer, Red Hawk Training. 18 Bilbie Road, Chew Stoke, Bristol BS40 8XW
We may need to request specific information from you to help us confirm your identity to ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your personal data. We may however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
10. Changes to this policy
We may update this policy from time to time. We will notify you of significant changes by contacting you directly where reasonably possible for us to do so and by placing an update on our website. This policy was last updated on 12th January 2023, and effective from 12th January 2023.