Training in Action Ltd, is a registered company (2561066) and the following details set out how we use and protect information that you provide to us when using our website or services.
Training in Action is registered under the Data Protection Act and will provide you with the information we hold on you in response to a request in writing.
Given the nature of our work, you can be assured that we give protection of privacy and confidentiality the highest consideration.
If you are interested in our work, or have any queries relating to our collection or use of personal information, you can contact us.
In order to deliver our services and to carry out necessary business functions, we may collect certain personal details from you in a variety of ways, such as, through our
These details may include (where applicable), names, contact information and basic employment details. Depending on the service we are delivering to you or your company, we may also ask for more detailed information about your employment such as the department or team you work in, your length of employment and professional performance goals, health or dietary issues.
When receiving coaching from TiA, sensitive information may emerge from discussions with your TiA coach. These relationships are bound by strict confidence, and any notes collated by your coach are treated accordingly.
Personal data we obtain is collected in a few key ways - disclosed by the individual; by an authorised third party (i.e. employer) on the individual's behalf; obtained from a linked system or database or it can be generated through user interaction with systems/services
Where your data is provided to us by an authorised third party such as your employer (i.e. in the form of course delegate lists), it is the third party’s responsibility to ensure they have the correct lawful basis in place to share this data with TiA.
Your data may be used for a number of purposes including, but not limited to:
to provide all the elements of the learning & development services we have been contracted to provide by yourself or your employer’s contacting you in the event of a workshop time change or cancellation,
to assess the quality of our services,
crime prevention/detection (i.e. fraud),
legal obligations of the business,
statistical and marketing analysis,
You will always be told what we intend to do with any personal data we collect from you, however the principal reasons are to:
support the delivery of contracted services and products, or
achieve our marketing and sales strategies.
More specifically, these may take the form of the below likely scenarios:
An Approved Practitioner (an associate or independent practitioner authorised to deliver TiA programmes)
A Client Practitioner (a colleague in your organisation authorised to deliver TiA programmes) if you are enrolled on a programme delivered by either party for learning & development. Either of these scenarios may involve transmitting your data to a different country
Delegate interactions with online services such as when using our website to complete Joining Instructions or access the Client Library
TiA will only keep data for as long as is necessary to meet these purposes. We will never share, sell, or rent individual personal information to an external party without your advance permission, or unless ordered by a court of law. The personal data you provide to us is only available to relevant employees and contracted service providers.
Due to the global reach of our business and services we provide, TiA works with Approved Practitioners in different countries and it is sometimes necessary to transmit your data internationally in delivery of these services to meet our contractual requirements.
Data collected by TiA will be stored and processed primarily within the UK, but may be stored and processed in another country, including a country that is not in the European Economic Area (EEA). Some countries may not have data privacy laws as strong as those in force in others. We will try to ensure that the data protection standards employed within the UK are observed by our partners with whom we need to share information in all of the countries they operate.
In some instances, we may seek authorisation from the Information Commissioner’s Office (ICO) prior to a cross-border data transfer.
Our website and online services are protected by firewalls and we have implemented security policies, rules and technical measures to protect the data in our control. These security measures are designed to prevent unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
Any information you provide us with when using our services is stored centrally on secure cloud-based systems. Direct access to these databases are restricted to authorised personnel and their appointed agents only. We have taken every reasonable step to ensure that your personal data is held securely at all times, and that access to these are closely monitored. We use security measures to protect against the loss, misuse and alteration of data within our systems.
Please be aware however, that no internet or email transmission is ever fully secure or error free. You should take special care in deciding what personal data you send to us via email and keep this in mind when disclosing any personal data to us via the internet.
Any personal data we collect from you or we generate as a result of
your interaction with our systems and services belongs to you. Under the data protection laws in the UK you therefore have the right to know if your data is being processed, why and for how long.
We also uphold other rights you hold under the data protection act, namely:
The right to request that errors in your personal data processed by us is amended or corrected
The right to the deletion of personal data if it is no longer required or you withdraw consent
The right to object to processing whereby it could cause damage or distress, or where you may be evaluated or subject to decisions on the basis of automated processing
The right to request a copy of the personal data you have provided to us
If any of the information that we hold is incorrect or incomplete, please complete the Subject Access Request Form.
You can also contact Juliet@tia.co.uk to query any aspect of our data processing procedures.
We have a procedure in place if a breach of security leads to accidental or unlawful disclosure, access to, loss, personal data transmitted, stored or otherwise.
If a breach occurs, we will assess the scope and impact of the breach. Based on the assessment of the likely risks, we will
1/ Notify the individuals and/or the connected organisations that a data breach has occurred
2/ Notification to individuals will be carried out as soon as possible and will include the following information:
If TiA is required to inform the ICO of the breach, we will do so within 72 hours of becoming aware of essential facts of the breach. Such notification must include:
The data we collect about you is generally accessed only by TiA authorised employees for legitimate business purposes and for providing services as part of a contract. However, if we work with partners or contractors, they may have limited access to your personal data but only so they can do their job.
For example, if a delegate has completed a personality diagnostic, the profile produced from this data will not be shared with anyone else without their prior consent. During the programme the accredited facilitator leading the session will perhaps request to share some of the delegate’s information from their profile with the group, however this is their personal choice and done so at their own discretion.
The following outlines who has access to your personal data and under what circumstances:
TiA employee facilitators and other staff who are involved in arranging and delivering the services you request
An Associate/Approved Practitioner who is contracted by TiA to provide services to you on our behalf, and therefore bound under terms within their contract relating to confidentiality and privacy that is to the same standard as TiA employees
A Client Practitioner. That is the person who is employed by the client company and authorised to deliver TiA programmes. TiA provides clear guidance on privacy requirements that is to the same standard expected of TiA employees in their management of personal data. Should the Client Practitioner allow any member of staff employed by the customer to handle any personally identifiable information, then that employee is bound by their normal terms of confidentiality in their contract of employment.
It is TiA’s practice that personal data is only retained for an
appropriate period of time. We have internal guidelines as to how long we retain information detailed in our Data Retention policy. This specifies that we will need to keep certain information about employees, clients, suppliers and other individuals or organisations we interact with over the course of business to carry our certain business functions for up to 6 years to monitor and improve quality of our service, for our records and to meet certain legal and compliance requirements.
In summary, client personal data will be held for as long as the individual or their employer is in receipt of services from TiA, plus up to a maximum of 6 years.
Our website may contain links to other websites. However, once you have used these links to leave our site, you should note that we do not have any control over the other websites and are not responsible for the privacy practices of such other websites.
If you submit personal data and other information to a website to which we link, we are not responsible for its protection and privacy. Always exercise caution when submitting data to websites. Read the sites data protection and privacy policies fully.
If you have any questions regarding this Policy, please contact
Training in Action Ltd Lyndale House
6 The Avenue