ISIC Privacy Notice – May 2018
1. Your privacy
ISI Consultancy Limited (“ISIC”) is committed to protecting your privacy. We aim to ensure that any information you give us or which we receive or gather in the course of consultancy and consultancy related activities is held securely and safely.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
2. Lawful bases we rely on for the collection of your data
We only process your personal data where: (i) we have your consent to do so; (ii) the processing is necessary for the performance of a contract with you; (iii) the processing is necessary for compliance with a legal obligation to which ISIC is subject; (iv) for the legitimate interest of ISIC or of any party to whom the data is being disclosed.
3. Collection and use of your personal data
ISIC is likely to hold information about you if any of the following apply:
- you have provided information about yourself when writing to us or telephoning us, and we have a legitimate interest in processing this personal data;
- you have attended or have applied to attend a course with ISIC and we therefore have a contract with you, your consent, or a legitimate interest in processing your personal data;
- you are, have been or have applied to be a consultant/ trainer for ISIC and we therefore have a contract with you, your consent, or a legitimate interest in processing your personal data;
- you work or have worked for or with ISIC in any other capacity and have a contract with ISIC or have given your explicit consent; or
- you have contacted or used the services of ISIC, or provided services to ISIC, and ISIC therefore either has a contract with you, a legitimate interest in the processing of your personal data or the processing of your personal data is necessary for the performance of a task carried out in the public interest.
Your personal data may be processed by (or on behalf of) ISIC for any of the following purposes:
- planning, scheduling and delivery of training sessions and/or consultancies;
- training and recruitment of consultants, ISIC employees and ISI employees;
- training of school and college staff and other external individuals;
- communication of information and guidance to consultants, schools, and colleges;
- for any other purpose which you have consented to at the time of provision of your personal data.
Your personal data will be retained in accordance with ISIC’s retention policy; this is available from ISIC: please contact firstname.lastname@example.org if you would like to receive a copy.
4. Special category data
Some of the personal data we process is sensitive; in such circumstances we consider additional conditions and ensure that these requirements are met.
5. Children’s personal data
Some of the personal data we process relates to individuals under the age of 18. Our systems and processes are designed to cater for the particular protections required when collecting and processing children’s personal data.
6. How we treat your personal data
The processing of personal data is governed by the GDPR and the associated UK data protection legislation, and other relevant legislation. We follow this legislation when handling your personal data and will:
- only ask for personal data we need, and not collect too much or irrelevant information;
- protect your information, ensuring appropriate security;
- take every reasonable step to ensure that your personal data is accurate and, where necessary, kept up to date;
- ensure you are aware of your rights in relation to the personal data we hold about you;
- make sure we do not keep it longer than necessary.
ISIC does not sell, rent or pass on any information about you to other organisations, other than:
- if necessary, we may share your information with our consultants, trainers, contractors, service providers or partners during the course of their work with us. Such third parties will be required to protect your privacy just as we would ourselves;
- we may need to pass on information when required by or if asked for details by a law enforcement agency.
7. Transfer of data outside the EEA
ISIC may transfer personal data outside the European Economic Area (EEA) for legitimate business purposes. Where we do so, we will ensure that transferred data is fully protected and safeguarded as required by the General Data Protection Regulation.
8. Respecting your individual rights
ISIC acknowledges and respects your rights in relation to the personal data we hold about you, specifically:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object;
- rights in relation to automated decision making and profiling;
- the right to withdraw any consent you have previously provided to ISIC; and
- the right to lodge a complaint with a supervisory authority.
ISIC acknowledges and respects that these rights apply equally to children from whom we collect personal data.
ISIC acknowledges that in some circumstances the information provided to ISIC (generally in relation to safeguarding concerns) includes personal data, which may be special category, about individuals who are not aware of ISIC’s processing. It is unlikely to be appropriate for ISIC to inform such individuals of the processing as doing so could disrupt the management of the concern and safeguarding of children. Such processing is considered by ISIC to be in the substantial public interest. However, ISIC operates a personal data minimization approach. ISIC requests that if personal data is provided to us in relation to individuals who are not aware of the processing, the information is kept to what is necessary, and that any irrelevant personal data is redacted.
9. Exercising your individual rights
If you would like to exercise any of the rights listed above including a subject access request, or if you no longer wish to receive information from ISIC, please write to us or email us using the contact details provided below.
Data Protection Compliance Manager
9-12 Long Lane
For complaints or issues around your personal data which we are unable to resolve to your satisfaction, please refer to the ICO website: https://ico.org.uk/for-the-public/personal-information
ISIC has strict requirements in relation to: entry controls to the office; secure cupboards; limited access to files; methods of document disposal and deletion; use of computer equipment; and network security.
11. Freedom of Information Act
As a private company, ISIC is not subject to the Freedom of Information Act. You may find the information you seek on our website and sometimes we are able to supply additional information on a voluntary (non-statutory) basis. Requests may be made in writing to the address provided above.
ISIC is registered as a data controller on the Information Commissioner’s Office’s data protection register. ISI’s registration number is Z3331430 and the registered address is: CAP House, 9-12 Long Lane, London, EC1A 9HA.
Questions, comments and requests concerning this privacy statement are welcome – please contact us using the contact details provided above.
14. Updates to this Privacy Notice
This Privacy Notice was last updated in May 2018. ISIC reserves the right to vary this Privacy Notice from time to time. When we make significant changes we will notify our contacts via email (unless specifically agreed otherwise) and we will publish a notification on our website.