Privacy Policy
Please read and acknowledge this privacy notice relating to the processing of your personal data by our organisation.
Our aim is to ensure that at all times your personal data is protected by our organisation and that when processing your personal data we are in compliance with the General Data Protection Regulations (GDPR).
Purpose of this Privacy Notice
This Privacy Notice is aimed at ensuring that you are aware of:
• The identity and contact details of the person(s) responsible for processing your personal data;
• The different categories of your personal data which we intend to process;
• The reasons why we intend to process your personal;
• To whom we share your personal data;
• How we process your personal data in compliance with the GDPR;
• Your rights under the GDPR;
• How you can make a complaint.
Services Provided by Us
LCATE is in the business of providing the following services:
• Webinars
• Onsite Educational services
• Online Educational services
• Consultation services
Roles & Responsibilities
The Controller Is responsible for ensuring that the terms of the privacy notice are adhered to by all the employees, sub-contractors etc of the organisation.
• The Controller is accountable under the GDPR
• Controller Means: Yasmine Lupin
Contact Details of the Controller
You can contact the following Controller if you require any assistance regarding the processing of your personal data:
• Controller (C)
Yasmine Lupin
Contact: info@lcate.co.uk
Your Personal Data that we will process
We will require the following information from you:
1. Your full name;
2. Your address;
3. Your email address;
4. Your phone number/mobile number;
5. First language;
6. Your current age;
7. The course you want to register on;
8. Your query.
Special Categories of Personal Data (Sensitive Data)
We will require the following information from you, this is personal data which is linked to your:
– Ethnic origin;
– Race
– Political opinions;
– Religion;
– Philosophical beliefs;
– Trade union membership;
– Genetic data;
– Biometric data;
– Health data;
– Concerning a natural person’s sex life;
– Sexual orientation
If we do take sensitive data such as ethnic origin or race including gender. This will be because of the fact that we also need to comply with legal compliance obligations such as equal opportunities policy.
How we collect your Personal Data
We collect personal data via the following means:
• directly from you; or
• we may from third parties
If we do obtain some personal data from third parties, we will inform you of the source.
Third parties to whom we share your Personal Data
In order for us to carry out our services on your behalf we may need to transfer your personal and sensitive data to the following third parties:
• Pollock Accounting Ltd
• Accredible
• Thinkific (Integrates with LCATE for online courses)
We aim to only transfer personal data to third parties that comply with the GDPR.
Reasons for Transfer to Third Parties
We will be transferring your personal data to third parties for the following reasons:
1. In order that we can fulfill our contractual obligations with you under our contract of services;
2. For legal/tax compliance reasons;
3. For legitimate interest reasons;
4. If you have provided us with explicit consent.
Reasons for Processing your Personal Data
Principle 1 – Lawful Purpose
Personal Data
We will be processing your personal data in order to ensure that
we can:
- fulfil our obligations with you under our contract of services with you which is to either provide you with an educational or consultation service; or
- legal obligation reasons;
- legitimate interest reasons; or
- you have provided your consent.
If you have provided your consent that you can withdraw your consent at any time.
Sensitive Data (Special Categories of Personal data)
If we do process any personal data which is ‘sensitive data’
We will provide you with a lawful reason for processing it.
If you provide us with affirmative consent which constitutes clicking on a button. Please be aware that this consent can be withdrawn at any time.
Principle 2 – Specific Purpose & Limited
At all times when we process your personal data including sensitive data will aim to process it for a specific and limited purpose in order that we fully comply with this principle.
Principle 3 – Adequate, Relevant & Limited
We only want to keep your personal data and sensitive data which isadequate, relevant & limited for the purposes used by our organisation.
Principle 4 – Accuracy of your Personal Data and keeping it up to date
We want to ensure that your personal data is kept up to date and therefore if any of your personal data changes please kindly update us by contacting our Controller.
We will take reasonable steps to ensure that your personal data is kept accurate and up-to-date.
Principle 5 – Retention Periods
We will keep your personal data for the duration of our contractual relationship with you and for a further period as specified in our ‘Retention Policy’.
Our aim is to ensure that we limit the retention periods and retain only personal data for legitimate purposes.
Our Services are to data subjects who are 18 or over
We will not be processing personal data of any person under the age of 18 years.
Principe 6 – Ensuring Security
We have received assurances from our processorsthat allthe personal data which is held on our automated systems and in our filing systems (hard-copies) is secure and protected againstany damage, accidental loss, unauthorized, unlawful processing and we have the appropriate technical and organisational measures in place.
We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the Internet.
We may disclose your information to trusted third parties for the purposes set out in this Privacy Policy. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish and EU law on data protection rules.
Transfer of Your Personal Data to Third Countries/International organisations
In certain circumstances we may need to transfer your personal data overseas to third countries or international organisations.
If this is the case, we will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
However, by you using the services of LCATE Ltd, you could be voluntarily transferring your personal data to a user abroad.
Our Services are to data subjects who are 18 or over
We will not be processing personal data of any person under the age of 18 years.
Your Rights
While we keep your personal data you have the following rights:
- Right to be informed
- Right to all of your personal data, know as a ‘Subject Access Request’ (SAR)
- Right to the restriction of personal data
- Right to rectification of your personal data
- Right to object to the processing of your personal data
- Right to erasure of your personal data
- Right not to be subjected to automated decision making processing (including profiling)
- Right to seek judicial review
- Right to make a complaint
Subject Access Request requirements
If you require your personal data, you can request this verbally, however as we need to first verify your ID you will need to carry out the following:
- Complete a SAR Form; and
- complete and return the SAR Form with the respective ID documents.
We will not be under any obligation to provide you with any personal data unless we receive your SAR Form and we have verified your ID.
Subject Access Requests – Time-scale
We aim to process the SAR within 1 month from the point we receive verification of your ID, however as your personal data may also be with an external archiving company it may take a further 2 months to be retrieved.
We aim to provide your SAR, free of charge, in an electronic format, unless you require your personal data in a hard-copy format.
Subject Access Request Notice – SAR Notice
When we provide you with your personal data we will also provide you with a SAR Notice which will comprise of the following information:
- The purposes of the processing;
- The categories of personal data (including sensitive data);
- The recipients to whom the personal data have been disclosed;
- The recipients to whom the personal data has been disclosed (third countries);
- Retention periods
- Right to request restriction, rectification or erasure, the right of objection concerning the subject or object of such processing;
- If the some of the personal data has been collected from a third party source, details of the third party source;
- Compliance with the key principles which are disclosed in this privacy document
- The existence of automated decision making processing including profiling (if applicable)
- Your right to make a complaint to the ICO
YOUR RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA
Right to object to certain types of processing of personal data such as:
- legitimate interests reasons
- public interest reasons
- marketing
- automateddecision making processing
- profiling
In certain circumstances if you do exercise your right to object this could give rise to the termination of our contract of services with you.
YOUR RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA
Right to object to certain types of processing of personal data such as:
- legitimate interests reasons
- public interest reasons
- marketing
- automateddecision making processing
- profiling
In certain circumstances if you do exercise your right to object this could give rise to the termination of our contract of services with you.
This right to object does not apply if the personal data is required:
- in order to fulfil contractual obligations with you
- It is sanctioned by law (tax evasion or fraud)
- The agreement does not have a legal or equally important impact
The processing is necessary for the performance of a task carried out for reasons of public interest
This right to object does not apply if the personal data is required:
- in order to fulfil contractual obligations with you
- It is sanctioned by law (tax evasion or fraud)
- The agreement does not have a legal or equally important impact
The processing is necessary for the performance of a task carried out for reasons of public interest
Marketing
Currently we do not send marketing material to any of our customers/clients.
Our aim is to invite data subjects to a free seminar. This seminar is voluntary and you can choose to attend the seminar by inserting your contact details or you can choose not to attend by not inserting the relevant information.
During the seminar we will invite you to purchase a product. We call this the ‘soft option opt-in’.
The purchase of this product is optional and you can decide to purchase the product or you may decide to decline.
By clicking on the relevant buttons you are choosing to purchase the product.
If we do send any marketing material via email then our emails will also notify you of:
- ‘an opt-in’ button; and
- ‘an opt-out’/’unsubscribe button’.
You have the right to withdraw your consent to receiving marketing material at any time. By clicking the ‘opt-out’ button you will be will withdrawing your consent to receiving marketing material.
Consent
If you do provide us with ‘consent’, this means that you are providing us with permission to process your personal data lawfully.
Please also note the following:
- You will need to provide consent: ‘freely’ and you will need to sign our ‘Consent Form’.
- You have the right to withdraw your ‘consent’ at any time and if you withdraw consent then you will have to complete a ‘ Withdrawal of Consent Form’.
Please contact our organisation for our ‘Consent & Withdrawal Policy’.
Complaints
You have the right to lodge a compliant directly with the ICO.
The ICO’s details are: 0303 123 1113.
We also take complaints seriously and we do our utmost to resolve complaints internally. Please also contact the Controller or Data Protection Officer including any member of staff regarding your complaint.
Controller
Yasmine Lupin: info@lcate.co.uk