1 ABOUT US
At Trigraph, we treat the privacy and protection of personal data with the utmost seriousness. Our privacy statement sets out the data protection practices currently in place within the company.
We fully endorse and adhere to the principles of the EU Data Protection legislation. Specifically, we will:
- Obtain and process information fairly.
- Keep information only for one or more specified, explicit and lawful purpose.
- Use and disclose information only in ways compatible with these purposes.
- Keep information safe and secure.
- Keep information accurate, complete and up to date.
- Ensure that information is adequate, relevant and not excessive.
- Retain information for no longer than is necessary for the specified purpose or purposes.
- Give a copy of personal data to the individual from whom it was taken on written request
2 WHY WE COLLECT YOUR PERSONAL INFORMATION
The main reasons why we collect you personal information include, but are not limited to:
- Confirming your training / booking
- E-mailing you in advance to make preparations
- Requesting your evaluation of a training course via a satisfaction survey
- Sending you correspondence relating to your training
- Billing your Training Course Bookings / Payments or Deposits
- Respond to your customer-service enquiries or requests
- Proof of ID requirements for exam body
- Communicate special offers and news of Trigraph to you, if you choose to receive such notices
- To understand your needs and preferences, maintaining a record so we can better serve our customers
- To meet legal and regulatory requirements
3 What information is collected
When you contact us (telephone, e-mail, online enquiry etc) you may provide us with certain information about yourself (personally identifiable information) so we are able to provide you with a particular service. Such information may include but is not limited to details such as your name, your business name, your email address, your telephone number, your business address, your mobile number and other information that will assist us in facilitating your training requirements. We record the email address and date/time of when your information was added. Trigraph can store further information that includes home address, social media account names, dietary requirements, answers to survey questions but such information is only collected with the permission given by the customer.
When you make an online payment on your account, we use the services of Stripe Inc. We do not store credit card or bank information in our platform. When you make a manual payment, you may supply your bank details to us for the purpose of sending an electronic payment.
We do not collect sensitive personal information, such as race, religion, or political affiliations.
4 How the information is used & What information we share
We do not share your information with any third-party, except for the explicit purpose of performing the service for which you the customer have contacted Trigraph ie provision of training and/or consulting services.
Your data does not leave the EU.
For the purpose of delivering training we may share your name, email address and any other relevant information necessary for delivering that specific training service with our trainers, our venue hosts (if hosted by a 3rd party eg a Hotel) and where applicable any relevant Skillnet.
For the purpose of providing exams and exam results (where applicable) we may share your email address with our exam providers or for certification purposes.
For the purpose of training surveys we may share your email address with our survey provider.
For the purpose of e-mail / marketing we may share your email address with our communications provider where we have your consent to so do. The information provided to us may be used for our various marketing activities, such as contacting you directly either through our Sales teams or sending you regular newsletters, emails, or other marketing collateral and relevant promotions. By completing, opting in or submitting an online / email or phone enquiry, you give your explicit consent to us to use and process the Personal Data you provided for these purposes.
We never share Personal Data with Third Parties for the purposes of allowing them to market products and services to you notwithstanding the provisions stipulated in this document.
We may need to disclose personal information if required by subpoenas, court orders, or other legal processes, or law enforcement agencies or other third party agencies, companies and organisations in connection with any legal investigation to help prevent unlawful activity, to protect our property, safety, or to establish or exercise our legal rights, and those of our visitors, clients, or others (including for the purposes of fraud protection) or to such entities in order to comply with any legal obligations.
5 EU GDPR Right to be forgotten
Included in GDPR is a sub-clause (GDPR Article 17) on the Right to Be Forgotten (RTBF), which allows individuals to request that any records held on them by a company are permanently deleted under a number of circumstances. These circumstances include when the data is no longer relevant to the purposes of collection, when consent is withdrawn and there is no other legal ground for processing, or when the data has been unlawfully processed, among other things. To exercise your right to be forgotten, contact email@example.com with your account details.
6 EU GDPR Lawful Bases for processing
We have lawful bases to collect, use and share data about you. You have choices about our use of your data. At any time, you can withdraw consent you have provided by going to settings.
We will only collect and process personal data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (e.g. to deliver the Training Services you have requested)) and “legitimate interests”.
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. Learn More.
As a training provider, we believe we have legitimate interest in contacting you from time to time about your account in terms of payment status, availability or changes to our contact details.
7 EU GDPR Right to restrict processing
Under EU GDPR you can restrict how your personal information is used. For example, you could opt-in to Trigraph’s newsletter but ask that your Gender or other personal information is not used. To restrict processing, indicate this on our signup / booking form or let the us know via firstname.lastname@example.org.
8 Security of your data and storage
Trigraph uses only storage providers where we have validated that they are secure, EU based and where necessary ISO27001 compliant.
For out IT & Cloud based storage providers we have records on file showing their compliance.
Trigraph operates a clean desk policy and all employees receive appropriate training in relation to physical data storage (paper, files etc) best practice.
Physical hardware (including files, safes and laptops etc) is secured using the appropriate access controls including encryption, password protection, automatic screen-locks, alarms etc. Disposal of data is strictly controlled including for both paper based data (cross-cut shredders are onsite) and electronic data (IT Service Management Agreement in place).
Employees are not permitted to use their own personal devices for accessing ro storing customer data.
All Trigraph staff ensure that callers to the office or other unauthorised persons are unable to view personal or sensitive information whether held on paper documents or information displayed on PC monitors.
9 How long do we keep your data?
We retain your data as long as you are a customer for the purpose of carrying out business with you.
When you are no longer a customer, we remove all records within 6 months outside of any record required for accounting audit purpose and the details of any communications consent given. Contact details for customers are retained on file indefinitely in order to comply with requirements of statutory bodies, examination authorities and to provide customer service eg where customers require details of previous training undertaken or of exam results.
Once you opt-out or exercise the right to be forgotten, your data is removed outside of any communications consent.
In all cases we endeavour not to hold your sensitive personal data (Personal ID information, Date of Birth etc) longer than is absolutely necessary.
Some data, however, must be retained in order to protect the company’s interests, preserve evidence, and generally conform to good business practices. eg Litigation and / or Accident investigation involving staff or customers, Pay, taxation and related personnel service records should be retained indefinitely, Specific Regulatory requirements, Intellectual property preservation, Tax and Accounting records – at least 6 years.
10 Your Rights
At Trigraph, we take your rights seriously. We will respond to any enquiries from you in relation to your Personal Data, how we process and protect that data with the appropriate level of seriousness and diligence.
To help you, we have summarized below three of the rights the European regulation (EU) 2016/679 – GDPR, provides you in relation to your Personal Data:
- The Right of access by the data subject: Ask us what Personal Data we hold and for what purpose.
- The Right of Rectification and erasure: Tell us what is incorrect, and we will update your Personal Data. You want us to delete your Personal Data, no problem, let us know.
- The Right to restriction of processing: Just tell us what we are doing that makes you uncomfortable.
To exercise your rights or to make any comments or enquiries, contact email@example.com with your account details.
11 COOKIE USAGE AND STORAGE
Cookies are short text files stored on a user’s device (such as a computer, tablet or phone) by a website. Cookies are used for the technical functioning of a website or for gathering statistics. Cookies are also typically used to provide a more personalised experience for a user for example, when an online service remembers your user profile without you having to login.
When you visit our website, we may collect some data on your browsing experience such as your IP address, the Trigraph page you visited, when you visited and the website page you were redirected from. This information is used to gather aggregated and anonymous statistics with a view to improving our services and to enhance your user experience.