Storm Skills Training CIC Privacy Notice
This website is owned and operated by Storm Skills Training CIC.
This privacy notice explains how Storm Skills Training CIC uses the personal information that we collect from you through our website, electronically, verbally, in person, or in writing. It applies to our customers, potential customers, contractors and third parties.
Storm Skills Training CIC is a ‘Data Controller’ as defined under the UK General Data Protection Regulation.
For Storm Skills Training CIC to provide its services, we need to gather and use personal data about individuals.
These individuals can include key contacts, signatories, consultants, facilitators, participants, suppliers, partner agencies, business contacts, employees, job applicants, and other people the organisation has a relationship with or may need to contact.
Where we need personal information to perform one of our services and you do not give us permission to process or collect your data when requested, we may not be able to carry out your instructions or perform the contract with you. We will notify you if this is the case.
Our contact details
Our registered business address is:
Adamson House | Towers Business Park | Wilmslow Road | Didsbury | M20 2YY
You can contact us using the details below:
+44 (0)7487 494 353
If you have anything related to Data Protection that you would like to discuss with us, please email firstname.lastname@example.org.
Changes to this Privacy Notice
The last update to this Privacy Notice was made on 21st July 2023.
We regularly review this Privacy Notice to make sure it is up-to-date and accurate. We encourage you to check this page from time to time to keep up to date with any changes.
How we process your personal data
Storm Skills Training CIC is responsible for making sure that our systems, processes, employees and consultants, comply with the relevant data protection laws in respect of personal data.
We are committed to being open and transparent with you about how we use and process your personal data.
We process personal data for the purpose of providing training services to you, and for marketing purposes.
We will also process your data if we feel it is required to protect your vital interests, or the vital interests of another person. An example of this would be in a serious life or death situation where immediate disclosure of personal data is required, and you are unable to give that information yourself. (Article 6.1.d UK GDPR)
We obtain your data in different ways, and Data Protection law defines the basis by which we can lawfully collect and process personal data for that purpose.
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You have sent an enquiry or information request about our services and activities (we will keep a record of our correspondence with you so that we can provide you with the information or service that you have requested from us)
- Because you have asked us to do something before entering into a contract, such as provide you with a quote
- You would like to attend, have registered for, or have attended, one of our training sessions or events
- To deliver a contractual service on behalf of our customers
- You subscribed to our e-newsletter
- You have applied for a job with us
- To keep records of legal and business transactions e.g. processing payments
- To personalise communications with you about services and activities that you have enquired about
- To inform you about future training and events
- You have provided information to us when you completed a survey we sent you
We also receive personal information indirectly, in the following scenarios:
- Your organisation has registered you for a training session
- Your organisation has asked for your support to help organise a training session, event, or support another business activity.
If you are a prospective customer, we collect and process personal data such as your name and contact details. We will continue to process your data when you agree to use our services. We do this under the basis of a legitimate interest (Article 6.1.f of the UK GDPR). Our legitimate interest is to continue delivering self-harm and suicide Prevention training and events, and to grow our network so that we can reach and support more people through our activities.
We send newsletters and email communications to people who have attended a training session or have signed up to our newsletter. This is classed as a marketing activity. To send emails directly to individuals, we need to ensure we have your consent so that we comply with the Privacy and Electronic Communications Regulations 2003. There is an exception to that if we have already recorded your data as part of a provision of services to you, or we have discussed this with you before sending the communication.
If you have provided us consent for processing your data for marketing purposes, you can withdraw that consent at any time by contacting us using the above details.
Recipients of your data
As a general principle, we will not transfer your personal data to other recipients without your permission, but there are some exceptions to this:
- In the event that we are obliged to disclose personal information in response to a court order or other lawful obligation. Our lawful basis for this is Article 6.1.c – Legal Obligation.
- Our external accountants will have some limited access to your personal data through the preparation of our accounts. Our lawful basis for this is Article 6.1.f – Legitimate Interest – we have a legitimate interest in having our accounts correctly managed and filed.
Data processed by third parties on our behalf
We use the services of other organisations in the processing your data:
- External accountants
- Cloud-based email and document storage
- Cloud-based accounting software
- Video conference platforms
- Project management platforms
- Communication platforms
- Website platform (when you complete a contact form on our website, we process some limited personal data that you submit)
- Cloud-based customer relationship database platform to store contact and training information
- We may share your personal information with printing and mailing companies, as well as email service providers and other delivery companies.
- We embed links to social media sites and video platforms on our website. If you use these links, you will receive targeted advertising when you visit one of these platforms.
The organisations that process personal data on our behalf are subject to a data processing contract as required by Article 28 of the UK GPDR. This makes sure that your data is handled securely in accordance with the UK GPDR.
Your personal data is only held for as long as is required for the purpose we collected it, or for our legitimate purposes.
We will retain your data for periods we are obliged to do so for legal requirements.
It is not always possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the nature of your relationships with us, any best practice guidelines as to retention periods for personal data, and any legal obligations we may have to retain or delete your personal data.
Financial data and client data will be held for typically seven years following end of any commercial agreement.
Retaining and deleting personal data
Our legal obligations in relation to the retention and deletion of personal data are as follows:
Personal data that we process for any purpose shall not be kept for longer than is necessary
It is not always possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the nature of your relationships with us, any best practice guidelines as to retention periods for personal data, any legal obligations we may have to retain or delete your personal data.
Financial data and client data will be held for typically seven years following the end of any commercial agreement.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold on you. The ones that are relevant are listed below:
- Right to be informed: This means that we must tell you how we use your data, and this is the purpose of this privacy notice
- Right of access: You have the right to know what personal information we hold about you and to ask us for copies of your personal information. There are some exemptions, which means you may not always receive all the information we process.
- Right for any inaccuracies to be corrected: If you believe any data that we hold about you is incomplete or inaccurate, you have the right to ask us to correct it.
- Right to restrict the processing of the data: If you think the personal data we hold about you is inaccurate, we will restrict the processing of your data (whilst still holding onto it) until you have verified the accuracy.
- Right to erasure: You have the right to ask us to erase your personal information in certain circumstances
In addition to these rights, you have the right to escalate any concern, or a complaint, to the Supervisory Authority, which in the UK is the Information Commissioners Office (ICO) https://ico.org.uk. A full and detailed explanation of all rights can be found on the ICO website.
Making a complaint
The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.