OUR TRAINING DEPARTMENT LTD: 06038472 (“OTD”, “We”, “Us” or “Our”) are committed to protecting and respecting our user’s privacy. When you use our services, you are entrusting us with your information. OTD Ltd understands that this is a big responsibility, and we work hard to protect the information shared with us.
It covers all learners, employees, prospects, customers, suppliers, associate business coaches, affiliates and volunteers.
It describes what rights you have with regards to your personal data and how you can exercise those rights, how you can object to certain uses of your personal data and how you can update information about you, as well as the steps we take to protect your privacy in line with the General Data Protection Regulation and Data Protection Act 2018.
It includes personal data that is collected through our websites, by telephone, through Live Chat and through any related social media applications.
OTD Ltd is the data controller for all the companies and websites named above. This means that OTD Ltd determines what data is collected, how this data is going to be used and how this data is protected.
Where we provide our services under contract with an organisation for example your employer, that organisation may be the “controller” of the personal data processed, we maybe a joint data controller with other organisations, or we maybe processing data about you on behalf of another organisations, but when this is the case, we will make you aware of this when the information is collected.
If you have questions about how we process personal data, or would like to exercise your data subject rights, please email us at GDPR@otd.uk.com.
If for any reason after reading this policy you are hesitant about our data handling processes or procedures, please seek further advise before you access our services.
Our Senior Leadership Team (SLT) take overall responsibility for the provision of all policies. The joint directors, Andy Crotty and Chris Cummins, take overall responsibility for this policy, its application and sharing of appropriate information.
Any issues relating to data protection and access rights will be referred to:
Our Data Protection Officer: Lian Bemrose (lian@OTD.uk.com)
All Customers, Employees, Learners and Associate Business Coaches, should ensure that any information that they provide to OTD Ltd is accurate and up to date. Any changes to information, should be sent to GDPR@otd.uk.com. For example, a change of address, bank details, or of any errors to personal data.
Our SLT will review policies and update as required, on annual basis, or earlier
You have the following rights in relation to the personal data we hold on you:
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time.
Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you wish to exercise any of the rights explained above, please contact Our Data Protection Officer named above in Roles and Responsibilities.
OTD Ltd has adopted the following principles to govern its collection and processing of personal data:
The Data Subject has the right to request from OTD Ltd, access to and rectification or erasure of their personal data, to object to or request restriction of processing concerning the data, or to the right to data portability.
Personal Data shall only be processed based on the legal basis explained above, except where such interests are overridden by the fundamental rights and freedoms of the Data Subject which will always take precedent. If the Data Subject has provided specific additional consent to the processing, then such consent may be withdrawn at any time.
We will only administer personal data in accordance with the lawful bases for processing. At least one of the following will apply when we process personal data:
Consent: you have given clear consent for the processing of your personal data for a specific purpose.
Contract: the processing is necessary for compliance with a contract we have with you, or because we have asked you to take specific steps before entering into a contract
Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
Vital interests: the processing is necessary to protect someone’s life.
Public task: the processing is necessary for us to perform a task in the public interest, or for our official functions, and the task or function has a clear basis in law.
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of third party unless there is a good reason to protect your individual’s personal data which overrides those legitimate interests.
We consider that the basis for which we will process the data we will hold about you; is necessary for the performance of the contract we have with you and to enable us to comply with our legal obligations. Occasionally, we may process personal data about you to pursue legitimate interests of our own or those of third parties, provided there is no good reason to protect your interests and your fundamental rights do not override those interests.
“Special categories” of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing, and using this type of personal data.
Special categories of data are data relating to you:
Although the above are indicated as special categories by GDPR, OTD Ltd will only collect such information necessary for the performance of your contract and legitimist interest. Occasionally, special categories of data may be processed where you are not capable of giving your consent, where you have already made the information public or in the course of legitimate business activities or legal obligations and in line with the appropriate safeguards.
Examples of the circumstances in which we will process special categories of your particularly sensitive personal data are listed below (this list is non-exhaustive):
Most commonly, we will process special categories of data when the following applies:
Where appropriate, we may seek your written authorisation to process special categories of data. Upon such an occasion we will endeavour to provide full and clear reasons at that time in order for you to make an informed decision. In any situation where consent is sought, please be advised that you are under no contractual obligation to comply with a request. Should you decline to consent you will not suffer a detriment.
Information regarding criminal convictions may be processed in accordance with our legal obligations. Occasionally we may process such information to protect yours, or someone else’s interests and you are not able to give your consent, or we may process such information in cases where you have already made the information public. Such information may be sought as part of the recruitment process or in the course of your employment with us. We do not anticipate that we will process information about criminal convictions.
We do not anticipate that any of our decisions will occur without human involvement. Should we use any form of automated decision making we will advise you of any change in writing.
Most of the information we process comes from you. We process it so we can reply to you, and when you contact us again, we know what you asked before, what you were sent, and what you told us.
Typically, we are collecting name, contact details, how we came across you, and background information from you or published by you on social media or freely accessible on the internet, on why you might be interested in our services or a relevant contact for our business.
If we email you or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.
If you make an enquiry via our website, we will keep details of that enquiry and response for our data retention period.
We do not routinely keep special category data. To the extent we hold this, it was supplied or made publicly available by you.
Once you buy something from us, we will collect information from you at the point of sale. This will include the information we collect from Prospects (above). We collect your email address, phone number and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.
We process your data to support the delivery of the services you have bought. We keep records of the services provided to you, and information you give us, so we can support you when needed and advise you of any additional services you may need.
We collect information on potential and actual Associate Business Coaches and suppliers. This is mostly provided by you, but we do add to it the same kind of data we use for Prospects (see above).
If you become an Associate Business Coach or supplier, we keep a copy of the contract between us and your bank details so we can pay you. We also keep a record of invoices/payments for accounting purposes.
We keep a record of the work you undertook for us/our customers along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution.
This information is all needed to manage our customer relationships and our supply chain.
We collect information about potential and actual Learners, in the first instance this information may be passed to us by your employer. Depending on the type of learning programme you embark on with OTD Ltd, you may add to this over time. This could be in the form of application forms or learning portals or other necessary documentation to sustain the learning.
The data we hold on you is added to during the course of your learning journey, such data will be added by your Associate Business Coach and / or Assessor.
Unless otherwise agreed at the beginning of your learning journey, your information will not be shared with another third party, or your employer unless the reasons for doing so are to enable us to continue your development, and to fulfil our contract with your employer.
We will keep a record of the learning you undertook with us, with any comments, reviews or suggestions to support your learning journey. This information will be held securely on a learner management system.
We collect information on potential and actual Employees through the application and recruitment process. This is mostly provided by you or via an employment agency or third party who undertakes background checks. Further information will be collected from you during the enrolment period, and when you complete forms at the start of your employment.
This will include your bank and next of kin details. Other details may be collected directly from you in the form of official documentation such as, your driving licence, passport or other right to work evidence. This data is added to during the course of your engagement with us, to enable its continued existence or development.
All employee data will be held in accordance with this policy and the Privacy Notice for Employees.
We do not receive or store your credit card details. Credit card payments are handled by an external secure processor in accordance with their data security policies. We receive limited information from our processor for us to tie up your payment with your invoice.
When you pay us by BACS or direct transfer, we know only what the bank tells us, which is usually the name of the person (Company) who paid us and how much and the reference number.
We do not keep credit scores nor use credit reference agencies.
Your data will be shared within OTD Ltd where it is necessary for Individual workers to undertake their duties. This includes, for example, Managers / Assessors / Tutors / Associate Business Coaches for their management of you, for maintaining personnel records and with finance personnel for administering payment under your contract.
It may be necessary for us to share your personal data with a third party or third-party service provider (including, but not limited to, contractors, agents or other associated / group companies) within, or outside of, the European Union (EU). Data sharing may arise due
to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest (including a legitimate interest of a third party) to do so.
The list below identifies which activities are carried out by third parties on our behalf (this list is non-exhaustive):
Data may be shared with third parties in the following circumstances:
Your personal data is held in the strictest confidence. If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data of yours that they process. We do not permit any third parties to process personal data for their own reasons. Where they process your data, it is for a specific purpose according to our instructions.
We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.
We use a number of third parties to process data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in the GDPR. Not all of these third parties are based in European Union (EU). This means that some of your data may be held in the EU, and some may be held in services in the USA or elsewhere.
We have picked mainstream suppliers which are all compliant with the General Data Protection Regulation and Data Protection Act 2018, or hold a EU-U.S Privacy Shield:
As part of our commitment to protecting the security of any data we process, we follow this policy and data protection procedures that we have strictly, and these are reviewed regularly.
In addition, we have put further security measures in place to avoid data from being accessed, damaged, interfered with, lost, damaged, stolen or compromised. In cases of a breach, or suspected breach, of data security you will be informed, as will any appropriate regulator, in accordance with our legal obligations.
Any data that is shared with third parties is restricted to those who have a business need, in accordance with our guidance and with the duty of confidentiality.
All workers whether employed or contracted are reminded that if they take personal data home, they are responsible for its security at all times and must have secure storage in which to keep any files containing personal data.
All Associate Business Coaches / sub-contractors must provide copies of their privacy policies and procedures as part of the on-boarding stage. They must able to sufficiently demonstrate their compliance with the General Data Protection Regulation and Data Protection Act 2018 before being granted access to personal data.
All mobile devices must be password protected and have up to date protection software installed. Any loss or unauthorised access must be reported to the DPO immediately.
We anticipate that we will retain your data for no longer than is necessary for the purpose for which it was collected.
We have considered the following to decide the appropriate retention period:
At the end of the retention period, upon conclusion of any contract we may have with you, or until we are no longer legally required to retain it, it will be reviewed and deleted, unless there is some special reason for keeping it. Occasionally, we may continue to use data without further notice to you. This will only be the case where any such data is anonymised, and you cannot be identified as being associated with that data.
If you neglect to provide certain information when requested, it may affect our ability to enter or continue with a contract with you, and it may prevent us from complying with our legal obligations.
We commit to only process your personal data for the purposes for which it was collected, except where we reasonably consider that the reason for processing changes to another reason and that reason is consistent with the original basis for processing. Should we need to process personal data for another reason, we will inform you of this and advise you of the lawful basis upon which we will process.
Important note: We may process your personal data without your knowledge or consent, in compliance with the above rules (see above section - Lawful basis for processing your personal data).
Alternatively, you can contact us at our offices using the following postal address or telephone numbers:
Second Floor Suite,
37 – 39 Ludgate Hill,
Telephone: +44 (0)21 647 4355
Our telephone lines are open 9:00 – 17:00 GTM, Monday to Friday. One of our team will take a message and ensure you are directed to the appropriate person as soon as possible.
OTD Ltd has a robust complaints and appeals procedure in place. Should you have any questions regarding this policy, or how we process your personal data, please feel free to contact us using the details provided above.
All workers either employed or contracted at OTD Ltd are made aware of policies and procedures and are aware of how to report any concerns over data process and access. The Company Directors and SLT reserve the right to enforce disciplinary procedures if issues and concerns have not been reported in line with company policy and procedures. All workers employed or contracted must attend any mandatory GDPR and Data Protection training as requested by OTD Ltd.
As a member of the OTD team, if you are unsure of the data processing and access management process, you must refer to the Data Protection Champion or the Company Directors for support and guidance.
All information shared with the Data Protection Champion, the Company Directors or SLT will be treated with appropriate levels of confidence and confidentiality. We are duty bound to report problems or concerns to external agencies, such as the police, local authority organisations or other external agencies as we feel would be most appropriate to the situation and in the best interest of the individual concerned and to protect the reputation and integrity of OTD Ltd and any associated businesses.
OTD Ltd will take all necessary steps to remedy any issues arising out of a failure to comply with the General Data Protection Regulations and will treat all such complaints in a confidential manner. The following steps will be taken to manage a data breach:
However, should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union.
For the UK, this is the ICO (Information Commissioner’s Office), which is also our lead supervisory authority.
Its contact information can be found at https://ico.org.uk/global/contact-us/.