We ensure that the way we work and the services we provide to you, including this website, are designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- Privacy and Electronic Communications (EC Directive) Regulations 2003
- EU General Data Protection Regulation 2016 (GDPR)(EU 2016/679)
Who we are
Intrinsic Training Solutions is a leading Training Provider dedicated to providing training to individuals and employers throughout Great Britain. We provide advice and information and offer practical solutions to help manage training requirements. We work with government, professional bodies, industry bodies and corporates to achieve our vision for everyone receive the best possible relevant training and support. Please visit our About Us page to learn more about what we do.
Intrinsic Training Solutions is the operational name of the Intrinsic Training Solutions, a limited company registered in England and Wales , registered office is 22, Southwold, Little Weighton, East Yorkshire, HU20 3UQ.
Intrinsic Training Solutions is registered as a data controller with the Information Commissioner’s Office (ICO) under the Data Protection Act 1998 .
What personal information we collect and when we collect it
Personal information is information that can be used to identify a person as an individual. In the context of this policy “personal information” can be an individual’s personal data. Intrinsic Training Solutions may process personal data such as a first name, surname, date of birth, email address, postal address, home telephone number, mobile telephone number, gender, ethnicity, marital status, photographs or videos, social media name, bank account details, credit/debit details, IP address.
We may collect personal information when a person:
- uses our website;
- downloads a Factsheet from our website;
- asks us to send them something about our services;
- registers for one of our events;
- attends an event
- registers as a school for our schools’ information projects;
- signs up to receive our publications;
- fills out a survey or questionnaire;
- uses one of our social media channels such as Facebook, LinkedIn and asks us a question, requests something from us, or sends us a direct message;
- supplies personal details to be in the public domain or via a publicly accessible source, such as the website of the company they work for or on LinkedIn;
- or otherwise provides us with their personal information through other means.
Why we collect and how we use personal information
We may collect personal information for a number of reasons, such as:
- to comply with legislation and regulations;
- take steps to enter into a contract with them;
- to provide them with the services, products and/or information which they have signed up to or requested;
- to respond to a question or enquiry;
- to invite participation in surveys to help improve our services
- for internal record keeping, such as the management of feedback or complaints;
- to maintain a list of people who have explicitly told us that they do not want us to contact them;
- to analyse and improve the services we offer;
- or to set a person up on our systems as, for example, a bursary recipient or a volunteer.
Once collected, we may anonymise your data for activities relating to our legitimate interests, such as being able to collate statistical data to inform our services, survey data or research.
We aim to ensure that all information we hold about a person is accurate and kept up-to-date. If any of the information we hold about a person is inaccurate and either they advise us or we become otherwise aware, we will ensure it is amended and updated as soon as possible.
We may contact a person for direct marketing purposes by post, email, home telephone, mobile telephone or text, if they have given us permission to do so. We will only contact a person for the purpose requested via the channel they request. For example, if a person only wishes to receive our newsletter, we will only send emails about this. It is each person’s choice about the type of communication and information they receive from us.
We will not use personal information for direct marketing purposes if a person has asked us not to do so. However, we will retain details on a suppression list to help ensure we do not contact them. A person may ask for any personal information about them that we hold to be deleted and destroyed at any time but, please note, in that case we will have no record of any marketing preferences. There may also be times when we cannot delete data because of other laws or regulations. We will inform a person, if possible, if data cannot be deleted.
Our legal basis for processing and storing personal data
Our legal basis for processing and storing personal data differs depending on when and why a person has provided us with their personal information. For example:
- Consent for us to process and store personal information is separate from giving us consent for electronic direct marketing purposes, which is when a person has requested that we send by email or other electronic method, from time to time, marketing or other materials promoting our organisation. We always ask for separate consent for electronic direct marketing purposes to make it explicitly clear as to what a person is consenting to and how we will be using the personal information.
- If we have processed and stored personal data and a person has provided us with consent to contact them by opting in to receive direct marketing by email from us then, from time to time, we may ask them to verify the personal information we hold about them and provide us with their consent to continue to receive direct marketing from us. We do this to ensure the personal information we hold on them and their preferences for any contact from us is as accurate and up-to-date as possible.
Data Protection and Security
We take steps to ensure all information is safe and secure, and that all staff are aware of and comply with their responsibilities in relation to data protection legislation. A copy of our detailed Data Protection Policy applicable to our staff and contractors can be requested
- We have a formal data protection policy and procedures in place.
- All staff undergo training in data protection requirements, with an annual review.
- Access to personal data is based on role responsibility and a ‘need to know’ basis, which is seen as good practice by the Information Commissioner’s Office (ICO). We do this to reduce the risk of inappropriate access to personal data by staff or volunteers.
- Access to our office is secure .
- We have confidential waste processes in place in the form of a shredder.
- We have formal retention schedules in place to ensure that we only keep personal information for an appropriate length of time.
- We have a clear desk policy – nothing containing personal information is to be left out on a desk outside office hours.
- All paper files or discs containing personal information are held securely.
Although we cannot fully guarantee the security of any information transmitted to us, we enforce procedures and security features to protect all information and prevent unauthorised access.
Storing information and how long we store it
We only hold personal information for appropriate lengths of time and will contact a person for consent to continue holding or destroy the data.
We take into consideration our legal obligations, the guidance of relevant UK authorities such as the ICO.
The length of time we store personal information is as follows:
|Newsletters subscriber||3 years|
|Website visitor||3 years|
When we no longer need to retain personal information, we will ensure it is securely deleted and destroyed at the appropriate time, unless a person provides consent for us to retain it for a further period.
Our websites and cookies
Our websites use Google Analytics to track what a visitor sees on our website and which pages they visit. We use this data to determine the number of people using our site, to better understand how they find and use our web pages, and to see their journey through the websites.
Although Google Analytics records data such as geographical location, the device being used to access our website, internet browser, and operating system, it does not personally identify any person. Google Analytics also records a computer’s IP address, and although this could be used to personally identify a person, Google does not grant access to this.
Information sharing, disclosure, and third-party data controllers and data processors
We will not share a person’s information with any third party apart from trusted partners we work with to help deliver our services.
We require all our trusted partners to comply with data protection regulations and our standards and we allow them only to process information in strict compliance with our instructions.
We may disclose personal information to third parties if we are required to do so through a legal obligation, to enable us to enforce or apply our terms and conditions or rights under an agreement or to professional advisers, to protect us, for example, in the case of suspected fraud or defamation.
The above are constantly under review.
We will always seek consent to share data with any third parties for any other purposes.
Your rights as an individual
Under data protection legislation, a person has the right to:
- obtain confirmation from us about whether we are processing their personal information, how, and why;
- request that we update or amend the information we hold about them, if it is wrong;
- object to the processing of their information for direct marketing purposes or profiling;
- object to their personal information being subject to automated processing;
- request a copy of the information we hold about them;
- change their communication preferences at any time;
- ask us to remove their personal information from our records without delay;
- a right to portability of photographs and images which they provided to us, returned in a ‘machine readable’ format and, where requested, transferred directly to another data controller (free of charge);
- raise a concern or complaint with us about the way in which their information is being used. Our Feedback and Complaints Policy and procedure is available at (ADD LINK);
- if dissatisfied with the outcome of any complaint we have investigated, then raise a concern or complaint about the way in which their information is being used with a data protection authority. In the UK, the data protection authority is the Information Commissioner’s Office (ICO) who can be contacted at https://ico.org.uk/.
If at any time a person contacts us regarding any of their rights above, we will respond to their enquiry as soon as possible.