Privacy Notice
Effective: November 2024
This Privacy Notice
High Speed Training Limited (“HST”, “We”, “Us”, “Our”) understands that your privacy is important to you and that you care about how your personal data is used. HST respects and values the privacy of everyone who visits our website, www.highspeedtraining.co.uk and accesses the training courses We provide via our ‘Learner Management System’. We will only collect and use your personal data as described in this Privacy Notice. Any personal data collected will only be used as permitted by law.
Please read this Privacy Notice carefully and ensure that you understand it. By placing an order for a training course you agree to Our Terms and Conditions of Supply as well as Our Website Terms of Use and this Privacy Notice.
For Individual customers and Learners as defined in Our Terms and Conditions of Supply We are a Data Controller.
For Corporate customers and Learners as defined in our Terms and Conditions of Supply We are a Data Processor and Corporate customers should refer to Clause 10 ‘Data Processing Agreement’, in the Terms and Conditions of Supply.
We do not process any special category data, nor do We knowingly collect data from children.
Contents
- Information About HST
- What This Privacy Notice Covers
- What Is Personal Data
- What Are Your Rights
- What Personal Data Do We Collect And How
- How HST Uses Your Personal Data
- Security And Your Personal Information
- What Personal Data Does HST Share
- Social Media
- How Long Will HST Keep Your Personal Data
- How You Can Access Your Personal Data
- How You Can Contact HST
- Changes And Updates To This Privacy Notice
1. Information About HST
High Speed Training Limited is a provider of on-line training courses. HST is a company registered in England and Wales under company number 6428976.
Registered address: Riverside Business Park, Dansk Way, Ilkley, West Yorkshire, LS29 8JZ which is also our main trading address.
VAT number: 923 6593 07.
Data Protection Officer: Stephen Murray.
Email address: compliance@highspeedtraining.co.uk
Telephone number: 0330 006 7000.
In relation to Data Protection Legislation, HST is regulated by the Information Commissioners Office (“ICO”).
Data Protection Registration reference number: Z1614901
2. What This Privacy Notice Covers
This Privacy Notice explains how and why We process (collect, use, retain, share and store) any of the Personal Data that you provide to Us for the purpose of making enquiries about, or to purchase, any of the Training Courses We make available to you via Our online ordering platform at www.highspeedtraining.co.uk (“Our Site”). It also covers where We collect Personal Data from you when you engage with Us by telephone or via selected social media channels.
Section 4 of this Privacy Notice, ‘What Are My Rights’ explains your rights in relation to your personal data including how to contact Us or the supervisory authority (the “ICO”) in the event you have a complaint.
Please note that Our Site may contain links to other websites. We have no control over how your data is collected, stored, or used by other websites and We advise you to check the privacy notices of any such websites before providing any data to them.
This Privacy Notice does not apply to Our Suppliers, Contractors or Our Employees.
If you have any concerns about this notice or any questions about HSTs processing of data please contact Us or Our Data Protection Officer using the details provided at Section 12 at the bottom of this notice.
3. What Is Personal Data
Personal data is defined by the UK GDPR and the Data Protection Act 2018 (and adopted by) the Privacy and Electronic Communications (EC Directive) Regulations 2003 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
4. What Are Your Rights
Under the Data Protection Legislation, you have the following rights, which We will always work to uphold:
The right to be informed about Our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact Us to find out more or to ask any questions using the details in Section 12.
The right to access the personal data We hold about you. Section 11 will tell you how to do this.
The right to have your personal data rectified if any of your personal data held by Us is inaccurate or incomplete. Please contact Us using the details in Section 12 to find out more.
The right to be forgotten, i.e. the right to ask Us to delete or otherwise dispose of any of your personal data that We hold. Please contact Us using the details in Section 12 to find out more.
The right to restrict (i.e. prevent) the processing of your personal data.
The right to object to Us using your personal data for a particular purpose or purposes.
The right to withdraw consent. This means that, if We are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
The right to data portability. This means that, if you have provided personal data to Us directly, We are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask Us for a copy of that personal data to re-use with another service or business in many cases.
Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
For more information about Our use of your personal data or exercising your rights as outlined above, please contact Us using the details provided in Section 12.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about Our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. However, We would always welcome the opportunity to resolve your concerns ourselves, so please contact Us first, using the details in Section 12.
5. What Personal Data Do We Collect and How
The personal information We collect is limited to what is required to provide you with information about Our courses and/or to fulfil an order for one or more of Our courses. We do not collect or process what the Data Protection Legislation refers to as Special Category Data, such as medical records or religious beliefs for example.
It is important that the personal data We hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with Us.
For our learners We need to collect your name, email address and, if you require Us to send a paper copy of your certificate, We will need a postal address. Optionally, you can provide your phone number. Learners will be asked to register with Us to create an account with a secure password in our Learner Management System. We also ask that you provide generic security information that is used to reset your password should you forget this.
For people who purchase a course from Us (including those who purchase or administer training for others) We need to process your name; email address; telephone number and data that allows Us to process your order such as courses and quantities required, billing/invoice address and payment details. In line with PCI DSS requirements, We do not process any of your financial information directly within Our systems, Card details are processed by Stripe Payments Europe Limited & Stripe Payments UK Ltd (‘Stripe’) which is regulated by the Financial Conduct Authority (‘FCA’).
Those individuals who are new customers purchasing courses for others on Our website and administering the training via Our Learner Management System (LMS), should be aware that their email address may be shared with learners as part of the login credentials generated for them by the LMS.
For those who sign up to Our marketing information or who enter a competition We will need to collect and process your name and email address. Competitions vary and entry requirements will be communicated separately. Should you win a competition We may need your postal address and proof of identity. You can unsubscribe for marketing communications at any time. From time to time, We may contact you by telephone to conduct market research or to seek feedback on any of our courses.
Those who interact with Us through Our website(s) We use limited cookies and similar technologies to help us to deliver an effective, personalised and tailored user experience.
For further information on cookies please see Our separate Cookie Policy at www.highspeedtraining.co.uk/cookie-policy/, which sets out in detail which cookies We use and why they are important not only for HST but also to ensure that all of Our learners, and other visitors get an optimised experience and that the content you see is of interest to you personally.
Those who interact with Us by telephone HST may collect limited personal data to deal with your enquiry. Calls are recorded for training and monitoring purposes. All call recordings are deleted as detailed at Section 10.
Those who interact with Us on social media HST do not take any data outside of social media platforms on which you make contact with Us unless you have asked Us to do so – for example when answering learner queries raised through Facebook or you have indicated through LinkedIn that you would like to receive communications from Us. We may use your social media username or profile to repost your posts for example, but this remains within the social media platform itself.
For more information about Our use of social media see Section 9, below.
6. How HST Uses Your Personal Data
Where We collect any personal data, it will be processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the Data Protection Legislation at all times. For more details on security see Section 7, below.
We will only use your personal data when there is a lawful and legitimate reason (Legal Basis) for doing so. Legal Bases are defined in the Data Protection Legislation and the bases We rely on are highlighted in bold below.
We use your personal data for the following reasons:
- Where We need to perform the Contract (including pre contract negotiations) for example when you buy or take one of Our training courses.
- Where We need to comply with a Legal or Regulatory Obligation for example where We retain data for HMRC tax reporting purposes.
- When you give Us your Consent for example when you subscribe to Our newsletters, updates or marketing. As a learning provider HST is always looking to learn from Our customers so where a customer has consented to be involved in market research or customer focus groups, We will engage with them so that Our range of courses is up to date including the views from the perspective of those who use them.
- We may use your personal data to send you information by email which will be in your Legitimate Interest, such as when your certification approaches expiry or if you have not completed a training course you have purchased from Us. These are referred to as service emails and are separate from any marketing emails which require your Consent.
- Legitimate Interest: In specific situations, We require your data to pursue Our legitimate interests in a way which might reasonably be expected as part of running Our business and which does not materially impact your rights, freedom or interests.
For example:
- We may use your personal data as part of statistical analysis pursuant to understanding where We can make improvements to Our business; or
- Where you choose to leave us a review, for example on Trust Pilot or similar review platform, We may contact you regarding any issues you raise in the interests of improving Our service.
- In very limited circumstances, We may combine the data of customers to identify trends and ensure We keep up with demand to develop new products and courses specific to them.
- We may also send direct marketing emails to Our customers and learners when you purchase or take a course with Us and do not choose to opt out - this is often called a 'soft opt in'. This marketing is always tailored to the recipient, and We do not undertake blanket marketing of any kind at any time. You always have the option to unsubscribe from direct marketing emails.
We may ask you for further voluntary information to provide you with the most appropriate customer service.
7. Security And Your Personal Information
We protect all personal data securely. We have implemented a range of technical and organisational measures appropriate to the sensitivity of the data you have provided to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. All third-parties will only process your personal data on Our instructions and are contractually required to protect any personal data processed with no less security than HST applies to it.
We secure access to all transactional areas of Our websites and apps using ‘https’ technology and all payment transactions are encrypted (using SSL technology) – payments are handled securely under contract by external providers.
Your account information associated with HST is password protected for your privacy and security. You choose your password for your HST account, so the strength of that password is determined by you subject to Our minimum requirements. We recommend that you choose a unique password and not share your password with anyone else or save logins on a shared or public device.
- Access to your personal data is password-protected, and protected through appropriate use of encryption and 2FA technologies.
- All systems are password protected and expect strong passwords.
- We continually maintain firewalls, malware and anti-virus software.
- We maintain and monitor systems which alert HST to any vulnerabilities and potential data breaches.
- Any documentation retained in paper form is kept in Our offices which are access controlled and secure at all times. Additionally, once any personal data is no longer required it is securely destroyed.
- Only relevant and trained members of staff will have access to the information you provide to Us via an approved and appropriately protected device.
- All members of staff receive appropriate data protection training at induction, and it is refreshed annually to ensure each is aware of their data responsibilities. Further, each is aware that any breach of Our data protection policy could result in a breach of their contract of employment and could result in disciplinary action and potentially dismissal.
- Our offices are protected by security, calls and CCTV are recorded in order to prevent any criminal offence or threat to data security.
- We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where We are legally required to do so.
- Offsite encrypted backups and disaster recovery plans are in place.
These measures and procedures are audited and reviewed regularly.
8. What Personal Data Does HST Share
We only share your personal data with any third-party where that third-party is a supplier of products or services to Us (referred to as Data Processors in the Data Protection Legislation) which enable Us to run Our business and provide the services to you. For example, We contract with Google for Google Workspace for day to day business applications such as email, applications and file storage.
A list of third-party Data Processors is available on request.
If any of your personal data is transferred to a third party, as described above, We will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, Our obligations, and the third party’s obligations under law.
If any personal data is transferred outside of the UK, We will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation.
If We sell, transfer, or merge parts of Our business or assets, your personal data may be transferred to a third party. Any new owner of Our business may continue to use your personal data in the same way(s) that We have used it, as specified in this Privacy Notice.
In some limited circumstances, We may be legally required to share certain personal data, which might include yours, if We are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
We will never sell your personal data to any third-party for any purpose.
9. Social Media
We use social media to promote Our business, and as a communication channel. We also retain Our social media posts for the purpose of maintaining a record of Our activity.
Any personal data you share on social media platforms will be shared with those social media providers.
Any personal data you share on social media platforms is made public, unless privacy settings have been used.
We may process your name, email address, photographs, videos, social media handles, opinions and any other data volunteered by you.
The processing of your personal data is based on your consent because you as the social media user consents to Us doing so, or because it relates to personal data which are manifestly made public by the social media user.
Our social media posts will be retained indefinitely as part of the historical record. Data published on social media platforms by you as the social media user will remain until it is deleted by you.
When contacting Us through a social media platform, (for example, Facebook, LinkedIn, X, or other social media applications) We recommend you also familiarise yourself with the privacy information of that platform.
Our Website includes social media features, such as the Facebook Like button, and widgets, such as the ‘Share This’ button. Additionally, We utilise social media services including TikTok Pixel, LinkedIn Insight Tag and Meta Pixel. These additional services are used for marketing and optimisation purposes linking those who visit Our website to their social media accounts. In particular, We use these to provide analytical information and to place relevant and interesting advertisements on social media channels. Your consent to these is controlled by the Cookie preference you select when visiting Our website. Additionally, you are able to opt out of these in the privacy settings of your social media provider.
For more information on Our use of Cookies and similar technologies please see Our Our separate Cookie Policy at www.highspeedtraining.co.uk/cookie-policy/.
10. How Long Will HST Keep Your Personal Data
Generally, We do not retain your personal data for longer than is required to provide the service you have requested from Us, including for the purpose of validating course completion and certification or where We are required to do so by law.
Certificates issued to a learner remain the property of HST. HST permits all customers and learners to use or copy the Certificate for the purpose of attesting the learner's successful completion of a Course. Learners will continue to have access to their account within Our Learner Management System until anonymised. Currently we retain personal data provided by you for a period of 20 years.
Telephone calls are recorded for training and monitoring purposes. These calls are deleted automatically after 12 months.
11. How You Can Access Your Personal Data
If you want to know what personal data We have about you, you can ask Us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “data subject access request”.
All data subject access requests should be made in writing and sent to the email or postal addresses shown in Section 12.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover Our administrative costs in responding.
We will respond to your subject access request as soon as possible and, in any case, not more than one month of receiving it. Normally, We aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date We receive your request. You will be kept fully informed of Our progress.
12. How To Contact Us
To contact Us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
High Speed Training Limited | Our Data Protection Officer |
Contact: Peter Towell Role: Legal and Compliance Manager Email: compliance@highspeedtraining.co.uk Address: Riverside Business Park, Dansk Way, llkley, West Yorkshire, LS29 8JZ Telephone: 0333 006 7000 | Name: Stephen Murray Role: Data Protection Officer Email: stephen@thegrcdirector.co.uk |
13. Changes And Updates To This Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or We change Our business in a way that affects personal data protection.
Any changes will be immediately posted on Our Site, and you will be deemed to have accepted the terms of the Privacy Notice on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.