How we manage the personal data of customers

 

The identity and contact details of the controller

The Data Controller is Bespoke Training & Development, Blissford Lodge, Blissford Hill, Frogham, Fordingbridge, Hampshire, United Kingdom, SP6 2HU

To contact the Data Controller, please email info@bespoketraining.org.uk or call 01425 654944

We are not required to have a designated data protection officer under the GDPR.

 

Purpose of the processing and the lawful basis for the processing

We are collecting your personal information to carry provide you with products and services

Our basis for processing is:

  • Processing this information is necessary for us to fulfil our contract with you; and
  • Processing this information is necessary for us to comply with a legal obligation;

 

In addition, we collect some special category data e.g. ethnicity data collected for monitoring purposes of ILM qualifications only. In this case, we seek additional explicit consent

If you do not accept this basis, then you may object to us or to the ICO as described below

 

Categories of personal data

The categories of personal data we hold are:

Personal demographic data eg name email addresses of individuals registered with us as participants on courses or as registered users of our applications

Special category data e.g. ethnicity data collected for monitoring purposes of ILM qualifications only)

 

Any recipient or categories of recipients of the personal data

We do not routinely share this information with anyone else. If we did we would do so because we had a legal duty to do so, or because you have provided explicit consent as an alternative legal basis for processing

 

Details of transfers to third country and safeguards

The servers which host our internal systems and applications are located in the UK.

Our information processors who process personal information on our behalf do so within the UK.

However, Bespoke use Dropbox as a cloud-based storage system. Some personal data may be stored on Dropbox.  As Dropbox stores data outside the EU, additional safeguards are required. The safeguards deployed include:

  • Dropbox is certified as compliant to ISO 27001 (Information Security) and ISO 27018 — the internationally recognised standard for leading practices in cloud privacy and data protection.
  • Dropbox has dedicated privacy experts designing and maintaining their privacy program and policies to help safeguard your data in line with the requirements of the GDPR.
  • Dropbox includes strong contractual commitments in its agreements with its business customers.
  • Its business customer agreements incorporate the EU model contract clauses and they are certified under the EU-U.S. Privacy Shield Framework. This means there are additional legal protections and external monitoring regarding the collection, use, and retention of personal data transferred from the European Union to the United States.

 

Retention period or criteria used to determine the retention period

We will retain your personal data for the duration of your contract with us, and for a period of 12 months after your contract has ended, or as long as is necessary to meet our legal duties, whichever is the greater. For example, the ILM require us to retain personal information about candidates for four years from registration on an ILM qualification.

 

The existence of each of the data subject’s rights

You have the following rights about the use of your personal information:

  • Where the basis for processing is your consent, you may withdraw that consent at any time by contacting us.
  • If your personal information is incorrect, you may request that errors or incomplete entries be rectified
  • In certain circumstances, you may have the right to be forgotten and your data erased. Please contact if you wish to exercise this right.
  • Whilst any request is being investigated, you have the right to restrict processing, so that your information will simply be stored.
  • You can request the return of transfer of any personal data you have given to us in a portable electronic format

We do not use automated decision making and profiling of your personal information without human intervention.

To exercise any of these rights, please contact us in writing at Bespoke Training & Development, Blissford Lodge, Blissford Hill, Frogham, Fordingbridge, Hampshire, United Kingdom, SP6 2HU

 

The source the personal data originates from and whether it came from publicly accessible sources

Your personal information is collected ether directly from you, or from your employer if they have a contract with us to provide product and services

 

Whether the provision of personal data part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data

Your personal information is processed as part of our contract to provide product and services

 

The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.

We do not use automated decision making or profiling of any kind.

 

The right to lodge a complaint with a supervisory authority

You have the right to complain to the Information Commissioners Office by

Helpline. Call them on 0303 123 1113, Monday to Friday between 9am and 5pm.

Live chat. Have an online conversation with someone at the ICO at https://ico.org.uk/global/contact-us/live-chat/.

Email. Use the form at https://ico.org.uk/global/contact-us/email/

You also the right to seek legal redress in the event of suffering harm which you do not feel has been sufficiently addressed by us or by the ICO.

 

How we manage the personal data used in direct marketing

 

The identity and contact details of the controller

The Data Controller is Bespoke Training & Development, Blissford Lodge, Blissford Hill, Frogham, Fordingbridge, Hampshire, United Kingdom, SP6 2HU

To contact the Data Controller, please email info@bespoketraining.org.uk or call 01425 654944

We are not required to have a designated data protection officer under the GDPR.

 

Purpose of the processing and the lawful basis for the processing

We are using your personal information to carry out our direct marketing activities for those individuals or organisations that are not already customers.

Our basis for processing is your consent to the processing of this personal data for the specific purposes of direct marketing, or the use of information not identified with an individual.

Alternatively, we may use legitimate interests as a legal basis for processing based on your role and interests evidenced through information provided to public forums such as LinkedIn.

In either case, if you no longer wish to receive communications, you may contact us at info@bespoketraining.org.uk and we will desist.

If you are still unhappy, you may object to us or to the ICO as described below

 

Categories of personal data

The categories of personal data we hold are:

Name & contact details

Any recipient or categories of recipients of the personal data

We share this information with KBS Marketing, as they carry out much of our telemarketing activity on our behalf.

 

Details of transfers to third country and safeguards

The servers which host our internal systems and applications are located in the UK.

Our information processors who process personal information on our behalf do so within the UK.

However, Bespoke use Dropbox as a cloud-based storage system. Some personal data may be stored on Dropbox.  As Dropbox stores data outside the EU, additional safeguards are required. The safeguards deployed include:

  • Dropbox is certified as compliant to ISO 27001 (Information Security) and ISO 27018 — the internationally recognised standard for leading practices in cloud privacy and data protection.
  • Dropbox has dedicated privacy experts designing and maintaining their privacy program and policies to help safeguard your data in line with the requirements of the GDPR.
  • Dropbox includes strong contractual commitments in its agreements with its business customers.
  • Its business customer agreements incorporate the EU model contract clauses and they are certified under the EU-U.S. Privacy Shield Framework. This means there are additional legal protections and external monitoring regarding the collection, use, and retention of personal data transferred from the European Union to the United States.

 

Retention period or criteria used to determine the retention period

We will retain your personal data whilst we have your consent to do so.

 

The existence of each of the data subject’s rights

You have the following rights about the use of your personal information:

  • As the basis for processing is your consent, you may withdraw that consent at any time by contacting us.
  • If your personal information is incorrect, you may request that errors or incomplete entries be rectified
  • In certain circumstances, you may have the right to be forgotten and your data erased. Please contact if you wish to exercise this right.
  • Whilst any request is being investigated, you have the right to restrict processing, so that your information will simply be stored.
  • You can request the return of transfer of any personal data you have given to us in a portable electronic format

We do not use automated decision making and profiling of your personal information without human intervention.

To exercise any of these rights, please contact us in writing at Bespoke Training & Development, Blissford Lodge, Blissford Hill, Frogham, Fordingbridge, Hampshire, United Kingdom, SP6 2HU

 

The source the personal data originates from and whether it came from publicly accessible sources

Your personal information is collected directly from you.

 

Whether the provision of personal data part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data

Your personal information is not part of any statutory requirements

 

The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.

We do not use automated decision making or profiling of any kind.

 

The right to lodge a complaint with a supervisory authority

You have the right to complain to the Information Commissioners Office by Helpline. Call them on 0303 123 1113, Monday to Friday between 9am and 5pm.

Live chat. Have an online conversation with someone at the ICO at https://ico.org.uk/global/contact-us/live-chat/.

Email. Use the form at https://ico.org.uk/global/contact-us/email/

You also the right to seek legal redress in the event of suffering harm which you do not feel has been sufficiently addressed by us or by the ICO.