Ram Training Limited may collect, keep and use personal data or information about individuals for specific and lawful purposes. Individuals could include customers, current and former employees, contractors, suppliers and other third parties.
This policy sets out how we the company comply with our data protection obligations and seek to protect personal information relating to you. It outlines how we gather, use and (ultimately) delete personal information and sensitive personal information in accordance with the data protection principles.
1.2 We are committed to complying with our data protection obligations. We understand that your personal data is important to you, and we have a responsibility to you to ensure that the information we collect and use is done so proportionately, correctly and safely.
1.3 We also have an obligation to be concise, clear and transparent about how we obtain and use personal information relating to you and what we do with the information when it is no longer required. Being transparent with you and providing accessible information about how we use your information builds trust and demonstrates our commitment to the General Data Protection Regulations, hereafter referred to as ‘GDPR’. (Regulation (EU) 2016/679).
- Our Details
2.1 Ram Trading Limited’s address is 151 Worcester Road, Droitwich Spa, Worcestershire, WR90NR and Data Protection lead is Roy Fitter.
- Purpose of processing
3.1 We collect, hold and use personal data received by you to complete orders and send confirmation emails regarding our products. The amount and type of information we hold about you depends on the services we are providing for you. We will not ask you for any information which is not necessary for the particular service we are providing to you.
4.1 “Personal data” means any information relating to a person who can be identified, directly or indirectly, from that information. This could include your name, your identification number, location data, online identifier (such as IP address) or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that person.
4.2 Some of the services we provide may require us to process your ‘special categories of personal data’. These special categories of personal data are of a sensitive nature, and might include health data or financial data. The definition ‘special categories’ of personal data has been extended to now include biometrics data (such as facial images) and genetic data (such as the analysis of a biological sample).
4.3 “Processing” means obtaining, recording, organising, storing, amending, retrieving, disclosing and/or destroying information, or using or doing anything with it.
4.4 “Data Subject” means the data subject to whom the personal data relates.
4.5 “GDPR” means the General Data Protection Regulation.
4.6 “ICO” means the Information Commissioners Office, the governing body for Data Protection in the UK.
- Conditions of Processing
5.1 When we process your personal data we will do so in accordance with the data protection principles. These principles are designed to protect you, and ensure that we:
a). Process your information lawfully, fairly and in a transparent manner;
b). Use your information for a specified, explicit and legitimate purpose and not further processed in a manner that is incompatible with that purpose;
c). Only obtain adequate, relevant and limited information to allow us to carry-out the purpose for which it was obtained;
d). Ensure the information we hold about you is accurate and, where necessary, kept up to date;
e). Keep any information for no longer than necessary for the purposes for which it was collected; and
f). Process your information in a manner that ensures appropriate security of your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Lawfulness of processing
6.1 Paragraph 5.1a) above stipulates that the processing of personal data shall be undertaken ‘lawfully’. To show the processing is being undertaken lawfully relies on your consent for the processing of personal data.Company
- a) You have given consent to the processing of your personal data for one or more specific purposes; (for example a university retaining personal data for alumni purposes):
- b) Processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a (For example if you purchase goods from an online shop to be delivered then the shop will need to process your personal details to allow them to perform the contract and deliver the goods to you);
- c) Processing is necessary for compliance with a legal obligation which Ram Training Limited is subject to. (For example processing staff personal data to comply with our legal obligation to disclose employee salary details to HMRC);
- d) Processing is necessary to protect your vital interests or the vital interests of another natural person. (For example if an data subject is admitted to A & E following a road accident, then the disclosure to the hospital of data subjects medical history may be necessary in order to protect his/her vital interests);
- e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company (this would include most of a Local Authorities functions); and
- f) Processing is necessary for the purposes of the legitimate interests. (For example a university using personal data for fundraising purposes).
- Processing ‘special categories’ of personal data
7.1 Ram Training limited do not process special category personal data.
7.2 Processing of these types of personal data is prohibited unless one of the conditions below applies (in addition to a condition from paragraph 6):
a). The data subject has given explicit consent to the processing;
b). It is necessary for the purposes of carrying out the obligations and exercising specific rights of the Company or of the data subject in the field of employment and social security and social protection law. (For example employee equal opportunities data);
c). Processing is necessary to protect the vital interests of the data subject or of another natural person, where the data subject is physically or legally incapable of giving consent. (For example a life or death situation);
d). Processing is carried out by a not-for-profit entity with a political, philosophical, and religious or trade union aim in the course of its legitimate activities;
e). Processing relates to personal data which is manifestly made public by the data subject. (The personal data is already in the public domain);
f). Processing is necessary for the establishment, exercise or defence of legal claims;
g). Processing is permitted where it is necessary for reasons of substantial public interest. (For example a natural disaster);
h). Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment. (Medical treatment);
i). Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health (Such as foot and mouth disease); and
j). Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
7.3 Sensitive personal information will not be processed until:
7.3.1 the assessment of the processing has taken place referred to in paragraph 6.2 has taken place; and
7.3.2 the data subject has been properly informed (by way of a privacy notice or otherwise) of the nature of the processing, the purposes for which it is being carried out and the legal basis for it.
8.1 Consent for processing personal data
The Company may also provide services which will require your consent to process your personal data, and where it does, then your consent must be ‘ specific, informed, active and affirmative, meaning it must be clear and freely given by you after we explain what further processing we would like to do with your personal data. You can therefore make an informed decision about whether you consent to the processing or not. You are in control and you can withdraw your consent at any stage by contacting the data protection lead – Roy Fitter at the above address. (Please note however that any processing that has taken place up to the time that you withdraw consent will be considered lawful).
8.2 Consent for processing special categories of personal data
In respect of ‘special categories’ of personal data we will require your ‘explicit consent’ to further process this type of personal data under Sub Section 7a). above. This means your consent must be very clear and specific, and again you can withdraw your consent at any stage by contacting the data protection lead – Roy Fitter at the above address.
Where Ram Training Limited seeks to disclose sensitive personal data such as medical details to third parties, we will do so only with your prior explicit consent.
There may be occasions where we may have to disclosure your personal data if it is required or permitted by law, for example in relation to crime prevention/detection. In these cases we do not require your specific consent or explicit consent for the disclosure of your personal data.
8.3 Recording/managing consent
Once your consent is obtained we will keep a record of when you consented, the information you were provided with prior to consent and how you consented.
Consent is part of your ongoing relationship with our company, and will therefore be managed appropriately and reviewed at least every two years. As previously stated, you have the right to withdraw their consent at any stage.
- Data protection impact assessments (DPIAs)
9.1 Where processing is likely to result in a ‘high risk’ to a data subject’s rights (eg where Ram Training limited is planning to use a new form of technology), we will, before commencing the processing, carry out a DPIA to assess:
9.1.1 whether the processing is necessary and proportionate in relation to its purpose;
9.1.2 the risks to data subjects; and
9.1.3 what measures can be put in place to address those risks and protect personal information.
10.1 Personal information (and sensitive personal information) should not be retained for any longer than necessary. The length of time over which data should be retained will depend upon the circumstances, including the reasons why the personal information was obtained. The Company will keep the personal information for a period of 5 years.
11.1 Ram Training Limited will use appropriate technical and organisational measures to keep personal information secure, and in particular to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage. These may include:
11.1.1 making sure that, where possible, personal information is pseudonymised or encrypted;
11.1.2 ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
11.1.3 ensuring that, in the event of a physical or technical incident, availability and access to personal information can be restored in a timely manner; and
11.1.4 a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
- International transfers of your personal data
12.1 Ram Training Limited does not transfer personal data outside of the European Economic Area (EEA). The EEA includes all European Union countries and the following three non-European Union countries Iceland, Liechtenstein and Norway.
- Staff administration
13.1 Ram Training Limited will process personal information relating to its current and former staff and data subjects, (who have applied for permanent or temporary jobs at Ram Training Limited), for the purposes of managing their contract of employment, the work of Ram Training Limited, pay and/or pensions, discipline and other personnel matters.
- Information Sharing
14.1 To ensure that we can provide you with the best possible service we may have to share your personal data between our internal teams or external partners. Our external partners include Stripe, The Eventa Group, Groupia, Buy a Gift, Last Night of Freedom, Freedom Limited, Maximise, Acorne PLC, Chillsauce and GoBallistic.
14.2 We may also share your information with third parties, other than those who either process information on our behalf or because of a legal requirement/entitlement, and it will only do so if necessary or where permitted under the GDPR.
- Statistical Data/Research
15.1 We may also process your personal data (including special categories of personal data) for the purpose of research or compiling statistical data about our products.
15.2 Statistical data/Research
Statistical data or statistical analysis will not allow the identification of any specific data subject nor will it have any impact on any data subject’s entitlement to our services and/or facilities.
We may use your personal information to administer our site and internal operations including data analysis, statistical and survey purposes (see also cookies). If we require your specific or explicit consent to do this then we shall seek your consent in advance and only after outlining to you the purpose of the proposed processing. You will have the option to withdraw your consent at any stage.
- Your rights
16.1 You have certain rights in relation to the personal information we hold about you. These rights are as follows:
- Right of access – you have the right to request a copy of the information that we hold about you. (This right is similar to a subject access request).
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to erasure (right to be forgotten) – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restrict processing – where certain conditions apply to have a right to restrict the processing.
- Right of data portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing, the performance of a legal task and scientific or historical research.
- Right to object to automated processing, including profiling.
- The right to withdraw consent – If the legal basis for our processing of your personal information is consent then you have the right to withdraw that consent at any time.
16.2 Some of the rights are complex, and there are circumstances where your rights will not apply, for example the right to erasure will not apply if your personal data is required for legal proceedings. It is recommended that you read the relevant guidance notes on Ram Training Limited website, or on the ICO’s website for further information – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/data subject-rights/
- How to exercise your rights
17.1 You may exercise any of your rights in relation to your personal data by writing to us at the address above. To avoid delay in dealing with your request please ensure that you confirm in your request which right you wish to exercise along with the reasons why.
17.2 The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
17.3 We will respond to your request within 30 days, by either providing you with the information requested, requesting further information from you, or requesting further time to complete your request, if for example the request is substantial or we need to obtain information from various departments within Ram Training Limited.
17.4 Ram Training Limited can also refuse your request. In the event that Ram Training Limited refuses your request we will provide you with reasons why, as well as provide you with details of how you can challenge or appeal our decision. You will also be informed of your right to legally challenge our decision with the ICO.
18.1 Cookies are small text files that are placed on your computer, smartphone, tablet or smart TV’s when you access a website. They are widely used in order to make websites work, or work more efficiently, by allowing the website to recognise your device and store information about past actions or preferences. An example could be internet banking, where your device may recognise and populate certain previously entered login details previously entered.
18.3 There are two kinds of cookies
- session cookies which are short-term and auto-delete after a few minutes or when you close your browser; and
- persistent cookies – set by the website and stored for a longer period of time, usually used to store commonly entered information on forms (such as your name, address, and telephone number). They also store information about your browsing habits across multiple sites, usually used to allow advertisers and social network site operators to target advertising at you.
18.4 Ram Training Limited uses Google Analytics to analyse the use of our website and help us create a more useful and easy to use site. The data collected is completely anonymous and does not store any personal details. The information is used to analyse how visitors make use of our website and allows us to gather statistical information such as website activity, visitor numbers, popular pages and customer journey through the website.
18.6 You can find out more about cookies by visiting www.aboutcookies.org
19. Links to other websites
20.1 We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. When such changes occur, we will revise the “last updated” date at the top of this notice.
20.2 Ram Training Limited encourages you to periodically visit Ram Training Limited’s web site to review this notice and to be informed of how Ram Training Limited is protecting your information.
20.3 If you require general information about the Data Protection Act 2018 or GDPR then information is available on the Information Commissioner’s website.
21.1 If you wish to make a complaint about how Ram Training Limited are processing your personal data, then in the first instance please contact the data protection lead – Roy Fitter at the above address.
21.2 If you are still dissatisfied with how Ram Training Limited have handled your complaint then you have the right to complain to the Information Commissioners Office (ICO). The ICO can be contacted as follows:
The Information Commissioner
Telephone: 08456 30 60 60
- Point of contact for this policy