Submenu: Data Protection > Our digital security > How we use your data > Other
Data Protection Policy
We, Quadrilect Ltd are required to comply with the provisions of the General Data Protection Regulation GDPR in relation to how we handle any personal data we obtain from you. Any personal information we gather will only be used in the context of your employment with us OR the business we conduct with you. We may also collect Sensitive Personal Data about you, but only with your explicit consent in advance.
We will process the information we obtain from you to enable us to fulfil our contractual obligations and we will only disclose your details to selected third parties where required to deliver the service purchased or a legal requirement, such as Qualification Awarding Organisations, Regulators or Industry bodies.
If you have specified you would like to receive marketing information, we may from time to time email or post to you or your company details of products or courses we believe may be of interest to you. If you no longer require such information or you have provided us with any information that you no longer wish us to use, please contact us on info@quadrilect.co.uk or call us on tel 07483 348224/760.
Right to be Forgotten
You have the right to have us correct any inadequacies in the personal details we hold about you, and to object to any direct marketing we carry out using your personal details. You also have the right to ask for a copy of the information we hold in our records. Please contact us at the details below if you require a copy of the personal data we hold about you.
You can at any point make a request to access your information and advise us if you wish for information to be removed. We will respond to this request within 30 days.
You have the right to request removal of this information where it doesn’t breach statutory requirements.
Information on data protection can be found at www.ico.org.uk
You can contact us on
info@quadrilect.co.uk
tel: 07483 348 224/760
Our digital security
Firewall
The Boundary Firewall of our internal network is “industrial strength” which is closed to all externally instigated traffic from other than white listed IP addresses and uses one time codes, sent via SMS, to control administrator access. Daily firewall reporting is monitored for traffic that has been denied access so as to identify and respond to attempts to break security before a breach is achieved. In addition, we:
a. Action lock-out following failure to enter password, designed to prohibit automatic password hunting.
b. Use industry leading malware protection with real time scanning of emails and file downloads and daily full scanning of system and data files. All with automatic deletion or quarantining of identified threats
Email and web host
Network Solutions are signed up to Privacy Shield, an EU-U.S. framework designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data. Data transfers between your browser and our website are encrypted in accordance with a valid SSL Certificate issued to Quadrilect Ltd.
Access to the website administration is secured to privileged users by two level authorization.
Cloud Data Storage
We use industry leading Cloud service providers to store some of our data. The data concerned is encrypted before transmission to the Cloud, is stored on the Cloud in the encrypted form and remains encrypted for transmission back to our in-house network.
By default, access to files held on the Cloud is limited to the file author. Access may be shared with other specified staff on a need to know basis. All access is protected by two-factor user authentication.
In-house Network
Our in-house network is managed on internal servers protected by firewall and two-level authorization.
Cyber Security Certificate
We hold a Cyber Essentials and IASME Certificate and insurance.
How we use your data
Training Courses
Data provided to register on a training course is processed to enable us to register you and send out information regarding your attendance at the course.
Name
Job Title
Company
Address
Telephone
Email
Dietary/special access requirement if required
Where is the data kept?
This data is kept on our event management database which is hosted on an internal server at a secured location and is not connected to external networks or the internet. Any booking data may also be held on our password / firewall protected network or the two-factor user authentication servers of our Cloud service provider.
On line registrations
These are held on an SQL database integrated in to the web registration process of our website. This site is hosted by Network Solutions Suggest. Network Solutions are signed up to Privacy Shield, an EU-U.S. framework designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data. Data transfers between your browser and our website are encrypted in accordance with a valid SSL Certificate issued to Quadrilect Ltd.
Access to the website administration is secured to privileged users by two level authorization.
Credit/Debit card Information
Payment is made via Stripe, a secure online payment processing platform. Quadrilect do not hold credit/debit card details.
Online Accounts
These accounts are set up & managed directly by the registrant. The data is held in a secure SQL database integrated into the website. We do not request or hold credit/debit card information on web accounts.
How long do we hold your data?
We hold your CPD records on our event management system [off line] and in network folders [firewall and password protected] as a lifelong learning reference. However, if you wish for the data to be removed we are happy to do so on request. We hold financial records for up to 7 years.
Who do we share this data with?
A delegate list showing name and company is provided for each course and shared with the course administrator and course trainer/s.
Marketing data on our event management system for public courses
All learners are given a profile as follows:
Delegate – a previous course attendee & Area of interest – eg facilities/health & safety
We are happy to remove this data at any point if you do not wish to be contacted by us. Alternatively, you can choose to have just email communications or just direct mail. Please just contact us and advise on tel: 07483 348 224/760
Who do we share your data with?
MS Teams or Zoom Video Conference Platforms for Virtual Training Zone Courses only – you will log in using meeting id we provide via a browser but you do not give any other data other than your name so we can give you access. If you choose to set up an account and download the software directly to your pc then you should check you are comfortable with their privacy and data policy directly.
https://zoom.us/privacy/
https://privacy.microsoft.com/en-gb/privacystatement
Mailing House for Direct Mail Campaigns [return address envelopes for removal requests]. Data protected and destroyed after processed. Hanson Direct Privacy Policy http://www.hansondirect.co.uk/styled-3/
Dotdigital for e-news campaigns with an unsubscribe option Dotdigital Privacy Policy https://dotdigital.com/terms/privacy-policy/
Mailchimp for e-news campaigns with an unsubscribe option Mailchimp Privacy Policy https://mailchimp.com/legal/privacy/
Client - secure document shared with privileged users.
Survey Monkey - Evaluation Survey Survey Monkey Privacy Policy https://www.surveymonkey.com/mp/legal/privacy-policy/
Connaught – plain text email communications with event information and post course documentation Connaught Privacy Policy requested. https://www.quadrilect.com/event-management_35_3882896022.pdf
For some of our events we request your permission to publish your details in the event delegate booklets.
Email communications
All email communications are managed via our host Network Solutions. Network Solutions are signed up to Privacy Shield, an EU-U.S. framework designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data. Data transfers between your browser and our website are encrypted in accordance with a valid SSL Certificate issued to Quadrilect Ltd.
Qualifications
Data provided to register on a Qualification is processed to enable us to register you with the relevant Awarding Organisation and send out information regarding your qualification programme, process assessment and results.
Where is the data kept?
As above for training course attendance as outlined in your signed study plans
Learner folders are held on our network which is run on in-house servers with commercial firewall & password protection. These folders contain your application, study plan, assessment submissions and feedback
How long do we hold this data?
CPD records are held for lifelong learning as above
Financial data is held for up to 7 years
Online accounts
Our on line learning platform for qualifications is Moodle. We set up the learner account and provide user name and password. The accounts are deleted on successful completion of the qualification or registration expires.
Plagiarism Software
All assessments are processed through a plagiarism software tool, Plagscan [secure access for privileged users]. This will generate a report on the assessment to ensure the work is properly referenced and has not been copied from another source without the correct acknowledgements. Once an assessment has been processed and the report generated the information is deleted.
Conferences, Dinners and Events
What data do we hold?
For the purpose of processing your registration we collect the following data.
Name
Job Title / Profession
Company
Address
Telephone
Email
Where do we hold it?
This data is kept on our event management database which is hosted on an internal server at a secured office location and is not connected to external networks or the internet. Any booking data may also be held on our password / firewall protected network or the two-factor user authentication servers of our Cloud service provider.
How long do we hold it?
We hold your CPD records on this system as a lifelong learning reference. However if you wish for the data to be removed we are happy to do so on request. We hold financial records for up to 7 years.
Who do we share it with?
Zoom Video Conference Platform for online events – For large online events you will be asked to register directly with zoom but they will not sell or re-use your data. Please see their privacy policy below https://zoom.us/privacy/
MS Teams – for purpose of issuing invitations and hosting virtual training
Who is responsible for personal data in Microsoft Teams?
To the extent Microsoft Teams processes personal data in connection with Microsoft's legitimate business operations, Microsoft will be an independent data controller for such use and will be responsible for complying with all applicable laws and controller obligations. Microsoft Teams Privacy - Microsoft Teams |
Microsoft Docs
docs.microsoft.com/en-us/MicrosoftTeams/teams-privacy
HopIN – for purpose of issuing invitations and hosting virtual training
Hopin’s purpose in establishing this privacy policy is to give you information about how Hopin collects and processes your personal data through your use of the Hopin Services, including any data you may provide through the Hopin platform. Hopin Privacy Policy
hopin.com/legal/privacy
Mailing House for Direct Mail Campaigns [return address envelopes for removal requests]. Data protected and destroyed after processed. Hanson Direct Privacy Policy http://www.hansondirect.co.uk/styled-3/
Dotdigital for e-news campaigns with an unsubscribe option Dotdigital Privacy Policy https://dotdigital.com/terms/privacy-policy/
Mailchimp for e-news campaigns with an unsubscribe option Mailchimp Privacy Policy https://mailchimp.com/legal/privacy/
Client - secure document shared with privileged users.
Survey Monkey - Evaluation Survey Survey Monkey Privacy Policy https://www.surveymonkey.com/mp/legal/privacy-policy/
Connaught – plain text email communications with event information and post course documentation. https://www.quadrilect.com/event-management_35_3882896022.pdf
For some of our events we request your permission to publish your details in the event delegate booklets.
Other
Email communications
All email communications are managed via our host Network Solutions. Network Solutions are signed up to Privacy Shield, an EU-U.S. framework designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data. Data transfers between your browser and our website are encrypted in accordance with a valid SSL
Certificate issued to Quadrilect Ltd.
Our network is run on in house servers which have commercial firewall & two level authorization password protection.
Portable devices
All documents with personal data are secured with password protection. A log of portable devices and content is maintained to manage and destroy data as appropriate.
Supplier Data
We use Sage Accounts to manage our supplier accounts and hold the following information.
Company name, address and bank details. This information is held so we can process supplier invoices for services received.
Sage Accounts is held on our secure internal network and only accessed by privileged users with password protection.
Data Breach Management
Daily firewall reporting monitored and quarterly periodic testing of system access. If a breach is identified we will alert all customers and suppliers via email and put a notice on our website outlining the form of the breach and data exposed. All security passwords will be updated and system access points restored with new IP addresses where required.
Customers will be asked to change their account passwords.
Note no credit/debit card data is stored as we use a payments processing platform.
Changes to our data processing
We will update this policy if any change to our data processing occurs and this will be published on our website. A link will be provided to this policy with the confirmation of all training & qualification registrations. If there is a fundamental change of the type of data we are processing and the use of data we will send an email communication to all suppliers and customers updating them on our processes with a link to the updated policy.
Data Destruction
Any request for data to be deleted where it doesn’t breach statutory requirements will be processed within 48 hours. Notification will be sent confirming the data destruction.
System hardware will be disposed of through a certified company and certificates of destruction will be held for audit purposes.
Hard copy data with personal identifiers will be destroyed by a certified shredding company and certificates of destruction will be held for audit purposes.
Hard copy data stored with a secure storage facility is annually reviewed and an archive document is updated recording content and date of destruction.
Click here to download our policy