Privacy and Cookie Policy

The small print

General Data Protection Regulation (GDPR) Policy

Named Data Protection Officer: Barry Syder, Director, Syder and Young Ltd.

This privacy policy sets out how we use and protect any information that you give Syder and Young Ltd.

We are committed to ensuring that your privacy is protected. If we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy statement. This policy is effective from 23rd May 2018.

Data Protection Principles

Data Protection Rights

Section 1: Data we hold

Short Courses:

The only data we hold relates to your name, place of work and work email address which you provide to us when you make a booking or when a booking is made on your behalf. This information is recorded on spreadsheets on a secure password-protected computer which is backed up to a secure cloud-based server. Your information is used only for administration of the event by employees and associate trainers of Syder and Young Ltd. Your email address is not shared with any other party.

We gather post-event feedback in the form of paper evaluation forms which are summarised and the summary emailed to the commissioner of the course. The feedback is anonymised so scores, comments and training needs cannot be associated with a particular delegate. The hard copies are manually filed and destroyed after 12 months (see Disposal).

Qualification Programmes:

The data we collect via the enrolment form is that which we need to carry out your registration with the awarding body of the qualification. This includes name, date of birth, address details and disability/ethnic origin (this latter information is used by the awarding body for monitoring purposes). We also collect data relating to your contact details (e.g. your mobile number so we can contact you in the event of a workshop being cancelled. The data you provide is used only by staff and associate trainers of Syder and Young Ltd and (excepting the awarding body) is not shared with any other party. Your data and results of assessments are held for three years after certification in line with the requirements of the awarding body.

Recruitment:

The data we hold is restricted to that provided in the application form/covering letter/CV that you provide to us. That information is only used only for shortlisting and the interview process and is not shared with any other party except for the client for whom we are handling the recruitment. The shortlisting is carried out manually - we do not use any form of automated processing. The data may be held in both electronic and printed formats. The records relating to a vacancy are retained for 12 months after an appointment has been made and then all data is destroyed (see Section 6).

Consultancy:

We often hold potentially sensitive data relating to our consultancy work (e.g. reports regarding the performance of an organisation). However, this is usually in electronic format subject to the security restrictions in Section 5 and the information is never shared with third parties except with the expressed permission of the client organisation.

Website:

If you use the contact form on our website we collect the following contact details in addition to your message: name/organisation/email address/telephone number. This data is used solely for the purpose of dealing with your query. The data is shared with no third party other than our service providers such as website host, website developer and email provider.

Our website uses cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to owners of the site. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. We use Google Analytics to collect information about how visitors use the website, for example: where they have come to the site from and which pages they visit. We use the information to help us improve the site.  Such information does not identify site visitors personally. IP addresses are automatically collected by Google Analytics by default, but they are not exposed in reporting. Google Analytics are US based and EU-US Privacy Shield certified.

Web server logs automatically generated by our website host’s servers may identify your IP address, browser type, operating system and platform but again this information is solely used in the operation and administration of the site and is not shared with any third party.

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Section 2: The lawful basis on which we hold and use your data

The lawful basis on which we hold and use your data is your consent.

Section 3: How we handle access requests

Section 4: Data breaches

It is the responsibility of the Data Protection Officer to detect, report and investigate any personal data breach. The Data Protection Officer will notify the ICO (Information Commissioner’s Office) of any breach where it is likely to result in a risk to the rights and freedoms of individuals – if, for example, it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.

Section 5: Security

Syder and Young Ltd operates from two private offices in the homes of the Directors. Public access is therefore rare. All electronic data is held on password protected IT equipment with appropriate anti-virus software. All files are saved to a secure cloud-based storage system.

Section 6: Disposal

We use a registered waste carrier to shred confidential waste including CD/DVD discs (registration number: CB/CN5177QD) and can produce Waste Transfer Notes.

Section 7: Other information

We do not use automated decision-making including profiling.