We are committed to protecting your privacy and take great care to ensure your information is kept safe and secure. We ask you to share information with us, so we can provide you with training services. This notice explains how we will collect, store, use and share your personal information.
Registered data controller
Evergreen Training Limited is a data controller and data processor for the purposes of data protection legislation. Relevant, authorised members of staff will have access to personal information. We’re registered with the Information Commissioner’s office and our registration number is: ZA331726
The information you provide to us is controlled by Evergreen Training as the ‘Data Controller’ however data that may be supplied to us by any third party is controlled by them, including for the purpose of the Data Protection Act 1998 (the Act) and any other applicable laws.
Evergreen Training processes information about individuals, known as ‘personal data’ in order to carry out our activities as a training business for the purposes of providing training services.
All individuals have the following rights regarding their personal data:
- The right to be informed: You have the right to be informed about what information Evergreen Training holds, what we use it for, who we are sharing it with, how long we are keeping it and on what basis we process the data. As a training business, we have a legitimate interest in processing personal data to ensure we deliver the right type and level of training. There are also times where we have to process personal information because we are required to by law. For areas outside of the above, we’ll seek consent.
- The right of access: If you’d like to see the records we hold on file for you, please make a request in writing to our compliance department.
- The right to rectification: If you believe we’re holding incorrect information, you can ask us to correct it.
- The right to erasure: You can ask us to remove your information. As long as there’s no legal requirement for us to keep your information, we’ll remove your details.
- The right to restrict processing: Instead of asking for it to be removed, you can ask us to stop processing it. For example, you can ask us to stop contacting you about new training courses.
- The right to data portability: If you want to take your data to another organisation please contact our compliance department.
- The right to object: You have the right to object to your data being processed on the grounds of legitimate interests, direct marketing and processing for statistical purposes. We’ll stop processing your information immediately unless there’s a legal reason for us not to do so.
- The right not to be subject to automated decision making: Evergreen Training don’t use automated decision making in our training processes.
What personal data we collect
The GDPR definitions of personal data and special categories of personal data are covered below.
We collect the following categories of personal data about our users. When you submit a payment for the purchase of an online training course through our payment partners Stripe and Paypal, data will be passed to the respective payment provider. This information is required to process or support the payment and includes the following data from you:
- Identity data: Your first name, last name
- Contact data: Your billing address, email address and telephone number
- Transaction data: Details about payments to and from you and of online training courses you have purchased from us
- Account data: Your email address, password and online courses purchases
- Technical data: Your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
We may also collect the following categories of personal data about our users.
- Communications data: Your preferences for example in receiving marketing information from us and your preferred form of communication
- Behavioural data: Information on how you use our website, your online activity, including the products or services you visit
- Aggregated data: We may also collect, use and share aggregated data, such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but once it’s in aggregated form, it won’t constitute personal data for the purposes of the GDPR as this data doesn’t directly or indirectly reveal your identity
How we use and share your data
When you leave your personal details, for example to purchase an online course or request a call back, we record this information in order to process your request and to maintain good contact with you regarding current and future requests.
In order for us to meet our contractual and legal obligations, we may be required to share information. If we choose to share your data with anyone not covered in this privacy notice, we’ll only do this where we have a legitimate reason to do so, and where required we’ll ask for your specific consent to do so.
We will share different kinds of personal data about you in the following situations:
- Your contact data will be shared within Evergreen Training whenever needed to fulfil a service you’ve requested, such as the purchase of an online training course
- Your contact data will be shared with external business contacts: individual members of staff at our partner companies, subcontractors or any other support organisation we work with to perform the legitimate activities of our business, such as our Learning Management System (LMS) partner to implement the service you’ve requested by enrolling you on a course
- Your contact data may be shared with authorities whenever Evergreen Training feels a need to legally protect itself
- Your contact data will never be sold to third parties
We collect personal data in order to comply with our legal obligations and where it’s in our legitimate interests as a training company to do so. Individuals within the companies we work with are also entitled to have their personal information protected. We’ll only share information where it’s allowed by law and relevant to our legitimate business activities, such as providing name, job title and contact details when arranging training. We may also share professional information that is already in the public domain (such as company website pages, LinkedIn profiles and similar media).
The information we ask for will only be used in connection with the legitimate activities of our business.
We keep the information for either the minimum period we are required to keep it by law, or, where relevant, for as long as you give us consent to keep the information, whichever is longer.
We’ll retain contact details for individuals within client organisations while the organisation remains a current or prospective client organisation.
Individuals within the organisations we work with have the same rights as any other individual (including the right to be forgotten). Anyone wishing to exercise their rights under data protection legislation should contact our compliance department.
How we keep your data secure
Our website uses SSL (secure sockets layer) to encrypt the data you transmit to us across the internet. We have appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. The data that we need to provide to our LMS partner to enrol you on an online course is stored securely by them with Amazon Web Services (AWS). AWS meets the EU-US Privacy Shield framework adopted by the European Commission and is compliant with data protection requirements when transferring data outside of the EU, if this transfer is required.
If you have any questions or queries concerning our services or this privacy notice, you can contact us by email at firstname.lastname@example.org or alternatively you can write to us at:
Robert Waterhouse (Data Controller)
Evergreen Training Ltd
Changes to our privacy notice
We keep our privacy notice under review and update it when necessary, for example due to changes in government regulation and data protection laws. Our website will show the most up to date privacy notice.
Our privacy notice was last updated on: 30 March 2021.