Personal Data and the General Data Protection Regulations
Privacy Statement
Who are Conflict Resolution Limited?
Personal data is processed by Conflict Resolution Limited (CRL). The company delivers consultancy and training services to organisations, employees and the general public. Incorporated in 2007 and operating within the United Kingdom and, into North America.
CRL is committed to ensuring when personal information is handled and processed, this is because we have a ‘legitimate interest’. A legitimate interest in in handling and processing this data. This is in line with the European Union General Data Protection Regulations 2018 (GDPR). The Data Protection Act 1998 and other relevant legislation.
Your rights
You have the right to request access to the personal data we hold. Additionally, you may have it rectified or erased or informed how long we will hold it for.
You have the right to withdraw any consent that you have provided at any time. You also have the right to withdraw consent for us to hold your personal information for direct marketing
To exercise your right, you simply notify us of your wish in writing. Thereafter, your request must be processed. To do this, your identity must be verified to ensure its you making the request. If however; we are unable to comply with your request, we will notify you together with the reason why.
If personal information about you is held by us, and you agree to us doing so please help us, ensuring that the information is up to date
When is your personal data collected?
This is collected and processed through a variety of communications with our service users and clients. Those might be directly with staff and officers at Conflict Resolution Limited. They may however; occur through our network of partner organisations with whom contracts and business exists. This occurs for example, we supply training services to other organisations. When contracted to do so lists of delegates are sometimes received before, or at the event. Essential data for identification purposes is also collected. These are necessary for us to carry out our responsibilities in programmes, particularly, licensed programmes. For example, when confirming identity of delegates in order that they can sit recognised national qualifications. We mediate disputes, and so record and retain essential details of the parties involved.
The sources of information include, but are not exclusive to, personal contact details. Discussions through phone calls, email, social media, or our website may also be collected, processed and retained.
Information may be obtained about contacts during correspondence. This of course can be for many reasons, which could include; advertising products and services. It may also be for entering an agreement to receive products and services. Alternatively, in making an agreement as a delegate, or as an organisation acting for a delegate. Similarly, it may be for an organisation acting on its own behalf. All of these so that our products and services may be supplied and delivered to that person, organisation, or another person. You may alternatively be a supplier we wish to interact with, for the purpose of developing and maintaining our business.
When providing other people’s personal data to us, it is your responsibility to ensure you have obtained consent from them for us to collect and process their data.
What data is collected and processed?
Information, such as the name, title, job role, company name, telephone or mobile contact number, email and postal address of those we are in dialogue with. Additionally, we may record those details for anyone we have an agreement with, to supply or receive products and services
For learners on course with nationally recognised qualifications, copies of identification documents that learners produce must be retained. This is to confirm their identity when audited. Copies of documents might include driving licences, passports, birth certificates or other documents personal information is recorded on. Copies may be by photocopy or photograph.
Additionally, we may collect the name, the signature of, the contact details (including the telephone number, mobile phone number, email address and postal address) of delegates. Similarly data may be collected from responsible adults or representatives of organisations. We may retain and process the address of the organisation or setting we work in. Furthermore, we may retain the contract to, together with contact details (including telephone, mobile phone, email address and postal address) of the contact, delegate or other relevant person.
We may collect and retain the name, the signature of, the contact details of parties to a mediation or dispute. We may retain details of the circumstances leading to and arising from a mediation or dispute. The information we retain is only that which is necessary for the purpose of understanding and, working towards a settlement. We do not keep details of conversations or details of a dispute once the mediation is been completed
How long is your data kept?
We are committed to using your data for legitimate purposes only. Due to legal, contractual and audit reasons we may keep data for as long as the law requires it. We should keep it for as long as is reasonable and for no longer.
For example, personal details of a client contact may be retained and processed in an invoice. This is because this would be required to be retained in accordance with HM Revenue and Customs requirements for audit. If an incident occurs in one of our sessions, we would be legally required to record that incident. The details would include, who was involved, and what happened. This information needs to be retained against future enquiry. Additionally, if an incident occurs on one of our training courses, we may keep that data indefinitely because of audit or improvement of service reasons and legal requirement.
Data may also be kept on delegates attending nationally recognised, accredited programmes. This data may necessarily be passed onto relevant awarding bodies and regulatory bodies to comply with their requirements. For example, a delegate attending a Door Supervisor course would have their personal information submitted to the Awarding Body so that their attendance at, and record of the examination results may be properly retained and, verified. Copies of learners identify documents will be retained by us securely for three years.
Once a mediation or dispute has been settled or otherwise concluded whatever the outcome, we destroy most records. The details of conversations will be destroyed. The personal data retained would comprise the settlement which may contain the details of those involved and the outcome.
How we use and share your personal data
Conflict Resolution Limited will use your data legitimately.
We may record the provision of contracted products and services to, and from others. We may use, record and share information with our teams, employees and contractors for the purpose of administrating, recording and delivering our contracted products and services and monitoring and auditing delivery of products and services.
This enables us to review and monitor our services, our quality of supply, our supplier chain, our training requirements, confirm conformity to our exacting standards and allows us to continuously improve our products and services for clients.
Marketing and Advertising
From time to time, we refresh and renew their marketing materials and advertising literature. This may involve making reference to comments, attributing comments to those who made them, using video, film or other images where appropriate. We will only use personal data in this way where express written informed consent has been obtained from the person whose personal information is being shared, or where that person is unable to give informed consent (perhaps either through age or underlying condition), then the express written informed consent of the person’s parent, guardian, carer, or other responsible person. It is your responsibility to ensure that if you are giving express written informed consent on behalf of another person that you have the lawful authority to provide that information. If you are in any doubt whatsoever, you should not give consent without obtaining formal legal advice.
Other than for legitimate marketing and business promotion purposes as outlined above – following express, informed written consent, we will not share your personal information with anyone other than the individual, the client, parent, guardian, carer or other responsible person (as relevant), or the supplier who supplied us the information, our employees, trusted contractors and licensed operators, franchisees and we will only share information with 3rd parties as required by law.
How we process and protect your personal data.
We have systems and procedures in place to protect your information from unauthorised access.
Each employee, contractor and associate is responsible for the security of all personal data that they retain and process. When not actively using the information, they will retain all personal data that is recorded on paper, or in a form of written documentation under lock and key in a secure location.
Electronic data stored on devices such as a desktop computer, laptop, Ipad or SMART phone will be stored in such as a way as to be secure at all times with all devices being password protected
No unauthorised access to personal data howsoever stored and used will be permitted.
Each employee, contractor and associate is required to share basic details of clients, delegates and organisations they delivery products and services to, and where those products and services have been terminated with Conflict Resolution Limited. Information shared may include the client contact name, contact details including the telephone or mobile phone number, email and postal address and address at which products and services have been provided.
Data and Barring Service requirement for employees, and contractors
For the protection of young people and vulnerable adults, we may be required to ask for a criminality check. This to ensure that our contractors, employees and associates are not disbarred from carrying out functions in a particular environment.
The criminality check is undertaken through the Disclosure and Barring Service. In applying to be engaged by us as employee, contractor or associate, you accept if necessary, we ask for a DBS check. You accept you will be sharing personal data about yourself with us. Furthermore, you accept that we will through the company, where required by law and, in no other circumstances, make the necessary enquiries for a criminality check at the appropriate level.
The results of those enquiries will be shared between the DBS and Conflict Resolution Limited. Similarly, that data will be processed by our nominated officer for this function. The results of any enquiry will disclose from the DBS whether or not there is an entry which will preclude an offer of work, employment or contracting services . A record of those enquiries will be retained on the online secure access portal the company use to submit requests to the DBS.
Exceptions to Disclosure and Barring checks
In working with the elderly, there is currently no legal requirement for us to carry out such DBS checks. This is because at no time are any of the company employees, contractors or associates work in a capacity which requires such a check to be made. Some care settings require that those providing products and services on their premises must have a basic DBS check completed. A basic DBS check is something that an individual person can apply for on their own behalf. We are not permitted by law to make such an application on behalf of another or, to make an enhanced DBS application in respect of working with adults. It will for employee, associate or contractor working in adult settings to make their own application if they wish to do so and to share it with whomsoever they wish.
Challenges
Conflict Resolution Limited, to protect the brand, the interests of the company and service users reserves the right not to extend an offer of employment or contracted service to operate our products and services to any person who makes application to be considered to offer products and services and who then refuses to share the results of the basic DBS check with the organisation who requires production of it prior to delivery of products and services.
Challenges to this policy should be made to Conflict Resolution Limited
Dated 7th March 2020