Privacy Policy

CB Training Services Limited

Privacy Policy

Overview

This privacy policy is designed to give further clarification and details on:

· Who we are.

· The types of information we collect and process.

· How we process and store your information.

· The security procedures in place used to protect your information.

· Who we share your information with.

· Your rights.

· Marketing.

· Access to your information and correction

· Other websites

· Cookies

· Changes to our Privacy Policy

· Who you can contact if you have an issue.

We process personal information for certain legitimate business purposes which include, some or all, of the following:

· Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of the customer.

· To identify and prevent fraud.

· To enhance the security of our networks and information systems.

· To better understand how people, interact with our social media and website.

· To provide postal communications which we think will be of benefit and interest to you.

· To determine the effectiveness of our promotional campaigns and our advertising.

Whenever we process data for these purposes we will ensure that we always keep your Personal Data rights in the highest regard and take into account all of your data protection right under any and all current UK legislation.

About Us

CB Training Services Limited, founded in 2004, is a registered company (number 07016820 in England and Wales) whose objective is the training of first aiders and Lifeguards and we now also provide swimming instruction for children aged 0-16 years old.

This privacy policy covers the following systems/services offered by CB Training Services Limited as well as its subsidiary trading names of Bubble Tots or CB Training Swim School

CB Training Services Limited plays two roles with regards to data – we are the data controllers for the data we hold on organisations who we work with, and in turn, data processors for our clients.

The information we hold about you is either from the public domain, or you have provided it to us in the process of enquiring about or ordering a product or service from us.  This privacy policy explains how we use any personal information we collect about you.

The personal information we would like to collect from you

Swim School Lessons (initial enrolment):

· Parent / guardian contact details comprising of name, address, postcode, telephone numbers(s) and email address

· Swimmers name 

· Swimmers DOB 

· Swimmers medical conditions. 

Swim School Lessons(re-enrolment):

· As well as the above information should you choose to enrol via Direct Debit a third-party company (GoCardless) will process your bank account details on our behalf

Training Course Enrolment:

· Depending upon the course information will be requested about your personal contact details (name, address, email and phone number) as well as proof of identity and any accredited prior learning. For example, to complete swimming teachers course there is a pre-requisite that a Safeguarding and Lifeguarding course will have been completed before the qualification can be awarded. 

Employees: 

· Employees need to provide basic contact information (name, address, telephone number and email address) as well as proof of qualifications. 

· We also require some personal information to enable us to process a Disclosure and Barring Service check via The Post Office. This information will include personal information such as driving licence, passport and recent bills. 

· To enable payroll to be processed personal tax information will be required which will be supplied to our third-party Sage Payroll 

· To enable staff to be paid personal bank account details will be required which will be supplied to our bank (Bank of Scotland)

Financial Information: 

· Basic information is required to process invoices and provide our services. This information is for the administration of lessons and does not usually involve swimmers. 

The personal information collected is to allow us to run the business. No information is collected unless it is needed for a specific task. For example, swim school enrolment information is required to allow teachers to know who should be in their class while medical information allows us to keep all swimmers as safe as possible. 

The only special category of personal data held by CB Training Services Limited relates to medical conditions. This is very brief summaries of any conditions with which we may need to provide emergency medical aid for, or, which may alter how we need to deliver our lessons or training courses. 

Profiling

CB Training Services Limited occasionally uses data to provide statistical information which is used to improve the products and services it offers. This includes analytics data on your interactions with our products and services.

Security

CB Training Services Limited take your data security very seriously. All your information is held on our internal encrypted computer systems, locked filing cabinet or with third party servers which host your data and comply with GDPR and BSI requirements.

Sub-Contract Processing

CB Training Services Limited use the following organisations, who process your personal data, in order to provide its products and services to you. All organisations which CB Training Services Limited works with comply to the relevant legislation, including the General Data Protection Regulations (GDPR).

STA Online:

STA Online is STA’s (The Swimming Teachers Association) online environment for the processing of training course certificates and data.

Safety Training Awards:

Safety Training Awards is the awarding organisation of The Swimming Teachers’ Association, regulated by Ofqual, Qualifications Wales, CCEA in Northern Ireland and accredited by SQA Accreditation in Scotland.

Swim Soft (MOR Solutions):

The storing of our swim school data including customer records, swimming lessons attendance, progression and various other details for the swimming lessons we provide. We also use of their email and text systems to inform our customers of closures/new classes/advertising purposes.

Google:

For statistical analysis of your interactions with our services

Sage:

Operate, host and provide the functionality required for our accounts and payroll.

GoCardless:

Provide the functionality required for our customers to set up direct debit instructions.

Mail Chimp:

Operate, host and provide the functionality enabling us to send marketing and transactional email communications to customers.

GoDaddy:

Operate, host and provide the functionality enabling us to send marketing and transactional email communications to customers. Also host of our website and use data such as cookies (see our cookie policy details below)

Survey Monkey:

Operate, host and provide the functionality enabling us to send surveys to customers.

Aneurin Bevan University Health Board:

The storing of our disability swim school data including customer records, swimming lessons attendance, progression and various other details for the swimming lessons we provide for their two charities called Sparkle Appeal and Umbrella Appeal

Bank of Scotland:

Our bank with details of payments from customers and to our providers/employees.

Facebook:

If you send us a private or direct message via social media the message will be stored, and it will not be shared with any other organisations.

Twitter:

If you send us a private or direct message via social media the message will be stored, and it will not be shared with any other organisations.

Microsoft Office 365 and Outlook (Email Providers):

We will also monitor any emails sent to us, including file attachments, the message will be stored, and it will not be shared with any other organisations. 

Responsibilities 

The Data Protection Officer (DPO) is responsible for ensuring that this notice is made available to data subjects prior to CB Training Services Limited collecting and/or processing their personal data. 

All Employees of CB Training Services Limited who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.

Your Rights

The Right to Be Informed

You have the right to be informed about the collection and use of your personal data. This information is communicated via this privacy policy and you will be notified whenever any changes are made to it.

The Right of Access

You have the right to access your personal data and supplementary information. You can request to see your data by completing our subject access request form.

The Right to Rectification

You have the right to have inaccurate personal data rectified or completed if it is incomplete. As detailed above, you can request to see your data by completing our subject access request form.

The Right to Erasure

The GDPR introduces a right for you to have your personal data erased if, for instance, the personal data we hold for you is no longer necessary for the purpose for which it was originally collected or processed. The right to erasure is also known as ‘the right to be forgotten’. The right is not absolute and only applies in certain circumstances where applicable.

The Right to Restrict Processing

You have the right to request the restriction or suppression of your personal data in order to limit the way that we use your data; this is an alternative to requesting the erasure of your data. This is not an absolute right and only applies in certain circumstances. You can make a request for restriction verbally or in writing.

The Right to Data Portability

The right to data portability gives you the right to receive your personal data you have provided to us in a structured, commonly used and machine-readable format. It also gives you the right to request that we transmit this data directly to another data controller. This right only applies to data collected by us using automated means (i.e. excluding paper files).

The Right to Object

You have the right to object to your information being processing based on:

· Legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)

· Direct marketing (including profiling)

· Processing for purposes of scientific/historical research and statistics.

Please bear in mind that if you object, this may affect our ability to carry out the tasks above which may be of benefit to you.

Rights in Relation to Automated Decision-Making and Profiling

CB Training Services Limited does not undergo automated decision-making on your personal data.

Marketing

We would like to send you information about products and services of ours which may be of interest to you.  If you have consented to receive marketing, you may opt out at a later date.  You have a right at any time to stop us from contacting you for marketing purposes.  If you no longer wish to be contacted for marketing purposes, please contact us in writing, using the details provided below.

Send an email to chris@cbtraining.org 

Write to us at: 

CB Training Services Limited
10 Ty Gwyn Road
St Dials
Cwmbran
NP44 4AB

We will never lease, distribute or sell your personal data to third parties unless we have your permission, or the law requires us to so.

External Links

Our websites and online services may contain links to other websites. Please note that we have no control of websites outside of CB Training Services Limited.

If you provide data to a website to which we link, we are not responsible for its protection and privacy.

Always be wary when submitting data to websites—read the site’s data protection and privacy statement fully.

Cookies

Understanding How and Why We Use Cookies

CB Training Services Limited use cookies throughout their sites and online environments to create the most secure and effective website possible for their customers. Among other things, cookies allow you to access our services and for these services to operate as advertised. This section explains what cookies are, how we use them and what benefits they bring.

What Are Cookies?

Cookies are small text files that are sent to and stored on your computer, smartphone or other devices for accessing the internet, whenever you visit a website. Cookies are useful because they allow a website to recognise a user’s device.

CB Training Services Limited sites and online environments use cookies for a variety of reasons, such as to determine preferences, let users navigate between pages efficiently, verify data and carry out other essential checks that ensures the data you interact with is accurate and relevant to your account.

Some of the functions that cookies perform can also be achieved using similar technologies. 

This section refers to ‘cookies’ throughout, however it includes those alternate mechanisms.

More information about cookies can be found on www.allaboutcookies.org 

How Cookies Make Our Website Safer and Easier to Use

Cookies are used for a variety of reasons, such as to safeguard your privacy when browsing CB Training Services Limited sites and online environments.

Cookies are essential—without them none of the services you subscribe to would function correctly.

We use analytics cookies to help us make our website better for those who visit it regularly. They help us work out what users like and don’t like and how we can improve things for you. This collects information anonymously.

How to Restrict Cookies

You can set your browser to accept or reject all specific cookies. You can also set your browser to alert you each time a cookie is presented to your computer. You can delete cookies that have been stored on your computer but remember, if you prevent us from placing cookies on your computer during your visit, or you subsequently delete a cookie that has been placed, it will not be possible for you to use our website effectively.

By disabling cookies from your browser settings, you will be restricting the cookies that CB Training Services Limited use to manage its website and this will have an impact on how the website will function. This will apply to all websites once cookies are disabled via your browser settings and not only CB Training Services Limited websites and online environments.

If you would like to restrict or block cookies that are set by us and other websites, you can do this through your web browser settings. Please refer to your browser’s help section for further information.

Further Information on our third parties

The Swimming Teachers Association: https://www.sta.co.uk/policies/privacy-policy/ 

MOR Solutions: http://www.morsolutions.co.uk/blog/2018/05/17/privacy-policy/ 

MOR Solutions Data Servers provider company called 1&1: https://www.1and1.com/terms-gtc/fileadmin/Terms/PDF_US/2018_01_US_Privacy_Policy_DWE.pdf  

GoCardless Direct Debit Provider: https://gocardless.com/downloads/legal/privacy-policy-v0417-1.pdf

MOR Solutions text messages Provider called Text Anywhere: http://www.textanywhere.net/privacy-policy.aspx

GoDaddy: https://uk.godaddy.com/Agreements/Privacy.aspx 

Google: https://policies.google.com/privacy?hl=en-GB&gl=uk 

Sage: https://www.sage.co.uk/uk/hrpayrollhero/privacy-policy 

Mailchimp: https://mailchimp.com/legal/privacy/ 

Survey Monkey: https://www.surveymonkey.co.uk/mp/legal/privacy-policy/ 

ABUHB: http://www.wales.nhs.uk/sitesplus/866/page/39189/ 

Bank of Scotland: https://www.bankofscotland.co.uk/securityandprivacy/privacy/ 

Facebook: https://www.facebook.com/about/privacy 

Twitter: https://twitter.com/en/privacy 

Microsoft Office 365 & Outlook (Email Provider): https://privacy.microsoft.com/en-us/privacystatement 

Changes to our privacy policy

We keep our privacy policy under regular review and we will place any updates on this web page. 

This privacy policy was last updated on 22nd May 2018