This policy should be read alongside and in addition to the following:
2. About Us
We are the Institute of Clinical Science and Technology Limited (ICST).
We are a company incorporated in England and Wales (company number 09300292)
Our registered office is 50 Cathedral Road, Cardiff, CF11 9LL.
3. What is personal data
Your personal data is information which, by itself or with other information available to us, can be used to identify a person directly or indirectly.
Some personal data is categorised as ‘sensitive personal data’ and includes information about race, ethnic origin, political opinions, religious beliefs, mental or personal health, sexual life or orientation, criminal proceedings (either alleged or prosecuted) and membership of a trade union.
We do not consider personal information to include information that has been anonymised or aggregated so that it can no longer be used to identify a person, whether in combination with other information or otherwise.
The collection and use of your personal data is regulated under the UK Data Protection Act 1998 (the Act) and the 2018 General Data Protection Regulations (GDPR) and we process your data in accordance with these regulations as both a data controller and a data processor.
4. How do we collect your information?
We collect information from the following sources:
- Directly from you
- From your employer or other stakeholder if they have contracted us to provide you with our services
- From a third party who has obtained your information and passed it on in full compliance of data protection laws.
- When you access our website, platforms or apps to register an account, access the online courses and content, complete any associated actions on an online course, participate in any surveys, submit feedback or make a purchase, we may collect, store and use personal information. We may also ask you for information when you report an error or problem with the website, online courses or content.
- When you make a purchase, our payment service provider, will also collect and process your credit card or other payment details. If you contact us, we may also keep a record of that correspondence. We may also keep records of your transactional history with us.
- We may collect information to communicate with you via email, SMS or app to communicate messages relating to your account, online courses or associated products and services we sell.
- We may collect data relating to your visits to the website that cannot directly identify you but records your use of our website, online courses and content including IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths.
- We may receive information about you from third parties who are legally entitled to disclose that information such as credit reference agencies.
- We may collect information that you post to our website for publication on the internet including your user name, your profile pictures and the content of your posts.
- If you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information
5. How long do we retain your data?
We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for.
To determine the appropriate retention period for the personal information we hold, we consider the amount, nature and sensitivity of the personal information, the risk of harm from unauthorised use or disclosure of your personal information, the reasons why we handle your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
We may retain your data for the following reasons:
- In order to establish, exercise or defend our legal rights
- If we believe the documents may be relevant to any ongoing or prospective complaint or legal proceedings
- The purpose of satisfying any legal or accounting requirements
If you require further information about our specific retention periods, please contact us.
6. Ways you can access and control your personal information
Under data protection laws you have legal rights concerning our usage of your personal information, including:
- You have the right to be informed about how your data is being used.
- You have the right to access personal data
- You have the right to have incorrect data updated
- You have the right to have data erased
- You have the right to stop or restrict the processing of your data
- You have the right to data portability (allowing you to get and reuse your data for different services)
- You have the right to object to how your data is processed in certain circumstances
Please be aware that if you ask us to cease processing all or part of your data, this will impact on your ability to access some of our services. Further, we can only comply if there is no legitimate reason for ICST to continue to process your personal data. You should also note that there will usually be a requirement for ICST to keep a basic student record indefinitely if you have completed an accredited course with us.
We will honour any statutory right you might have to access, modify or erase your personal information. We encourage you to make such a request via email. Please contact us at email@example.com.
If you wish to make a complaint, you should first contact our Data Protection Officer via email. Please contact us at firstname.lastname@example.org. The Data Protection Officer can invoke our formal complaints procedure if appropriate. You can also submit a complaint to the Information Commissioner’s Office; further details can be found at www.ico.org.uk.
7. How to update or correct your personal information
You can see, review and change most of your personal information by signing in to your relevant ICST accounts. Please update your personal information immediately if it changes or is inaccurate and notify us at email@example.com.
Any research we or our partners, such as universities and other stakeholders, carry out will be conducted in accordance with Research Ethics guidelines.
Your activities on an ICST website, platform or app may be used for academic research purposes. This includes the comments you make where you may disclose certain personal information about yourself.
We will never associate your comments, information or other course activity with any of your public user profile information (such as name or profile picture) in the datasets we share with the course provider, it may still be possible to identify you by (a) the content of your comments or (b) finding the actual comment on the Website and seeing the user associated with it.
We confirm that all our course providers who conduct research will never associate your comment or your activity with your user account by method (b) above and will always treat any personal data in strict accordance with data protection laws and the research ethic guidelines.
If a course provider wants to quote a comment you have made in their research, they will identify you and your account only for the purpose of obtaining your permission.
10. International data transfers
Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy.
Information that we collect may be transferred to the following countries which do not have data protection laws equivalent to those in force in the European Economic Area: the United States of America, Russia, Japan, China and India.
Personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
You expressly agree to the transfers of personal information internationally as described.
11. Security of personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. Please see our Trust Centre section of this website for a comprehensive overview of our security insfrastructure.
We will store all the personal information you provide on our secure (password, MFA and firewall-protected) servers.
All electronic financial transactions entered into through our website will be protected by encryption technology.
You acknowledge that the transmission of information over the internet has the tendency to be inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping the password you use for accessing our platforms confidential; we will not ask you for your password (except when you log in to our website).
14. Contacting ICST
You can contact us:
- by post, to our registered office 50 Cathedral Road, Cardiff, Wales CF11 9LL
- using our website contact form;
- by telephone, on the contact number published on our website from time to time; or
- by email, using the email address published on our website from time to time.
15. More ways we use your data
We will use your personal data in a variety of ways, depending on your relationship with us. Below you will see some general and specific ways we use your data and the lawful bases on which we are processing it.
General ways we may use your data
- administer our website and business
- personalise our website for you
- enable your use of the services available on our website
- send you goods purchased through our website
- supply to you services purchased through our website
- send statements, invoices and payment reminders to you, and collect payments from you
- send you non-marketing commercial communications
- Send you course-specific communications and updates on online courses and content you have purchased/accessed
- send you email notifications that you have specifically requested
- send you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter)
- send you marketing communications relating to our business (you can inform us at any time if you no longer require marketing communications)
- tailor our advertising on Google, Bing and social media platforms to your use of the website
- invite you to complete feedback surveys and share your experiences with us
- provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information)
- deal with enquiries and complaints made by or about you relating to our website;
- keep our website secure and prevent fraud; and
- verify compliance with the terms and conditions governing the use of our website (including monitoring private messages sent through our website private messaging service);
- comply with legal and regulatory requirements;
- to allow us and partner institutions to conduct academic research
- to provide third party goods or services through our website.
- If you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us.
- Your privacy settings can be used to limit the publication of your information on our website, and can be adjusted using privacy controls on the website through your dashboard.
- We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.
Where you have spoken to us at an event
- When you speak to us at an event or meeting either in-person or on-line, we may collect the following information from you: name, address, email address, phone number.
- When we collect this information we rely on your consent to contact you to keep you up to date with our courses, services and membership programme.
So that we can assist you
- When you phone, email or message us using our website portal, we may also handle your personal information (your name, contact details and any other details you provide us with at the time) in order to provide the customer services or support you have requested. Please be aware that we may record calls for training and monitoring reasons.
- We rely on your consent to handle your personal information in this way, except when we are providing a service you have requested as part of a contract between us. Please keep in mind that if you do not provide us with the personal information we request from you, we may not be able to fully answer your queries.
Where we have obtained your information from a third party
- We sometimes obtain your personal information from a third party provider where you have either consented to them passing on your details to us or where they hold the information for legitimate purposes.
- We collect this information in this way because we have a legitimate interest of promoting the services we provide to potential users.
If you have signed up for our newsletter, blog or other social media
- If you have opted in to receive marketing communications from us, we will use your name and email address to provide you with marketing communications in line with any preference you have told us about.
- When we send you these communications, we rely on your consent to contact you for marketing purposes.
- Every email sent to you for marketing purposes will also contain instructions on how to unsubscribe from receiving them.
- You are not under any obligation to provide us with your data for marketing purposes.
When you apply for a job with us
- We will collect and handle the data you provide to us on your application and/or CV on the basis of your consent. This information may include sensitive or special categories of personal data, such as your race, ethnic origin or information about your health. Where you have provided employment references to us as part of your application, we will contact those referees and ask them to provide a reference about you. As part of this process, we will disclose your name and the fact that you have applied to work with us to your referees. We also use the information you provide to us when applying for jobs to record who is applying for jobs with us and to make sure we are attracting a diverse range of applicants.
- You can withdraw your consent by contacting us at firstname.lastname@example.org but if you choose to withdraw your consent we will be unable to continue to process your job application.