(last updated 4 October 2019)
1. Who we are
2. The data we collect about you
We are a “data controller” for the purposes of the Data Protection Act 1998 and (from 25 May 2018) the EU General Data Protection Regulation 2016/679 (GDPR) and any successor legislation to the GDPR or the Data Protection Act 1998 ("Data Protection Law"). This means that we are responsible for, and control the processing of, your personal information.
We are committed to protecting your privacy. This policy is designed to ensure your personal details are protected when you book a course with us, subscribe to our newsletter or browse our website.
You can contact us in any of the following ways:
By post: IASeminars Limited, 1 Westferry Circus, Canary Wharf, London, United Kingdom, E14 4HD
By email: firstname.lastname@example.org
By telephone: +44 333 344 3321
Via the “Contact” tab on our website
3. How we collect your personal data
In order to provide you with services at your request, we will need to collect some 'personal information' about you. For example, in order to register for a course, we will need certain information. When you subscribe to our newsletter, much less information is required. We only collect the personal information that we need in order to provide you with the relevant service.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
Identity Data includes first name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes billing address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and details of services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Profile Data includes your username and password, bookings made by you, feedback and survey responses.
Usage Data includes information about how you use our website and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
We may also collect, use and store Special Categories of Personal Data about you if you choose to provide such information. This will include any information you provide to us about any special learning needs, accessibility requirements or special dietary requirements you have. We will only collect these types of data with your permission and will treat these types of personal data with extra care – click here for further details.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
4. How we use your personal data
We use different methods to collect data from and about you including:
When you interact with us directly: You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- register for a course
- create an account on our website
- subscribe to our newsletter
- request course information to be sent to you or
- give us some feedback.
When you interact with our partners or suppliers: We may receive Identity, Contact and Usage data where a course is delivered by a trusted organisation or individual working on our behalf.
When you visit our website: we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies
Through third parties or publicly available sources: We may also receive Technical Data about your visits to our website from (a) analytics providers such as Google, (b) advertising networks and (c) search information providers.
You can check the information that we hold about you at any time by contacting us.
We will only use your personal information lawfully and in accordance with the Data Protection Law. We will mainly use your personal data in the following circumstances:
- where we need to perform the contract we are about to enter into or have entered into with you
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests and
- where we need to comply with a legal or regulatory obligation
We have set out in a table below a description of all the ways we plan to use your personal data and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Whenever we process your Personal Information under the ‘legitimate interest' lawful basis, we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
||Type of data
||Lawful basis for processing
To register you as a new customer
Perform our contract with you
To process and deliver a course to you including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(a) Perform our contract with you
(b) Necessary for our legitimate interests (eg. to recover debts due to us)
To manage our relationship with you which will include
(b) Asking you to provide feedback
(a) Perform our contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our services)
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security and to prevent fraud)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about our services that may be of interest to you
Necessary for our legitimate interests (to develop our services and grow our business)
6. Special Categories of Personal Data
We would like to send you information about our future courses and services we think may be of interest to you from time to time
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think may be of interest to you. This is how we decide which courses, services and offers may be relevant for you.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
If you opt out of receiving marketing messages, we will still continue to contact you in relation to any course you have booked onto.
7. Sharing your information
The Data Protection Law recognises that some categories of personal data are more sensitive and require a higher degree of protection. Special Categories of Personal Data include information about a person’s health, race, ethnic origin, political opinions or religious beliefs.
If you choose to provide us with any of these types of personal data, we will only use such information for the purposes of ensuring that a course is effectively provided to you and you are suitably catered for. We may pass these details on to any trusted third party who is delivering a course on our behalf under conditions of strict confidentiality for this purpose. We will not pass such details on to any other third party or use them in any other way.
8. International transfers
We may share your information with our trusted partners and suppliers who work with us or on our behalf. This may include third parties who deliver our courses, help us create and send information to you, manage our website and store and back up data securely. Processing of this information is always carried out under our instruction. We make sure that our partners and suppliers always store personal data securely, delete it when no longer needed and never use it for any other purposes.
We enter into contracts with these partners and suppliers that require them to comply with the Data Protection Law and ensure that they have appropriate controls in place to secure your information.
We will never sell your personal information to any other third party organisations so that they can contact you for marketing activities. Nor do we sell any information about your web browsing activity.
We may disclose your information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our terms and other agreements.
9. Data security
We may share your personal data within the IASeminars Group (this is the group of companies which are under common ownership with IASeminars Limited). This may involve transferring your data outside the European Economic Area (EEA). If we do this, we will ensure your personal data is protected by requiring all companies in the IASeminars Group to follow the same rules when processing your personal data
We may also transfer your data to our suppliers who are based outside the EEA. Whenever we transfer your personal data out of the EEA, we make sure your data is protected in a manner which is consistent with how we protect it in at least one of the following ways:
- by only transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission
- by using contracts that give the same level of protection to personal data that it has in the EU
- by ensuring that, if an organisation is based in the US, it is part of the EU-US Privacy Shield.
10. How long we hold onto your data
We take all reasonable steps to keep such information secure and confidential from unauthorized access, misuse or loss.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11. Your rights
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights, you can do so by contacting us. Please note that you will need to provide us with evidence of your identity.
Request access to your personal information: You can ask us to give you a copy of the personal information that we hold about you.
Request correction: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
Request erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request restriction: You can ask us to restrict our use of your personal information in the following circumstances: a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) if you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request transfer: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
Withdraw consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
13. Monitoring and cookies
If any of the information that you have provided to us changes, for example, if you change your email address or if you wish to cancel any request, please contact us.
We may use technology such as a "cookie" to monitor your use of our website. Cookies are small text files that a website sends to your browser. They save information on your device, for example, computer, tablet or mobile phone, about how you have used the website.
The data is not linked to the information you have given us and cannot be used to identify you personally. This gives us information about which areas of the website you use most or least, and how often you use the website.
These pieces of information allow us to distinguish you from other users and improve your experience on our website through, for example:
- Enabling a service to recognise your device so you don't have to give the same information several times during one task;
- Recognising that you may already have given a username and password so you don't need to do it for every web page requested;
- Measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast.
We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences.
Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and any advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
We use the cookie site_session for managing your current visit. This contains randomly generated text and automatically expires when you exit your browser.
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and volumes of usage. This is to ensure that the service is available when you want it and fast. For further details on the cookies set by Google Analytics, please refer to the Google Code website.
You might be able to modify your browser to prevent this happening and you may still be able to use our website. However, if you choose to refuse all cookies, our website may not function for you as we would like it to.
You can update your cookies preferences by clicking on the links below:
15. Further information
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
To find out more about this policy and how we look after your personal information, please contact us at email@example.com or on +44 333 344 3321.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.