UKGRS Policy Information
General Data Protection Regulations (GDPR) & UK Global Road Safety Ltd
Personal information is a valuable resource that UK Global Road Safety Ltd (UKGRS) takes measures to protect from loss or corruption, unauthorised access and modification. Such information and the way it may be processed is subject to UK law, specifically the General Data Protection Regulations 2018 (GDPR).
We will collect personal data from you to run and deliver our services. Examples may include:
Upon receipt of an enquiry
In reply to a communication from us
From a customer agreeing to engage in our products and services
From interacting with delegates attending training providing us with contact details, date of birth, driving license information
Information you provide to us when raising a “ticket support” enquiry
Information that you provide when you communicate with us by any means.
Use of data
UKGRS will use the data that is held to provide our services and any certification. In addition we may use the information for one or more of the following purposes:
To provide information that has been requested from us about the products and services available or to address ticket support enquiries
To provide information relating to other products that may be of interest to clients. This information will only be provided where we have consent to do so.
UKGRS staff have received training with regards to processing data under GDPR and we will continue to ensure that refresher training is provided on an annual basis.
We will only process children’s data when relating to specific products and services. We will only do so with consent of an adult who holds parental responsibility.
We will keep the children informed of the use of their data with our Privacy Promise for Young People.
Transfer of data outside the EU
In order to deliver some of our global online training services, it may be necessary to share your data outside of the European Economic Area. Should this be necessary, UKGRS will ensure that the transfer and the third party service provider is compliant with the appropriate data protection laws and that all personal data will remain secure.
Information from third parties.
UKGRS may collect delegates personal information or data from third parties (e.g. employers). The third party will hold the appropriate permission for this. This information will only be used to facilitate the delivery of the agreed training or assessment programmes and for no other purpose.
Disclosing data to third parties
UKGRS will only disclose data to third parties for a limited number of reasons:
Information may be shared with providers of our services to deliver agreed products and services to clients and for certification purposes
Information in the context of a sale of our business however all discussions would be subject to confidentiality agreements
Information as required or permitted by law, or when it is believed that disclosure is necessary to protect our rights, protect an individual’s safety or the safety of others, and/or to comply with a judicial proceeding, court order, or other legal process served upon UKGRS
To protect the risk of fraud
UKGRS will not sell or pass on information for commercial purposes.
Our online services may make decisions about your driving skills from the information you provide. This will determine the level of risk associated with your driving and enable us to deliver the appropriate training. We will only do this if we have been asked to do this by your employer or yourself.
Your personal data is not collected for this purpose.
UKGRS will retain data securely, ensuring the IT infrastructure is covered by appropriate hardware and software maintenance and support.
Personal data will not be retained for any longer than is necessary for its defined purpose. We hold a full data retention schedule and reviewed in accordance with the principles of the GDPR.
You have rights within the GDPR and UKGRS is committed to complying with those rights:
The right to be informed
You have a right to be told about the information we hold on you, why we hold it and what we will do with that information.This must be presented in a clear and transparent way.
2. The right of access
You have a right to ask for a copy of the personal data that we hold about you.
3. The right to rectification
You can ask us to correct or update any information that we hold about you.
4. The right to erasure
You can ask us to delete any personal data we hold about you where we no longer have any legal reason to hold it
5. The right to restricted processing
You can ask us not to continue to process your information although allowing us to still hold it
6. The right to data portability
Where it is technically feasibly possible, you can ask us to transfer your data to you or another service provider or third party.
7. The right to object
You can opt out of any marketing communications we might send you.You can also object to us using or holding your personal data if we no longer have
legitimate reasons to do so.
8. Rights in relation to automated decision-making and profiling
Any profiling does not use your personal data.
UKGRS will verify the identity of the person making any of the above requests. If a request is received by a child, parental consent will be required to complete the request.
In the event of a breach of personal data UKGRS will comply with the duties set down in the GDPR, informing the Information Commissioners Office if necessary. Where feasible, UKGRS will honour its obligations within 72 hours of becoming aware of the breach.
Should the breach be likely to result in a high risk of adversely affecting individuals’ rights and freedoms, UKGRS will also inform those individuals without undue delay.
Information Commissioners Office
Tel: 0303 123 1113 / 01625 545 745
Date of Policy: 1st June 2018. Next review date May 2023.