With effect from 25th May 2018 the General Data Protection Regulation (GDPR) applies to processing personal records.
For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), Leadership Lessons Limited (LLL) is a ‘processor’ of learner personal data. Leadership Lessons Limited is a Registered Company in London, England No.10562589.
The GDPR requires personal data to be processed in a manner that ensures its security, AND only used for the purposes for which it was collected. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. It requires that appropriate technical or organisational measures are used. This privacy notice sets out how LLL intends to do this, and under which lawful basis LLL is relying upon to operate transparently and fairly under GDPR.
Leadership Lessons Limited (LLL) manages your business and personal data in a fair and transparent way, ensuring that we are committed to your data security, whether that is with ourselves or, as far aw we are able, with our partners with whom we work.
If, for business reasons, LLL needs to keep your personal details (name, email address, and / or home address / or business address), or other categories of personal data that fall under the GDPR regulations, we will only do so if that data is required in relation to managing our relationship in a professional manner, and only as expected by yourself. You have the right at any time to ask to be forgotten, and we can do that simply by contacting us on the contact page and asking us to do so.
LLL may also retain your personal data in order to maintain a record of specific activity with the company, such as a specific training event, or for maintaining our invoicing records, or for testimonial purposes.
LLL may occasionally use your personal data to contact you about future events for which you have shown an interest, but this will be rare and only done with your permission, as most of our business comes from referrals.
LLL has no intention of sharing your personal data with any third parties without contacting you first for specific authority to do so. If LLL are working on behalf of a third party, such as our trusted partners, with whom you are engaged and have knowledge that they are involved, any personal details retained will only be for the purposes of satisfying the transaction with the third party, that without doing so may compromise your ability to take part in a set program with them, such as ensuring that your details are correct for any certification that you are due as a result of engaging LLL in the training process.
LLL will retain personal data only relating to training courses for which you have been an attendee, in order that accurate training records may be kept for any future enquiry, either from (for example) an accreditation body, or your employer. Again, we will only provide such information with your consent. In the interim, LLL will take all reasonable steps to ensure that we have processes in place to protect your personal data from being compromised by cyber attack, through double password entry to databases, and only using reputable secure servers for email transactions, so that information is only shared with those that have a legitimate or legal interest.
LLL shall rely upon the legitimate interests of the company providing learning solutions to engage with clients as a means of legally retaining your data, for administrative purposes, to respond to legal requests by law enforcement (in any country), or for the purposes of HMRC investigations.
All personal data will be destroyed when it is no longer required to provide you with the service for which you have requested, when you specifically request it’s destruction (provided we are not breaking any laws in doing so) under your right to be forgotten, and after a period of 7 years or on the closure of the company, whichever is the soonest. Of course, you have the right to ask for any personal records that LLL holds about you, simply email us using the contact form on the contact page, and our reply will follow as soon as we can, and in any event within the legally allowable calendar month.
LLL SHALL MAINTAIN A LOG OF ANY SUBJECT ACCESS REQUESTS, AND THE TIMESCALE IN WHICH THE COMPANY RESPONDS. ANY REQUESTS WILL BE DONE VIA EMAIL SO THAT AN ELECTRONIC RECORD IS MAINTAINED FOR EVIDENCE TO THE ICO.
Remember, we cannot share other people’s information with you, so that may need to be withheld. If your information is incorrect, simply let LLL know and we can update our records.
In the unlikely event that there is a data breach, you and any data regulator will be notified at the earliest opportunity that we become aware, and in any event within any legal timescales for doing so. In fact, LLL will only have 72 hours from being aware of a breach to report it to the Information Commissioner’s office (ICO).
The GDPR provides the following rights for individuals whose personal data has been retained:
1 The right to be informed
2 The right of access
3 The right to rectification
4 The right to erase
5 The right to restrict processing
6 The right to data portability
7 The right to object
8 Rights in relation to automated decision making and profiling.
If for some reason, you don’t believe that LLL has a legitimate reason for holding your personal data, just let us know, and we shall be pleased to remove or restrict all personal data that we hold about you (subject to any lawful authority preventing us from doing so, such as a warrant or lawful police investigation).
Further information on Legitimate Interests can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/
If you have any concerns about how LLL manages your personal data, or the response that you have received from LLL, for example if you believe that your rights under GDPR have been breached, please do let us know as soon as you can, and if you are still unhappy, please contact the Information Commissioner’s Office (ICO), further details of which can be found at www.ico.org.uk/concerns/
FINALLY, IF YOU KNOW MORE ABOUT THE GDPR THAN I HAVE INCLUDED IN THIS PRIVACY NOTICE, PLEASE BE SO KIND AS TO LET ME KNOW SO THAT I CAN KEEP WITHIN THE LAW.
The website security is provided by our hosting supplier (“Krystal”) and the products (e.g. “Wordpress”) used to build the website. Any emails are retained on BT Internet secure servers, using LLL computers, protected by double password access.
The content of the LLL website is entirely at the disposal of the public and while every effort has been taken to remove unnecessary visual information (i.e identifying personal data) from images provided by course attendees, some may inadvertently still exist. That said, the LLL website carries none of the personal information referred to in the Privacy Notice above, unless authorised by the person concerned.
If you see anything that you would like edited or removed from the website please contact us via any of the contact forms on the website, and LLL shall be only too pleased to do so.