This policy explains the types of personal data we (Aberdeen Drilling School Ltd.) may collect from individuals when they engage with us. As a commercial training provider we are required to process certain personal data in order to fulfil a service.
We are registered with the Information Commissioner’s Office (ICO), and we collect and process data in accordance with the General Data Protection Regulation (GDPR). We do not disclose data to any third parties unless disclosure is necessary for the fulfilment of a service; you have specifically given consent for a particular service; or we have a legitimate interest in disclosing data. Instances in which we do disclose data to third parties are outlined below.
We are committed to our responsibilities as a data controller with the Information Commissioner’s Office (ICO). We are also committed to keeping our customers and colleagues informed about the data we hold, why it is held, other parties to whom it may be passed on to, and how to exercise the right to privacy.
More information about responsible data collection and processing is available on the ICO website: https://ico.org.uk/
If you have any questions not answered by this policy, please contact us.
2. Purpose and scope of this policy
This policy ensures that personal information is dealt with correctly and securely and in accordance with the General Data Protection Regulation (GDPR), and other related legislation. It will apply to all personal data regardless of the way it is collected, used, recorded, stored, and destroyed, and irrespective of whether it is held in paper files or electronically.
All staff involved with the collection, processing, and disclosure of personal data will be aware of their duties and responsibilities and will adhere to this policy.
3. What is personal data?
Information about someone is defined as personal data when it can be used to identify a living individual and/or be used to influence decisions which affect the individual.
4. Our legal bases for processing personal data
Under the General Data Protection Regulations we rely on the following legal bases for processing your data:
Consent – we will ask your consent for marketing to you via email or post. If you consent we can collect and process your data for this purpose.
Contract – we sometimes need to collect and process your personal data in order to fulfil a contract with you, for example to provide training and certification. We will also collect and process your data on this basis if you’ve asked us to provide a quote.
Legal – we are obliged to process some personal data to comply with the law. On booking a course with us, we must gather and retain some personal data for a set period of time to comply with the regulations and training accreditation standards. We must also inform the relevant training accreditation and certification body if the trainee is currently living or working in an embargoed or sanctioned country according to EU regulations.
Legitimate interests – we collect and process some personal data to pursue our legitimate interests in a way you would reasonably expect as part of running our business; for example, to analyse information on our customers in order to provide new products or services.
5. The kinds of personal data we collect
Depending on your interaction with us, we may collect and process all or some of the following information:
• Email address
• Date of Birth
• Job title
• Phone number
• IWCF Candidate Registration (CR) Number
• Emergency contact name/phone number
• Company and/or Home address details
• Training history
• Card payment details
6. With whom we share personal data
Sometimes we need to share your personal data with trusted third parties. In these instances, your data will only be used for the exact purpose we specify, will be transferred and stored securely, and will be deleted or rendered anonymous if we stop working with that third party.
Examples of the third parties with whom we share data are:
• Payment-processing services
• Delivery couriers and postal services
• Email marketing service providers
• Certification bodies, such as IWCF and IADC
• Training partners, such as Falck Safety Services
This list is not exhaustive and may change from time-to-time in line with our business processes. Please be assured that we will only ever share your information with trusted parties who adhere to GDPR and the correct standards of security.
7. How long we keep your data
We will only keep your data for as long as it’s needed. After that, we’ll delete it, destroy it, or anonymise it.
If you book a course with us, we’ll keep your data for a minimum of four years in order to comply with certification body stipulations. You can request that some of this is deleted sooner – see below.
8. Your rights
We will always ensure that you have the right to:
- Access your personal data, free of charge
- Have your personal data rectified if out of date or incorrect
- Have personal data erased or destroyed, unless that would conflict with our legal obligations
- Withdraw consent for us to use personal data, if you have previously given consent
- Object to us processing your personal data and/or stop us using data for direct marketing
If you would like to exercise any of these rights, please contact us.
If you are unhappy with our use of personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. The ICO’s contact details can be found on the ICO’s website.
9. How to contact us
FAO: Data Protection Officer
Aberdeen Drilling School Ltd.
50 Union Glen