Red Rock International Privacy Statement
1. Policy purpose and scope
1.2 A copy of this policy will be made available to Red Rock International’s staff and learners in both paper and electronic copies as applicable. In addition, and where applicable, detailed briefing and/or specific training will be provided.
1.3 Any questions regarding this policy should be made to the manager of your nearest Red Rock International Office or to firstname.lastname@example.org
1.4 This policy will be reviewed every three years and may be amended at any time.
2. Policy statement
2.1 RRI is committed to data security and the fair and transparent processing of personal data. This policy sets out how Red Rock International treats personal data.
2.2 RRI does not sell, rent or trade any personal data with other companies or organisations.
2.3 Under limited conditions (see below) RRI may share personal data with third-party organisations in relation to specific aspects of our training provision.
2.4 Please read this policy carefully as it contains important information on how and why we collect, store, use and share your personal data, your rights in relation to your personal data, how to contact us, and how to contact supervisory authorities in the event that you would like to report a concern about the way in which we process your personal data.
3. Types of data we collect
3.1 Mailing lists
3.1.1 We collect name, email and email preference information with our mailing list. We use that information for the following reasons:
to tell you about what you’ve asked us to tell you about
to contact you if we need to obtain or provide additional information
to check our records are correct and that you’re happy and satisfied with our services.
We don’t rent or trade email lists with other organisations and businesses.
3.1.2 We use a third-party provider, Mailerlite, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter.
3.1.3 For more information, please see Mailerlite’s GDPR page. You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by contacting your local office.
3.2 Sales and marketing information
3.2.1 When we have been contacted through an enquiry, or have contact with customers and potential customers we may retain the following information:
organisation and position
record of correspondence
This information may be kept indefinitely so that we have a record of what you have asked for in the past so that we can serve you better in the future.
3.3 Website cookies
3.3.2 Our cookies help us to:
make our website work as you’d expect and improve the speed, security and customer experience of the site
allow you to share pages with social networks like Facebook
continuously improve our website for you.
collect any personally identifiable or sensitive information without your express permission
pass data to advertising networks
pass personally identifiable data to third parties
pay or earn sales commissions
3.3.5 Social networking and cookies
In order to “like” or otherwise share our content on social networks, e.g. LinkedIn, Facebook, Twitter, we have included sharing buttons on our site. The privacy implications on this will vary from social network to social network and will be dependent on the privacy settings you have chosen on these networks. RRI does not accept responsibility for data that our service users chose to share with third-party companies.
3.3.6 Anonymous visitor statistics cookies
When someone visits our website www.redrockinternational.com we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is collected and processed anonymously and does not identify individual users. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
3.3.7 Turning cookies off
You can usually switch cookies off by adjusting your browser or app settings to stop it from accepting cookies. Doing so however will likely limit the functionality of our and a large proportion of other websites as cookies are a standard part of most modern websites.
It may be that your concerns around cookies relate to so called “spyware”. Rather than switching off cookies in your browser you may find that anti-spyware software achieves the same objective by automatically deleting cookies considered to be invasive.
4. Service user / learner data
4.1 Data collected and stored by Red Rock International
4.1.1 For some of our training course and events, we collect personal information from participants for a variety of reasons. These may include:
- to be aware of any medical conditions which might impact participation on the event, or which first aiders should be aware of in the event of an incident
- to contact participants before, during or after the course
- to provide certificates with the correct name, organisation and to be able to send to a mailing address
- to be able to contact next of kin in the event of an incident
- to be able to provide access to relevant assessments (such as the Birkman Method) if they are required parts of the course
- to request permission to use photos from the course for marketing purposes
4.1.2 We normally destroy all physical and electronic records upon completion of the course or event. Occasionally, we may retain records for up to three years or, in exceptional circumstances, longer where there is a legitimate interest in doing so. Physical records are retained in locked storage, and digital records are stored on secure, password protected areas where access is limited to essential personnel.
We may also receive information about learners from their employer when they book courses, provide details of participants, communicate and special requirements. This information may include, but is not restricted to name, gender, date of birth and nationality, and health-related information which may be relevant to activities included in RRI courses.
4.2 Data sharing with third-party organisations
- to allow a third party to provide access to proprietary assessment tools (such as the Birkman Method)
- where third parties, contractors leading specific activities or providing training venues, require medical information to fulfil their services safely
Learners taking part in RRI training which leads to a third-party certification, i.e.ILM qualifications or recognised development programmes, must be aware that their personal data will be securely shared with that organisation via a secure, password-protected web portal. Details of the way that ILM uses and stores personal data can be found in their Learner Personal Data Policy (https://www.i-l-m.com/privacy/learnerpersonaldata).
5. Privacy and learners’ rights
5.1 Under the General Data Protection Regulations (GDPR) brought into law in 2018, all individuals have various rights with respect to the use of their personal data. Although GDPR does not apply outside the European Economic Area (EEA), RRI continues to use these regulations where possible to maintain best practice.
5.2 Right to Access
5.2.1 You have the right to request a copy of the personal data that we hold about you by contacting us at email@example.com. Please include with your request information that will enable us to verify your identity. We will respond with 30 days of request. Please note that there are exceptions to this right.
5.2.2 We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person, if we are legally prevented from disclosing such information. Or if your request is manifestly unfounded or excessive.
5.3 Right to rectification
5.3.1 We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up to date.
5.4 Right to erasure
5.4.1 You have the right to request the deletion of your personal data where, for example, the personal data are no longer necessary for the purposes for which they were collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed.
5.4.2 If you would like to request that your personal data is erased, please contact us using the contact details provided below.
5.5 Right to object
5.5.1 In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed based on legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes.
5.5.2 If you would like to object to the processing of your personal data, please contact us using the contact details provided below.
5.6 Right to restrict processing
5.6.1 In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have contested the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. Please contact us using the contact details provided below.
5.7 Right to data portability
5.7.1 In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means.
5.7.2 If you would like to request that your personal data is ported to you, please contact us using the contact details provided below.
5.8.1 Please note that, in the EEA, the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception, we will explain this to you in our response.
6.1 If you have any queries about this policy, the way in which we process personal data, or about exercising any of your rights, you may contact our Privacy Officer by sending an email to firstname.lastname@example.org, through contact details listed on our website.