Privacy Policy
Privacy Statement
The School of Trauma Informed Positive Psychology Ltd is committed to safeguarding the privacy of all our customers, this Privacy Policy outlines how we use the personal information we collect from you, how we process it, your rights in relation to your personal information, and how to contact us or a supervising authority should you need to.
Who we are
We are the School of Trauma Informed Positive Psychology Ltd. registered in England and Wales with company Number 13013927.
Our registered address is Unit 123 Harvey Drive, Chestfield, Whitstable, England, CT5 3QY.
We are registered as a Data Controller with the Information Commissioners Office (ICO) under reference ZB160629.
How to contact us
Email: support@carolinestrawson.com
You can also write to us at our registered address:
Unit 123 Harvey Drive, Chestfield, Whitstable, England, CT5 3QY.
Lawful basis
We operate our data protection and privacy policies and processes according to the UK’s Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). We may act as a Data Controller or a Data Processor depending on the nature of services that we are providing to you.
Our primary lawful basis for processing your information is our mutual intent to create and fulfil a contract relating to the provision of training courses and supporting services.
Where you have made an inquiry with us without creating a contract, we will apply a legitimate interest basis to continue to provide you with information relevant to your inquiry. There is a reasonable period following your enquiry during which there is relevant contact and marketing activity.
Where we process your information solely for direct marketing outside of the reasonable period we will ask for your consent.
There may be circumstances where we have a legal obligation to collect and process your information e.g., detecting, preventing, or investigating crime or fraud including working with law enforcement agencies or other governmental departments or services.
Our privacy framework
As part of our commitment to ensure your personal information is protected and processed lawfully, we adopt the following privacy principles:
- We will only request and store the personal information we require to provide you with our products and services, including those you may be interested in, or where we have a legal obligation
- We will only request and store special category personal information, including health and financial information when you request a related service or where we have a legal obligation
- We will only share information with third parties as set out within this policy
- We will use personal information provided to us in accordance with this privacy policy
What Information do we collect?
We may collect and store the following types of personal data:
- Information about the use of our websites (including your IP address, geographical location, browser type, referral source, length of visit and number of page views).
- Information that you provide to us for the purpose of engaging our products and services and when requesting contact from us, including name, email address, date of birth, address, telephone number, and work status.
- Information required to deliver our training courses, which may include examination and qualification results.
- Information required to deliver our support services, which may include education and employment history, psychometric testing results, your personal and professional interests, and your online presence.
- Special category information required to provide requested services including finance products, health related information allowing us to facilitate special considerations and facilitate our equal opportunities policy, and conviction information where required for safeguarding or by law.
- Your marketing preferences.
- If you choose to take part in our optional feedback surveys, your gender, age, ethnicity, location, household income bracket, employment status as well as your answers regarding your opinion of, and use of, our products and services.
- Any other information that you choose to send to us.
Special category data
Some of our courses carry a duty of care requiring us to ask about health conditions that might be affected. Health information may also be required to process reasonable learning adjustments, and requests to pause or cancel the course where you have cited a medical condition in your request. There is no obligation for you to provide health information to us, but it may affect the service we can make available and any subsequent recourse.
We may also request, but you are not obligated to provide, ethnicity and gender information allowing us to maintain our equal opportunities policy.
In line with The Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 we may require you to disclose offences related to sexual or violent offences when the training or placement supplied by us will bring you into contact with persons under the age of 18 or vulnerable adults.
How we use personal information
We will use personal information to:
- Contact you regarding your enquiry.
- Provide you with our products and services, including passing necessary information to third parties who form part of the products or services. We may not be able to provide products or services if you do not disclose the required personal information.
- Provide you information relevant to your enquiry and your interest in specific areas of education.
- Given the lawful basis detailed above: provide marketing communications, relating to our business, which are relevant to the product and service engaged by yourself. This may be by post, email, or similar technology.
- Provide and service financial products, including but not limited to, application for credit, account maintenance, notification of changes to accounts, debt collection, and legally or regulatory required communications.
- Administer our website.
- Provide third parties with statistical information about our users – this information will never be provided in a format which can be used to identify any individual.
- Analyse your information to identify trends and tailor our communications and services, including preventing you from receiving unwanted material.
- Aggregated or meta data may be used to identify trends and for gap analysis. In these instances, the data will be anonymised and not attributable to an individual.
Information Retention
We will not keep personal information for longer than is necessary. However, the length of time information is retained will depend on the type of information and the contractual relationship we have in place with you.
As standard we will retain information:
- Enquiries – up to 7 years.
- Customers – up to 7 years from our last interaction with you, which includes you logging into one of our systems.
Our record retention policy is regularly reviewed and updated to ensure we anonymise or delete information that is no longer required.
Please see ‘Your rights’ below to understand your right to erasure (right to be forgotten).
Third parties we work with
Personal information will be shared with third parties where necessary to:
- Fulfil our contract for product and services
- Where you have opted in to receive marketing material from our third parties
- Broker and service financial agreements
- Where legally required
We employ a robust due diligence process when choosing to work with a third-party. This includes ensuring they have the same high standards in processing your information as we do.
Your information may be shared across our group and subsidiary companies where you have provided consent or there is a legitimate interest. These include but may not be limited to:
Education by its nature carries a requirement to share your personal information, including your learning journey, with the awarding organisations linked to your course. These include but may not be limited to:
- ICF – https://www.coachingfederation.org.uk/
- CPD – https://cpduk.co.uk/
- CMI – https://www.managers.org.uk/
- American Board of Hypnotherapy – https://abh-abnlp.com/
Should you require details of any of our third parties and their privacy policies, these can be requested by contacting using the contact information provided above – “How to contact us”.
Additional disclosures
We may disclose information about our customers to any of our employees, officers, agents, suppliers, or subcontractors insofar as reasonably necessary for the purposes set out in this privacy policy.
In addition, we may disclose information in the following circumstances:
- When we are required to do so by law
- In connection with legal proceedings or prospective legal proceedings
- To establish, exercise or defend our legal rights (Including providing information to others for the purposes of fraud prevention, anti-money laundering and reducing credit risk)
- For the purposes of litigation
- To provide regulatory bodies with reports if a breach in regulation occurs (customers will also receive notification of the details being provided prior to submission if there is any identifying data included within the report).
- In the event that we sell any business or assets, we may disclose personal information held by us to the prospective buyer of said business or assets.
Third party websites
Our website, our product and service, industry and marketing communications may contain links to third parties. We are not responsible for the privacy policies or processes of said third parties.
Information transfer
We store your information in the UK and the EU. We do not directly transfer information outside of the EEA unless it is relevant to our product or service and has been confirmed with yourself.
Payment processing
We maintain full compliance with the Payment Card Industry Data Security Standard (PCI DSS). More information can be found at: https://www.pcisecuritystandards.org/pci_security/
We use a third-party payment processor stripe..
We do not retain your payment card number. Where payments are made over a number of instalments, we store a ‘token’ provided by the payment processer. This enables us to collect payments without storing your personal card details.
Call recording
If you speak to us via the telephone, the call may be recorded. When a telephone call is recorded, we collect:
- a digital recording of the telephone conversation
- your telephone number
Any personal data disclosed during a telephone call will also be recorded. Recorded calls are subject to our standard information retention policy.
When using finance or instalment credit
Instalment credit plans are provided by the School of Trauma Informed Positive Psychology Ltd. Your information is processed in line with this policy.
Please refer to their privacy notice and your policy documents to understand how your information is processed in relation to your finance agreement.
If you fall behind or default on your agreed repayments your information may be passed to credit reference agencies and/or debt collection agencies in order to:
- Verify the accuracy of the data you have provided to us.
- Prevent criminal activity, fraud, and money laundering.
- Manage your account.
- Trace and recover debts.
- Ensure any repayment offers provided to you are appropriate to your circumstances.
Feedback surveys and testimonials
If you choose to send us a testimonial review or take part in our feedback surveys, we may display your comments about our service publicly on our website and/or social media platforms, including your first name, age, town or county, and course type. We will not publicly display information sufficient to identify you personally unless you have specifically given us permission to do so.
Cookies
Our websites use a feature of your browser to set a “cookie” on your device. Cookies are small packets of information that a website stores on your computer, they can allow for a better user experience and to make navigation easier; for example, to deliver content specific to your interests.
Some of the cookies we use are strictly necessary for our website to function, and we do not ask for your consent to place these on your computer.
Cookies set by parties other than us are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the website, such as advertising, interactive content, and analytics. The third parties that set these cookies can recognise your device when it visits our website and certain other websites.
Most web browser allow you to control cookies. You may modify your browser preferences to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject cookies, certain functions and conveniences of our website may not work properly.
For more information about cookies and how to control them within your browser please see: https://allaboutcookies.org/
We use Google Analytics to analyse the use of our websites. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available at: http://www.google.com/privacypolicy.html
Security of personal information
We always take reasonable technical and organisational precautions to prevent the loss, misuse or malicious alteration of any personal information held on our systems.
We will store all personal information provided to us on our secure (multi-factor and firewall protected) servers. Where we use third parties to provide information storage and processing services, they are subject to data security checks which include confirmation the provider is a relevant International Organization for Standardization (ISO) Certificate holder and registered with the ICO. As part of our due diligence process, we always review our third party’s privacy and data security policies to ensure they meet or exceed our own.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of information transmitted to us in this manner.
Your rights
The right of access
At any time, you can ask us what information we hold about you. You can request a copy, in part or in full, of the information we hold.
There are limits to what we can provide in relation to some special category data, including manual records, health, and credit files.
The right to rectification
You can ask us to have inaccurate personal information rectified or completed if it is incomplete. Please let us know if the personal information which we hold about you needs to be corrected or updated.
The right to erasure (right to be forgotten)
You have the right to have your personal information erased, also known as ‘the right to be forgotten’. You can request this at any time when one or more of the following applies:
- Where your personal information is no longer necessary for the purpose it was collected or processed.
- Where you withdraw your consent to processing and consent is the only lawful basis applied.
- Where legitimate interest is the basis for processing your information and you object to the processing, and there is no overriding legitimate interest or other lawful basis to continue.
- Where you remove your consent for direct marketing.
- If your personal information has been unlawfully processed.
- Where your personal information must be erased to comply with a legal obligation.
- If the offer of information society services (e.g., social media) has captured information relating to a child.
There may be circumstances in which we are unable to erase your information, including when complying with a legal or regulatory obligation or to establish, exercise, or defend a legal claim.
The right to restrict processing
In specific circumstances you can request we limit or restrict the processing of your information. This may apply if you require us to retain your information as part of a legal claim, if you contest the accuracy of the information we hold, or if you think your information is being processed unlawfully.
The right to data portability
If we are processing your personal information under your consent or in order to fulfil a contract, and it is being processed by an automated means, you can ask us to give you a copy of the information in structured and portable format. You can also request that we transmit your information to another data controller.
The right to object
If we are processing your personal information under your consent or a legitimate interest, you may withdraw that consent for said processing at any time. There may be instances where this is not practical or reasonable, for instance where we have an ongoing contractual relationship or there is an overriding legitimate interest. However, if for any reason we cannot facilitate a consent withdrawal, we will provide you with an explanation including the lawful basis under which we would continue to process your information.
You can remove consent for direct marketing at any time and without exception.
Rights in relation to automated decision making and profiling
We do not use solely automated decision making or profiling, in making decisions which could affect you or the service we provide you.
Submit a request
To submit a request regarding your personal information please use the contact information provided above – “How to contact us”. Information requests are normally free of charge.
In fulfilling a request, we may request identification documents (ID).
We will aim to complete any request relating to your information rights within:
- 1 month of receipt of your request; or
- 1 month of receipt of your ID if required; or
- 3 months for complex or multiple requests relating to one individual.
A request to exercise the rights listed above may be limited or refused if it is ‘manifestly unfounded or excessive’ as defined by the Information Commissioners Office (ICO).
Complaints
If you are unhappy about our use of your personal information, please contact us directly in the first instance. You also have the right to raise a complaint about the use of your personal information with the Information Commissioner’s Office (ICO). Further details can be found at: https://ico.org.uk/make-a-complaint/
Policy amendments
We may update this policy from time to time. The latest version of this notice will be posted on our website. You should check this page occasionally to ensure you are happy with any changes. If there is a fundamental change in the way we process your information, or to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide further information and, if necessary, to ask for your consent.
Policy dated: 14th July 2023