The Source, 300 Meadowhall Way, Sheffield, S9 1EA
The Source Data Protection Officer
Natalie Doherty, The Source, 300 Meadowhall Way, Sheffield, S91EA.
The Source offers a range of Security, First Aid, Customer Service and Health & Safety training services to customers operating in various sectors throughout the UK. As such, The Source has a legitimate business interest in capturing, processing and retaining data from customers who have requested training services from the company for a mutually beneficial purpose.
The Source undertakes to capture, process and retain all data obtained from individuals and businesses in line with the requirements of all applicable Data Protection Laws, including the UK Data Protection Act (DPA), Privacy and Electronic Communications Regulation (PECR) and the EU General Data Protection Regulation (GDPR).
The Source will carry out all necessary due diligence to ensure that all data transfers to third parties/partners are carried out securely and that all necessary safeguards are in place to ensure data security. The Source will also ensure that third parties/partners are fully aware of their responsibilities to ensure GDPR compliance when processing customer data transferred to them.
The Source will not transfer personal data to any other company or organisation without your prior consent, with the exception of:
- Awarding Organisations through which The Source are approved for the purposes of awarding qualifications, issuing certificates and supporting quality assurance and investigation activity
- the Qualification Regulators
- Her Majesty’s Revenue and Customs (HMRC) requests for financial data (relating to customer invoicing)
- Secure and reputable third party advertising services used to deliver our own marketing messages
The Source will capture, process and retain data from the following categories of Data Subjects:
Customers (based in the UK and EEA)
The Source will initially capture, process and retain customer (business and individual Learner) data obtained through telephone, e-mail or online communication when a customer requests course information, a quote for training services or wishes to make a course booking. This data will be used for the purposes of
- Creating a customer profile on our in-house data systems
- Automatically sending e-mails to customers regarding quotes, bookings and requalification reminders
- Processing customer orders/bookings
- Creating and issuing customer invoices
- Collecting payments
- Monitoring order and customer account statuses
- Debt chasing
- Marketing activity (data provided such as company location, work sector and previous booking records may be profiled by FOS to produce tailored marketing messages and limited customer data will be used when these messages are sent through our secure e-mail management system). To unsubscribe from marketing emails from The Source, please contact firstname.lastname@example.org.
The Source will capture Learner assessment data from assessments carried out during and after training courses have taken place. This assessment data will be transferred to the relevant Awarding Organisations (e.g. Qualsafe Awards, Highfield, IOSH, NEBOSH, Peoples 1st ) for the purposes of awarding qualifications and issuing certificates to Learners, carrying out quality assurance activity or investigation activity and responding to requests for information from the Qualification Regulators (Ofqual, Qualifications Wales, Council for the Curriculum, Examinations and Assessment). The Source will also receive data through Learner Feedback Forms submitted after course completion. The data on their perception of the standard of any course delivered will be used for internal review and quality assurance purposes.
The Source will also receive appeals form Learners who want to challenge assessment decisions that have been made by the Trainers/Assessors who assessed their work during training. The data provided will be used for the purposes of
- acknowledging receipt of the appeal
- reviewing the assessment decisions made by the Trainer/Assessor
- making decisions based on the review carried out
- informing the appellant of the outcome of the appeal
- revising assessment outcomes and informing the relevant parties
The Source has a Customer Complaints Policy and customers have the right to make a complaint when they are unhappy with goods or services that have been provided by The Source. When receiving the details of any complaint, The Source will use the data provided for the purposes of
- logging and processing the details of the complaint
- carrying out and investigation into the scenario outlined in the complaint
- making decisions based on the findings of any investigation
- informing the complainant of the outcome of their complaint
- informing any affected parties of the outcomes and actions required (should there be any)
When a customer makes a purchase, The Source will retain the data captured on our in-house systems (on secure servers) indefinitely for the purposes of
- fulfilling the contract with the customer
- providing an auditable customer transaction trail
- providing historical data for accounting purposes
- responding to HMRC financial information requests
- reviewing and improving services and processes
The Source will retain all Learner assessment data for a period of at least three years from the point of registration in line with regulatory requirements.
Individuals have the right to withdraw consent to hold their data at any time. However, if a customer chooses to withdraw consent, then The Source will be unable to process any further requests/orders for training services and this may not be fully possible until all outstanding business transactions are completed.
The Source will capture, process and retain personal data in line with DPA and GDPR requirements. Your individual rights in line with these requirements include the:
- right to be informed of how we use and process your personal data
- right of access to any personal data that we retain about you
- right to rectification of any personal data that we retain about you that you believe to be inaccurate
- right to erasure when there is no legal justification or legitimate business interest allowing us to retain your personal data
- right to restrict processing of personal data if , for example, you think that personal data we retain about you is inaccurate or we have no legal justification or legitimate business interest to continue to retain and process your personal data. Rather than request erasure, you can make the request to restrict processing
- right to data portability should you want to move, copy or transfer your personal data from one source to another
- right to object when personal data is processed due to legitimate business interest or performance of a task in the exercise of official authority, direct marketing and research and/or statistical analysis
- rights associated with automated decision making and profiling which allow you to obtain human intervention in any such process, express your points of view on decisions or outcomes made about you and obtain an explanation of any decisions made and subject them to challenge
- right to withdraw consent to hold your personal data at any time
- right to lodge a complaint with a supervisory authority should you be dissatisfied with how we have managed your personal data (the Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest)
Subject Access Requests
In line with these individual rights, anyone who wishes to make a formal Subject Access Request to The Source for the purposes of requesting personal data or taking some action with respect to the personal data that is held about them should submit the request in writing to The Source Data Protection Officer either in writing by post to The Source 300 Meadowhall Way, Sheffield, S91EA.
Visitors to The Source website should be aware that information and data may be automatically collected by our website through the use of "cookies." These are small text files that a website can use to recognise repeat visitors and facilitate the visitor's ongoing access to, and use of, the site. They allow us to monitor usage behaviour and compile aggregate data that will help us to make improvements to our website.
For our full Privacy Statement, click here.