We appreciate you putting your trust in us concerning your personal data.
Please read this Privacy Notice carefully as it describes how we collect, use and disclose your personal data. Personal data is any information relating to a living person.
In this Privacy Notice, when we refer to ’we’, ’our’ or ’us ‘, we mean Headspring Limited and Headspring SLU (hereinfater referred to as ‘Headspring‘).
If you have any questions about this Privacy Notice, please contact us using the details in the ’How to contact us’ section below.
For purposes of this privacy notice the Data Controller is:
Bracken House, 1 Friday Street
London EC4M 9BT
What information do we collect about you?
Information you give to us
We may collect personal data from you when you buy or use our products or services, when you participate in a training programme, when you attend our events, sign up to newsletters or other subscription services, enter into offers or promotions, interact with us on social media platforms, contact us, make a complaint or use our websites.
The categories of personal data we may request include your name, occupation, contact information (email, postal address and phone/mobile number), credit card/payment details and general information about you such as your experience with our products and services. We may also keep copies of any correspondence you send us which may include personal data.
Information collected by automated means
We also obtain some of your personal data by automated means, for example, when you enter zones at some of our premises monitored by CCTV. When you telephone for customer assistance your calls may be recorded and when you visit our websites we collect the IP address of the device you use to connect to the Internet, the geographical location of your device, the browser you are using, the type of device you are using (tablet, mobile, desktop), the URL you came from and the web pages you access.
How do we use your personal data?
We are required by law to provide you with information about the purposes for which we use your information and the legal justification for us to use that information. For example, there may be a legal justification for us to use your personal data where:
- We need to use your information to perform a contract with you or your employer or to fulfil a request originated by you or your employer.
- You or your employer have given us consent to us using your information.
- Using your information is in our legitimate business interests (provided these interests are balanced against your rights).
- We need to process your personal data to comply with legal obligations to which we are subject.
The table below sets out the different purposes for which we may use your personal data and the legal basis for each one. Note that the purposes for which we use your personal data may change from time to time, in which case we will update this Privacy Notice (see further ’Updates to our Privacy Notice’ below).
|We may use your personal data to:||How do we use personal data for this purpose?|
|Improve your experience on our websites||We use personal data such as your name, email address, occupation, postal address, telephone number, IP address, preferences, site usage information and purchase history to improve your experience on our websites. We may use this information to track your activities on our websites; to recognise your computer or device so that you are able to save your preferences and stay logged in to the website without having to re-enter your online account credentials; and to otherwise enhance, monitor and analyse your usage of the websites||Our legitimate business interests in providing the browsing experiences to our customers and visitors, to enable the use of our websites and functionality and to protect their operation, to identify and resolve possible technical issues, and to continuously improve and protect our company, property and customers against fraud (referred to as ’our legitimate interest’)|
|Identify you when you contact us||We may use your name, email address, occupation, postal address or telephone number to identify you when you contact us, for the purposes of processing and fulfilling your requests for products and services and keeping you informed about your requests||Performance of our contractual obligations, our legitimate interest or your consent|
|Comply with legal obligations to which we are subject||We may need to process your personal data to comply with legal obligations binding or accepted by us. For example, we may need to retain your training records for a period of time to comply with regulatory requirements, or meet contractual obligations with your employer||Compliance with our legal obligations|
|Product development, to understand what products and services you might prefer, and tailor your experience according to your preferences||We use personal data (such as your name, email address, postal address (including postcode), telephone number, IP address; preferences, and site usage information to better understand you and your preferences so that we can provide you with communications and personalise your experience on our websites||Our legitimate interest, or your consent|
|Send you service and news-related communications regarding your education or industry you may have with us||We use your personal data to send you service and news-related communications about your education or industry, for example to let you know when any new training programme related to your line of business, is coming up.||Performance of our contractual obligations, our legitimate interest or your consent|
|Carry out surveys, research, analysis and customer profiling||We use your personal data to carry out market research and build profiles of our customers; this is to help improve our products and services, advertising and marketing, website content, customer service, business planning, online and offline operations and your overall customer experience||Our legitimate interest or your consent|
|Invite you to Headspring events you may be interested in||We may use the contact information you provide to us (such as your name, address, telephone numbers and email address) to invite you to Headspring events you may be interested in, provided this is in line with your marketing choices||Our legitimate interest or your consent|
|Answer your technical queries and general enquiries||We use your personal data to answer your technical queries about the website and any other general enquiries you make||Performance of our contractual obligations, or our legitimate interest|
|Resolve complaints and other client service issues (e.g. requesting copies of certifications)||We use your personal data when we deal with complaints or other client service issues, such as organising copies of certifications or access to online training portals||Performance of our contractual obligations, or our legitimate interest.|
|Process and track your orders||We need to use your personal data to process your orders and keep you informed of their progress||Performance of our contractual obligations, or our legitimate interest|
|Defend our legal rights and to protect the security or integrity of the websites, our customers and our business in general||We may need to process personal data in order to defend our legal rights, for example to enforce our terms and conditions or to collect unpaid debts that we are owed; we may also need to process personal data to protect the security and integrity of our websites, our customers and our business in general||Our legitimate interest|
|Billing our customers||We, along with our authorised payments processors, securely process your payment information to take payments, give refunds and to detect and prevent fraudulent activity. We will also update your payment information in the event that a payment is unsuccessful. You can manage your payment information at any time by contacting customer services. If your subscription is provided by your employer or educational institution under a group subscription, we will report how active you are for the purposes of billing.||Our legitimate interest, or your consent, performance of a contract|
Providing your personal data to us may be required due to a legal obligation which could be a statutory or contractual obligation, may be on a voluntary basis or may be necessary for us to enter into the contract with you, depending on the purposes for which we collect and use your personal data as set out in this Privacy Notice. However, if you do not provide your personal data to us this may result in disadvantages to you, e.g. we may not be able to provide certain products or services to you. However, unless otherwise stated, not providing your personal data will not result in legal consequence for you.
How do we protect your personal data?
We have taken the necessary technical and organisational security measures to safeguard our users information against unauthorised access, use, alteration or loss. All information provided is stored, secured and coded with a 256 bit AES encryption in transit and during upload. All personal data is subject to a retention schedule which takes into account the statutory retention periods of certain data with EU safeguards in place to protect all data, we also use further encryption technology such as Transport Layer Security (TLS), to protect your personal information.
Your data protection rights
You have the following rights in relation to your personal data:
- Access. You have the right to request a copy of the personal data we are processing about you, which we will provide back to you in electronic form. For your own privacy and security, we would require you to prove your identity before providing the requested information. If you require multiple copies of your personal data, we may charge a reasonable administration fee where we are permitted to do so in accordance with the General Data Protection Regulation (GDPR).
- Rectification. You have the right to have incomplete or inaccurate personal data that we process about you rectified. For your own privacy and security, we would require you to prove your identity before rectifing any information.
- Erasure (or the right to be forgotten). You have the right to request that we delete personal data that we process about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction. You have the right to restrict our processing of your personal data where you believe such data to be inaccurate, our processing is unlawful or that we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not wish us to delete it.
- Portability. You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent (such as for direct marketing communications) or to perform a contract with you.
- Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
- Withdrawing consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us. You can unsubscribe from marketing communications at any time by following the instructions in any individual message. The legality of the processing of your personal data prior to you withdrawing your consent remains unaffected by this.
You can make any of these requests in relation to your personal data by submitting your request in the Website Contact Us section of our website or by contacting us by email, phone or post using the details in the “How to contact us” section of this Privacy Notice.
You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws.
If you are based in, or the issue relates to, the UK, the Information Commissioner’s Office can be contacted as follows:
- Telephone: +44 (0)303 123 1113
- Email: email@example.com
- Website: www.ico.org.uk
- Web-form: www.ico.org.uk/concerns/
- Address: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF
If you are based in, or the issue you would like to complain about took place elsewhere, in the European Economic Area (EEA), you can contact the data protection authority in your place of residence or your country. Please click here for a list of local data protection authorities in the other EEA countries.
Who do we share your information with?
We may disclose personal data we process for the following purposes and in the following ways, to the extent permitted by law and depending on such purpose(s) or way(s):
|Recipient / Purpose||What we share||Legal justification|
|Our Affiliates, for all the same purposes described in the How We Use Information section above||Name, email address, postal address (including postcode), telephone number, order history, IP address, payment information, preferences, site usage information||Performance of our contract obligations, our legitimate interest, compliance with our legal obligations and/or consent depending on the purpose as described in the How We Use Information section above|
|Our service providers and suppliers, who process such information for us or on our behalf, for all the same purposes described in the How We Use Information section above*||Name, email address, postal address (including postcode), telephone number, order history, IP address, payment information, preferences, site usage information||Performance of our contract obligations, our legitimate interest and/or consent depending on the purpose as described in the How We Use Information section above|
|To provide information to and as required by local law enforcement agencies, other government authorities, or otherwise required by law or to protect the rights and safety of our property, company, employees and customers||Name, email address, postal address (including postcode), telephone number, order history, IP address, payment information||Our legitimate interest, compliance with our legal obligations|
|On a case by case basis, in the event that FTIECLA or substantially all of its assets are acquired by one or more third parties as a result of an acquisition, merger, sale, consolidation, bankruptcy, liquidation or other similar corporate reorganisation, where your information may be one of the transferred assets||Name, email address, postal address (including postcode), telephone number, order history, IP address, payment information, preferences, site usage information||Our legitimate interest, compliance with our legal obligations|
|Where payment is required by the individual or employer (our client) payment information required to process the payment transaction||Name, email address, postal address (including postcode), telephone number, order history, IP address, payment information||Our legitimate interest, compliance with our legal obligations and/or your consent, performance of contract|
*These third-party partners provide a range of services to us, including operating our online training facilities; providing technical services (such as hosting, analytics, security, and payments) to help operate our websites; collect payments and managing and conducting advertising and marketing campaigns on our behalf. If you would like to know more information about the third-party companies currently charged with such data processing, please contact us using the details in the ‘How to contact us’ section below.
Online content contributions
If you choose to contribute to a social, community or other publicly available area or feature of our website, the information you submit may be made available to the general public depending on your settings (which is why we recommend that you do not submit or post any personal data to such forums, such as your full name, home address, phone number and/or other information that would enable others to contact or locate you).
Data processing in non-EU countries
Most third parties with whom we share data are located within the European Economic Area (EEA), but some may process your personal data outside the EEA.
If data is transferred to organisations which are based in, or whose data processing takes place in a jurisdiction which is not a member of the European Union or a member state of the EEA, before transferring the data we will ensure that (unless a legally applicable exemption applies) that the recipient has an appropriate level of data protection in place (e.g. through a determination of adequacy by the European Commission, through appropriate guarantees such as the recipient being self-certified for the EU-US Privacy Shield, or an agreement in the form of the EU standard contractual clauses with the recipient).
We can provide you with an overview of the recipients in non-EU jurisdictions and a copy of the measures which have been put in place to ensure an adequate level of data protection applies. If you would like to request this, please contact us as set out in ‘How to Contact Us’ below.
Updates to our Privacy Notice
As our business changes, we sometimes need to make changes to the way we collect and use your personal information. Therefore, this Privacy Notice may be updated from time to time. If we make changes to this Privacy Notice, we will post an alert on the home page of our website and/or send an email informing you.
How long do we keep your personal information?
Your personal information is processed by us and/or our service providers only for the period necessary for the purposes for which the information is collected, or where we are relying upon your consent, until you withdraw that consent. When we no longer need to use your information for those purposes or if we are relying on your consent where you withdraw that consent, we will remove it from our systems and records or take steps to anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject).
The determination of each relevant retention period will depend on the legal obligations or liability that could be claimed and its link to the relevant category or record. Likewise, the relevant retention period must ensure the adequate exercise of rights by data subjects (e.g. the data subject is entitled to exercise his/her right of access unless his/her data were lawfully erased). This is formally documented within the company’s Data Retention Policy (availavle on request).
How to contact us
If you have any questions or comments about this Privacy Notice or if you would like to make a request relating to your personal data:
- send an email to firstname.lastname@example.org; or
- write to us at: Privacy, Headspring Limited, Bracken House, 1 Friday Street, London, EC4M 9BT, United Kingdom