Introduction
This document, together with our Cookies Policy and our Terms of Business, set out what information Back Academy Limited collects from visitors, clients & employees, how it uses the information, how it protects the information and your rights.
Back Academy Limited is committed to ensuring your privacy is protected in accordance with Data Protection Standards.
Back Academy Limited is using the following definition for Personal Data:
Personal data Information relating to identifiable individuals.
Personal data we gather may include: an individuals’ contact details including: name, work address, email and telephone number and job title.
In certain circumstances, we are required by the DVSA to check a client’s identification and would therefore also gather identification documents such as a photocard driving licence, a valid passport, a digital tachograph card or a driver qualification card (remote delivery only to evidence attendance) (“ID Evidence”).
We will use this information to:
- upload completed periodic training hours on the Government’s Recording and Evidencing (R&E) database; you can find out more about how your data is used on that database at https://www.gov.uk/government/publications/driving-standards-agency-privacy-policy/dsa-privacy-policy
- complete an attendance certificate
We review our retention periods for personal information on a regular basis. However, are legally required to hold some types of information, for example data about your periodic training, to fulfil our statutory obligations for six years.
Who has access to this information?
Your information will be shared with DVSA Accredited Training for them to monitor and manage approved centres and the training uploaded to the DVSA system, and where necessary shared with EU member state authorities to confirm Driver CPC entitlement abroad.
Sensitive personal data Personal data about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings.
Back Academy will not hold any sensitive personal data.
Back Academy Limited may change this policy from time to time by updating this page. This policy is effective from 21 June 2024 but we ask you to check this page from time to time. Any updates or changes to the use of your personal data will be advised to you, prior to that change of use.
Who We Are?
Back Academy Limited, The Printworks, Hey Road, Clitheroe, England, BB7 9WD.
Contact Us
Email : info@backacademy.com.
Phone : 01254 828300
Post: BACK Academy, The Printworks, Hey Road, Clitheroe, England, BB7 9WD.
For the purposes of all applicable data protection legislation, Back Academy Limited is the data controller of your personal data. Back Academy is registered with the Information Commissioner’s Register of Data Controllers.
What services do we provide?
We provide the following services:
Training services.
We do not directly employ our own staff but rely on qualified contractors who are specialists in their field.
What we collect
The specific information that we collect may vary depending on what services we provide to you.
Typical information will include some or all the following:
- Basic identification and contact data – Name, Title, Postal Address, Email address and Phone Number course attended and sometimes ID Evidence.
- Web Related Data – your IP address, geographical data, cookies, your login data, browser type & version, operating systems, and other technology on the devices you use to access our website.
- Transactional Data – payments to and from you and details of other services you have purchased from us
- Profile Data – how you use our services, your preferences, feedback, interests, survey responses
- Usage Data – details of how you use our website and products
- Marketing/Communication Data – your preferences in receiving marketing from us and your communication preferences
Collecting Personal Data
When we collect personal data, our Privacy Notice (on this website) details:
- Who we are
- What personal information we are collecting
- Why we need it
- Legal Basis under which we are processing (typically ‘Consent’, ‘Contractual Obligations’ and/or ‘Legitimate Interest’) (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-bases-for-processing/)
- What we are going to use it for and any decisions (automated or human) that it will be used for
- Who that information will be shared with
- The safeguards we have put in place to protect your information
- Our standard retention period or legal need to retain that information
Some of the information we collect is provided here:
- Personal Identification Data – Name, Address, ID Evidence
How we collect Personal Data
Depending on the nature of our engagement we may collect personal data in a variety of ways.
We may collect this information directly from you when you provide it, for example:
- following your request to use our services or marketing
- by subscribing to our publications or attending our seminars or training courses
- to provide us with feedback
- if you want to become a supplier to us, to allow performance of the contract with you
We may collect information from third parties, for example from your employer registering you for a training product.
What we use your Personal Data for
The specific use of Personal Data will be detailed in the relevant Privacy Policy for the specific service(s) we are providing you.
|
PURPOSE/ACTIVITY |
TYPE OF DATA |
LAWFUL BASIS FOR PROCESSING/LEGITIMATE INTERST |
|
To register you as a new client, issue an attendance certificate and in some instances upload completed periodic training hours on the Government’s Recording and Evidencing (R&E) database (you can find out more about how your data is used on the database at https://www.gov.uk/government/publications/driving-standards-agency-privacy-policy/dsa-privacy-policy) which will include: Confirming your name and address and contact information and using your ID Evidence to upload completed periodic training hours on the Government’s R&E database |
Identity Contact
|
Performance of our contract with you
Legal obligation under Vehicle Drivers (Certificates of Professional Competence) Regulations 2007
|
|
Delivering our services to you which will include: managing payments/fees/charges collecting/recovering monies owed to us |
Identity Contact
|
Performance of a contract with you Necessary for our legitimate interests (recover debts owed to us). We do not hold financial information as this will be completed by a web-based payment system such as WorldPay. Consent |
|
To determine our services which will include: improve our service resolve complaints monitoring & recording telephone enquiries |
Contact Technical Usage Profile Marketing |
Consent Necessary for our legitimate interests (develop our range of products & services) |
|
To manage our relationship with you, this includes: Telling you about changes to our Terms of Business/Privacy Policy Asking you to complete a survey/feedback form Asking you to leave a review/write a testimonial |
Identity Contact Profile Marketing |
Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (keep our records up to date/awareness of how clients use our services) |
|
To allow you to use our extra services to include: seminars events complete a survey |
Identity Contact Profile Usage Marketing |
Performance of a contract with you Necessary for our legitimate interests (develop our products & services, grow our business by observing how our clients interact with us) |
|
To administer & protect our business, including our website (this includes: testing & maintenance of our systems support hosting data support troubleshooting |
Identity Contact Technical |
Necessary for our legitimate interests (provide IT systems/network security/prevent fraud/business organisation/smooth running of business) Necessary to comply with a legal obligation |
|
To suggest training products and services which may be of interest or may help you |
Identity Contact Technical Usage Profile |
Necessary for our legitimate interests (develop our products & services, grow our business) |
|
Delivery of useful website content and advertisements to you to measure and understand how effective our services are. |
Identity Contact Profile Usage Marketing |
Necessary for our legitimate interests (develop our products & services, grow our business by observing how our clients interact with us) |
|
To use data analytics to improve our: website products & services marketing customer experience |
Technical Usage Marketing |
Necessary for our legitimate interests (link customers to our products & services, keep the information we provide update & relevant, develop our business and marketing strategy) |
This list is not exhaustive but designed to provide you indicative uses of your personal data.
Retention of data
We will retain your personal data for different periods depending on our relationship with you.
Retention schedule
Client Retention Period
Basic client details (Name, Title, Postal Address, Email address and Phone Number, course attended and sometimes ID Evidence) Indefinitely, any personal data will be retained until you unsubscribe and no longer wish to receive our marketing materials (for marketing purposes)
Any other personal data held for marketing purposes will be retained until you unsubscribe and no longer wish to receive our marketing materials
Prospect Retention Period
Any personal data we hold Personal data will be retained until you unsubscribe and no longer wish to receive our marketing materials
Suppliers Retention Period
Any personal data we hold Appropriate personal data will be held for the duration of the contract and for 7 years
Links to other sites
We may provide, from time to time, links to other sites (including Backhouse Jones Limited and other associated companies) via our newsletter, blog article or other web links.
Because we have no control over these sites, we cannot take responsibility for the practise they may undertake in respect of privacy and/or protecting your Personal Data. We would therefore advise you to satisfy yourselves that these sites are operating privacy policies that inform you how they handle and protect your data – as we cannot take any responsibility for this.
Social Media Widgets and Links
You are probably familiar with the Facebook “Like” button and the various “Share” buttons that are available to users of the internet.
We sometimes use these to allow us to promote our services to other people as well as get feedback as to what articles, pages or blogs are of interest.
These other service providers may collect Personal Data about you, such as IP address, pages you visit on our site and may set their own cookies to enable them to function properly. In much the same way as Links to other sites do not allow us to enforce our policies, we would suggest that you undertake the same checks regarding the privacy policy of the company providing those features.
Third Parties – Service Providers, Business Partners and others
We may work with third-party service providers who undertake services for us in the future.
In most cases you will be made aware of the parties that we share information with, prior to us sharing this information. We may share your data with associated companies of BACK Academy, Backhouse Jones Limited and its associated companies.
In some instances we upload completed periodic training hours on the Government’s R&E database. In those cases, your information will be shared with DVSA (Driver and Vehicle Standards Agency)/DVA (Driver Vehicle Agency) for them to monitor and manage training providers and the delivery of periodic training courses, and where necessary shared with member state authorities to confirm Driver CPC entitlement abroad.
How we dispose of your data
All personal data disposed of by us is done so in a secure manner. Paper based files are securely shred and electronic copies of information will be permanently deleted from our system, where this is not possible, we will endeavour to ensure the personal data is securely locked so that access cannot be gained.
Where we may share your information without your explicit consent
We may be required or chose to share your information in certain circumstances without obtaining your explicit consent, some examples of this would be:
- To comply with any legal process, applicable law or governmental request e.g. warrant, summons, statutory reporting, court documents, sharing of evidence, sector specific compliance, uploading completed periodic training hours on the Government’s R&E database etc.
- To enforce/administer our agreements
- To protect your vital interests in the event you are unable to provide your consent
- To protect our company or the public from harm or illegal activities
- For fraud prevention, investigation, risk assessment
- To protect the rights and property of our company
- To defend ourselves against third-party claims or allegations
- To protect the rights or freedoms of other data subjects
- In any event, we will consider your rights and privileges before sharing this information.
Your Rights
How you can help protect your Personal Data
In all cases, the information we require to obtain for you is necessary in the provision or assessment of the provision of services to you. We rely on this information being accurate and up to date, which is in part our responsibility as well as yours.
We only record information relevant to the provision of the service we are delivering to you. However, in many cases you can limit the use of your information for services that do not require your data e.g. you can opt-out of receiving our newsletter.
Changes to your Personal Data
If your Personal Data, that we use to provide you goods or services, changes it is important that you inform us to ensure we have the correct information on our systems. Where you have access to administer these changes yourself, we would expect you, if you are able, to update these details accordingly or else inform us of changes as soon as possible.
You should inform us in writing, by email, by telephone or in person.
Cookies
Cookies are small files that are downloaded by many web sites to either enable a site to work, to assist you e.g. remembering your username and/or passwords, to track your behaviour to show relevant content and to show relevant marketing information which in turn may follow you across other sites.
You can opt-out of allowing cookies by instructing your browser to stop accepting cookies or to prompt you before accepting a cookie from a website you visit, by changing the settings within your browser software.
More details can be found here.
Mailing List Opt-In – Marketing Emails & Newsletters
You may opt-out of receiving marketing emails and newsletters from us by using the unsubscribe link within each email or contacting us directly.
Opting out of marketing lists, only removes you from such communication. Transactional emails e.g. those relating to services we are providing to you or responding to queries or enquires you make to us, may still result in us emailing you information where that medium is most appropriate.
Our Privacy Policy – Email and mailing list policy can be found here.
Security
Back Academy Limited operates against a Privacy by Design and By Default policy. This means that before we use your data we have already considered the potential impact on you were your data to be lost, stolen, shared or compromised.
We undertake routine reviews of our processes and security policies to ensure that we can take all reasonable precautions in protecting your data.
If possible we encrypt all information that is either stored or transmitted to third-parties. Where data is stored or transmitted to a Third Country, we will ensure appropriate adequacy protection is in place in accordance with Data Protection Legislation.
Consequently, we may also need to sometimes undertake further security and screening questions when undertaking our routine dealings with you, these are there to protect your personal data and security.
Whilst we undertake all reasonable precautions, encryption, software updates and patches, we cannot guarantee the safety of data transmitted over the internet.
Data Breach
In the event of a Data Breach of your Personal Data, which means:
“The unintended loss, destruction amendment or disclosure of Personal Data”
We will first do all that is necessary to minimise the impact on you, identify any potential malicious third-party, identify any third parties that may also be impacted and take all reasonable efforts to ensure that you are notified.
If we are notified by a third-party of a breach, in their systems, we will undertake the same level of efforts.
We will undertake this communication either directly with you as an individual or by sending out a public notification.
At the same time, we will comply with the current law in respect of informing the appropriate Supervisory Authority which is currently the Information Commissioners Office (ICO). We are under a legal requirement to report Data Breaches to the ICO.
Changes to this policy
This policy may change at any time. You should review this page regularly, so you are aware of any changes. Substantial changes will be notified by a notice on our website.
