This policy applies where we are acting either the data controller or the data processor with respect to the personal data of people that use this website and any person they support.
Data controller details
Training 2 CARE (UK) Ltd is a trading name of Nottingham Rehab Limited. Training 2 CARE (UK) Ltd is registered with the ICO and recognised as a data controller, meaning that it determines the processes to be used when using your personal data. Our registration details with the information commissioner’s office (ICO) are:
Registration number: ZA381867
Date registered: 21st May 2018
Payment tier: Tier 2
Data controller: Experience Training Ltd
Field House, Earls Colne Business Park, Earls Colne, Colchester, Essex, CO62NS
Data protection officer:
How we will process your personal data, we will:
- We will process it fairly, lawfully and in a clear, transparent way
- We will collect your data only for reasons that we find proper for delivery of the services you have requested
- We will only use it in the way that we have explained to you about
- We will ensure as far as is reasonably practicable it is correct and up to date
- We will keep your data for as long as it is deemed necessary
- We will process your data in a way that ensures it will not be used for anything that you are not aware of or have consented to in an appropriate manner
The Item and Training 2 CARE group will only collect and process the necessary information required to perform the services above. Typically, that includes the information below:
- First and last name
Required to deliver the product or service
- Health related information
This will only be collected where VAT exemption is being sought and for training safety purposes.
This information can also be processed where you’ve requested a Clinical assessment
Required to deliver, maintain, collect equipment.
This also includes billing addresses
- Email address
Where recorded required for communication and agreed by you.
- Telephone numbers
Required to contact regarding the order
- Order history data
Required for some marketing
- Payment data
This is processed through iframes used by Training 2 CARE Group.
- Used in order to answer your query
Your data will be shared within Training 2 CARE Group, where it is necessary to fulfill the services requested. It will also be necessary to share your information with other services that are involved in the delivery of products and services that you have requested. These include:
- Couriers – We may use various couriers and ordering confirms that you agree with their policies.
- Our suppliers, should orders be drop shipped by them.
In addition to the above, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
In order to offer you Klarna's payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna's own privacy notice.
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented an Information Security Management System in order to provide assurances to our customers and employees alike.
Where we share your data with third parties, we provide clear instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.
Automated decision making
No decision will be made about you solely on the basis of automated decision making.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold on you. These are:
- the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice
- the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. Please be as specific as you can regarding the information you require.
- the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it
- the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it
- the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct
- the right to portability. You may transfer the data that we hold on you for your own purposes
- the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests
- the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights
Typically, consent is not the lawful basis under which we will be processing your data but where it has been necessary for you to provide consent (usually marketing and some cookies), you have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent.
We might use your information where there’s a legitimate reason to do so, such as where it would help to facilitate a benefit to you or achieve our business objective.
If we use legitimate interests to process any data a legitimate interest balancing test (using the ICO’s template) will be documented.
We rely on legitimate interests to:
Personalise your experience and provide you with support
We sometimes make assumptions about your preferences based on the way you interact with our products and services and the information we hold about you. Knowing these allows us to understand the products, content and services our customers like, letting us focus our efforts on developing those areas. We may also use this information to make decisions about what direct marketing to show you. We may also provide you with help and support where we believe it is required. For example, if you have provided your contact information, we may contact you when a checkout purchase is not completed.
To send product related and services communications
For certain types of marketing communications, we do not require your consent and we instead rely on our legitimate interest. This is the case for example where we send you communications about products or services that we provide to you. You can opt out of these communications either by visiting your preference centre if you have an account or in the communication itself.
Conduct market research
We may use the information we hold on you about your engagement with our products and services, to understand how our products are used and make improvements or develop other products and services our audiences may like. We may to contact you about your experience of a product or service we provide you
We may send you service-related messages, which are about the service we provide. We do not require your consent for these, and you are not able to opt out.
If you wish to exercise any of the rights explained above or have questions on the basis of lawful processing, please contact Glenn Knight at firstname.lastname@example.org.
When you visit any website, it may store or retrieve information on your browser, which is mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information doesn’t usually identify you directly, but it can give you a more personalised web experience.
Making a complaint
The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you should contact the Data Protection Officer. Should you be unsatisfied with the response you are able to make a complaint to the ICO directly.