Reference Point Ltd (We) are committed to protecting and respecting your privacy.
This policy, together with our membership terms and conditions (Membership Terms) for our online software and database services known as "SkillSight" (Services), sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
We keep certain basic information when you visit our website and recognise the importance of keeping that information secure and letting you know what we will do with it.
For the purposes of the General Data Protection Regulation (GDPR (EU) 2016/679) and any successor legislation ("data protection legislation"), we are the data controller for the data about you which you enter into our website, information about your use of our website and any correspondence we enter into with you.
Our Contact Details: Reference Point Limited, Technology House, 2-4 High Street, Chalfont St.Peter, Gerrards Cross, SL9 9QA +44 (0) 1753 279 927.
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in forms on our site (our site). This includes information provided at the time of registering to use our site, subscribing to our service or requesting further services. We may also ask you for information when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs, operating system, browser usage and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
In connection with our Services we shall collect and process data about Cardholders (meaning the holders of a CSCS Smartcard or any other smartcard or virtual card that is compatible with our Services) which you and other members provide to us. The terms on which we will collect and process such cardholder data are set out in clauses 9 and 16.4.3 of our Membership Terms.
We use information held about you in the following ways:
- To ensure that content from our site and Services is presented in the most effective manner for you and for your computer.
- To respond to your enquiries and provide you with information, products or services that you request from us or which we feel may interest you.
- To carry out our obligations arising from any contracts (including for Services) entered into between you and us.
- To allow you to participate in interactive features of our site or Services, when you choose to do so.
- To notify you about changes to our Services.
We use information held about Cardholders in the manner set out in the Membership Terms.
We may combine information held about you and/or Cardholders with other information we collect about you and/or Cardholders from other sources. We may use the combined information for the purposes set out above.
Legal basis for processing
We will only use your personal data when the law allows us to.
- We may use your personal data to perform the contract we have entered into with you or in order to take steps at your request to enter into a contract with you (Basis: Art 6(b) GDPR).
- We and any third parties with whom we share your personal data may also find it necessary to process your data for legitimate interests we pursue (Basis: Art 6(f) GDPR), for example, to maintain the security of our services or improve them.
- Where we do not rely on another legal basis, we may process your personal data based on consent you provide (Basis: Art 6(a) GDPR).
Where we store your personal data and transfers out of the EEA
The data that we collect from you (both your personal data and any data you give us about Cardholders) will be stored within the European Economic Area (EEA) and may be processed by staff operating within the EEA who work for us or for one of our suppliers.
Such staff may be engaged in, among other things, the provision of your access to the Services. Data you give us about Cardholders may also be processed by other subscribers to our Services in accordance with the Membership Terms.
By submitting your personal data, you agree to this storing and processing.
By submitting data relating to a Cardholder, you agree to
- where this forms the legal basis for your collection and processing of the personal data or is otherwise necessary for compliance with the data protection legislation, ensure that all relevant third parties have been informed of, and have given their explicit and informed consent to, such use, processing, and transfer as required by all applicable data protection legislation.
We will not transfer any data that we collect or receive from you that constitutes personal data outside of the EEA unless there are appropriate safeguards or an adequacy decision in relation to the transfer as set out in the data protection legislation or the transfer otherwise complies with the data protection legislation. Such transfers may involve, for example, our use of third party services allowing us to send e-mails or automated SMS messages which make use of facilities in third countries to process and store data.
By logging in to our site, you agree to this storing or processing.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential.
We take steps to protect the information that we receive from you from loss, misuse, and unauthorised access or disclosure. These steps take into account the sensitivity of the information we receive, process and store, and the current state of technology.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do what we reasonably can to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use reasonable procedures and security features to try to prevent unauthorised access.
Retention period and criteria used to determine the retention period
- Information collected will be retained for a period no longer than is necessary to support the purpose of processing personal data set out above.
- Encrypted back ups: We will retain encrypted back up tapes for a maximum of 3 years from the termination of our contract with you, if any, or from when you cease to use our services. This time limit is set in line with the limitation period for possible legal claims which may require such data in order to be investigated and defended against.
Recipients or categories of recipients of personal data
We will share your personal data with third parties where required by law or where we have another legitimate interest in doing so.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
We may use disclose and make available information you give us about Cardholders to third parties in accordance with clause 9 of the Membership Terms.
You have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information (commonly known as "the right to be forgotten"). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
Where our processing is based on your explicit consent to our processing, you have the right to withdraw such consent (this will not affect the lawfulness of processing prior to the withdrawal of your consent).
If you wish to exercise any of these rights please contact our Data Protection Officer at firstname.lastname@example.org.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and you can withhold your consent to and prevent such processing by not checking certain boxes on the forms we use to collect your data. You can also exercise the right to prevent such processing at any time by contacting us at email@example.com.
Complaints to Information Commissioner You have the right to lodge a complaint about our processing with the Information Commissioner.
Consequences of failure to provide personal data Your provision of personal data to us may be a requirement necessary for you to enter into a contract with us. If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you.
IP addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregated information. This is statistical data about our users' browsing actions and patterns, use of our Services and overall system use and does not identify any individual and we will not collect personal information in this way.
We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site and Services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site and Services work, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
You may block cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site.