Call now +44 20 7489 7628

Submenu: Data Protection > Our digital security > How we use your data > Other

Privacy Statement, Data Processing & Breach Management

Data Protection Policy

We, Quadrilect Ltd are required to comply with the provisions of the General Data Protection Regulation GDPR in relation to how we handle any personal data we obtain from you. Any personal information we gather will only be used in the context of your employment with us OR the business we conduct with you. We may also collect Sensitive Personal Data about you, but only with your explicit consent in advance.
We will process all the information we obtain from you to enable us to fulfil our contractual obligations to you or disclose your details to other selected third parties, such as Awarding Organisations for Qualification or their regulators or industry bodies where legally required.
We may from time to time email or post to you or your company details of products or courses we believe may be of interest to you. If you no longer require such information or you have provided us with any information that you no longer wish us to use, please contact us on info@quadrilect.co.uk or call us on tel 020 7248 5942

Right to be Forgotten

You have the right to have us correct any inadequacies in the personal details we hold about you, and to object to any direct marketing we carry out using your personal details. You also have the right to ask for a copy of the information we hold in our records. Please contact us at the address below if you want a copy of the personal data we hold about you. You can at any point make a request to access your information and advise us if you wish for information to be removed. We will respond to this request within 30 days. You have the right to request removal of this information where it doesn’t breach statutory requirements.
Information on data protection can be found at www.ico.org.uk
You can contact us on
info@quadrilect.co.uk
tel: 020 7248 5942

Our digital security

Firewall

The Boundary Firewall of our internal network is “industrial strength” which is closed to all externally instigated traffic from other than white listed IP addresses and uses one time codes, sent via SMS, to control administrator access. Daily firewall reporting is monitored for traffic that has been denied access so as to identify and respond to attempts to break security before a breach is achieved. In addition, we:

a. use of lock‐out following failure to enter password, designed to prohibit automatic password hunting.
b. Use of industry leading malware protection with real time scanning of emails and file downloads and daily full scanning of system and data files. All with automatic deletion or quarantining of identified threats

Email and web host

Network Solutions are signed up to Privacy Shield, an EU‐U.S. framework designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data. Data transfers between your browser and our website are encrypted in accordance with a valid SSL Certificate issued to Quadrilect Ltd.
Access to the website administration is secured to privileged users by two level authorization.

In‐house Network

Our in house network is managed on internal servers protected by firewall and two level authorization.

How we use your data

Data provided to register on a training course is processed to enable us to register you and send out information regarding your attendance at the course.
Name
Job Title
Company
Address
Telephone
Email
Dietary/special access requirement if required

Where is the data kept?

This data is kept on our event management database which is hosted on an internal server at a secured office location and is not connected to external networks or the internet. Hard copy documents [back up folders] kept securely on site for 1 year and then stored for up to 7 years with a storage company for reference to financial data [All of the storage units are covered by 24 hour CCTV and intruder detection systems.]

On line registrations

These are held on an SQL database integrated in to the web registration process of our website. This site is hosted by Network Solutions Suggest. Network Solutions are signed up to Privacy Shield, an EUU-U.S. framework designed by the U.S. Department of Commerce and European Commission to provide
companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data. Data transfers between your browser and our website are encrypted in accordance with a valid SSL Certificate issued to Quadrilect Ltd. Access to the website administration is secured to privileged users by two level authorization.

Credit/Debit card Information

This data is destroyed once the card has been processed and no credit/debit card information is retained on the SQL database.

Online Accounts

These accounts are set up & managed directly by the registrant. The data is held in a secure SQL database integrated into the website. We do not request or hold credit/debit card information on web accounts.

How long do we hold your data?

We hold your CPD records on this system as a lifelong learning reference. However if you wish for the data to be removed we are happy to do so on request. We hold financial records for up to 7 years

Who do we share this data with?

A delegate list showing name and company is provided for each course and shared with the course administrator and course trainer/s.

Marketing data on our event management system for public courses

All learners are given a profile as follows:
Delegate – a previous course attendee & Area of interest – eg facilities/health & safety
We are happy to remove this data at any point if you do not wish to be contacted by us. Alternatively you can choose to have just email communications or just direct mail. Please just contact us and advise on tel: 020 7248 5942

Who do we share your data with?

This data is processed by the following third parties to issue marketing promotions:
Mailing House for Direct Mail Campaigns [return address envelopes for removal requests]. Data protected and destroyed after processed.
Mailchimp for e‐news campaigns with an unsubscribe option

Email communications

All email communications are managed via our host Network Solutions. Network Solutions are signed up to Privacy Shield, an EU‐U.S. framework designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data. Data transfers between your browser and our website are encrypted in accordance with a valid SSL Certificate issued to Quadrilect Ltd.


Data provided to register on a Qualification is processed to enable us to register you with the relevant Awarding Organisation and send out information regarding your qualification programme, process assessment and results.

Where is the data kept?

As above for training course attendance as outlined in your signed study plans.
Learner folders are held on our network which is run on in‐house servers with commercial firewall & password protection. These folders contain your application, study plan, assessment submissions and feedback.
Hard copy documents [back up folders] kept securely on site for 1 year and then stored for up to 7 years with a storage company for reference to financial data [All of the storage units are covered by 24 hour CCTV and intruder detection systems.]

How long do we hold this data?

We hold your learner folder data incl financial data for up to 7 years to cover study period and post reference for AO. CPD records are held for lifelong learning as above
Financial data is held for up to 7 years

Who do we share the data with?

The qualifying Awarding Organisation.
Qualification Team Members for the purpose of delivery of the qualification: Assessors/Tutors. Please note all Assessors and tutors sign confidentiality agreements

Online accounts

Our on line learning platform for qualifications is Moodle. We set up the learner account and provide user name and password. The accounts are deleted on successful completion of the qualification or registration expires.

Plagiarism Software

All assessments are processed through a plagiarism software tool, Plagscan [secure access for privileged users]. This will generate a report on the assessment to ensure the work is properly referenced and has not been copied from another source without the correct acknowledgements. Once an assessment has been processed and the report generated the information is deleted.

What data do we hold?

For the purpose of processing your registration we collect the following data.
Name
Job Title / Profession
Company
Address
Telephone
Email

Where do we hold it?

This data is kept on our event management database which is hosted on an internal server at a secured office location and is not connected to external networks or the internet.
Hard copy documents [back up folders] kept securely on site for 1 year and then stored for up to 7 years with a storage company for reference to financial data [All of the storage units are covered by 24 hour CCTV and intruder detection systems.]

How long do we hold it?

We hold your CPD records on this system as a lifelong learning reference. However if you wish for the data to be removed we are happy to do so on request. We hold financial records for up to 7 years.

Who do we share it with?

This data is processed by the following third parties to issue marketing promotions:
Mailing House for Direct Mail Campaigns [return address envelopes for removal requests]. Data protected and destroyed after processed
Mailchimp for e‐news campaigns with an unsubscribe option
Client ‐ secure document shared with privileged users.
For some of our events we request your permission to publish your details in the event delegate booklets.
 

Other

Data Breach Management

Daily firewall reporting monitored and quarterly periodic testing of system access. If a breach is identified we will alert all customers and suppliers via email and put a notice on our website outlining the form of the breach and data exposed. All security passwords will be updated and system access points restored with new IP addresses where required.
Customers will be asked to change their account passwords.
Note no credit/debit card data is stored after the data has been processed. This data is processed within 48 hours and held on secure systems.

Changes to our data processing

We will update this policy if any change to our data processing occurs and this will be published on our website. A link will be provided to this policy with the confirmation of all training & qualification registrations. If there is a fundamental change of the type of data we are processing and the use of data we will send an email communication to all suppliers and customers updating them on our processes with a link to the updated policy.

Data Destruction

Any request for data to be deleted where it doesn’t breach statutory requirements will be processed within 48 hours. Notification will be sent confirming the data destruction.
System hardware will be disposed of through a certified company and certificates of destruction will be held for audit purposes.
Hard copy data with personal identifiers will be destroyed by a certified shredding company and certificates of destruction will be held for audit purposes.
Hard copy data stored with a secure storage facility is annually reviewed and an archive document is updated recording content and date of destruction.

Click here to download our policy