GLL COLLEGE PRIVACY NOTICE
Greenwich Leisure Limited (GLL) is committed to operating in a way that complies fully with the provisions of the General Data Protection Regulation (GDPR). GLL are controllers of the information which we collect from or about you. As controllers, we are responsible for the security and processing of your Personal Data. This Privacy Notice explains why and how we process your data.
GLL is a is a charitable social enterprise and registered society under the Co-operative & Community Benefit and Societies Act 2014 registration no. 27793R and our registered head office is Middlegate House, The Royal Arsenal, London, SE18 8SX.
Our Data Protection Officer (DPO) is Mr Philip Donnay whom you can contact at the above registered address or through firstname.lastname@example.org if you have any queries about this notice or any other matter relating to data protection.
Personal data is any information that relates to a living, identifiable person. This data can include your name, contact details, and other information we gather as part of our relationship with you.
It can also include ‘special categories’ of data, which includes information about your health. The collection and use of these types of data is subject to strict controls.
We are committed to protecting your personal data, whether it falls into special categories or not, and we only process data if we need to for a specific purpose.,
We collect your personal data through our contact with youto provide training services.
All GLL workers, employees and processers have responsibilities under the GDPR, and are aware of these responsibilities.
2) What information does GLL collect?
GLL processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never request any unnecessary personal data from you and will not process your information in any way, other than as specified in this notice.
The personal data we may collect from you is:
• Date of birth
• Home address
• Personal email address
• Home telephone number
• Mobile telephone number
• Payment information
• Evidence of prerequisite course completion
• Health information
• Emergency contact details
GLL process this data as part of our contractual arrangement to provide you with training services. We also have legal obligations to ensure your health and safety and we have a legitimate interest in collecting the name and contact details of a person we can contact in an emergency in the event we need to do that while you are attending a GLL course.
3) Why does GLL process personal data?
We process your personal data for the following reasons:
• We process your basic personal information in order that we can enter a training contract and to meet our obligation to provide the training services.
• We collect and process specific health information at the point of entering into a contract for some courses, when it is required by the training provider or awarding body. For example the course may have a pre-requisite for good eye sight, to be physically fit or to swim a certain distance. You will be asked to provide your explicit consent for information to be used for this purpose. If you choose not to do this GLL may not be able to provide the training to you.
• Emergency contact information is requested and shared with data controllers or processers as the organisation has a legitimate interest in ensuring the welfare of students in the event of an emergency.
4) Who has access to data?
Your information will be shared with members of the GLL College team, with you line managers if you are an employee or a casual worker engaged by GLL, and with IT staff who require access to our learning management systems who require access to it in the performance of their duties.
GLL takes your privacy very seriously and will only share your information with third parties where there is a contractual obligation to deliver a service. We may need to share your data with the following data processers:
• Awarding and accrediting bodies such as the Royal Life Saving Society (RLSS). ActiveIQ, the Swimming Teachers Association (STA), and The Chartered Institute for the Management of Sport and Physical Activity (CIMSPA);Access Planit, the supplier of our learning management system, for the purposes of maintaining and storing students’ records
• Training providers and partners, who provide training services to our customers. The specific provider will vary depending on the course and full details can be provided upon request when you register for the course.
• Third party payment collections services such as Sagepay
We do not sell or trade the personal information we collect.
5) How does GLL protect data?
GLL takes the security of your data seriously. We have internal policies and procedures to ensure your data is not lost, accidentally destroyed, misused or disclosed and is not accessed by our employees in the proper performance of their duties.
Hard copies of documents containing personal information are stored in secure cabinets with appropriately controlled access.
Electronic data is hosted by our software providers who are required to comply with recognised standards and conduct regular testing.
All processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this Privacy Notice, the data protection laws and any other appropriate confidentiality and security measures.
6) How long does GLL keep data?
GLL only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. Our policy is to keep your personal data for a minimum of 6 years after which time it will be destroyed. As joint data controllers we retain some data in accordance with the relevant awarding bodies retention schedule, full details can be provided upon request when you register for the course or by emailing email@example.com.
7) Will I be contacted for marketing purposes?
We will only send you marketing information to you if you have provided consent.. Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent. You can change your marketing preferences at any time by logging into your account.
8) Your rights.
As a data subject, you have a number of rights. You can:
• access and obtain a copy of your data on request;
• require the organisation to change incorrect or incomplete data;
• require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
• object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing; and
• ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation’s legitimate grounds for processing data.
Please note that GLL does not undertake automated decision making or profiling.
If you would like to exercise any of these rights, please contact our Data Protection Officer.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request. This is to ensure that your data is protected and kept secure.
9) Transfer of data outside of the European Union
GLL does not share or transfer data outside of the EU. All cloud based storage is based in the U.K. or the E.U.
10) Links to other websites
We offer links to other websites. When you click on these links we encourage you to read the sites privacy statements because their standards may differ from ours.