We are Virtual College Limited, a company incorporated in England and Wales. Our company number is 03052439 and our registered office is at Marsel House, Stephensons Way, Ilkley, West Yorkshire, LS29 8DD (“Virtual College” / “we”/ “our” / “us”).
We are committed to ensuring that your privacy is protected and we strictly adhere to the provisions of the General Data Protection Regulation ((EU) 2016/679) (GDPR) unless and until GDPR is no longer directly applicable in the UK, together with the Data Protection Act 2018, any national implementing laws, regulations and secondary legislation as amended or updated from time to time in the UK, and any successor legislation to GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (Data Protection Legislation).
In order for Virtual College to provide, our products and services we need to process a certain amount of data, some of which is personally identifiable.
We process data on the following categories of individuals:
- Learners/ System Users
- Customers & prospective customers
- Website visitors & online customers
- Newsletter/ marketing subscribers
- Suppliers, sub-contractors & freelancers
- Staff (and 3rd party personal data they provide)
- Prospective staff (job applicants)
Learners/ System users
In order to access Enable, Virtual College’s Learning Management System (LMS), and complete training and other associated activities, users require an LMS account. Having an account means Virtual College is storing the personal data you provide, and we further process this to determine training outcomes and retain certification records as well as analyse content and system usage, improve our products and services and respond to support queries and evaluation comments. Where a learner has accessed or is allocated a Virtual College course, directly from Virtual College, Virtual College is the data controller.
If your login details or training has been provided by a 3rd party (e.g. your employer, another training organisation or a Virtual College reseller) then they will be joint data controller, along with Virtual College where applicable and also have access to and will be processing your personal data. Should you require any further information you should contact them directly. If you are unsure who to contact Virtual College may be able to assist, please email firstname.lastname@example.org. . Where a 3rd party has provided system access, and no Virtual College content is allocated to the user, then Virtual College is a data processer, and the relevant 3rd party sole data controller.
Virtual College retains learning records ad infinitum, under its commitment to lifelong learning, to enable us to provide factual information on what a learner has studied and achieved, i.e. name, courses studies, CPD gained, test results etc. This is in line with JISC best practice and Guidance on Managing Student Records.
Our servers are provided by Node 4 and Amazon Web Services. We also work with a number of organisations who assist us in testing our LMS and related infrastructure – Pure Technology Group and Ten10.
Where learners complete one of our IOSH courses, personal data is shared with IOSH to enable them to issue their certification.
Learners contacting our support team out of normal hours may be dealt with by our 3rd party support provider – Your Business Voice.
Customers & prospective customers (purchasing via our sales team)
Virtual College use Microsoft Dynamics 365 CRM (you can visit Microsoft’s Trust Center: here) to manage our business development and account management activity. All customers and prospective customers have a record with our CRM database. Along with details about the organisation and products purchased, we also store contact information for those people we know at the organisation. For customers we process this data in order for us to meet out contractual obligations, for prospective customers our condition for processing is legitimate interest.
Customers can also view our Data Processing Agreement here.
Website visitors & online customers
When you place an order with us on our website, we will ask you to provide certain personal information, for example:
- your name; and
- your email address.
Please note that we require this information to be able to process your order and fulfil our contractual obligations (our condition for processing under GDPR). We may be unable to fulfil the contract without your personal data.
If you purchase services, our third party payment provider (Braintree Ltd - you can view their privacy information here) will require additional personal information in order to process such payment (e.g. your home address). Please note that this information is not collected or stored by us.
Your personal information will then be used by us to provide you with the services you ordered and to communicate with you regarding the provision of those services. We also monitor website usage and provide statistics to third parties for the purposes of improving and developing our website and the services we provide via our website. Please note that any such statistics and/or information provided to third parties will be made on a confidential basis and will not include information that can be used to identify any individual.
Promote Digital assist Virtual College with the development and maintenance of our website.
When you call us you will hear a message advising that your call will be recorded before you are connected to our teams.
We record calls to monitor quality and compliance, and to assist in complaints handling and training. The legal basis for us to process personal data set out in Article 6(b) of GDPR – “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.”
A call recording comprises of a record of the Caller Name, Phone Number, Date, Time and Duration and a link to a file storing the recording.
All call recordings are held securely and confidentially and will be deleted after 3 months.
A cookie is a small piece of information which is automatically created by our website on your computer. Please note that cookies are harmless to your computer. Cookies are a useful way of remembering the choices you have previously made while visiting our website.
Please note that if you set your computer to not accept cookies, there may be certain features/areas on our website that you may not be able to use. It may be necessary to have cookies enabled in order to purchase or access online courses and materials.
Our website currently uses the following cookies:
Sitecore (our website platform) Cookies
This cookie is set by ASP.NET itself to store session data. This cookie will be deleted when the sessions end. This cookie is not used to identify individuals using the Website.
To identify repeat visits from a single user, Sitecore sends a persistent session cookie to the web client. The persistent session cookie expires 10 years after the last page requested from the solution by the web client.
This site along with our Learning Management System, Enable, uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate our use of our website and compile reports on user activity. This cookie expires after two years.
Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
These 1st party __atuvc and _atuvs cookies are persistent cookies that are created and read by the AddThis social sharing site in order to make sure user sees the updated count if user shares a page and return to it before Virtual College share count cache is updated. No data from that cookie is sent back to AddThis.These cookies expire after two years.
Newsletter/ marketing subscribers
When you fill out a webform to sign up to a newsletter, download a resource, such as an infographic, or enquire about a product, we may ask you to provide certain personal information, including your:
- email address;
- job title & the organisation you work for; and
- telephone number.
By completing the form and ticking the relevant boxes you are providing your consent for Virtual College to process your personal data, and this is the legal basis we are relying on to do so.
We will use the information that you give us to send you relevant emails containing Virtual College news & marketing communications. Your information will be stored by a third party data processor; Campaign Monitor, whose servers are located in the US, you can read their privacy information: here.
In addition, if you have enquired about a product or service we will use the information you have given to update our customer relationship management system so one of our consultants or advisors can contact you. This information will also be stored by another third party data processor, Microsoft, their Dynamics 365 CRM servers are located in the UK, for more information you can visit Microsoft’s Trust Center: here.
Some automation and profiling may be used to send emails or a series emails based on your indicated preferences and your interactions with the emails we send to you. For example if you have enquired about a particular product we may send you a series of emails outlining features or benefits of that particular product.
We regularly review your interactions with the emails we send you and remove any subscribers who have shown and extended period of inactivity. You can withdraw your consent and unsubscribe at any time by clicking the link at the bottom our email communications or by emailing this address.
If you continue to interact with our emails or website, we will retain your data indefinitely so we can continue to send you emails.
We will not sell or pass your information to third parties other than those set out above.
Suppliers, sub-contractors & freelancers
Personal data provided by suppliers is only used for purposes related to the supply of goods or services for which we have contracted.
Staff (and 3rd party personal data they provide)
Information regarding the processing of staff data is available internally via the HR Team. Where staff provide 3rd party personal details to Virtual College, for the purposes of being an employment reference, emergency contact, or beneficiary of employment related benefits, these details are used for that purpose only, and processed under legitimate interests.
Prospective staff (job applicants)
Should you apply for an advertised job vacancy, or submit a speculative application, either directly or through a recruitment agency or other 3rd party, we will process your data solely for this purpose. We hold all applications on file for a period of 6 months, and may contact applicants regarding other similar opportunities potentially of interest that become available within this time.
Sub-processers and other 3rd parties
Virtual College utilise a number of sub-processers and other 3rd parties to support and enhance the delivery of our services. These are listed below.
- Microsoft – provide us with a number of software services including Dynamics 365, our CRM
- Campaign Monitor – our email marketing provider
- Braintree – our online payments provider
- Worldpay – our telephone payments provider
- Your Business Voice – assist us with our of hours customer support
- Preact – provide Virtual College support with our CRM
- Promote Digital – assist with website development and maintenance
- Node4 – our datacentre
- Pure Technology Group – assist with LMS testing and other aspects of IT
- Ten10 – assist with LMS testing
- Amazon Web Services
- RingCentral - our call recording provider
How do we safeguard your personal data?
Protecting your security and privacy is extremely important to us and we make every effort to secure your information and maintain your confidentiality in accordance all relevant Data Protection Legislation. Our systems are protected by various levels of security technology, which are designed to protect your information from any unauthorised or unlawful access, processing, accidental loss, destruction and damage.
Please note that we may need to disclose your personal information where we:
- are under a legal duty to comply with any legal obligation or in order to enforce or apply our terms and conditions; or
- need to disclose it to protect our rights, property or safety of our customers or others, including the exchange of information with other companies, organisations and/or governmental bodies for the purposes of fraud protection and credit risk reduction.
The GDPR provides you with the following rights:
The right of access
You can ask us to confirm that we process your personal data and provide access to and copies of the information we hold about you by contacting us at email@example.com. We will process your request to access your information and provide this information to you free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee. We may also charge if you request more than one copy of the same information.
We will provide the information you request as soon as possible and in any event within one month of receiving your request, unless there are extenuating circumstances. If we need more information to comply with your request, we’ll let you know.
The right to rectification
If you believe personal data we hold about you is inaccurate or incomplete, or any of the information you provide to us changes, please let us know as soon as possible so that we can make the necessary changes to the information we hold for you on our database. If you wish to make any changes to your information, please contact us at firstname.lastname@example.org.
We will comply with your request within one month of receiving it, unless we don’t feel its appropriate for us to do so in which case we’ll let you know why. We’ll also let you know if we need more time to comply with your request.
The right to erasure
In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:
- where we no longer need your personal data for the purpose for which we collected it;
- where we have collected your personal data on the grounds of consent and you withdraw that consent;
- where you object to the processing and we don’t have any overriding legitimate interests to continuing processing the data;
- where we have unlawfully processed your personal data (i.e. we have failed to comply with GDPR);
- where the personal data has to be deleted to comply with a legal obligation; and
- where the personal data we process relates to the offer of online services to a child.
There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we’ll let you know.
To request that your information is deleted, please contact us at email@example.com.
The right to restrict / object to processing
In some circumstances you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we don’t have to delete it. This right is available to you:
- if you believe the personal data we hold isn’t accurate – we’ll cease processing it until we can verify its accuracy;
- if you have objected to us processing the data (see below) – we’ll cease processing it until we have determined whether our legitimate interests override your objection;
- if the processing is unlawful; or
- if we no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim.
You are entitled to object to us processing your personal data:
- if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority;
- for direct marketing purposes (including profiling); and/or
- for the purposes of scientific or historical research and statistics.
In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
If you wish to restrict or object to the processing of your information, please contact us at firstname.lastname@example.org.
The right to data portability
You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller. This right only applies:
- to personal data you provide to us;
- where processing is based on your consent or for performance of a contract (i.e. the right does not apply if we process your personal data on the grounds of legitimate interests); and
- where we carry out the processing by automated means.
We’ll respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we’ll let you know.
Rights in relation to automated decision making and profiling
Automated decision making means making a decision solely by automated means without any human involvement. This would include, for example, an online credit reference check that makes a decision based on information you input without any human involvement. It would also include the use of an automated clocking-in system that automatically issues a warning if a person is late a certain number of times (without any input from HR, for example).
We carry out automated decision making using your personal data as detailed under the Newsletter / Marketing Subscribers heading above.
For further information on these rights you can contact the ICO via one of the options on their website https://ico.org.uk/global/contact-us/.
For whatever reason, should you wish to lodge a complaint with the Information Commissioner’s Office, as is your right, you can do by contacting the ICO directly via one of the options on their website https://ico.org.uk/global/contact-us/.