Data Protection and Privacy Policy
1. Introduction
This Data Protection Policy explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how Smart Learn CPC uses your data; for example we will explain things such as our partnership with the RTITB and the DVSA.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
It’s likely that we’ll need to update this Data Protection Policy from time to time. You’re welcome to come back and check it whenever you wish – it will be made available via the website at all times.
2. Who is Smart Learn CPC?
Smart Learn CPC is Driver CPC Training Provider and the majority of our courses are offered online and are provided in partnership with the RTITB Master Driver CPC Consortium.
For simplicity throughout this Policy, ‘we’ and ‘us’ means Smart Learn CPC.
3. Explaining the legal bases we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
Consent
In specific situations, we can collect and process your data with your consent.
For example, when you complete the consent form, and again when you tick the box to undertake training.
When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations.
Legal compliance – If the law requires us to, we may need to collect and process your data.
For example, we may need to provide evidence to the RTITB, DVSA that you have been suitably trained.
Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business, and which does not materially impact your rights, freedom or interests.
For example, we may send you or make available information you need to maintain the appropriate level of training/accreditation.
4. When do we collect your personal data?
When you visit our website, and use your login details.
When you create an account with us.
When you undertake training and testing with us.
When you contact us by any means with queries, complaints etc.
When you ask us to email you information about a product or service.
When you choose to complete any surveys we send you.
When you comment on or review our products and services.
Any individual may access personal data related to them, including opinions. So if your comment or review includes information about an individual or RTITB or the DVSA, it may be passed on to them if requested.
When you fill in any forms.
When you’ve given a third party permission to share with us the information they hold about you.
5. What sort of personal data do we collect?
If you have a Smart Learn CPC account with us: your name, gender, date of birth, Driving Licence Number, address, email address and previous course bookings. For your security, we’ll also keep an encrypted record of your login password.
Details of your interactions with us through our online services.
For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of assessments, training, web pages you visit and how and when you contact us.
Copies of documents you provide to prove your identity and your qualifications. (including your driver’s licence). This will include details of your full name and date of birth.
Details of your visits to our website.
Information gathered by the use of cookies in your web browser.
Payment card information – all payments are processed and administered by a third party and Smart Learn CPC have no access to any of your payment information.
Your comments and reviews.
To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit.
6. How and why do we use your personal data?
We want to give you the best possible customer experience. The data privacy law allows this as part of our legitimate interest in providing the highest levels of service.
Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
​
Here’s how we’ll use your personal data and why:
​
-
To process any training. If we don’t collect your personal data, we won’t be able to process your training and testing to comply with our obligations to RTITB and DVSA in respect to supplying a robust and meaningful qualification.
-
To provide RTITB and DVSA with easy access to your professional data in respect to your knowledge, experience and qualifications in the transport industry
-
To respond to your queries, refund requests and complaints.
-
Handling the information you sent enables us to respond.
We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
To protect our business from illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest.
For example, by checking your password when you login.
To protect our premises, assets, we operate CCTV systems in our premises which record images for security. We do this on the basis of our legitimate business interests
​
If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim is to protect the individuals we interact with from criminal activities.
​
With your consent, we will use your personal data, preferences and details of your transactions to keep you informed by email, web, text, telephone and through our contact centres about relevant products and services including tailored special offers.
​
Of course, you are free to opt out of hearing from us by any of these channels at any time.
You are free to opt out of hearing from us by post at any time.
​
To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Policy.
To comply with our contractual or legal obligations to share data with law enforcement.
For example, when a court order is submitted to share data with law enforcement agencies or a court of law
To process your booking.
7. How we protect your personal data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites using ‘https’ technology.
Access to your personal data is password-protected, and sensitive data is secured by SSL encryption.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
8. How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
9. Who do we share your personal data with?
We sometimes share your personal data with trusted third parties.
For example DVSA and RTITB.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
-
We provide only the information they need to perform their specific services.
-
They may only use your data for the exact purposes we specify in with them.
-
We work closely with them to ensure that your privacy is respected and protected at all times.
-
If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
-
Examples of the kind of third parties we work with are:
-
IT companies who support our website and other business systems.
For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
For further information please contact us.
10. Where your personal data may be processed
We only share your personal data with third parties and suppliers based in the UK.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Policy.
11. What are your rights over your personal data?
An overview of your different rights
You have the right to request:
Access to the personal data we hold about you, free of charge in most cases.
The correction of your personal data when incorrect, out of date or incomplete.
For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
That we stop any consent-based processing of your personal data after you withdraw that consent.
You have the right to request a copy of any information about you that Smart Learn CPC holds at any time, and also to have that information corrected if it is inaccurate.
​
To ask for your information, please contact Data Protection Officer, Smart Learn CPC, 11 Sullington Road, Shepshed. LE12 9JF or email training@smartlearncpc.co.uk
​
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
​
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
12. How can you stop the use of your personal data for direct marketing?
You can stop direct marketing communications from us by:
Clicking the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails.
Writing to Smart Learn CPC, 11 Sullington Road, Shepshed. LE12 9JF
13. Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns
14. Who is responsible for implementing this Policy and monitoring compliance.
The business owner and Proprietor is responsible for the implementation of this Policy and monitoring compliance of it.
15. What will be done in the event of a breach of this Policy or of the information stored about you.
Smart Learn CPC will do everything in its power to ensure the contents of this Policy are adhered to fully. Should a breach in the implementation of this Policy be detected a Policy review will be undertaken and the necessary steps taken to remedy the breach and prevent further such breaches occurring.
​
Breaches of data stored about you will be reported to the Information Commissioners Office as soon as practically possible and their advise taken in full.
16. How will a breach be detected.
IT systems are in place to identify hacks and breaches to the data held. Internal auditing and processes would detect a breach of how this Policy is being implemented.
17. Any questions?
We hope this Data Protection Policy has been helpful in setting out the way we handle your personal data and your rights to control it.
​
If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you.
​
Last Updated: 28th June 2024