Privacy Policy
Welcome to Nimble Learning Ltd Privacy Policy. Please read this notice carefully.
Nimble Learning Ltd is committed to protecting your privacy by ensuring that any personal data is collected and used lawfully and transparently. When delivering our professional services such Nimble Microlearning; we act as the Data Controller of the personal data that you supply to us under your contract with us, unless otherwise stated as part of a contractual arrangement prior to work being undertaken.
We take care to protect the privacy of our clients that communicate (online or offline) with us, at events, over the phone, via our website, and social media platforms.
Throughout this notice, we refer to Data Protection Legislation which means the Data Protection Act 2018, GDPR (United Kingdom General Data Protection Regulation) (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This Privacy Notice explains:
-
Who we are
-
The types of personal data we may collect
-
Possible legal basis we may use for the processing
-
Who we may share information with and why
-
How we keep information secure and deal with security incidents
-
How long we may keep your data for
-
What your privacy rights are
-
Where we may transfer data to
-
How to contact our DPO and the ICO
Who are Nimble Learning Ltd?
Nimble Learning Ltd specialises in organisational development, as well providing online and face to face adult training within the UK and Ireland. We act as the data controller for the personal information we process, unless otherwise stated or arranged a part of a contractual agreement.
Types of Data Collection
The type and frequency of any personal data collected will always depend on how our website and services are used. If you do not wish to provide us with certain categories of personal data, you may not be able to use our services in their entirety.
Personal Data provided to us:
We use electronic contact forms across our website. Such forms will prompt users to input basic contact details so we can generate service quotes, provide newsletter updates and respond to enquiries. You may also provide data to us when registering for an event or when corresponding with us by phone, email, letter or social media. It is important that the personal data we hold about you is accurate and current. You should keep us informed if your personal data changes during your relationship with us.
Personal Data collected by us:
Where you ask us to provide services, we may be required to process additional categories of personal data relating to you or other parties to ensure the provision of informed advice. We may also collect additional data from you as part of our service provision.
Personal Data from other sources:
We may receive information about you and/or your company from specific third parties such as business partners, sub-contractors, advertising networks, analytics providers, hosting providers and search information providers.
Special Categories of Data:
There may be instances where we need to process Special Category Data provided by you or other users of our services during the lifetime of our service. Special category data is a more sensitive type of data which reveals insights about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life, or sexual orientation. We may also process data that relates to criminal and/or civil offences as well as child data in some very limited circumstances, usually in connection with the services you require from us. Sensitive data collection will only take place where it is applicable to the provision of the services that we are contracted to provide. The fundamental rights of the data subjects are always assessed to ensure that the processing is fair, transparent and lawful.
Online Identifiers:
When you visit our website, a record of your device’s IP address is retained which is used anonymously in order to determine website and page visitors.
For more information on how we use online identifiers or cookies please visit our cookies policy.
Legal Basis for Processing
Before processing any personal data, we ensure that at least one lawful basis under the GDPR is met. We will not disclose personal data for any purpose other than what the data was originally collected for; unless there is an overriding legal basis that enables this processing.
We may collect, hold, use and disclose the information collected to compile statistical data and to maintain our database; to develop or improve our website; respond to any queries; notify you of any upcoming marketing, training or other events that we think may be of interest to you; provide you with publications; manage quality control and compliance issues; manage systems administration; network marketing; provide you or your organisation with advice; notify you about important changes or developments to our services or contact you for your views on our services.
We may also process your personal data in the following circumstances:
Performance of our Contracts
We process information in order to support and maintain our existing or potential contractual relationships under the lawful basis ‘performance of a contract’. We may process personal data in order to provide various supporting client services, take payments and to make improvements to our website. The lawful basis which we often rely on to process data for the duration of servicing on your account and for the decision to enter an initial or any subsequent contract is under our ‘legitimate interests’. Ensuring our administrative and IT systems are secure and robust against unauthorised access also falls under this basis.
AML Purposes and Fraud Prevention
Due to the products we offer to companies, we also have a ‘legal obligation’ to validate the status of companies we work with which may involve identifying and verifying individual data subjects as part of our ‘legitimate interests’ to safeguard against criminal or fraudulent activities. We also need to ensure that VAT and premium tax is paid.
Defence of Legal Matters
We have a ‘legitimate interest’ to process data which may assist us in connection with the establishment, exercise or defence of legal claims.
Processing high Risk and Sensitive Data items
In some cases, where the processing is deemed high risk or highly sensitive, we may ask for your ‘consent’ before we undertake the processing. Where consent is used as the lawful basis for the processing, you will be entitled to withdraw that consent at any time as well as exercise your data privacy rights.
Data Reviews and Retention
As a company, we regularly undertake an annual data storage review on all data we possess. Data is always stored in a secure and organised format and forms part of our internal filing systems. We will only keep data for as long as necessary, unless there is an overriding legal reason to continue the processing. We will not retain data if it is deemed unlawful to do so. Data may be held for predominant purposes relating to the establishment, exercise or defence of legal claims. Some data may be deleted before the standard 6 year time period depending on the category of that data in line with our commercial legitimate interests and retention schedule.
Personal data that is no longer necessary will be deleted securely. Please be advised that you can enforce your individual rights against all personal data we retain relating to you as an individual and not a legal entity.
Individual Data Privacy Rights
All data subjects have individual rights. On a case by case basis, you have the following rights in relation to your personal data processed by Nimble Learning Ltd:
The right to be informed about how your personal data is collected and used
The right to request access to a copy of any personal data that we hold about you
The right to rectify personal data we may hold which is identified as incorrect or misleading
The right to erasure of any personal data; also known as ‘the right to be forgotten’
The right to restrict further processing of your personal data
The right to data portability where technology allows us to send personal data onto a new controller
The right to object to the processing or certain processing activities
Rights in relation to automated decision-making including profiling.
As an organisation we do not operate any automated decision-making systems. Please be aware that the rights listed in this section only apply to individuals and cannot be used to request data relating to business entities. Please be aware that your rights of access do not entitle you to physical or digital copies of any documentation we hold. You may enforce any of the above rights by emailing graham@nimblelearning.co.uk
International Transfers and Confidential Data Sharing
We can confirm that personal data will only be disclosed on a confidential basis to external service providers so that they can provide financial, technological or administrative assistance or services. When we share data with an external third party organisations; these operations are separately governed by a Data Processing Agreement (DPA) and we perform regular due diligence on any external companies we work with to ensure that high levels of data integrity are maintained.
Any transfers taking place outside the EEA (for example to the USA) are only permitted with the provision of an Adequacy decision, Standard Contractual Clauses (SCC’s) or any other lawful transfer mechanism. Where necessary, we may need to share data with external organisations such as law enforcement, regulatory bodies, fraud prevention agencies, partners or advisors. Before any data is shared, we ensure that all technical and organisational controls are firmly in place and a data protection impact assessment is undertaken, where applicable, if the sharing or transfer is considered high risk. We do not sell your data to any third parties.
Queries & Complaints
Nimble Learning Ltd can be directly contacted on the details below if you have any queries or complaints:
Data Protection Officer: graham@nimblelearning.co.uk
If you’re not satisfied with the outcome or our response, or believe we’re not processing your personal data in accordance with the law, you can approach the UK regulator for further guidance at www.ico.org.uk/concerns
We regularly review and monitor regulatory guidance for any industry changes which may impact our business operations or your rights and freedoms.
In this privacy notice, “personal data” means any information relating to an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.
Copyright © Nimble Learning Ltd 2024 - This version was last updated and reviewed October 2024