Privacy Policy

Introduction
ATHE value everyone who engages with us by whatever means, and we do all we can to fully protect your privacy and to make sure the personal data you provide to us is kept safe. This Privacy Notice is designed to comply with the General Data Protection Regulation (GDPR) and is issued in the interests of transparency over how we use (“Process”) the Personal Data we collect. We also have specific Terms of Conditions for the use of our website, which you should read as well. We treat all our stakeholders in line with our values and we welcome any feedback about any of our actions.

Your Information

We collect personal information each time you deal with us, for example when you register learners, provide staff CVs, sign up for an event, provide comments, complete surveys or otherwise provide your personal details. When you visit our websites. We collect non-personal data such as IP addresses, details of pages visited and files downloaded. Website usage information is collected using cookies (see the section on Cookies below). If you provide us with any personal data while using our website we may use it to provide you with any information or services you have requested.

Information from social media
We may collect information that you make available on social media, for example, Twitter, Facebook, YouTube and LinkedIn. You may wish to check their privacy policies to find out more about how they will process your data. Other publicly available information We may collect information from organisations such as Companies House, the Charity Commission, QAA, ISI, Ofqual and Ofsted as well as information published in articles, newspapers or blogs.

Sensitive Personal Data
Where you provide the information, we may collect Sensitive Personal Data, which may include your religious beliefs, or your physical or mental health. What do we do with your personal data? We may use the personal data we collect to:

Keep you up to date on news and stories about our work.
Provide a personalised service, such as customised website content or personalised emails.
Keep records of your relationship with us e.g. questions you have asked or suggestions or complaints you have made.
Conduct market research to aid our understanding of our customers and their views.

We may use publicly available information such as newspaper articles, or information you have given permission to other organisations to share such as LinkedIn.

Our legal basis for holding and processing your personal data
If you are a new centre or learner coming on board for the first time, on or after 1 March 2018, we will process your personal data on the basis of the consent you provided us with. You are free to change your preferences at any time by contacting us by telephone, post or email as shown in the section ‘Your rights and telling us when things change’ below.

Legitimate interest: Contacting you
If you are an existing centre / learner as at 1 May 2018 we may continue to contact you by email where you have previously given us your consent. We may also contact you by post or telephone where we have a legitimate interest to do so. We may continue to send you information related to qualifications that are being delivered and opportunities that relate to those qualifications. Where you have previously asked us not to contact you in this way we will continue to respect your contact preferences. You can change your preferences at any
time or object to us processing your data by contacting us by telephone, post or email as shown in the section ‘Your rights and telling us when things change’ below.

Applying for a job or with us
Where you provide personal data and sensitive personal data when applying for a job with us, such as the information on your CV, we will process, store and disclose the personal data we collect to:
• Support the recruitment process.
• Enable you to submit your CV, apply online for jobs and to subscribe for alerts about job types of interest to you.
• Answer any questions you may have.
• Use third parties to provide services such as references, qualifications, criminal referencing, checking services, verification of information you have provided, health screening and psychometric evaluation or skills tests.
• Provide anonymised data to monitor compliance with our equal opportunities policy.

Where you provide personal or sensitive personal data, such as religious beliefs, dietary, mobility requirements or health information, to attend one of our training events we will store, process and disclose the personal information we collect to:
• Deliver the event, including the disclosure of sensitive data, such as medical information, to our partner(s) where necessary to deliver a safe event for all involved.
• Provide the administration of these events or opportunities to serve.
• Answer any questions or feedback you may have.
• Provide anonymised data to monitor compliance with our equal opportunities policy.

How and where we store your information
We will keep your personal information only for as long as we consider it necessary to carry out each activity. We take account of legal obligations and accounting and tax considerations as well as considering what would be reasonable for the activity concerned. We will only hold sensitive medical personal information provided to participate in an overseas trip until two years after the trip is completed. If you have any questions please contact our Data Protection Officer, Ben Jones in writing at ATHE Ltd, Suite 4B, Rosebery Court, Central Avenue, St Andrews Business Park, Norwich, NR7 0HS, UK.or email at ben.jones@athe.co.uk.

How safe is the personal information we hold?
We ensure that we have appropriate technical controls in place to protect all the personal data you provide. For example, we ensure that any online forms are encrypted to ensure they can only be read by people permitted to do so. Our network is robustly protected from unauthorized access and is routinely monitored. We ensure that access to personal data is restricted only to those staff members or associates whose job roles require such access and that suitable training is provided for these staff members and associates. We may make limited use from time to time of external companies to collect or process personal data on our behalf. When we do so, we carry out checks on these companies, put in place contracts to make sure our requirements are clear, and carry out periodic reviews. When we do use external companies, we remain responsible for the storing and processing of your personal data. However, we need to remind you that despite all our efforts, the internet cannot be guaranteed to be 100% secure, and that you submit data at your own risk.

Credit / debit card security
We may use a third party to process payments using cards but will ask them to process your information in line with the GDPR and the Payment Card Industry Data Standard. If you use your debit or credit to pay for something, whether online or over the phone, we will process your information securely in accordance with the Payment Card Industry Data Standard. We do not store your debit or credit card details once your transaction has completed. All card details are securely destroyed once your payment has completed. We hold bank account details for the purpose of paying invoices to providers and associates.

Where we store your personal information
We use cloud-based systems to process data. We adopt the Information Commissioners approved measures and therefore ensure that personal data is held in compliance with European data protection regulations. We take all reasonable steps to ensure that your data is stored and processed securely in accordance with this policy. By submitting your personal data, you agree to this transfer, storing and processing of your information. Should you travel overseas for us, we may share personal information with partners who deliver our work in overseas locations. For example, this may include sensitive personal data such as medical information. When we do so we will make you aware of the data being transferred and seek your consent to do so.

Legal duty
We may need to pass on information if required by law or by a regulatory body. Our service providers and third parties We may employ associates to carry out tasks on our behalf, such as Learner Verifications or Health Checks. These associates are bound by contract to protect your data and we remain responsible for their actions. We may provide third parties with general information about users of our site, but this information is both aggregate and anonymous. However, we may use IP address information to identify a user if we feel that there are or may be safety and/or security issues or to comply with legal requirements.

Cookies
We collect data using cookies. A cookie is a text file that is sent from our website as soon as you visit the site. It is stored on your computer’s hard drive and helps us to identify your computer (not you) and collects information in an aggregate, anonymous way. Cookies
may be used to collect information about your visit to our website, for example, traffic data, location data, device information, the date and time of your visit and the pages that you visit. The use of cookies is an industry standard for most major websites. To enjoy our website to the full, we recommend that you leave cookies turned on. The cookie data that we collect we may use to:

• Customise the content on our website and to help to understand visitors’ current and future needs.
• Process any requests, applications or transactions you may make.
• Aid internal administration and analysis.

Managing cookies
Most browsers allow you to turn off the cookie function. To do this you can look at the help function on your browser.

Third party cookies

cookies from these websites. We do not control the setting of these cookies, so we suggest you check the third party website for more information about their cookies and how to manage them. ATHE also uses third party suppliers such as Facebook, Twitter, and Google Analytics and these providers may use cookies. They may also use tracking pixels, which are commonly found in advertising to track the effectiveness of adverts. As some of these services may be based outside of the UK and the European Union, they may not fall under the jurisdiction of UK courts. If you are concerned about this, you can change your cookie settings (see above).
How we treat children and vulnerable persons We do not actively seek to collect children’s data. If at any time we create any materials which may lead to someone aged under 13 years providing their details, we make it clear
that we will need their parent’s /guardian’s permission before giving us their personal information. Personal information will be recorded so that we may respond appropriately in future, for example by ceasing fundraising requests or no longer making calls. Your rights and telling us when things change We fully recognise your right to have your data removed, to be forgotten, to opt out of communications or withdraw consent and to have a copy of your personal data. You also have the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk

Preferences
You can change your preferences at any time about what you receive from us, including marketing materials, or how we contact you, by mail, phone or email. You can do so by:
Calling us on: +44 (0)1603 760030
Email us on: info@athe.co.uk

Updating your details
We do appreciate you keeping your details up to date. You can do so in the same way as updating your preferences (above). We may use Royal Mail’s Postcode Address File or other available sources to confirm data that you provide us with, where, for example, we are
unsure of what you have completed on a form. We will not use these sources to create data that you have chosen not to provide, for example, if you have left a telephone number blank; nor will we automatically update changes of address, we will normally only update your address when you tell us it’s changed.

Telling us to stop processing
You have the right to ask us to erase your personal data, to ask us to restrict our processing or to object to our processing of your personal data. You can do so at any time by emailing info@athe.co.uk

Access to your information. You have the right to request details of the information we hold about you. To receive a copy of the personal information we hold please write to our Data Controller at the address given above. We will respond within one month of receiving your letter. For more information about your rights please visit the website of the Information Commissioner’s Office (https://ico.org.uk/for-thepublic/personal-information/)

Changes to ATHE’s Privacy and Security Policy
This policy was last updated in July 2022. We may amend this policy from time to time to take account of changes to our processes or changes to data protection or other legislation. If we make any significant changes to this policy we will show this clearly on our website, in
our publications or by writing to you directly. By continuing to use our website you will be deemed to have accepted these changes.