We are Steve Payne Consultants. We’re a company registered in England and Wales with company number 11493592, whose registered address is at 7 Castle Street, Bridgwater, TA6 3DT. In this privacy notice we will refer to ourselves as ‘we’, ‘us’ or ‘our’.
You can get hold of us in any of the following ways:
· by phoning us on 01278 741224;
· by e-mailing us at [email protected]; or
· by writing to us at Steve Payne Consultants, Orchards, Hilltop Lane, Kilve, Somerset, TA5 1SR
We take the privacy and security of your personal information seriously. This privacy notice explains how we collect, use, store, and protect personal information about you in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant laws. It applies to all individuals whose data we process, including learners, staff, and enquirers. As a provider of online vocational qualifications (including those from Pearson, CIOB, and APM), we ensure our practices align with regulatory requirements from bodies like Ofqual and Pearson's guidelines for approved centres, which emphasize robust data protection policies.
|
Review Date: |
Reviewer: |
|
13/07/21 |
Steve Payne |
|
13/07/22 |
Steve Payne |
|
21/11/22 |
Mark Payne |
|
21/11/23 |
Mark Payne |
|
21/11/24 |
Mark Payne |
|
01/11/25 |
Mark Payne |
|
|
|
|
|
|
|
|
|
We do not have a formal Data Protection Officer, but Mark Payne is responsible for data protection matters. You can contact them using the details above.
We may provide supplementary privacy notices for specific services (e.g., when enrolling in Pearson NVQ Level 6 or 7 qualifications). This notice supplements but does not override them. We review and update this notice periodically; changes will be posted on our website with the updated date. If changes are significant, we will notify you directly where possible.
1. Key Definitions
For clarity, we define key terms as follows:
· Data Controller: The organisation deciding how and why personal information is processed (this is us for most activities, but for Pearson qualifications, Pearson may act as joint or primary controller).
· Data Processor: An entity processing data on our behalf (e.g., IT providers).
· Personal Information: Any data identifying a living individual (e.g., name, email), excluding anonymised data.
· Special Category Information: Sensitive data requiring extra protection, such as health, ethnic origin, political opinions, religious beliefs, trade union membership, genetic/biometric data, or sexual orientation.
· Criminal Convictions Data: Information about criminal offences or convictions, processed only where necessary (e.g., for certain accredited courses).
2. Details of personal information which we collect and hold about you
The types of personal information we collect vary based on your interaction with us (e.g., enquiring, enrolling, or completing a course). We collect data minimally and only for specified purposes. Below is a table outlining categories, examples, sources, and retention periods (see Section 7 for more on retention).
|
General Category |
Types of Personal Data in that category |
Source |
Retention Periods |
|
Identity Information |
Name, date of birth, gender, proof of ID (e.g., passport copy for accreditation). |
Directly from you (e.g., enrolment forms); third parties (e.g., accrediting bodies like Pearson or CIOB). |
Up to 3 years after course completion or relationship end, or longer if required by law (e.g., 7 years for tax purposes). |
|
Contact Information |
Email, phone number, postal address. |
Directly from you; analytics providers (e.g., Google). |
As above. |
|
Payment Information |
This is information relating to the methods by which you provide payment to us such as [bank account details, credit or debit card details] and details of any payments (including amounts and dates) which are made between us. |
Directly from you; payment providers (e.g., PayPal). |
7 years for financial records; transaction data anonymised after processing. |
|
Transaction Information |
This is information relating to transactions between us such as details of the courses and services provided to you. |
Directly from you; our systems. |
As above. |
|
Survey & marketing Information |
Feedback responses, preferences, marketing opt-ins. |
Directly from you (e.g., surveys). |
5 years |
|
Website, Device and Technical Information |
This is information about your use of our website and technical data which we collect (including your IP address, the type of browser you are using and the version, the operating system you are using, details about the time zone and location settings on the device and other information we receive about your device) |
Automatically via our website and course portals, analytics tools (e.g., Google Analytics). |
Up to 2 years. |
|
Assessment/Learning Information |
Evidence portfolios, grades, feedback, progress logs (specific to distance learning courses like Pearson NVQs). |
Directly from you; assessors/tutors. |
3 years post-certification, per awarding body guidelines. |
We minimise collection and anonymise data where possible (e.g., for statistical analysis of course completion rates).
3. Special Category Information and Criminal Convictions Data
We generally do not collect special category information. However:
- For reasonable adjustments or special considerations in assessments (e.g., under Pearson's Supplementary Guidance), we may collect health-related data if you provide it to support your request. This is processed with your explicit consent and only shared with accrediting bodies like Pearson.
- For certain courses (e.g., those requiring CIOB or Pearson accreditation), we may collect criminal convictions data if mandated by the accrediting body. This is processed under legal obligation or with your explicit consent.
If we need such data, we will seek your explicit consent and apply enhanced security measures. We do not process this data for marketing or unrelated purposes.
4. How and why we use personal information
We process data only for lawful reasons under UK GDPR. Common bases include:
· Contract: To fulfil our agreement (e.g., delivering courses).
· Legitimate Interests: For our business needs (e.g., improving services), balanced against your rights.
· Legal Obligation: To comply with laws (e.g., reporting to regulators).
· Consent: For optional activities (e.g., marketing), which you can withdraw anytime.
For special category data, we rely on explicit consent, legal claims, or public interest. Below is a table of purposes:
As explained in section 0 above, there are more sensitive types of personal data which require higher levels of protection. Where we process such sensitive types of personal data we will usually do this in the following circumstances:
· We have your explicit consent by way of inclusion of such information on the required submissions to accrediting bodies;
· [Where it is necessary in relation to legal claims;]
· [Where you have made the personal data public].]
So that we are able to provide you with our courses or services, we will need your personal information. If you do not provide us with the required personal information, we may be prevented from supplying the course or service to you.
It is important that you keep your personal information up to date. If any of your personal information changes, please contact us as soon as possible to let us know. If you do not do this then we may be prevented from supplying the courses or services to you for example, if you change contact details and do not tell us, then communications with you may be delivered to the wrong address(es) we hold.
Where we rely on consent for a specific purpose as the legal reason for processing your personal information, you have the right under data protection law to withdraw your consent at any time. If you do wish to withdraw your consent, please contact us using the details set out at the beginning of this notice. If we receive a request from you withdrawing your consent to a specific purpose, we will stop processing your personal information for that purpose, unless we have another legal reason for processing your personal information, in which case, we will confirm that reason to you.
We have explained below the different purposes for which we use your personal information and, in each case, the legal reason(s) allowing us to use your personal information. Please also note the following:
· If we use the Legitimate Interests Reason as the legal reason for which we can use your personal information, we have also explained what that legitimate interest is; and
· For some of the purposes we may have listed more than one legal reason on which we can use your personal information, because the legal reason may be different in different circumstances. If you need confirmation of the specific legal reason that we are relying on to use your personal data for that purpose, please contact us using the contact details set out at the start of this privacy notice.
|
Purpose |
Data Used |
Legal Basis |
Legitimate Interest (if applicable) |
|
Enquiring/processing course enrolments |
Identity, Contact, Payment. |
Contract. |
N/A. |
|
Delivering online courses/assessments (e.g., Pearson NVQ Level 6/7 via distance learning). |
Identity, Contact, Assessment/Learning. |
Contract; Legal Obligation (e.g., Pearson requirements). |
Ensuring quality and authenticity in remote delivery. |
|
Providing support/feedback. |
Contact, Assessment/Learning. |
Contract. |
Improving learner experience. |
|
Sharing with accrediting bodies (e.g., Pearson for registrations/certifications, CIOB for chartership). |
Identity, Contact, Assessment/Learning. |
Contract; Legal Obligation. |
Fulfilling accreditation standards. |
|
Marketing similar services. |
Contact, Marketing. |
Consent or Legitimate Interests. |
Promoting relevant professional development. |
|
Analytics/improving services. |
Technical, Survey. |
Legitimate Interests. |
Enhancing online platforms and course quality. |
|
Compliance (e.g., audits, fraud prevention). |
All relevant. |
Legal Obligation. |
N/A. |
Sometimes we may anonymise personal information so that you can no longer be identified from it and use this for our own purposes. In addition, sometimes we may use some of your personal information together with other people’s personal information to give us statistical information for our own purposes. Because this is grouped together wither other personal information and you are not identifiable from that combined data we are able to use this.
Under data protection laws we can only use your personal information for the purposes we have told you about, unless we consider that the new purpose is compatible with the purpose(s) which we told you about. If we want to use your personal information for a different purpose which we do not think is compatible with the purpose(s) which we told you about then we will contact you to explain this and what legal reason is in place to allow us to do this.
5. Details of how we collect personal information and special information
We usually collect Identity Information, Contact Information, Payment Information, Transaction Information, Survey Information, Marketing Information directly from you when you fill out a form, survey or questionnaire, purchase goods, services and/or digital content from us, contact us by e-mail, telephone, in writing or otherwise. This includes the personal information which you provide to us when you enquire about our courses and services
We may receive some of your personal information from third parties or publicly available sources. This includes:
· Contact Information and Payment Information from accrediting bodies, such as the Chartered Institute of Building (CIOB)
· Website, Device and Technical Information from third parties such as analytics providers like Google and Microsoft
6. Details about who personal Information may be shared with
We may need to share your personal information with other organisations or people. These organisations include:
Third parties who may include:
· Suppliers: such as IT support services, payment providers, administration providers, such as Microsoft, Paypal and Mozello
· Government bodies and regulatory bodies: such as HMRC, fraud prevention agencies.
· Accrediting bodies if your course requires us to notify of your intent to being accredited by said body.
· Our advisors: such as lawyers, accountants, auditors, insurance companies
· Our bankers
· Credit Reference Agencies
· E-mail platforms
Depending on the circumstances, the organisations or people who we share your personal information with will be acting as either Data Processors or Data Controllers. Where we share your personal information with a Data Processor we will ensure that we have in place contracts, which set out the responsibilities and obligations of us and them, including in respect of security of personal information.
We do not sell or trade any of the personal information which you have provided to us.
7. Details about transfers to countries outside of the EEA
We do not transfer your personal information outside of the EEA.
8. Details about how long we will hold your personal information
We will only hold your personal data for as long as is necessary. How long is necessary will depend upon the purposes for which we collected the personal information (see section 0 above) and whether we are under any legal obligation to keep the personal information (such as in relation to accounting or auditing records or for tax reasons). We may also need to keep personal information in case of any legal claims.
We have set out above the details of our retention periods for different types of data. You can find them in in section 2 and also in section 0
9. your rights under data protection law
Under data protection laws you have certain rights in relation to your personal information, as follows:
· Right to request access: (this is often called ‘subject access’). This is the right to obtain from us a copy of the personal information which we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your personal information is being used.
· Right to correction: this is the right to request that any incorrect personal data is corrected and that any incomplete personal data is completed.
· Right to erasure: (this is often called the “right to be forgotten”). This right only applies in certain circumstances. Where it does apply, you have the right to request us to erase all of your personal information.
· Right to restrict processing: this right only applies in certain circumstances. Where it does apply, you have the right to request us to restrict the processing of your personal information.
· Right to data portability: this right allows you to request us to transfer your personal information to someone else.
· Right to object: you have the right to object to us processing your personal information for direct marketing purposes. You also have the right to object to us processing personal information where our legal reason for doing so is the Legitimate Interests Reason (see section 0 above) and there is something about your particular situation which means that you want to object to us processing your personal information. In certain circumstances you have the right to object to processing where such processing consists of profiling (including profiling for direct marketing).
In addition to the rights set out, where we rely on consent as the legal reason for using your personal information, you have the right to withdraw your consent.
If you want to exercise any of the above rights in relation to your personal information, please contact us using the details set out at the beginning of this notice. If you do make a request then please note:
· we may need certain information from you so that we can verify your identity;
· we do not charge a fee for exercising your rights unless your request is unfounded or excessive; and
· if your request is unfounded or excessive then we may refuse to deal with your request.
10. Marketing
You may receive marketing from us about similar goods and services, where either you have consented to this, or we have another legal reason by which we can contact you for marketing purposes.
However, we will give you the opportunity to manage how or if we market to you. In any e-mail which we send to you, we provide a link to either unsubscribe or opt-out, or to change your marketing preferences. To change your marketing preferences, and/or to request that we stop processing your personal information for marketing purposes , you can always contact us on the details set out at the beginning of this notice.
If you do request that we stop marketing to you, this will not prevent us from sending communications to you which are not to do with marketing (for example in relation to courses and services which you have purchased from us).
We do not pass your personal information on to any third parties for marketing purposes.
11. Complaints
If you are unhappy about the way that we have handled or used your personal information, you have the right to complain to the UK supervisory authority for data protection, which is the Information Commissioner’s Office (ICO). Please do contact us in the first instance if you wish to raise any queries or make a complaint in respect of our handling or use of your personal information, so that we have the opportunity to discuss this with you and to take steps to resolve the position. You can contact us using the details set out at the beginning of this privacy notice.
12. Third Party Websites
Our website may contain links to third party websites. If you click and follow those links then these will take you to the third party website. Those third party websites may collect personal information from you and you will need to check their privacy notices to understand how your personal information is collected and used by them.