Last updated: 27th June 2018 by Claire Lickman
Happy Ltd needs to collect and process personal data in order to answer enquiries, provide services to its clients, manage its operations effectively, and meet legal requirements. This document sets out how we use your personal data.
This document will be updated from time-to-time in order to ensure compliance with Data Protection legislation.
To view the appropriate section, please click on the heading.
2. Who we are
Happy Computers Ltd (known here as Happy Ltd) is the data processor in relation to the processing activities laid out in this document if your booking is made through your employer, or the data controller if you are booking the course for yourself. This means that if your booking is made through your employer, then your employer controls why and how your personal information is processed. If you are booking the course yourself, then Happy Ltd decides why and how your personal information is processed.
Where this policy refers to “we”, “our” or “us” below, unless it mentions otherwise, it is referring to Happy Ltd.
3. What information do we collect about you and how do we collect it?
As soon as you contact us, we create a record in your name in our Client Relationship Management (CRM) software, Capsule. This record holds your name, your email address and any other contact information you give us (such as a telephone number or mobile number). This record also holds any email contact you have had with us to ensure that we have carried out your instructions carefully and for internal staff training purposes.
When you book a course with us, or when your employer books you onto a course with us, this information is stored in a record under your name in our Learning Management System (LMS). This record holds your name, your email address, a mobile number if you have given it to us. It also lists the courses that you have attended with us and whether you attended the course.
Under your training record, we may also store further personal information about you such as your dietary requirements and any physical requirements you may have. This information is only used to manage your training with us to ensure your day goes smoothly (for example, your dietary requirements will be used when ordering your lunch).
We automatically record all telephone conversations, which are used for internal training purposes only to improve our service to you. These conversations are not saved under each individual’s record, and are removed from our system each month.
If you have opted in to email marketing communications, your information is added to our email marketing software. Our email marketing software holds your name and your email address. It also keeps track of what emails you have opened and the links that you have clicked. Each email has a link at the bottom to manage your preferences and unsubscribe, so you can change your details or opt out at any time.
We may automatically collect information anonymously when you browser our website through Google Analytics. This is used to improve and optimise our website to provide a better service to you when you use our website.
See Section 5 for further details of the systems we use and links to their Privacy Policies.
4. How do we use your personal information?
We collect and process your personal data to deliver our services, to manage our operations effectively, and to meet our legal requirements.
You may also submit additional “special category” information to us, such as your dietary requirements or information about our religion relating to your dietary requirements, or any requirements or disabilities you have that may affect your training experience. We only use this information for the purpose for which it was provided.
We may ask you to provide a mobile phone number at the time of booking. We use this only to call you if you are late to our training courses.
5. Who do we share your information with?
To make an informed decision about whether to provide consent for your personal data to be processed or stored by Happy, we need to make you aware of other organisations that act as sub-processors for us in the provision of our services to you, as follows:
- Capsule, a web-based CRM. We use this to store contact information and correspondence with anyone who contacts Happy. You can read their Data Processing Agreement here: https://capsulecrm.com/dpa/
- Enterprise Study, a Learning Management System. We use Enterprise Study to manage course bookings and dates, trainer diaries and generate invoices. You can contact Enterprise Study for their GDPR impact information by emailing firstname.lastname@example.org
- Xero, a cloud-based accounting software. We use Xero to manage our financial information, and invoices generated in Enterprise Study are transferred to Xero for record keeping. You can view Xero’s GDPR compliance statement on their website at https://www.xero.com/uk/campaigns/xero-and-gdpr/
- Feefo, an independent ratings and review website. We may disclose your name, email address and details of the course you have taken with us to enable Feefo to email you a request for a review of your course. You can opt out of these review request emails by clicking on the Unsubscribe link at the bottom of each email. You can view their Data Protection statement on their website at https://www.feefo.com/business/gb_en/data-protection
When we use these providers, we only disclose to them any personal information that is necessary for them to provide their service. We have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
Other ways we may share your personal information
We may transfer your personal information if we are under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our enquirers, delegates, visitors and staff. However, we will always aim to ensure that your privacy rights continue to be protected.
6. Do we transfer information outside the European Economic Area (EEA)?
Information you provide to use is stored on our secure servers or on our cloud-based systems, which are located within the EEA.
7. How long do we keep your personal information for?
We only keep identifiable records for as long as they have a legal or business purpose.
Our data retention schedule is as follows:
- We retain your training record on our LMS for ten years, so that your training record is available to you, should you require this information in future.
- If you have opted into our email marketing, if you do not open an email from us for two years then we automatically delete your data. You can also opt out or change your preferences at any time using the links at the bottom of every email we send you. We retain a list of people who have unsubscribed for two years to make sure that they are not inadvertently re-subscribed, after which time they are deleted.
- All financial records are kept for seven years for tax purposes, in line with HMRC requirements for auditing purposes.
8. Your rights
Under the General Data Protection Regulation (GDPR) that comes into force on 25 May 2018, you have additional rights over your personal data.
GDPR is focused on re-empowering individuals and giving them more control over their personal data, as well as holding data controllers and data processors accountable for the safety of the data they hold.
These new rights are as follows:
- You have the right to be informed about how your data is being used
- You have the right to access the data held on file about you
- You have the right to have your data rectified if there are errors
- You have the right to know about how automated decisions are made (for example, credit checks when applying for a loan)
- You have the right to object to how your information is being used
- You have the right to erasure – the deletion of all information an organisation holds on file about you (unless some records are kept to comply with a legal obligation, for example)
- You have the right to restrict processing – so an organisation cannot use your data
- You have the right to data portability – to transfer your data from one organisation to another
You can request a copy of all data that we hold about you which we are legally obliged to provide to you in electronic format within one month of your request, free of charge. We will need to confirm your identity before we do so. You may then request any corrections, or object to the processing of your data, or request that this information is erased. We are also legally obliged to transfer all of your records to another provider within one month, free of charge, if you ask us to do so.
9. Contact Us
To request a copy of the personal data that we hold about you, or if you are concerned about the way that we have processed your personal information, please contact our Data Protection Officer.
Our Data Protection Officer is Ms C Lickman.
Telephone: 020 7375 7300
Post: 3rd Floor, 9 Alie Street, London E1 8DE
We will acknowledge your request within 24 hours and will respond to your request, query or concern within 30 days.
10. Concerns and complaints
If you are unhappy with how we are processing your data or are concerned in any way, you can also contact the Information Commissioner’s Office (ICO).
Visit the ICO website for their latest contact information: https://ico.org.uk/concerns/
You can contact them at any time regarding your concerns.