Privacy Notice
We understand that privacy and the security of your personal information is extremely important.
This notice sets out how we collect your personal information, what we do with it and what we do to keep it secure. It also explains your rights over the personal information we hold about you.
This policy relates to CMP and applies to clients, prospective clients, employees, and visitors to our website, social media pages or contact CMP by other means.
CMP is registered with the Information Commissioners Office as, and acts as a ‘data controller’.
The information that we collect about you will only be used lawfully. We shall comply with our regulatory and legal obligations to comply with relevant legislation for processing data.
All data is retained within the United Kingdom and transferred only if adequate protection has been confirmed.
We have identified that the lawful bases for our data use under this engagement are:
- The ‘legitimate interest’ of the parties and those involved in the services provided
- Compliance with our ‘legal obligations’
- Where relevant, to ensure the performance of a ‘contract’ between us
We have organised this Privacy Notice by Processing Activity, to enable you to easily access details specifically relating to our use of your data. Regardless of which activity we collect and process your data for, your rights remain the same.
The Data Protection Act provides the following rights for individuals:
- The right to be informed: You have the right to be informed. We will inform you of the reason for processing your data, when we first contact you or via clear and accessible privacy notices.
- The right of access: You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a ‘Subject Access Request’.
- The right to rectification: If any of the personal information we hold about you is inaccurate or incomplete you have the right to have this corrected.
- The right to erasure: You have the right to erasure, also known as ‘the right to be forgotten’. You can request the deletion or removal of your personal data where there is no compelling reason for its continued processing. Note, however, that we may not always be able to comply with your erasure request for specific legal reasons.
- The right to object: You have the right to object to the processing of your personal data in certain circumstances such as when processing is based on legitimate interests, or for direct marketing (including profiling).
- The right to restrict processing: You have the right to ask us to suspend the processing of your personal data in some instances. When processing is restricted, we are permitted to store your personal data, but not further process it.
- The right to data portability (request to transfer): You have the right to receive the personal data which you have provided in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance where technically feasible.
- Rights in relation to automated decision making and profiling: CMP does not use automated decision making and profiling in providing our service.
If you would like to exercise your rights as set out above or have any concerns or questions regarding this notice, or the way your personal information is processed, please contact our Information Security Team at the following:
Email: data.protection@cmpsolutions.com
Tel: 01763 852225
Address: Low Farm, Brook Road, Bassingbourn, Hertfordshire, SG8 5NT
Processing Activities
Training delegates on non-accredited courses
Learner records for accredited courses
Project commissioners and internal coordinators
These statements are intended to provide you with information as to how we collect, use and store your personal data.
Training delegates on non-accredited courses
Data Collection
Typically, for non-accredited courses, we will not collect your data. However, in some cases we need to know some basic information, such as your name, contact email address, and phone number. This is typically sent to us by your organisation. Where information is not received by you directly, we will share a link to this policy with your organisation to share with you.
Data Use
If we collect your data, we use it to send you course materials and evaluations. We may also use your data to promote other suitable products and services to you, and you will be added to our Customer Relationship Management System. The legal basis for this will be Legitimate Interest. You can change your marketing preferences at any time by contacting us or clicking unsubscribe on marketing communications.
Data Storage, Transmission and Retention
We store your data on secure file servers and a cloud-based Customer Relationship Management System (CRM). We only share relevant data with those working on your project/training delivery. This data may include your name and email address and is used to record your attendance and is returned to CMP. Staff working on your course/project delivery do not retain your data. Delegates on non-accredited courses are removed from our CRM 7 years after our last contact with you.
Learner Records for Accredited Courses
Data Collection
We require personal data to register you for certification with our Awarding Bodies. This data includes your date of birth, name and address.
Data Use
We use your personal data and contact information to register you with our Awarding Bodies for course registration, for internal verification of learning and standards, to organise certificates, to provide feedback and to promote other suitable services.
Data Storage, Transmission and Retention
We store your data on secure file servers and a cloud-based Customer Relationship Management Systems (CRM). We only share your data with our Awarding Bodies and those working on your course/project delivery. This data includes your name and email address and this data is used to record your attendance and achievement. Staff working on your course/project delivery do not retain your data. We refer you to your specific Awarding Body to view their privacy policies regarding their use of your data.
As your data can be used to form a life-long record of learning, delegates on assessed courses are removed from our system 7 years after our last communication with you.
Website Form Submissions
Data Collection
If you complete a form on our website, we will collect some basic information, such as your IP address, name, contact email address, and phone number.
Data Use
We use your comments, and contact information to respond to your enquiry. We may use your data to promote other suitable products and services. You will have been asked to tick a box to show they have read and agree to this privacy policy. You will be added to our Customer Relationship Management System.
Data Storage, Transmission and Retention
We store your data on secure file servers and a cloud-based Customer Relationship Management System (CRM). We will not share the data you submit over our initial web-contact form. However, should you become another type of user, i.e. a Learner on an accredited course, data will be shared as detailed under our privacy statement regarding the relevant activity. As our services are available throughout your career, your data will be removed from our system 7 years after our last communication with you.
Email communications to CMP
Data Collection
If you send CMP an email, we will collect the data that you have sent, such as your name, contact email address, and phone number.
Data Use
We will use your comments and contact information to respond to your enquiry. We may use your data to promote other suitable products and services, and you will be added to our Customer Relationship Management System.
Data Storage, Transmission and Retention
We store your data on secure file servers and Microsoft Office. We will not share your data unless you further engage in another activity with CMP, as stated within our privacy policy.
Your data will be removed from our system 7 years after our last communication with you.
Project commissioners and Internal coordinators
Data Collection
If you send CMP an email in relation to project management or commissioning a piece of work from CMP, we will collect the data that you have sent, such as your name, contact email address, and phone number.
Data Use
We use your emails, and contact information to respond to your enquiries and promote other suitable services. The legal basis for processing this information is Contract, as you have shown an interest in commissioning CMP to fulfil a need within your organisation. A link to this privacy notice is included within CMP staff email signatures, and your details will be added to our Customer Relationship Management System.
Data Storage, Transmission and Retention
We store your data on secure file servers and a cloud-based Customer Relationship Management System (CRM).
We only share your data with those working on your course/project delivery who will not retain this data after the completion of the project/course.
As our services are available throughout your career, your data is reviewed every 10 years, and removed from our systems 7 years after our last communication with you.
Casework Participant Details (Party/Coachee)
Data Collection
We will collect your contact details, as part of the fulfilment of the contract between CMP and your employer. This information is typically sent to us by your organisation.
Data Use
The data we collect is used to enable us to fulfil our obligations to your organisation, such as to schedule meetings and share information between us. We do not add your details to our marketing database.
Data Storage, Transmission and Retention
We store your data on secure file servers and a cloud-based Case Management System(CMS).
We only share your data with those working on your course/project delivery.
Your data will be removed from our CMS 7 years after our last communication with you.
Third Party Processing of Personal Data
Where third party suppliers are used to process personal data on behalf of CMP/and or where CMP and suppliers are joint data controllers, then all relevant Business areas must ensure:
- They follow the Suppliers Standard & Procedure and the Suppliers Policy
- Where appropriate, the Record of Processing & Information Asset Register records the third party organisation undertaking the processing
- All contracts with third party suppliers which process personal data outside of the EU, or countries deemed adequate by GDPR, contain adequate legal protections e.g. Adequacy Agreement (as is the case for UK), EU Model Contract Clauses, or Binding Corporate Rules – it should be noted that Privacy Shield is no longer considered as adequate legal protection.)
If you are unhappy with our handling of your personal data you have the right to register a complaint the ICO, who are the UK’s supervisory authority for data protection: www.ico.org.uk/concerns