Privacy and Data Protection Policy Notice
Practitioner Development UK Ltd. (PDUK)’s Privacy and Data Protection Policy Notice refers to our commitment to treat information of employees, customers, stakeholders and other interested parties with the utmost care and confidentiality.
With this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.
This policy refers to all parties (employees, job candidates, customers, suppliers etc.) who provide any amount of information to us.
Who is covered under the Data Protection Policy?
Employees of PDUK must follow this policy. Contractors, consultants, partners and any other external entity are also covered. Generally, PDUK policy refers to anyone we collaborate with or acts on our behalf and may need occasional access to data.
Collection and processing of data
As part of PDUK operations, we need to collect and process information. This information includes any offline or online data that makes a person identifiable such as names, addresses, email address, role, area(s) of practice and phone numbers. Additional data including CV with work and education history, nurse registration number and bank details are collected and processed for contractors and PDUK employees.
Data is processed by PDUK for marketing and advertising purposes, as contact information, for HR purposes and for payment services. Further details of processing include:
- Processed for marketing and advertising purposes; email mailshots, brochure mailshots, newsletters.
- Processed to directly contact the individuals who are attending the courses with pre- or post-course information or material e.g. course packs, and in case of unexpected events e.g. course cancellations.
- Processed to monitor and record attendance for the distribution of post-course information or material e.g. course completion certificates.
- Processed to refund payments to clients. Please note, no credit card or bank details are stored by PDUK for clients. All payments made to PDUK by clients are processed by a separate organisation, Pay360, and PDUK does not have access to or process this data. The only payment services data that is processed by PDUK is in the event of a refund to a client. This data is then deleted or shredded after use.
- Processed to contact potential, current and previous contractors (lecturers) to offer employment opportunities.
- Processed to directly contact contractors and employees currently employed by PDUK or conducting work on behalf of PDUK.
- Processed for payment and HR administrative tasks.
PDUK will rely on the legal basis of Legitimate Interests under the General Data Protection Regulation (EU) 2016/679 to process personal data. These legitimate interests include the promotion of PDUK’s business, relevant and appropriate relationships, fulfilling commercial obligations, marketing and advertising and use of client and employee data.
PDUK sources this data from the individuals themselves, the employers of the individuals and on occasion from databases purchased from third party organisations. Once this information is available to us, the following rules apply.
Our data will be:
- Accurate and kept up-to-date
- Collected fairly and for lawful purposes only
- Processed by the company within its legal and moral boundaries
- Protected against any unauthorized or illegal access by internal or external parties
- Retained until it is no longer required for its intended purpose(s), with a retention period lasting up to 10 years
Our data will not be:
- Communicated informally
- Transferred to organisations, states or countries that do not have adequate data protection policies
Recipients of data
Personal data is shared with and processed by a small number of third parties in order for PDUK to achieve their Legitimate Interests. At present the following organisations have processed personal data on behalf of PDUK:
- Active Campaign (international third party); an online company that produce PDUK’s email shots. Client names and email addresses are provided and processed.
- The Mailing People; a company that prints and posts PDUK’s brochures. Client names and mailing addresses are provided and processed.
- Pay360; a company that collects and processes payment details from clients. PDUK does not store, have access to or process any payment details from clients. All data is given by the individual to Pay360 directly.
- Dropbox (international third party); online cloud service provider where PDUK stores personal data. Lecturer and employee data including name, home address, email, telephone number, CV with work and education history, nurse registration number and personal bank details are processed.
- Royal College of Nursing; an academic institution that provides accreditation for PDUK courses and PDUK’s clients. Client names and addresses are provided and processed.
Obligations and rights
In addition to ways of handling the data the company has direct obligations towards people to whom the data belongs. Specifically, we must:
- Let people know which of their data is collected
- Inform people about how we’ll process their data
- Inform people about who has access to their information
- Have provisions in cases of lost, corrupted or compromised data
- Allow people to request that we modify, erase, reduce or correct data contained in our databases
Under certain circumstances individuals have the right to:
- Access confirmation that their data is being processed
- Access their personal data
- Access other supplementary information
- Rectify inaccurate personal data
- Erase personal data
- Restrict processing of personal data
- Withdraw their consent to the processing of their personal data, in particular in regards to a personal legitimate interest and direct marketing
- Lodge a complaint with a supervisory authority
Should an individual wish to exercise any of these rights then please contact firstname.lastname@example.org with the request. The obligation will be fulfilled free of charge and within one month, unless requests are reasonably considered excessive, considerably burdensome or unfounded. No personal data will be shared without verification of the identity of the individual.
To exercise data protection we’re committed to:
- Restrict and monitor access to sensitive data
- Develop transparent data collection procedures
- Train employees in online privacy and security measures
- Build secure networks to protect online data from cyberattacks
- Establish clear procedures for reporting privacy breaches or data misuse
- Include contract clauses or communicate statements on how we handle data
- Establish data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.)
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action.
Please find our full Privacy and Data Protection Policy on our website at www.pduk.net/
Practitioner Development UK
86-90 Paul Street
London EC2A 4NE
phone 0207 1019294/ 02392 501428