This policy is provided for all staff, learners and tutors of Atom Services Limited.
Protecting your privacy
Your privacy is important to us.
Atom Services Limited is committed to safeguarding the personal information you provide to us and to protecting your privacy.
The purpose of this privacy statement is to assist you in understanding how we, use personal information collected, and the choices you can make about how your personal information is used.
Atom Services Limited may occasionally be required by law to collect and use certain types of information to comply with the requirements of government departments or awarding bodies.
This information is collected, recorded and used with safeguards to ensure this complies with the Data Protection Act 2018.
The information we collect
We may collect personal information about you when you register with us through the use of paper and electronic registration forms.
This information includes name, email address, password, gender, ethnicity and preference information to enable personalisation.
In addition to your personal information, when you use our websites, we use Third party services such Google analytics to collect tracking information such as your browser type, the type of operating system you use, the name of your internet service provider and pages visited on the site.
Atom Services Limited gets this information by using technologies, such as google analytics to increase the functionality and user-friendliness of our website and to better tailor our website to your needs.
For example, we may want to know how long the average user spends on our website or which pages get the most attention. Information such as this will only be used in aggregate form and does not identify you personally.
What information is taken
Information can include but is not limited to:
- Personal details ( Name/Age ect)
- Contact details
- Ethnic origin
- Biometrics (where used for ID purposes)
- Sexual orientation
How the information is used
Atom services will ensure data is:
- Processed lawfully, fairly and in a transparent manner in relation to individuals
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We collect information on our users for a variety of purposes:
- To help us improve and provide a personalised service to you.
- To conduct market research.
- To reply to your enquiries more efficiently through the services we provide.
- To run competitions.
- So that we can send you information relevant to your interests.
- So that we can inform you of new offers, products and services that may be of interest to you.
- To build up marketing profiles.
- To aid strategic development.
- To manage our relationship with advertisers.
- To audit usage of the site.
We fully endorse and adhere to the Principles of data protection, as set out in the Data Protection Act 2018. The Principles require that personal information:
- Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met;
- Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;
- Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
- Shall be accurate and, where necessary, kept up to date;
- Shall not be kept for longer than is necessary for the specified or legal purpose(s);
- Shall be processed in accordance with the rights of data subjects under the Act;
- Should be subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data;
- Shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Atom Services Limited will ensure:
- All employees responsible for collecting and processing data have been trained by the management so as to comply with the rules set out above.
- Procedures for collecting data have been approved by management to ensure all personal information collected complies with the rules set out above.
The Right to be Informed
The General Data Protection Regulations gives data subjects 8 rights in regard to their personal data. These rights are:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
Allowing access to data
At Atom Services we follow rights for individuals within a one month period:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and the right not to be subject to automated decision-making including profiling
All information will be provided free of charge within one month.This can be extended by two months where the request is complex, or you receive a number of requests.
You must inform the individual within one month of the receipt of the request and explain why the extension is necessary.
Atom Services will verify the identity of the person making the request, using ‘reasonable means’.
We will look to where possible, be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information.
The right to obtain a copy of information or to access personal data through a remotely accessed secure system should not adversely affect the rights and freedoms of others.
The right to erase and disposing of information
The GDPR gives a specific right to withdraw consent. We explain to all delegates about their right to withdraw and offer them easy ways to withdraw consent at any time.
At atom disposing of any IT equipment or paperbased forms is done following our
Atom Services has a named data controller which determines the purposes and the means of processing personal data.
Our data controller determines the purposes for which, and the manner in which, any personal data are, or are to be, processed.
Our Data Protection Officer is tasked with monitoring compliance with the GDPR and other data protection laws, your data protection policies, awareness-raising, training and audits.
Our Data Protection Officer acts as a contact point for the ICO.
Online services, marketing and links
Our websites contain links to other websites which are not controlled by Atom Services Limited. This privacy statement applies only to our websites. bans ‘pre-ticked’ opt-in boxes.
It also requires individual (‘granular’) consent options for distinct processing operations. Consent should be separate from other terms and conditions and should not generally be a precondition of signing up to a service.
Atom services look to build close realionships and not to provide information to clients or delegates who do not need our services.
Updating your personal information
Please keep us informed of any changes in your personal details.
You can at any time update or correct your registration information and change your choices about the information services you would like to receive, by logging into your account.
Breaches of Data
To report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach.
If the breach is likely to result in a high risk of adversely affecting individual’s rights, you must also inform those individuals without delay. Atom Services will keep a record of any personal data breaches, regardless of whether y are required to notify.
Data breaches can include:
- Access by an unauthorised third party
- Deliberate or accidental action (or inaction) by a controller or processor;
- Sending personal data to an incorrect recipient;
- Computing devices containing personal data being lost or stolen;
- Alteration of personal data without permission; and
- Loss of availability of personal data.
Recital 87 of the GDPR states that when a security incident takes place, we will establish whether a personal data breach has occurred and, if so, promptly take steps to address it, including telling the ICO if required.
How to report a breach
All staff at Atom are aware of who the relevant supervisory authority for your processing activities are. This is set out in their induction. All information about a breach we provide to individuals will be guided by any advice to help them protect themselves from its effects.
When reporting a breach, we will provide:
- A description of the nature of the personal data breach including, where possible
- The categories and approximate number of individuals concerned
- The categories and approximate number of personal data records concerned
- The name and contact details of the data protection officer (if your organisation has one) or other contact point where more information can be obtained
- A description of the likely consequences of the personal data breach
- A description of the measures taken, or proposed to be taken, to deal with the personal data breach including where appropriate the measures taken to mitigate any possible adverse effects.
If a member of staff needs to report a breach to the ICO they can call them on 0303 123 1113 or follow the link below to report it through their website using the following link: https://ico.org.uk/for-organisations/report-a-breach
And Provide the following details:
- The name and contact details of your data protection officer (if your organisation has one) or other contact point where more information can be obtained;
- A description of the likely consequences of the personal data breach;
- A description of the measures taken or proposed to be taken to deal with the personal data breach and including, where appropriate, of the measures taken to mitigate any possible adverse effects.
Changes to the privacy information
Atom Services will regularly review and, where necessary, update our Data protection this will be briefed to all staff members and made avaible to learners on our notice board and website.
Changes are made by:
- Undertake the information from audits to find out what personal data we hold and how we use it.
- Carrying out user testing to evaluate how effective our privacy information is.
- Any changes in Law or accrediting bodies regualtions.