Purpose and Scope of this Policy
Worldwide Waste Wise (Waste Wise) is committed to protecting your personal information. It’s your information, it’s personal, and we respect that. We also want to maintain the trust and confidence of everyone who uses our services and website.
Please read this Policy carefully, as it contains important information on who we are, how and why we collect, store, use and share your personal data, your rights in relation to your personal data and how to contact us in the event that you would like to report a concern about the way in which we process your personal data.
We appreciate your support and the trust you give us when you provide us with your personal data.
Worldwide Waste Wise (WWW) is a private company limited by shares (Company No: 9176827).
Our registered address is Merley House, Merley House Lane, Wimborne, Dorset, BH21 3AA. Telephone: 01202 612149
For the purpose of GDPR, WWW is the ‘controller’ of the personal data you provide to us.
If you have any concerns or queries about this Policy, the way in which WWW processes personal data, or about exercising you rights, you have the right to contact the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance by sending an email to firstname.lastname@example.org
How we collect data from you?
We only collect personal data that you want to provide to us, or that is needed to provide (and improve) our service to you. We collect personal data if you:
- Provide it directly by filling in a contact form on our website
- When you correspond with us by phone, email or in writing
- When you enter into a contract with us to receive services such as training, qualifications and courses
- Report a problem
What information do we collect about you?
We may collect your name, postal address, date of birth, email address, telephone numbers, bank and/or credit card details and job role. This information is necessary for us to fulfil any order for goods or services you have asked us to provide such as: qualification assessment/mentoring, courses, health and safety advice. Our legal basis for this processing is our customer contract with you.
We may also receive information about you from the awarding/professional body you have registered with for your qualification or training course.
Information about other people
If you provide information to us about other people, such as your employer or next of kin, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us to use it.
Sensitive Personal Data
We do not normally collect or store sensitive personal data (such as information relating to health). However, there are some situations where we will need to do so (e.g. if you have an accident on our premises at Merley House or if you tell us about a disability). If we record your sensitive personal data we will take extra care and follow additional procedures to ensure your privacy rights are protected.
Our legal basis for collecting sensitive personal data will usually be so that we can fulfil legal or regulatory requirements, and in other cases it will be your explicit consent.
How do we use your personal data?
We may use your personal data to fulfil a contract to:
- Provide you with products and/or services which you have registered for
- Undertake administration, accounting and process payment in relation to products and/or services which you have registered for
- Provide you with a certificate, credential or other record of learning
- Respond to your requests and inquiries
- Contact you about our quality assurance processes
- Assess and provide reasonable adjustments in relation to your training or assessment where requested
We may also use your personal data where it is necessary to pursue our legitimate interests as a provider of training, assessment and/or other services, including to:
- Provide you with communications and newsletters to inform you about any of our new products and services that may be of interest to you
We may also process your personal data if required by law, including to respond to requests by Government or law enforcement authorities, or for the prevention of crime or fraud.
NOTE: you have the right to object to the processing of your personal data on the basis of legitimate interests (see ‘Your Rights’ section).
Sharing your information:
We take all reasonable steps to ensure that our staff and contractors protect your personal data, and are aware of their information security obligations. We also endeavour to only share your personal data with those who have a genuine business need to know it or are trusted third parties including:
- Regulatory bodies and awarding bodies
- With certain service providers who are contracted to us to provide services on our behalf such as internal quality assurance and assessment and training
- To comply with any legal or regulatory obligations.
We will ensure that there is a contract in place with such third parties, which include obligations in relation to the confidentiality, security and lawful processing of any personal data shared with them.
Changing your preferences and updating your details:
You are in control of what we do with your personal data. If you would like to change your choices, or how we communicate with, just let us know. Please contact us using the contact details in the ‘About us’ section.
Please also let us know if your personal data is inaccurate because your details have changed (for example you have moved house). When updating your personal data by phone or email, we may ask you to verify your identity before we can act on your request.
Where we store your personal data and how is it protected?
We take reasonable steps to protect your personal data from loss or destruction. All information you provide to us is stored and processed by our staff on servers in the UK, and on paper in a secure environment.
We maintain appropriate safeguards, procedures and technology in order to keep your personal data secure, including procedures in place to deal with any suspected data security breach. We also require that third parties we choose to process your personal data do the same.
We cannot however, guarantee the security of information via the internet so transmission through our website will be at your own risk. We can however, try to prevent unauthorised access once we have received your personal data.
We will not share your personal data with any third parties for marketing purposes.
We don’t store these details.
How long we keep your personal data?
We will retain personal data relating to your learning, training, assessment and certification to enable us to provide information about your learning or a replacement certificate.
We will retain personal data relating to our quality assurance processes, appeals or investigations for a period of 3 years to ensure that we are able to comply with any contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities.
Right to Access
You have the right to request a copy of the personal data that we hold about you by contacting us at the email or postal address given in the ‘About us’ section. Please include with your request information that will enable us to verify your identity. We will respond within 1 month of request. Please note that there are exceptions to this right. We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person, if we are legally prevented from disclosing such information, or if there is no basis for your request, or if it is excessive.
Right to rectification
We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details in the ‘About us’ section to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
Right to erasure
You have the right to request the deletion of your personal data where, for example, the personal data is no longer necessary for the purposes for which it was collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed. If you would like to request that your personal data is erased, please contact us using the contact details in the ‘About us’ section.
Right to object
In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes. If you would like to object to the processing of your personal data, please contact us using the contact details in the ‘About us’ section.
Right to restrict processing
In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have queried the accuracy of the personal data we hold about you, and we are verifying the information, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. Please contact us using the contact details in the ‘About us’ section.
Right to data portability
In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. If you would like to make such request, please contact us using the contact details in the ‘About us’ section.
Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception we will explain this to you in our response.
If you believe that your data protection rights may have been breached, and we have been unable to resolve your concern, you may lodge a complaint with the applicable supervisory authority or to seek a remedy through the courts. Please visit https://ico.org.uk/concerns/ for more information on how to report a concern to the UK Information Commissioner’s Office.
Changes to our Policy
Any changes we may make to this Policy in the future will be posted on our website. Please check back frequently to see any updates or changes to our Policy.