As part of running our business, John D Scotcher Limited (trading as Tovi E-Learning) sometimes needs to collect, maintain and use personal data about you. That will normally be if you are a current, past or prospective customer, a supplier, or an individual that’s contacted us and needs a response.
Just so you know, the legal basis that we have to process your data falls into three categories: Firstly, if you have a contract with us – for example if you are an existing customer or supplier. Secondly, if you’ve provided consent – for example, if you’ve consented to receive a newsletter from us. Thirdly, if we have a legitimate reason – for example, you have expressed genuine interest in our products and we have entered you into our CRM system to manage the sales process.
Any personal information you give us, either on this website (for example, via if taking a course), via email or direct mail, phone contact or direct contact in person will never be sold, rented or made public without your consent.
We take your privacy seriously. We’ll only use your information to administer your account or provide the products, services and/or information you’ve asked for. Sometimes, to do that we might need to pass information on to a third party (for example your email into a newsletter sending system). When we do, we’ll use safe, reliable, GDPR compliant services who won’t pass your personal details anywhere else. You can see who we use by looking at the ‘third party data processors’ below.
Information we collect
1. Information needed to run our courses
If you enrol on our courses, we'll keep a record of you and the progress you make on the course. If you pay for a public course, we'll keep your address details and invoice details on record for our own accounting purposes. We do not keep any payment data. We do not keep any personal data (age, gender etc).
2. Site visits tracking
We collect visitor behaviour on our website. This tells us which pages are visited, the sorts of searches that are used to find us what people do on the site when they are there. It doesn’t tell us anything personal about the people visiting the site, just what they do.
If you want to know more about cookies visit www.aboutcookies.org or www.allaboutcookies.org.
We use the data to make changes on our website based on what we see visitors are doing.
3. Contact by form, email link and telephone
If you email us, either using a website contact form or by sending a direct email, we’ll get that information in an email. That data isn’t stored on our website.
If you phone us and we need to store your details for any of the legal bases explained we’ll store it safely on company computers that are regularly maintained, safely kept (in alarmed premises where possible). We might also add your information to our CRM if it is right for processing your reason for contact.
We may keep a record of contacts (such as emails that have been sent and received), but again we won’t use the details for anything other than the relevant legal reasons stated.
On occasion, we’ll send marketing and information emails. We’ll only send these emails if you fall into one of the two following categories:
- You’re an existing customer or supplier who we do current business with.
- You’ve asked to get emails via a newsletter signup form / documented social media request.
If you’ve asked to get our marketing, you may opt out any time. There’ll be an unsubscribe link in each newsletter or you can contact us (see below).
Under 16? Legally you must obtain parental consent before joining email newsletters.
If you visit an office you may be recorded on our external CCTV cameras. These cameras are used purely for the purposes of security. They are motion activated and stored securely in the cloud. In the event of a break in, we would share any CCTV that provides evidence to the police. Other CCTV data is deleted regularly.
What we do with that information
Where appropriate, we’ll use the information we keep about you to:
- To send you information on products or services that you’ve asked for.
- To send you information on products or services, which we think will interest you.
- To carry out our obligations arising from any contracts entered into between you and us.
- To notify you about changes to our services or products.
- To inform business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
Access to your information and correction
You have a number of rights including the right to request a copy of the information that is held about you. If you’d to know what information is held, please email us and we'll reply to you by email. Legally that’s within one working month, but we’ll aim to reply as soon as we can. We want to make sure that your personal information is accurate and up to date. So once you have any information, you can ask us to correct or remove anything you think is wrong. For a full list of your rights, have a look at the ICO Website.
We’ll normally be happy to help at no charge, however where requests are manifestly unfounded, excessive, or repetitive after an initial, responded to, request, we’ll potentially charge an admin fee to cover the time taken to fulfil the request. This fee will be charged at our standard hourly rate.
Third Party Processors
We use a number of third parties to process personal data for us. These third parties have been carefully chosen and, to the best of our knowledge, all of them comply with current legislation where applicable for their country. We may need to share your information with them in order to process products or services. This may be within the UK or outside including the United States and countries outside of Europe.
This website is hosted on a server owned by GoCreations. The server is kept up to date and has round the clock monitoring. To see GoCreations Privacy Policies click here.
We run company emails through Gmail as part of Google Apps for business. Thus our emails sent both to and from us are stored on Google’s secure mail servers.
We use Google Analytics to track the user interaction which is a commonplace feature on many websites. Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.
To see Google’s privacy and terms click here.
We use GoCardless to process Direct Debit transactions. When customers sign up to pay by Direct Debit they do so directly with GoCardless. To see GoCardless’s policies, click here.
We will report any unlawful data breaches of data held by us to the ICO as required (https://ico.org.uk/for-organisations/report-a-breach/personal-data-breach/) within 72 hours of becoming aware of a breach taking place if it is apparent that personal data stored in an identifiable manner has been stolen.
All traffic (transferral of files) between this website and your web browser is encrypted and delivered over HTTPS.
As a small organisation, we don’t need to have an official Data Protection Officer. However, that role is voluntarily taken on by John. If you would like to speak with John, please contact the office by phone on any of the above numbers. Alternatively, please email us to make an enquiry specifically relating to data protection, the GDPR and you.