Our Commitment to Privacy
Your privacy is important to us. To protect your privacy, we have provided this notice explaining our information practices, ensuring that we shall be responsible for, and be able to demonstrate, compliance with the principles of The General Data Protection Regulation (GDPR). Within this notice we will cover the following points:
- The Six Principles of GDPR
- The Information We Collect
- Sources of Collection
- How We Use Information
- Keeping your details up to date
- Your rights
- Our Commitment to Data Security
- Our Commitment to Children's Privacy
- Further Information Regarding GDPR
- How to Contact Us
- Review of Privacy Notice
To make this notice easy to find, we will make it available on our homepage and at points where personally identifiable information may be requested.
We identify ourselves as a ‘controller’, who determines the purposes and means of processing personal data.
We use third party ‘processors’ and ‘controllers’ who are responsible for processing personal data on behalf of Phoenix Health and Safety.
‘Personal data’ refers to any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
The Six Principles of GDPR
Article 5 of the GDPR requires that personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The Information We Collect
This notice applies to all information collected or submitted on this website, via phone calls, webchat, social media platforms, messenger services and email. The types of personal information collected depends on the nature of contact, but may include:
- Email address;
- Phone number;
- Date of birth;
- Payment information;
- Educational and employment background;
- Comments and feedback;
- Cookie information.
Sources of Collection
A contact form on the website is also used to collect name, email, telephone and a comments section for those individuals wishing to gain further details about the services offered. The personal data will be retained for a maximum of 5 years This timescale will be extended if the contact becomes a customer and uses Phoenix’s services. We will seek consent and make it clear at the point of data capture.
Live Web chat
A live web chat service is available on our website for those who wish to engage with a sales person in real time. We use a third-party provider to supply and support the LiveChat service. Individuals do not need to provide personal data to use the LiveChat in order to speak with Phoenix. Individuals may request a transcript of the LiveChat session at the start of the session or prior to the session ending. When using LiveChat we may ask for your name, email address and telephone number should you request further details about a service or product. In providing such information, consent is given for future contact. We will seek consent and make it clear at the point of data capture.
For the purpose of our legitimate interests. we use a third-party service provide to protect against suspicious traffic, viruses and malicious attachments. Emails may also be subject to viewing by third parties, including training bodies.
Social Media / Messenger services
We use third party service providers, such as Facebook and Twitter, to engage in various media platform to connect with individuals. The information gathered via interactions may be used for marketing or sales purposes via consent. Postings on social media may be used within other publications, such as a Facebook posting may be used within the monthly newsletters. We will seek consent and make it clear at the point of data capture.
Webinars / eLearning
We use third-party providers for our webinar and eLearning platforms. Information collected includes name and email address. This information is retained on the webinar platform for a maximum of five years. This information is not processed for any other means by the third party and is not used for marketing purposes.
Online student library
We use a third-party online storage facility, Google Drive, to store training materials and resources for students. No information is collected from individuals that access this source. No personal data is stored on the online storage facility.
Booking consultancy services
No information will be shared with other third parties.
Payment details are processed when booking training via our website. We use third party Barclays to securely handle the payment. We will never store payment information for orders processed on this website. For payments completed via telephone, information is inputted directly the secure Barclays payment processor. Financial records will be maintained securely for the HMRC required 6 years, thereafter details will be destroyed. Refund information is kept securely for 30 days and then destroyed.
We recognise the importance of privacy whilst making a complaint. A copy of our complaints procedure is available on request. For the purpose of our legitimate interests, during the complaints investigation we will gather information related to the case. This normally contains the identity of the complainant and any other individuals involved in the complaint. Upon resolution of the case we will keep personal information contained in complaint files for 12 months, thereafter information will be destroyed.
The company records telephone calls for the purposes of training and fact checking.
The Way We Use Information
On contact with Phoenix Health and Safety, your personal information will be collated and store for legitimate use of processing training and services. We may also use your personal details to let you know about other services and products that may be of interest and to keep you informed of latest health and safety developments.
We use a third-party provider to deliver our monthly newsletters. We gather statistics around email opening and clicks using industry standard technologies. We will seek consent for processing such data. Individuals are given the opportunity to un-subscribe at any time.
We use a third-party provider to create and deliver our marketing promotions. Email campaigns will contain tracking facilities to gather information, such as opening and click rates, thus ensuring targeted marketing. Individuals are given the opportunity to un-subscribe at any time.
For the purpose of our legitimate interests. where applicable, your information will be disclosed to third party training bodies such as NEBOSH, IOSH, City & Guilds and CITB for the purpose of student registration and exam registration purposes. This information will not be shared with other third-party organisations. Such training bodies will be considered a ‘controller’ for processing personal data and advice should be sourced from relevant training body for further details.
As part of our Phoenix’s policy, completed TMAs and practical projects may be subjected to an internal moderation process, whereby Phoennx trainers and associates will mark selected papers and be compared with a NEBOSH moderation marking. All personal data (name, student number, company details, date) will be removed from the papers to avoid identification indicators. This process is only used for internal monitoring purposes.
For the purpose of our legitimate interests, we use a third-party IT provider to manage the infrastructure of our databases, which includes a student database containing personal data such as name, address and contact details. This information is not processed for any other means by the third-party IT provider. Personal data within the database may be used by Phoenix staff and a third-party marketing company to communicate with you in relate to products and services offered by Phoenix.
Links to other websites
This privacy notice does not cover the links used within material, resources and online services linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Transfer of data to non-EEA Country
Your personal information may be transferred to other countries for processing, which may have different personal data protection rules than the European Economic Area (EEA). If we transfer personal data outside the EEA, we ensure adequate protection remains in place to protect your privacy, including through the use of EU model clauses.
Keeping your details up to date
We always endeavour to make sure that the information we hold about you is accurate and up to date, but we need your help to do this. If you have a change of name and/or contact details, please contact us on firstname.lastname@example.org or call us on 0861 591 592.
The GDPR provides the following rights for individuals:
The right to be informed
Individuals have the right to be informed about the collection and use of personal data. Phoenix Health and Safety is committed to the transparency requirement under the GDPR and will ensure privacy information is provided at the time of collecting personal data. Any questions relating to the collection, processing, storing and disposal of data should be made to
The right of access
Individuals have the right to access their personal data and supplementary information. Such requests will be responded within 30 days of receipt or an extension may be applied up to 90 days for requests that are complex or numerous. A copy of the information will be free of charge. However, a ‘reasonable fee’ may be charged when a request is manifestly unfounded or excessive, particularly if it is repetitive. Any rights of access request should be made to
The right to rectification
The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete. A request for rectification can be made via
Such requests will be responded within 30 days of receipt or an extension may be applied up to 90 days for requests that are complex or numerous. A request for rectification may be denied if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. The rectification will be free of charge. However, a ‘reasonable fee’ may be charged when a request is manifestly unfounded or excessive, particularly if it is repetitive. The right to erasure The GDPR introduces a right for individuals to have personal data erased. A request for erasure can be made via. Such requests will be responded within 30 days of receipt or an extension may be applied up to 90 days for requests that are complex or numerous. A request for erasure may be denied if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. The erasure will be free of charge. However, a ‘reasonable fee’ may be charged when a request is manifestly unfounded or excessive, particularly if it is repetitive.
The right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store the personal data, but not use it. A request for restrict processing can be made viaSuch requests will be responded within 30 days of receipt or an extension may be applied up to 90 days for requests that are complex or numerous. A request for restrict processing may be denied if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. The restrict processing will be free of charge. However, a ‘reasonable fee’ may be charged when a request is manifestly unfounded or excessive, particularly if it is repetitive.
The right to data portability
The right to object
Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics. A request for the right to object can be made viaSuch requests will be responded within a reasonable timescale and provided free of charge.
Our Commitment to Data Security
To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
Any personal information you give to us will only be used by Phoenix Health and Safety and by its processors and service providers. We do not sell or share personal information with third parties unrelated to it. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Our Commitment to Children's Privacy
Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information at our website from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.
Further Information Regarding GDPR
Further details about The General Data Protection Regulation (GDPR) is available from the Information Commissioner's Office.
Should you have other questions or concerns about these privacy policies, please contact email@example.com or call us on 0861 591 592.
Review of Privacy Notice
This privacy notice will be regularly reviewed and was last updated on 15th May 2018.