We are committed to protecting and respecting your privacy.
Everyone has rights with regard to the way in which their personal information is handled. During the course of our activities we will collect, store and process personal information about our customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.
This policy sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.
The GDPR (Regulation (EU) 2016/679) is a regulation of the European Parliament, the Council of the European Union and the European Commission intended to strengthen and unify data protection for all individuals within the European Union (EU) and became law in the UK on 25th May 2018.
Under the GDPR, we are required to publish information about what data we collect, why we need to store it, and your rights under the GDPR legislation.
In these matters we are subject to the rulings of the Information Commissioner’ Office (ICO), the UK’s independent authority set up to uphold information rights and data privacy for individuals.
When processing your information, we must comply with the six enforceable principles of good practice. These provide that your personal information must be:
- processed lawfully, fairly and in a transparent manner,
- processed for specified, explicit and legitimate purposes,
- adequate, relevant and limited to what is necessary,
- accurate and kept up-to-date,
- kept for no longer than is necessary, and
- processed in a manner than ensures appropriate security.
- Information you give to us
We may collect, use, store and transfer different kinds of personal information about you, including:
- Identity Data, such as your name, marital status, title, date of birth, gender, job title and your employer.
- Contact Data, such as your work addresses, email addresses and telephone numbers.
- Document Data, such as copies of your passport
- Medical Data, including your physical and mental medical history, details of any medical conditions, your dietary preferences and details of any food allergies.
- Third Party Data, namely Identity Data, Contact Data, Document Data relating to business colleagues and other contacts.
- Financial Data, such as bank account and payment details.
- Transaction Data, including details about payments to and from you, and other details of services you purchase from us.
- Technical Data, including IP addresses, your log-in data, browser type and version, time-zone setting and location
- Profile Data, such as your username, password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data, including information about how you use our website, products and services.
- Marketing Data, such as your your communication preferences and in receiving marketing from us.
- Performance Data, such as performance analytics from tests taken or feedback given.
- Recruitment Data, DOB, employment background
‘Special category’ data: Information relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, criminal convictions, sexual orientation, or certain types of genetic or bio-metric data is known as ‘special category’ data.
At no point during the course of providing you with our services, should we need to collect ‘special category’ data, unless the service we are providing, specifically request us to process that data.
During any third party reviews, supplier new client acquisitions or recruitment processes to join Alpha, we would not ask to hold any special data.
We may obtain personal information by directly interacting with you, such as:
- meeting with you in our offices, at events or elsewhere,
- receiving your instructions to provide our services, and in the performance of those services,
- filling in forms on our website,
- providing your data to attend our training, and or to track your progress and attendance,
- log in access to our third party systems
- participating in discussion boards or other social media functions on our website,
- giving us your business card,
- entering a survey organised by us, or otherwise providing us with feedback,
- subscribing to our services or publications, or otherwise requesting marketing material to be sent to you,
- corresponding with us by phone, email, letters or otherwise.
We may also collect personal information from third parties or publicly-available sources, such as:
- your company for which we are providing training services
- your business colleagues and other contacts
- receiving your information from recruitment agencies
- conducting searches of publicly-available databases or social media sites, (LinkedIn, Facebook, Twitter)
- analytics providers (such as Google),
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- if you have given us consent,
- we need to perform a contract we are about to enter into, or have entered into, with you,
- where it is necessary for our or a third party’s legitimate interests, and your interests and rights do not override those interests,
- where we need to comply with a legal or regulatory obligation.
We will only use ‘special category’ information:
- provided we have your explicit consent to use it,
- where we believe that we need to use that data to protect your vital interests where you are not able to provide us with your explicit consent,
- where you have previously made that data public knowledge,
- if we need to use that data to establish, exercise or defence legal claims, or
- where there is some other legal basis that allows us to use that information.
- where it is necessary for reasons of substantial public interest.
We may use your personal information for a number of different purposes. For each purpose, we are required to confirm the basis that allows us to use your information, as follows:
We will only use your personal information for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
What if you cannot or will not provide us with your personal information?
It is a statutory requirement for you to provide us with certain information, namely sufficient information to verify your identity. If you do not provide us with that information, we will be unable to accept your instructions and provide you with our services.
It is also a contractual requirement for you to provide us with certain information. If you do not provide us with that information, we may be unable to accept your instructions and/or provide you with the full range of our services.
We may share your personal information with the parties set out below:
- HM Revenue & Customs, the Information Commissioner’s Office other authorities who require reporting of processing activities in certain circumstances,
- our third party LMS provider, Talent LMS and NovoEd. Webinar platforms; Adobe Connect, Zoom, WebEx and Blue Jeans. Psychometric testing platform Lumina Spark and Globe Smart. To provide training services and track participant data.
- our third party adminstration tool, Adminstrate. To log client and supplier contact details.
- our professional advisers (including solicitors, bankers, auditors and insurers),
- business partners, suppliers and sub-contractors to the extent we consider it reasonably necessary for us to perform services,
- analytics and search engine providers that assist us in the improvement and optimisation of our website,
- caterers and hospitality staff, event organisers and other parties we collaborate with for the purposes of organising and staging our corporate events
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
All information you provide to us is stored on our secure servers in the United Kingdom, or on secure cloud-based services in a country within the European Economic Area.
We will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards:
- Entry controls. Access to our offices is secured by means of electronic entry controls. Only staff contracted to Alpha Development have access to the office space.
- Secure lockable desks and cupboards. Desks and cupboards are kept locked when not in use if they hold confidential information of any kind.
- Clear desk policy. We are operating using a clear desk policy so no papers should left in plain sight if not needed. A clean desk policy instructs that all employees must clear their desks at the end of each work day. This is to reduce the risk of information theft, fraud, or a security breach caused by sensitive information being left unattended and visible in plain view.
- Methods of disposal. Paper documents are disposed of by shredding in a manner that ensures confidentiality and also by disposal of confidential waste services.
- Off-site storage. We use a third-party off-site storage facility for archived files. Access is secured.
- Our internal policies require that users lock/log-off their computer when it is unattended.
- Firewalls and encryption. We apply industry-standard firewall protection and encryption technology.
- We ensure our employees are trained in the importance of data security.
- Electronic access. All data stored electronically is password-protected. Where we have provided an authorised user with a password, that user is responsible for keeping this password confidential and is not permitted to share the password with anyone.
- Payment details. Where appropriate, we will send payment and banking details by secure messaging system to reduce the risk of those emails being unlawfully intercepted.
- Overseas transfers. Whenever we transfer your personal information outside the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring that we apply appropriate safeguards (either by transferring data only to recipients in the European Economic Area, to recipients in countries approved by the European Commission, to recipients that are party to the EU-US Privacy Shield, or by using specific contracts approved by the European Commission).
- Shared Drive – London office on local server – Active Directory authenticated
- Microsoft 365 environment including Exchange, One Drive, Sharepoint – London, Durham, Cardif – https://products.office.com/en-us/where-is-your-data-located?geo=UnitedKingdom#UnitedKingdom
- Talent LMS – US in AWS Datacentres complying with Privacy Shield https://www.epignosishq.com/privacy-policy/
- NovoEd – https://www.novoed.com/privacy-policy/
- Get Administrate – UK, Ireland – https://info.getadministrate.com/blog/administrate-data-center-and-data-storage-locations
- Sage 50 – https://www.sage.com/en-gb/legal/privacy-and-cookies/
- Adobe Connect – https://helpx.adobe.com/adobe-connect/adobe-connect-gdpr.html
- One File – UK – https://onefile.co.uk/privacy-notice/
- Lumina Spark – https://www.luminalearning.com/luminaprivacy/index/
The length of time that we will store your data will depend on the basis for why we are using that data:
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements.
You have various legal rights in relation to the information you give us, or which we collect about you, as follows:
- You have a right to access the information we hold about you free-of-charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information.
- You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
- You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
- You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
- You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
- Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which is more important than your interests, rights and freedoms.
- Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
- You have the right to object to us using/storing your information for direct marketing purposes.
If you wish to exercise any of your legal rights, please contact us by:
- writing to the address Alpha Development, 128-129 Cheapside, London, EC2V6BT.
- or emailing us at [email protected]
You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information you give us, or that we collect about you.
You can ask us to stop sending you marketing communications at any time by opting out by clicking the unsubscribe option on your email.
- or emailing us at [email protected], to the attention of the Marketing Manager.
We do not use automated decision-making processes.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Recording telephone calls
Telephone calls made to and by Alpha are not recorded as standard practice. If for any services we are required to record telephone calls with the intention of legitimate business interest, this will be declared at the beginning of any call to all parties. The recordings are stored on the firm’s servers in the United Kingdom and or on our third party conference line PowWowNow server. Where a call recording has been instructed we may process information about the recording files (“call recording data”). The call recording data may be processed for the purposes of the preparation and storage of your call recording. We will never disclose your call recording data, unless we are legally obliged to do so. The legal bases for this processing are:
- our legitimate interests, namely the performance of our obligations under customer contracts, and the provision of our services to customers and users; and/or
- the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
18. Identifying you as a client of the firm
If you are a business client, we may identify you as a client of the firm in our marketing material or in legal directories, although we will never publicly disclose any confidential information about your matters without having obtained your prior consent. If you do not agree to us identifying you as a customer of the firm, and have not already done so, please notify us by:
- writing to the address Alpha Development, 128-129, Cheapside, London, EC2V6BT.
- or emailing us at [email protected]
Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by email or via social media. Please check our website frequently to see any updates or changes to our policy.
We have always, and continue to, treat all data we receive and works submitted as strictly confidential.
For the purpose of UK data protection laws, the data controller is Alpha Development Partnership LTD.
Questions and requests regarding this policy are welcomed. If you do wish to contact us please do via:
- writing to the address Alpha Development, 128-129 Cheapside, London, EC2V6BT.
- or emailing us at [email protected]