1.2 A copy of this policy will be made available to Red Rock International’s staff and learners in both paper and electronic copies as applicable. In addition, and where applicable, detailed briefing and/or specific training will be provided.
1.3 Any questions regarding this policy should be made to the manager of your nearest Red Rock International Office or to email@example.com
1.4 This policy will be reviewed every three years and may be amended at any time.
2.2 RRI does not sell, rent or trade any personal data with other companies or organisations.
2.3 Under limited conditions (see below) RRI may share personal data with third-party organisations in relation to specific aspects of our training provision.
2.4 Please read this policy carefully as it contains important information on how and why we collect, store, use and share your personal data, your rights in relation to your personal data, how to contact us, and how to contact supervisory authorities in the event that you would like to report a concern about the way in which we process your personal data.
3.1 Mailing lists
3.2 Sales and marketing information
3.3 Website cookies
Remembers if you’ve clicked “I agree” to the notice that appears informing you about cookies on our site.
Remembers and directs you to the right country website.
Checks to see if cookies are enabled on your browser.
End of session
Checks to see if country redirect is enabled.
End of session
4.1 Data collected and stored by Red Rock International
4.1.1 For some of our training course and events, we collect personal information from participants for a variety of reasons. These may include:
4.1.2 We normally destroy all physical and electronic records upon completion of the course or event. Occasionally, we may retain records for up to three years or, in exceptional circumstances, longer where there is a legitimate interest in doing so. Physical records are retained in locked storage, and digital records are stored on secure, password protected areas where access is limited to essential personnel.
We may also receive information about learners from their employer when they book courses, provide details of participants, communicate and special requirements. This information may include, but is not restricted to name, gender, date of birth and nationality, and health-related information which may be relevant to activities included in RRI courses.
4.2 Data sharing with third-party organisations
Learners taking part in RRI training which leads to a third-party certification, i.e.ILM qualifications or recognised development programmes, must be aware that their personal data will be securely shared with that organisation via a secure, password-protected web portal. Details of the way that ILM uses and stores personal data can be found in their Learner Personal Data Policy (https://www.i-l-m.com/privacy/learnerpersonaldata).
5.1 Under the General Data Protection Regulations (GDPR) brought into law in 2018, all individuals have various rights with respect to the use of their personal data. Although GDPR does not apply outside the European Economic Area (EEA), RRI continues to use these regulations where possible to maintain best practice.
5.2 Right to Access
5.2.1 You have the right to request a copy of the personal data that we hold about you by contacting us at firstname.lastname@example.org. Please include with your request information that will enable us to verify your identity. We will respond with 30 days of request. Please note that there are exceptions to this right.
5.2.2 We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person, if we are legally prevented from disclosing such information. Or if your request is manifestly unfounded or excessive.
5.3 Right to rectification
5.3.1 We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up to date.
5.4 Right to erasure
5.4.1 You have the right to request the deletion of your personal data where, for example, the personal data are no longer necessary for the purposes for which they were collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed.
5.4.2 If you would like to request that your personal data is erased, please contact us using the contact details provided below.
5.5 Right to object
5.5.1 In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed based on legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes.
5.5.2 If you would like to object to the processing of your personal data, please contact us using the contact details provided below.
5.6 Right to restrict processing
5.6.1 In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have contested the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. Please contact us using the contact details provided below.
5.7 Right to data portability
5.7.1 In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means.
5.7.2 If you would like to request that your personal data is ported to you, please contact us using the contact details provided below.
5.8.1 Please note that, in the EEA, the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception, we will explain this to you in our response.
6.1 If you have any queries about this policy, the way in which we process personal data, or about exercising any of your rights, you may contact our Privacy Officer by sending an email to email@example.com, through contact details listed on our website.