Privacy Notice

Privacy Notice

This Privacy Notice is for:

Toc-tic-toc, Dinnings Wood, Sandyhills, Dalbeattie, Dumfries. DG5 4NZ. www.toc-tic-toc.com

It tells you what we do with your personal data, the legal bases we use for our processing, how long we keep it and your rights as an individual.

Toc-tic-toc understands that privacy is important to our clients.  The privacy of all clients is respected and valued and we only store information in a way that is useful to you and in a manner consistent with your rights and our obligations under the law. This privacy notice sets out how clients’ personal data is used.

Any personal information you share with us will be processed in accordance with the Data Protection Act 2018 and UK General Data Protection Regulation (UKGDPR).

Data Controller

The Data Controller is Toc-tic-toc.

The person responsible for compliance with UKGDPR is Helen Rudge, Learning, Development and Coaching Specialist.

About us

We deliver cutting edge, learning interventions designed to help individuals, teams and organisations ‘find their rhythm’. Our aim is to enable people and their workplaces to be more efficient, effective, successful and happy.

What we collect

We collect name, role, organisation, address, telephone number, email address and details of enquiries about services and on-going projects.

In addition, your organisation may give us information about an individual which is particularly sensitive. This is called ‘Special Category Data’ and the law says that this needs extra protection. It is likely to be (but is not limited to) information about health, for example dietary needs or disability. Individuals attending training courses or one to one coaching may choose to give us Special Category Data about themselves.

Why we collect information about you

If anyone can be identified by any information that we collect, this information is called ‘personal data’. Data protection law says that Toc-tic-toc must have a reason or ‘purpose’ for collecting and using personal data.

Our purposes are to:

  • Deliver our services
  • Manage our relationship with you
  • Develop new ways to meet our clients’ needs
  • Improve our service delivery
  • Keep internal records
  • Send promotional emails about courses or other information

How we ensure that the processing we do is lawful

Toc-tic-toc cannot use your personal data for any reason unless we have a legal basis to do so. Those that we use are:

Deliver our services

  • The processing is necessary – for the performance of a contract to which the data subject is a party, or for the taking of steps at the request of the data subject with a view to entering into a contract
  • The processing is necessary for compliance with any legal obligations to which the data controller is subject, other than an obligation imposed by contract

Manage our relationship with you

  • We have a legitimate interest in using your information. This information allows us to effectively process queries and deliver our services to you.

Develop new ways to meet our customers’ needs

  • We have a legitimate interest in using your information. For example, we may develop new training courses.

Improve our service delivery

  • We have a legitimate interest in using your information. Information is held to aid the development of training materials/coaching engagements notes for on-going projects for individual clients and teams in an organisation. We may use feedback given to us.

Keep internal records

  • The processing is necessary for compliance with any legal obligations to which the data controller is subject, other than an obligation imposed by contract

Send promotional emails about courses or other information

  • We have a legitimate interest in using your information. This information is retained whilst working with clients and kept to allow us to communicate with clients should they wish to use our services again or should we feel that a service may be of interest to them. We may also use the contact details of those who have made enquiries for this purpose.

Where we process Special Category Data we do so because:

  • processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or the data subject in the field of employment and social security and social protection law

or

  • the data subject has given his or her explicit consent to the processing of the personal data for one or more specified purposes.

If you give consent you have the right to withdraw this at any time by contacting us in writing using the address or contact details given in this privacy notice.

If you disagree with us using your personal data for one or more of our legitimate interests let us know in writing and we will stop using it for that purpose.

How long do we keep your information?

When coaching, clients’ physical notes and material held on email and/or computer system are shredded/deleted one month after the coaching relationship has ended.

Client reports generated from AQR International on Mental Toughness measures are deleted 12 months after completion.

Personal data is deleted from the email system if a client leaves an organisation we have a working relationship with, as soon as we are informed of this.

Details of financial transactions and payments are retained for a period of 7 years.  Please see https://www.irs.gov for more details.

We keep contact details for organisations with which we have/have had a working relationship and for organisations or individuals who contact us, for 2 years after the last contact.

Who Do We Share Your Personal Information With?

Toc-tic-toc does not share your personal information with any third parties, other than those listed below.

When we share your personal data with these third parties who perform services for us, we require them to take appropriate steps to protect your personal information, and only to use the personal information for the purpose of performing those specific services.

We currently use:

Company                                                 Service they perform for us

BDS                                                         IT Hosting

https://www.bdslive.com/

8020 IT                                                   Maintenance

https://www.8020ltd.com

Microsoft and Micorsoft Teams *          IT operating system

Zoom *                                                  Video conferencing

Mailchimp *                                           Marketing site

CMCA 5A Buccleuch Street
DG1 2AT Dumfries                                Accountants

First Direct *                                          Bank

BT *                                                       Telephone landline

Vodafone *                                            Mobile

We will never sell, rent or otherwise distribute or make public your personal information with any other third parties.

*For some of their functions these organisations are data controllers in their own right, and are responsible for determining what they do with your information. We recommend that you read their privacy notices.

Transferring personal data outside the UK

We transfer your personal data to the USA when we use some of the companies listed above. We have procedures in place to make sure that these restricted transfers are made appropriately. To do this we use a standard contractual data protection clause that is approved by the Information Commissioner’s Office.

Security

The information is held in a manner which promotes confidentiality, is secure and held on password protected appliances.  Anti-virus has been installed and a Malwarebytes check is run monthly.

Appropriate firewall technology is used to prevent unauthorised access.  All personal data is backed up daily and stored in a secure location. Any personal information transferred onto a USB stick for training or coaching proposes is held on an IronKey USB.

All PC’s, laptops and USB are password protected and the IronKey device is encrypted.

Website

Our website uses –  Google Analytics –  Google Analytics tracking software to monitor you to better understand how you use it.  This software will save a cookie to your device in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.  Learn more from their Terms of Service and Privacy Policy.

To opt-out: Download the browser plugin “Google Analytics Opt-out Browser Add-on” here. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.

IT hosting and maintenance and storage of your personal information is located within the European Economic Area.

When we are contracted to do work for another organisation

When Toc-tic-toc acts under instruction from another organisation we are the data processor and the other organisation the data controller. There will be a contract in place which will tell us what to do with your information.  If any of your personal data is being used for a purpose that is not controlled by Toc-Tic-Toc, you will be given a different privacy notice by the data controller which will tell you all about it.

Your rights are unlikely to be affected if your information is used in this way.

Your Rights

You have rights in relation to the personal information we hold about you. These are:

  • The right to be informed about the collection and use of your personal data. We do this by providing you with this privacy policy.
  • The right of access. This is commonly referred to as ‘subject access’. You have the right to make a request to see all the personal data that Toc-tic-toc holds about you. You can make this request verbally or in writing and we must respond within one calendar month.
  • The right to rectification. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address and we will promptly record your request and amend our records if required.
  • The right to erasure. This is also known as ‘the right to be forgotten’. You can make this request verbally or in writing. This right only applies in certain circumstances.
  • The right to restrict processing. This right only applies in certain circumstances. If we agree to restrict your personal data for one or more purposes we will store it but not use it.
  • The right to data portability. This allows you to obtain and re-use your personal data for your own purposes across different services. If you would like us to transfer your personal data electronically, we will do this. It only applies to information you have given us, which we hold electronically and where Toc-Tic-Toc is the data controller.
  • The right to object. You have the right to object to the processing of your personal data in certain circumstances. You can make an objection verbally or in writing. You have the absolute right to stop your personal data being used for direct marketing.
  • Rights in relation to automated decision making and profiling. Toc-Tic-Toc does not use any of your personal data to make automated decisions or to create a profile of you.

How to complain

If you are unhappy about the way we handle your personal data please let us know verbally or in writing by contacting us at the address given below.

We will explain how we have processed your personal information and if we have made a mistake will tell you how we will put this right.

If you are still dissatisfied, you may report your concern to the Information Commissioner’s Office (ICO) by contacting:

Wycliffe House, Water Lane, Wilmslow SK9 5AF

Tel. 0303 123 1113

Contacting us

If you have any questions about this Privacy Notice, the practices of this site, or your dealings with this site, please contact us at:

toc-tic-toc
Dinnings Wood, Sandyhills, Dalbeattie, Dumfries and Galloway, Scotland DG5 4NZ.

hr@toc-tic-toc.com