This Privacy Notice is for:
Toc-tic-toc, Dinnings Wood, Sandyhills, Dalbeattie, Dumfries. DG5 4NZ. www.toc-tic-toc.com
It tells you what we do with your personal data, how it’s used and your rights as an individual.
Toc-tic-toc understands that privacy is important to our clients. The privacy of all clients is respected and valued and we only store information in a way that is useful to you and in a manner consistent with your rights and our obligations under the law. This policy sets out how client’s personal data is used.
Any personal information you share with us will be processed in accordance with the UK Data Protection law and General Data Protection Regulation (GDPR). Your data will be used for the purposes of managing our services to you.
The person responsible for compliance with GDPR, and the person who is the data controller, is Helen Rudge, Learning, Development and Coaching Specialist.
firstname.lastname@example.org Tel: 01387 780 580
Access to Data and Purpose of Collecting, Storing and Using Data
We collect name, role, organisation, address, telephone number, email address and details of enquiries about services and on-going projects, and hold them on our email system and computer system to allow us to get in touch with current and past clients regarding ongoing projects and our services. This information allows us to effectively process queries and deliver our services to you.
This information is retained whilst working with clients and kept to allow us to communicate with clients should they wish to use our services again or should we feel that a service may be of interest to them.
Information is also held to aid the development of training materials/coaching engagements notes for on-going projects for individual clients and teams in an organisation. Any personal information transferred onto a USB stick for training or coaching proposes is held on an IronKey USB.
All PC’s, laptops and USB are password protected and the IronKey devise is encrypted.
Physical notes when working with clients either training or coaching are also held.
Reviews, Retention and Access
H Rudge only has access to this data.
We will never share, sell, rent or otherwise distribute or make public your personal information with any third parties.
Regular reviews are taken of what we hold on our system and material is retained or deleted as appropriate. We do not hold data that we no longer need in order to deliver services to you.
Personal data can be deleted from the email system and PC, including back-up systems, at the request of the client. Personal data is also deleted from the email system if a client leaves the organisation we have a working relationship with.
When coaching, clients physical notes and material held on email and/or computer system are shredded/deleted one month after the coaching relationship has ended.
Client reports generated from AQR International on Mental Toughness measures are deleted 12 months after completion.
Clients have the right to request access to the information held on them and have all other rights under GDPR. Please see https://ico.org.uk/ for more details.
Details of financial transactions and payments are retained for a period of 7 years. Please see https://www.irs.gov for more details.
The information is held in a manner which promotes confidentiality, is secure and held on password protected appliances. Anti-virus has been installed and a Malwarebytes check is run monthly.
Appropriate firewall technology is used to prevent unauthorised access. All personal data is backed up daily and stored in a secure location.
We are registered with the ICO. See https://ico.org.uk
If we were to be hit by an unlawful data breach, and it is apparent that personal data stored in an identifiable manner has been stolen, we are required by law to inform the Information Commissioners’ Office (ICO) within 72 hours.
To opt-out: Download the browser plugin “Google Analytics Opt-out Browser Add-on” here. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
We respect and comply with the eight core rights that GDPR has introduced for individuals:
- The right to be informed: If you store any data on individuals, you must let them know your basis for collecting and processing that data.
- The right of access: Individuals have the right to see all the data you have on them.
- The right to rectification: Individuals can appeal to have inaccurate data rectified.
- The right to erasure: You might know this right as “the right to be forgotten.” Individuals can now request that you delete your personal data.
- The right to restrict processing: Like the right to erasure, this right allows individuals to request that you stop processing their data, although you can still store it.
- The right to data portability: Individuals now have the right to securely move, copy or transfer their data across companies.
- The right to object: Individuals can now object to any data processing that does not conform to best practice (i.e., that is not secure).
- Rights in relation to automated decision-making and profiling
Privacy Notice Reviews
The Privacy Notice and our Policies are reviewed whenever laws and our processes change and annually every April. We will post any changes on this page so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it.
If you have any questions about this Privacy Notice, the practices of this site, or your dealings with this site, please contact us at:
Dumfries and Galloway