COMMODIOUS PRIVACY POLICY
This privacy policy (the “Privacy Policy”) applies to the use of www.commodious.co.uk (the “Site”). This site is owned and operated by Commodious LLP (the “Company”).
The Company is referred hereto as “COMMODIOUS”, "we" or "us" and “you” or “user” means you as a user of the Site.
Please read the Privacy Policy carefully before you start to use the Site. By using the Site or opening an account you accept and agree on behalf of yourself or on behalf of your employer or any other entity (if applicable), to be bound and abide by this Privacy Policy and our Terms and Conditions.
If you do not want to agree to this Privacy Policy or our Terms and Conditions, you must not access or use the Site.
By using this Site, you represent and warrant that you are of legal age to form a binding contract and meet all of the foregoing requirements. If you do not meet all of these requirements, you must not access or use the Site.
- COMPANY DETAILS
Name: Commodious LLP
Trading under the name(s): www.commodious.co.uk
Address: GIBC, Mulgrave Terrace, Gateshead, Tyne and Wear, NE8 1AN, UK
Telephone number: +44 1 91 69 41 231
E-mail address: admin@commodious.co.uk
Company registration number: OC377836
VAT number: GB139971567
- INTRODUCTION
- This Privacy Policy describes the policies of the Company on the collection, use and disclosure of your information that we collect when you use our Site.
- We take privacy, and the security of personal data, very seriously, and we are committed to ensuring that we safeguard the privacy and personal data of our Site visitors and those with whom we communicate through the Site, whether by email or electronically, at all times and in the best way possible.
- The purpose of this Privacy Policy is to inform users of our Site of the following:
- the personal data we will collect;
- use of collected data;
- who has access to the data collected;
- the rights of the Site users;
- This Privacy Policy applies in addition to the Terms and Conditions of our Site.
- YOUR PERSONAL DATA
- Personal data is collected about you whenever you access our Site, register with us, contact us, send us feedback, post a review to our website, purchase services via our Site, complete forms on our Site or take part in customer surveys.
- In general, the sorts of data that we can acquire, depending upon the circumstances, include:
- your name;
- address;
- email;
- payment information;
- details of any feedback you give us, and this may be by phone, email, post or via social media;
- information about the services we provide to you and your assessment results;
- your account details, such as username and login details.
- In general terms, we may use this personal data to:
- create and manage your account with us;
- verify your identity;
- provide services to you;
- process your payment;
- analyse your feedback to improve our services;
- provide customer support;
- If we want to use your information for any other purpose, we will ask you for consent and will use your information only on receiving your consent and then, only for the purpose(s) for which consent was granted unless we are required to do otherwise by law.
4. THIRD PARTY PAYMENT PROCESSING
When you make purchase through our Site, your payment may be processed through a third-party payment processor. In these instances, the third-party processor may collect certain financial information from you to process a payment on our behalf, including your name, email, address, and other billing information. In this case, the use and retention of your personal data is governed by the terms of use and privacy policy of that third-party payment processor. We store and use any personal data that we receive from a third-party payment processor in accordance with this Privacy Policy.
- CHILDREN
Please note that our Site is not intended for use by children. We do not knowingly collect or use personal data from children under 16 years of age. If we learn that we have collected personal data from a child under 16 years of age, the personal data will be deleted as soon as possible. If a child under 16 years of age has provided us with personal data, their parent or guardian may contact our privacy officer.
- GDPR
- For users in the United Kingdom, we adhere to the Data Protection Act 2018.
- For users in the European Union, we adhere to the regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016, known as the General Data Protection Regulation (the “GDPR”).
- CONSENT AND LEGAL BASIS
- By using our Site, users agree that they consent to the conditions set out in this Privacy Policy.
- The legal basis for us processing your personal data is:
- you have provided your consent to that processing;
- processing is necessary for the performance of our services offered within the Site;
- processing is necessary for us to pursue our legitimate business interests.
- You may withdraw your consent any time. You can withdraw your consent or oppose other legal basis for processing your personal data by sending us a withdrawal notice or oppose notice by email to admin@commodious.co.uk.
- Do note that if you do not allow us to collect or process the required personal data or withdraw the consent to process the same for the required purposes, you may not be able to access or use some or all services on our Site for which your information was sought.
- HOW WE USE PERSONAL DATA
Data collected on our Site will only be used for the purposes specified in this Privacy Policy or indicated on the relevant pages of our Site. We will not use your data beyond what we disclose in this Privacy Policy.
- EXTERNAL LINKS
This Privacy Policy relates to your use of our Site and electronic communications. Please note that our Site may link to other third-party websites that may also gather information about you. Third-party websites will operate in accordance with their own separate privacy policies, and we have no control over any personal data that they may acquire, store and use. For privacy information relating to these other third-party websites, you should consult their privacy policies as appropriate.
- SHARING PERSONAL DATA WITH THIRD PARTIES
- We may disclose your personal data to our employees who reasonably need access to user data to achieve the purposes set out in this Privacy Policy.
- We do not sell or rent your personal data to third parties for their marketing purposes without your explicit consent.
- We share your personal data with third parties as detailed below:
- With other users and Site visitors. Once you give a feedback and write a review, your review, with your semi anonymised name (initials and surname), is made public and is visible to all users of the Site. By purchasing a course, you explicitly give consent that we can publicly use and share your reviews.
- With external awarding bodies. If you purchase a course that is awarded by an external awarding body, with your prior consent, we share your certificate number, name, surname, and pass mark information with that external awarding body for the issuance of your certificate.
- With Service Providers. We share personal data for business purposes with service providers that provide us with services for operating the Site, opening, and operating your account as well as providing ancillary services and solutions. These include, among others, hosting services, data and cybersecurity services, web analytics and performance tools, IT SaaS services, certificate printing, legal and financial advisors, or technical consultants. Consistent with applicable legal requirements, we take appropriate technical and organizational measures to require third parties to adequately safeguard your personal data and only process it in accordance with our instructions.
- Contractors and sub- It may be necessary to share your information with our contractors and sub-contractors to help us deliver our courses and other services offered on our Site. Consistent with applicable legal requirements, we take appropriate technical and organizational measures to require third parties to adequately safeguard your personal data and only process it in accordance with our instructions.
- For legal reasons. We might need to share personal data with law enforcement agencies, public authorities or other parties in order to respond to a subpoena or court order, judicial process or regulatory authorities, if we believe we are required to do so by law, or that doing so is reasonably necessary to comply with legal processes; when we believe it necessary or appropriate to disclose personal data to law enforcement authorities, such as to investigate actual or suspected fraud or violations of law, breaches of security, or breaches of this Policy; to respond to claims against us; and to protect the rights, property, or personal safety of COMMODIOUS, our customers, or the public.
- In the context of a corporate transaction. Personal data will also be disclosed if we go through a business transition such as a merger, sale, transfer of all or a portion of the Company’s assets, acquisition, or similar event. In the event that we sell any business or assets, we will disclose your data to the prospective buyer. If we or substantially all of our assets are acquired by a third party, information held by us about our users will be one of the transferred assets.
11. MARKETING AND PROMOTIONAL COMMUNICATIONS
-
From time to time, with your prior consent, we may inform you of new offers, new trainings or other trainings that are offered through our Site by email or other electronic means. We will always treat your personal data with the utmost care and will never sell your personal data to third parties for marketing purposes without your explicit consent. You have the right to opt out of receiving promotional communications at any time by using the ‘unsubscribe’ link in our emails, contacting us at
-
Where you have unsubscribed from our email updates or where you ask us to stop sending promotional or other offers this will not affect any other interaction you have with COMMODIOUS; for example, we will continue to send you emails related to the course you purchased.
-
We may ask you to confirm or update your marketing preferences if there are changes in the law, regulations, or the structure of our business.
- COOKIES
We use cookies in connection with the operation of our Site. Please read our Cookie Policy to learn about the cookies we use on our Site.
- HOW LONG WE STORE PERSONAL DATA
- We apply a general rule of keeping personal data only for as long as it is required and necessary to fulfil the purpose for which it was collected. However, in some circumstances, we will retain your personal data for longer periods of time.
- We will retain personal data as long as it is necessary and relevant for our operations and for fulfilling our obligations as a course provider, e.g., so that we have an accurate record of your dealings with us in the event of any complaints or challenges; so that the training records or certificates are available to our users at any time in the future; or if we are required to provide evidence of training in the event of a legal request to comply with applicable laws, prevent fraud, collect any fees owed, resolve disputes, assist with any investigation, enforce our Terms and Conditions and take other actions as permitted by law.
- HOW WE PROTECT YOUR PERSONAL DATA
- The security of your information is important to us, and we will use all reasonable security measures to prevent the loss, misuse, or unauthorized alteration of your information under our control.
- Our employees are bound by strict confidentiality agreements and a breach of this agreement would result in the employee’s termination.
- While we take all reasonable precautions to ensure that user data is secure and that users are protected, there always remains the risk of harm. The internet can be insecure at times and therefore, we are unable to guarantee the security of user data beyond what is reasonably practical.
- WHERE WE PROCESS YOUR PERSONAL DATA
- We transfer and keep user personal data in the United Kingdom (“UK”). When we transfer user personal data, we will protect that data as described in this Privacy Policy and comply with applicable legal requirements for transferring personal data internationally.
- If you are located in the United Kingdom (“UK”) or the European Union (“EU”) / European Economic Area (“EEA”), we will only transfer your personal data if:
- The country your personal data being transferred to has been deemed to have adequate data protection by the European Commission; or if you are in the UK, by the UK adequacy regulations.
- We have implemented appropriate safeguards in respect of the transfer. For example, the recipient is a party to binding corporate rules or we have entered into standard EU or UK data protection contractual clauses with the recipient.
- We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Policy.
- If your data is transferred outside of the UK or EEA, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the UK or EEA.
- RIGHTS OF EU, EEA, AND UK USERS
- This section of the Policy applies to you if you are in the UK, EU, or the EEA.
- The Controller (within the meaning of the UK Data Protection Act 2018 and the EU GDPR) for the processing of personal data as described in this Privacy policy is COMMODIOUS LLP.
- Under UK Data Protection Act 2018 and the EU GDPR, you have the following rights in respect of your personal data:
- Right to be informed, to be informed about collection and use of your personal data;
- Right of access, to obtain information about how and on what basis your personal data is processed and to obtain a copy;
- Right of rectification, to rectify inaccurate personal information;
- Right to be forgotten (Right to erasure), to erase your personal data in limited circumstances where (a) you believe that it is no longer necessary for us to hold your personal data; (b) we are processing your personal data on the basis of legitimate interests and you object to such processing, and we cannot demonstrate an overriding legitimate ground for the processing; (c) where you have provided your personal data to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal data; and (d) where you believe the personal data we hold about you is being unlawfully processed by us;
- Right to restrict processing, to restrict processing of your personal data where (a) the accuracy of the personal data is contested; (b) the processing is unlawful but you object to the erasure of the personal data; (c) we no longer require the personal information for the purposes for which it was collected, but it is required for the establishment, exercise or defence of a legal claim; or (d) you have objected to us processing your personal data based on our legitimate interests and we are considering your objection;
- where you have provided your personal information to us with your consent, to ask us for a copy of this data in a structured, machine-readable format and to ask us to share (port) this data to another data controller; or
- to obtain a copy of or access to safeguards under which your personal data is transferred outside of the EEA.
- Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, to the processing of your personal data by us and we may be required to no longer process your personal data.
- For further information on each of those rights, including the circumstances in which they apply, please contact us, or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the UK Data Protection Act 2018.
- If you would like to exercise any of those rights, please contact our privacy officer and we will reply to you and send the information you requested free of charge in a suitable electronic form within 30 days.
- We will ask you for additional data to confirm your identity and for security purposes, before disclosing data requested by you.
- We will decline to process requests that jeopardize the privacy of others, are extremely impractical, or would cause us to take any action that is not permissible under applicable laws. Additionally, as permitted by applicable laws, we will retain where necessary certain personal data for a limited period of time for record-keeping, tax, accounting and fraud prevention purposes.
- In addition to the above, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) for data protection. Please note that the right of access and the right to erasure do not constitute absolute rights and the interests of other individuals may restrict your right of access or erasure in accordance with applicable laws.
- CONTACT US
If you would like to exercise your rights including a request for the deletion of the personal data we hold, have any queries or concerns, or have any complaints about how we process your personal data please contact our privacy officer: Christopher Turnbull by email chris.turnbull@commodious.co.uk, telephone 0191 6941231, or post Commodious GIBC, Mulgrave Terrace, Gateshead, Tyne and Wear, NE20 9DN.
- MODIFICATIONS
This Privacy Policy may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Privacy Policy, we will update the “Effective Date” at the bottom of this Privacy Policy. We recommend that our users periodically review our Privacy Policy to ensure that they are notified of any updates.
EFFECTIVE DATE: [01.03.2022]