Who are we?
Tim Musson t/a Computer Law Training provides data protection and GDPR consultancy and training services.  After many years running my company, Computer Law Training Ltd in Scotland, I have closed the company and am trading as Computer Law Training.  My address is Sapphire House, Main Highway, Laborie, St Lucia. Tel: +44 (0)131 678 6740 E-mail: info@computerlaw.org.uk  
What personal data do we process?
Computer Law Training Ltd collects, stores and uses information about:   - our own employees and prospective employees - our training course delegates / attendees - training course delegate / attendee registration forms for our clients - the employees of potential and current customers - the employees of our suppliers; and - the personal data being processed by our customers to the extent that it is necessary for us to provide our services. As you would expect, we are fully committed to dealing with all personal data in a fair and transparent way and ensure that we have the appropriate security measures in place. This notice sets out what we do with your personal data, why we do it, who we pass it on to and what we do to keep it secure. Telephoning our office When you call our office whether by mobile or landline we collect Calling Line Identification (CLI) information that retains your telephone number (unless you have a withheld your number).  We use this information to help improve our efficiency and in order that we may call you back in the event of a ‘missed call’. We will normally ask for your name, email address, and confirmation of your telephone number and where appropriate your business address. Contacting us by e-mail When you email our office for the first time we will, temporarily, store your email address in order to respond to your questions or enquiry.  We monitor any emails sent to us, including file attachments, for viruses, phishing and malicious software. Visiting our website Our website uses Google Analytics to collect information and details of visitor behaviour patterns. This helps us understand how many people have visited our site and which pages are visited most often.  We do not collect or store personal information in this way and we cannot identify you as an individual through this third-party service. For more information on cookies, see our separate cookie notice. If you complete a “contact us” form on our website, you will be asked to complete your name, email address and telephone number.  This will be used to contact you to respond to your enquiry. Visiting our social media sites We use the following social media platforms:
  • Linked In
  • Twitter
  • YouTube
If you message us via any of the above platforms the message is stored in their secure messaging system and can only be accessed by authorised individuals within our business. We will not pass this information to a third party. We are not responsible for any comments or reviews made by visitors to these social media platforms as we have no control over them. Visiting our office We might use an internal enquiry form to collect personal information from you relating to the enquiry or the matter you are looking to have assistance with, i.e. training, consultancy, advice etc.
Why do we process this information?
Employees of Customers and Suppliers - We use the personal data of the employees of our customers and suppliers to contact them about the work we are doing for them or the work they are doing for us. We have either a legitimate interest or contractual legal basis to process this information in order to keep doing business and provide the services that we offer. The personal data will generally be limited to employee contact details only. We will use these contact details to send information about other products and services from time to time. This is because we have a legitimate interest in promoting our service but we will always provide the individual receiving the message with the option to opt out of receiving our messages. Employees of Potential Customers - We want to tell people about our services and believe that we have a legitimate interest to do so. We will use the contact details of business contacts to send information about our services and events we hold from time to time. Again, this is because we have a legitimate interest in promoting our service, but we will always provide the individual receiving the message with the option to opt out of receiving our messages. Our training Course Delegates / Attendees - We use the personal data of course delegates / attendees in order to provide our services, consultancy and course delivery. Our legal basis for doing so, is contractual as we deem it as necessary for the performance of a contract entered into by both parties. Training Course Delegate / Attendee Registration forms for our Clients - We use the personal data of our client course delegates / attendees in order to provide our services, consultancy and course delivery on their behalf. Our legal basis for doing so, is contractual as we deem it as necessary for the performance of a contract entered into by both parties. Personal Data we Process as part of our Service - We may occasionally have to use the personal data that is being processed by our customers in order to provide our consultancy services. We will only use this for that purpose and no other purpose. It will be held securely and then returned to our customers as soon as it is no longer required for that purpose. 
Who do we share your data with?
We will only share personal data as is necessary to provide our services, or where disclosure is required or permitted by law. Examples of organisations who may require us to disclose your personal data are Government Bodies and Law Enforcement Agencies . Otherwise, data will only be shared with third parties that we trust and only where there are appropriate arrangements in place for sharing data, i.e. data sharing agreements and/or data processing agreements. These parties are; Our cloud storage provider, Our I.T. Support Company, Our Accountants and Auditors, Certification Bodies (for the issue of training certificates), Our Legal Advisors/Law Firm and our partner business, RGDP LLP. All of our data is stored on an internal server and backed up, hourly, on a secure hard drive and in a cloud based storage solution based within the UK.  
How long do we keep data?
Employees of Customers and Suppliers - We will hold contact details for as long as we are providing you, or your organisation, with our services or you are providing us with services. If we no longer have a relationship with you, we will delete your data 2 years after the termination of the relationship, aside from any data that we are required to keep in order to fulfil our legal obligations, e.g. invoicing/financial records for 6 years. Employees of Potential Customers - In relation to these business contacts, if you do not engage our services or come to our events, we will hold onto your data for 1 year, after which, it will be deleted. Course Delegates / Attendees - We will hold course delegate details for as long as we are providing you, or your organisation, with our services or you are providing us with services. If we no longer have a relationship with you, we will delete your data 2 years after the termination of the relationship, aside from any data that we are required to keep in order to fulfil our legal obligations. General Retention - We have other retention periods for information, but, generally, this is not personal data – it will relate to our company information and/or records etc.
Your Rights
You have rights in relation to your personal data and you can ask Computer Law Training Ltd to:
  • Provide a copy of your personal data
  • Correct any mistakes in your personal data
  • In certain situations; Delete your personal data
  • In certain circumstances; Restrict processing of your personal data,  i.e. if you contest the accuracy of the data
  • In certain situations; Provide you with a copy of the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party
  You can object:
  • At any time to your personal data being processed for direct marketing (including profiling);
  • In other situations, to our continued processing of your personal data,  e.g. processing carried out for the purpose of our legitimate interests.
If you would like to exercise any of these rights, or if you have any concerns about how your personal data is being processed, please contact us using the details above (or by visiting our ‘contact us’ page) and we will do our best to address your concerns. Your objection (or withdrawal of consent) may mean we cannot perform the services you have requested of us or you may not be able to use the services we offer. We will advise you where this is the case. In certain circumstances even if you withdraw your consent, we may still be able to process your personal information if:
  • required or permitted by law
  • for the purpose of exercising or defending our legal rights
  • meeting our legal and/or any regulatory obligations
You also have the right to complain to the Information Commissioner where you believe any alleged infringement of data protection laws occurred. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner so please contact us in the first instance.  If you still believe that we have not handled your personal data properly or have not complied with your rights, you can complain to the Information Commissioner.   Contact details are available at: www.ico.org.uk