Privacy Policy
Who we are
Suggested text: Our website address is: www.phoenixtc.co.uk
Phoenix Training & Coaching Ltd. Privacy Notice
Who is holding your data? Phoenix Training & Coaching Ltd, a company registered in England and Wales under number 06580607, whose registered office is at 97 Merrow Woods, Guildford, Surrey, GU1 2LJ.
Jo Wright is the sole Director and is the Data Controller.
Definitions – Data protection includes lots of jargon with some terms have specific meaning, they are listed here:
- Personal data Any information or combination of information that identifies a living human being.
- Process Processing is any action taken with the data including collection, storing, organising, manipulating, retrieving, archiving, merging, sharing or deleting.
- Special category data Data that reveals racial origin, political opinions, trade union membership, gender, sex life or sexual orientation, genetic and biometric data
Company Approach to Personal Data
We appreciate the trust placed in us when personal data is shared with us and the following document details how we collect, use and protect personal data. We guarantee that we will never sell, rent or trade our personal data with others. If at any point do need to share data to fulfil a contractual or legal obligation, we will make that clear to you. We take all reasonable, practical and pragmatic measures to ensure that data shared with us is protected using reputable mainstream software and recommended cybersecurity best practice. We aim to always be transparent about our data practices and to always comply with relevant data protection regulations. We use data to manage our relationships smoothly with clients, suppliers and our support team. Occasionally things go wrong, if you have concerns, please contact Jo Wright on [email protected]. We will give your concerns a high priority response.
If you feel we have not addressed your concerns adequately or are unsatisfied with our response you can raise a complaint with the UK regulatory body, The Information Commissioners Office here
We collect the minimum volume of data and for clear purposes:
– We have a contractual relationship
– We are developing or managing our business relationship
– To provide services to clients
– To meet legal obligations
– To respond to enquiries and issue proposals
– To make payment to contractors and suppliers
| Data Type | Purpose of Data |
| Contact data: names, emails, telephone Nos, addresses | To contact you regarding our contract, services we are delivering or other legitimate business communication |
| Gender, sex, sexual relationships, medical data | In a 121 coaching relationship, or Team Coaching relationship. NB We do not routinely collect this data but when this is shared as part of our working relationship this remains confidential to the coach at all times |
| Organisational data relating to an individual’s role | For Phoenix to understand structure of organisation/team to allow us to better deliver the contracted services (facilitation, development, coaching, training) |
| Personal Data – questionnaires/Surveys including Team Assessment – may involve opinions/ratings | To understand Data Subject’s perspective on team performance. Feeds into anonymised amalgamation of team scores for presentation back to team as part of Team Development/Coaching |
| Personal Data – profiling tools e.g. Insights Discovery | To support 121 or Team Coaching, or Leadership/Management Development programmes. A separate policy from Insights Discovery will be shared when it is agreed to use this tool. |
| Financial Data | Business name and bank account details to enable payment for goods or services supplied |
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
Data Locations
As a small business we do not have bespoke software systems. We use reputable software from trusted brands and only use systems with strong privacy/security focus. As a result some of the personal data used in our business may be transferred outside the UK and/or the EEA. We limit the special category data we collect and where this is essential to our contractual delivery we make every effort to retain this data in the UK. Paper based records are always retained securely in the UK or member EU states.
People
We have a small team of Freelance Associates delivering training and coaching. We also have the support of a Virtual Assistant who provides administration, email and general business support. Personal data in the business is shared with them on a need-to-know basis to enable them to deliver support or services to our clients and suppliers. We ensure our team are aware of their data protection responsibilities and our expectations of them regarding data privacy and security.
Data Retention
We retain data for the minimum term possible and routinely review these data retention periods.
Some data must be retained for specific periods to comply with UK legislation notably our financial transactions, which will include personal data.
We retain data other than contact data for prospective clients on our systems for up to two years.
Data that has come to the end of its retention period is either shredded securely or deleted from the secure cloud storage we use ensuring download files or copies on laptop hard drives are also removed.
Your Rights
GDPR establishes a set of rights for all individuals who share their data with us. We take these rights seriously and have processes in place that allow us to mange your requests quicky and effectively
Your rights are:
– We must keep you informed about our data practices
– You have the right to find out what data we process about you
– We must rectify errors you raise with us
– We must correct mistakes we have made in your data
-You can stop us processing your data
– You can ask us for a copy of your data to take to another organisation
– You can object to the way we are processing your data
– We must keep you informed about any automated decision-making and profiling we may undertake
If you wish to exercise any of these rights please contact Jo Wright [email protected]
Data Security
- We take a range of standard security measures to minimise the risk of security incidents or breaches to personal data. These measures include:
– Cyber security training offered for all team members using the NCSC material provided for small businesses.
– We use Microsoft Bitlocker or equivalent to protect personal data and require this of our subcontracted team members.
– We use a password manager to ensure all systems have a unique password that is a minimum of 15 characters combining upper/lower case letters, numbers and special characters.
– Data is securely backed up to a separate cloud drive on a monthly basis.
– Our freelance team are routinely provided with content on protecting personal data.
– Our freelance team must not use company data on software not approved by us.
– Freelance team members must not download data without prior agreement as part of work packages.
– We strongly advise our freelancers not to work/process personal data from locations with insecure Wi-Fi such as coffeeshops.
– Our home broadband routers have had the standard password reset to a unique password.
– Access to personal data is granted on a need-to-know basis to retain the integrity and security while ensuring that we can still service the needs of our clients.
– We routinely review security practices with our team to ensure security is maintained. - Data Incident and Breach
We recognise that even with the security practices in place that mistakes are made that could lead to a data incident or breach.
We have a process in place for managing and logging incidents and are aware of our obligations to notify the ICO and in serious cases individuals impacted by an incident.
Implementation of Policy – This policy is reviewed on an annual basis.