Privacy Policy securing your personal data
Your privacy is important to us
This privacy notice explains how SkilledBiker will collect, store, use, disclose, retain and destroy personal data along with the steps we take to ensure that it is protected and the rights individuals have in regard to their personal data being handled by SkilledBiker.
The use and disclosure of personal data is governed in the United Kingdom by the Data Protection Act 2018 and is supplemented by the General Data Protection Regulation (GDPR), plus incorporates the Law Enforcement Directive (LED).
SkilledBiker is registered with the Information Commissioner and as such, has a dedicated data controller who is obliged to ensure that SkilledBiker will handle all personal data in accordance with the Data Protection Act and the GDPR.
SkilledBiker take their responsibility very seriously to ensure that personal data is handled appropriately in order to secure and maintain individuals’ trust and confidence in the SkilledBiker Ltd.
Security
1. Why do SkilledBiker collect and use personal information?
SkilledBiker collects, stores, uses, discloses and retains personal data for the following broad purposes:
- Population of the Customer Relations Management (CRM) aspect of the website for the purpose of booking SkilledBiker training and tours.
- Implementation of customer experience survey at the end of SkilledBiker training and tours.
- Sending other relevant motorcycle and rider safety information, including sign-posting to post-test training providers.
2. Whose personal data do SkilledBiker handle?
In order to carry out the purposes described under section 1 above – SkilledBiker may collect, store, and use (see section 8 below) and retain personal data relating to an individual booking SkilledBiker training and tours.
SkilledBiker will only use appropriate personal information necessary to fulfil a particular purpose or purposes. Personal data could be information which is held on a computer, in a paper record such as a file, as images, but can also include other types of electronically held information.
Personal Data’ is defined in Article 4 of the General Data Protection Regulation (GDPR). In practical terms it means any information handled by SkilledBiker that relates to an identified or identifiable natural person; an identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This privacy policy is designed to help satisfy the rules on giving privacy information to data subjects in Articles 12, 13 and 14 of the GDPR.
3. What types of personal data do SkilledBiker handle?
In order to carry out the purposes described under section 1 above SkilledBiker may collect, store and use (see section 8 below) and retain personal data relating to or including the following:
- Email address
- Name
- Address including post code
- date of birth
- gender
- telephone number(s)
- Where users heard about SkilledBiker
- Motorcycle make, model and engine size
- Post-test training experience
- Information pertaining to rider habits, attitudes and riding style
- Any other information required to efficiently administer SkilledBiker
SkilledBiker will only use appropriate personal data necessary to fulfil a particular purpose or purposes. Personal data could be information which is held on a computer, in a paper record such as a file, as images, but can also include other types of electronically held information.
4. Where do SkilledBiker obtain personal data from?
In order to carry out the purposes described under section 1 above SkilledBiker may collect personal data from the SkilledBiker website and any paper record completed by a potential SkilledBiker attendee or by a person on their behalf, completed with a view to using the data for an application for a training and tours only.
5. Which lawful basis do we use to process this information?
SkilledBiker collect and use information in relation to SkilledBiker Training & Tours.
The lawful basis we rely on are detailed below:
Consent: the individual has given clear consent for SkilledBiker to process their personal data for a specific purpose.
Contract: the processing is necessary for a contract of services SkilledBiker has with the individual.
Legitimate interests: the processing is necessary for SkilledBiker’s legitimate interests or the legitimate interests of a third party.
6. How do SkilledBiker handle personal data?
In order to achieve the purposes described in section 1 SkilledBiker will handle personal data in accordance with the Data Protection Act 2018, the GDPR and LED.
For personal data processed under Part 2 which applies to general processing under the GDPR, SkilledBiker will ensure that any personal data is:
- Processed lawfully, fairly, and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed;
- Accurate and, where necessary, kept up to date;
- Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
SkilledBiker will strive to ensure that any personal data used by us or on our behalf is not excessive, reviewed appropriately and securely destroyed when no longer required. SkilledBiker will also respect individuals’ rights as detailed in section 9 below.
7. How do SkilledBiker ensure the security of personal data?
SkilledBiker takes the security of all personal data under our control very seriously.
We will comply with the relevant parts of the Data Protection Act 2018, the GDPR and LED relating to security. We will ensure that appropriate policy, training, technical and procedural measures are in place, including audit and inspection, to protect our manual and electronic information systems from data loss and misuse, and only permit access to them when there is a legitimate reason to do so, and then under strict guidelines as to what use may be made of any personal data contained within them. These procedures are continuously managed and enhanced to ensure up-to-date security.
8. What are the rights of the individuals whose personal data is handled by SkilledBiker?
The GDPR provides certain rights for individuals.
The right to be informed – this area is covered by this privacy notice
The right of access – A Subject Access request.
The most commonly exercised right is that used by individuals to obtain a copy, subject to exemptions, of their personal data processed by SkilledBiker as detailed under Article 15 of the GDPR.
Individuals have the right to access their personal data. This is commonly referred to as subject access.
Individuals can make a subject access request verbally or in writing.
SkilledBiker has one month to respond to a request and cannot charge a fee to deal with a request in most circumstances.
Where a limitation is in place the individual must be given an explanation of the reasons, unless providing this information undermines the purpose of imposing the restriction.
The right to rectification – Under Article 16 of the GDPR, individuals have the right to have inaccurate or incomplete personal data rectified. An individual can make a request for rectification verbally or in writing. SkilledBiker has one calendar month to respond to a request. In certain circumstances SkilledBiker can refuse a request for rectification. This right is closely linked to the controller’s obligations under the accuracy principle of the GDPR (Article (5)(1)(d)).
The right to erasure – Under Article 17 of the GDPR, individuals have the right to have personal data erased and to prevent processing in specific circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed;
- When the individual withdraws consent;
- When the individual objects to the processing and there is no overriding legitimate interest for continuing with the processing;
- When the personal data was unlawfully processed;
- When the personal data has to be erased in order to comply with a legal obligation;
The right to erasure is also known as ‘the right to be forgotten’. Individuals can make a request for erasure verbally or in writing. SkilledBiker has one month to respond to a request. The right is not absolute and only applies in certain circumstances. This right is not the only way in which the GDPR places an obligation on you to consider whether to delete personal data.
The right to restrict processing – Under Article 18 of the GDPR, individuals have the right to restrict the processing of personal data, for example, if an individual believes that the data is incorrect, but it is not possible to confirm the accuracy of the data. This is an alternative to requesting the erasure of their data. Individuals will have the right to restrict the processing of their personal data by SkilledBiker where they have a particular reason for wanting the restriction. This may be because they have issues with the content of the information SkilledBiker holds or how SkilledBiker has processed their data. In most cases SkilledBiker will not be required to restrict an individual’s personal data indefinitely but will need to have the restriction in place for a certain period of time. Where a request is received the individual must be informed in writing as to whether SkilledBiker has granted the request; and if SkilledBiker has refused, the reasons why.
The right to data portability – Under Article 20 of the GDPR, individuals have the right to data portability which allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way without hindrance to usability. The personal data must be provided in a structured, commonly used and machine-readable form. The information must be provided free of charge.
The right to object – Article 21 of the GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing. In other cases where the right to object applies SkilledBiker may be able to continue processing if SkilledBiker can show that they have a compelling reason for doing so. SkilledBiker must tell individuals about their right to object and an individual can make an objection verbally or in writing. SkilledBiker has one calendar month to respond to an objection.
Rights in relation to automated decision-making including profiling – The GDPR has provisions on automated individual decision-making (making a decision solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process. The GDPR applies to all automated individual decision-making and profiling. Article 22 of the GDPR has additional rules to protect individuals if SkilledBiker are carrying out solely automated decision-making that has legal or similarly significant effects on them. SkilledBiker can only carry out this type of decision-making where the decision is necessary for the entry into or performance of a contract; or authorised by Union or Member state law applicable to the controller; or based on the individual’s explicit consent. SkilledBiker must identify whether any of our processing falls under Article 22 and, if so, make sure that we give individuals information about the processing; introduce simple ways for them to request human intervention or challenge a decision and carry out regular checks to make sure that our systems are working as intended.
An individual has the right to withdraw their consent – An individual has the right to withdraw consent and this can be done in writing or by contacting us in writing.
Individuals have the right to complain to the Information Commissioner’s Office if they believe that they are/have been adversely affected by the handling of personal data by SkilledBiker.
Such complaints should be made direct to the Information Commissioner.
click here to contact the Information Commissioner.
9. How long does SkilledBiker retain personal data?
SkilledBiker keeps personal data for as long as is necessary for the particular purpose or purposes for which it is held and in no case longer than a period of 2 years and 1 month from the date of the attended training or tour.
SkilledBiker will also retain data from a person or persons who have registered an interest on the website but have not yet booked any training or tours. This data will be retained for a maximum period of 18 months giving the person or persons time to choose a suitable date for training and tours. When the person or persons book any training or tour, they will be under the terms of a booked person and this section will no longer be valid.
A person or persons who start the booking process but do not complete the process initially will be deemed not to be waiting for any training or tours. SkilledBiker will keep their data for a period not exceeding 1 month to be able to assist them in completing their booking.
10.Data Protection Officer
Any individual with concerns over the way that SkilledBiker handles their personal data or for further details on any of the above may contact our Data Protection Officer (DPO) To contact the SkilledBiker DPO, please click here: https://skilledbiker.co.uk/contact/
11. Further information
Policy last updated: 26th November 2023.
Should you have any questions in relation to the above privacy policy, please contact us here: https://skilledbiker.co.uk/contact/