References to “us”, “we”, “our” or “ERS” are to:
European Registration Scheme for Personnel Competence Ltd
Collecting your data
When do we collect your data?
ERS collect information about you:
• when you apply to attend a course or assessment at an ERS Approved Centre
• when you require a copy certificate or enquire about your certificate either by telephone or online
• if you apply to become an assessor or consultant with ERS
• if you are a member of staff
What data do we collect?
The personal data that we collect will depend on your relationship with us.
ERS Approved Centres collect on our behalf, your personal information when you attend a course or assessment at an ERS Approved Centre, this may include:
• your name
• your date of birth
• your home address
• email address and phone number
• your passport or photographic identity details, where we have to check your identity
• your National Insurance (NI) number, which is used to provide a unique identity reference
• your marketing preferences, including any consents you have given us
• your employers name and address
• proof of your previous qualifications
• a passport photograph
• Information about disability, medical conditions, allergies in order to facilitate course
What are the purposes and legal grounds for using your data?
We collect and process your personal data if you apply to an ERS Approved Centre to take a course or assessment, this forms a contract between us. To fulfil this contract ERS are required to process your data.
We also collect and process your personal data if you apply to become an assessor or consultant with ERS or if you apply to work for ERS, this forms a contract between us.
Storing and using your data
How is your data stored?
We collect your data when we speak to you on the phone or in person or correspond with you by email or letter.
We record your personal details and information about the courses you have taken on our secure Registration Database. Some information may also be stored on our server, for example payment records or copies of emails.
We may also hold information about you on paper, for example Application Forms, Certification Records and assessment documentation.
Is your data safe?
Data security is a vital part of our business, and we protect all the data we hold, including your personal information.
Our staff are aware of and follow our data security policies and have due regard for the maintenance of confidentiality. Our policies cover the following:
• Electronic data storage – including security software and firewalls, password protection, and encryption when transferring to external databases.
• Paper data storage – including secure file storage and confidential shredding.
• Deletion – including timeframes for deleting unnecessary personal data.
Sharing your data
We may share your personal data with our Contractors who carry out audits and assessments on our behalf. These include third parties whom we engage to assist in delivering the services, such as IT and data storage providers.
Certificate details issued by us are passed onto the relevant external body such as Gas Safe Register or OFTEC or Commission for Regulation of Utilities. We must share data with them relating to the issue of Certificates and in the case of assessment failure, the result of assessment. This information includes for example your personal information and details of the Certificates you have been issued with. We only give them the information they need, and we work with them to ensure your privacy is respected.
When you contact us by telephone we protect your data by following our Policy on Releasing Information, this allows us to confirm that it is you on the phone. You will be asked three security questions to confirm your identity and to ensure that we are not sharing your personal information with anyone else.
If you are employed as a consultant, we may share your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage
What information do we receive from third parties?
Sometimes, we receive information about you from third parties. For example, if a complaint has been made against you in relation to any certificate issued to you by ERS.
What is our approach to international data transfers?
We do not store or process personal data that we collect about you in countries outside the European Economic Area (EEA).
How long do we keep your data?
We will only keep your data for as long as it is needed for the purpose that it was collected. We do this in accordance with our Data Retention Procedure.
These are some examples of why we may be retaining your data:
• If you are issued a Certificate by us, we will keep your record on our database so that you can apply for a copy at any time including post expiry
• We also keep a record of our financial transactions with you for our tax records
You have rights over your personal data, and ERS are committed to respecting these rights and answering any queries or requests you might have about them.
Full details of your rights and how to make requests can be found on the ICO website but this is how we deal with your rights over the data we hold.
Your right to be informed
Your right of access
You have the right to access all the personal information we hold about you. You can request this by writing to us at the address below and we will confirm if we are processing your data and provide access to all the data we hold. We will respond to a request for access within one month.
Your right of rectification
If there are mistakes in the information we hold about you, you can ask to have inaccurate personal data corrected. We will only respond to a written request for rectification, a charge may apply if you provided the inaccurate data, this will be actioned within five working days from clearance of payment.
Your right to erasure
This is also known as the “right to be forgotten” and you can ask to have your personal data deleted.
Your right to withdraw consent
If you have given us your consent to use your personal information, for example to send you communications about special offers or email newsletters, you can withdraw that consent at any time.
If we have a contract with you, you can withdraw your consent for marketing communications, but we will still be able to contact you as part of that contract – for example to let you know that a qualification you hold with us is due for renewal.
The right to lodge a complaint with the ICO
You have a right to complain to the Information Commissioner’s Office (ICO) if you believe that any use of your personal data by us is in breach of applicable data protection laws and regulations. Making a complaint will not affect any other legal rights or remedies that you have.
Questions or complaints
ERS Data Protection Manager
European Registration Scheme for Personnel Competence Ltd
Norfolk, PE30 2HZ