Policy prepared by: William Mayor
Approved by board / management on: 5th July 2014
Policy became operational on: 6th July 2014
Last review date: 28th June 2019
Next review date: 28th June 2020
We, Diversity and Ability, collect certain information or data about our customers, suppliers, employees, and other people we have a working relationship with. This document describes the kinds of data we might collect, how we might use that data, and how we store it.
If you have any questions about this policy, or if you want more information, please contact our Data Protection Lead, William Mayor, on firstname.lastname@example.org.
If you use any of our websites (diversityandability.com, and pistachio.DnAmatters.co.uk) then your browser may collect and send information to us. This data is commonly referred to as analytics data and covers details such as your browser, your operating system, what pages you visit and what order you visit them.
If you sign up to our newsletter we store your email address alongside a short description of how you signed up. For instance if you signed up using our website, or if you met us at a D&A Workshop.
If you are a D&A Partner (an organisation that works with D&A), or an employee of a Partner, then we may store your name, email address, and other contact information.
If you are a D&A Learner (someone who receives D&A training) then we might store your name, email address, and other contact information. We might also store your home address. If you have given us consent, then we might also collect and store information about you given to us by a funding body, university, workplace, or any DSA or AtW body. This could include information about your health and disabilities. At D&A we work with you to create Individual Learning Reviews (ILRs) that are documents that describe your journey with us. ILRs might contain personal data, including your name and possibly sensitive personal data that you might choose to share with us (e.g. if you have been diagnosed with a disability).
If you leave feedback, book a consultation or send us a message via our website then we might collect and store your name, email address, and telephone number, alongside the feedback/message you send to us.
If you sign a D&A Trainer’s timesheet then we might collect and store your name and your signature, alongside information on the training we provided you.
What is it used for?
Analytics data, including website data, newsletter signups, and feedback data, can be analysed in aggregate to provide us with anonymous reports on our business. For instance, we might create reports on how our customers interact with our website, or how feedback might help improve our services, strengthen our campaigns and expand our outreach. These aggregate reports do not contain personally identifiable information. We may choose to make these anonymous reports public.
Occasionally we might create tailored reports for a D&A Trainer or Partner. These reports could contain personally identifiable information such as your name or the feedback you left us. These reports will only be shared with authorised individuals, such as your D&A Trainer, Employer or Needs Assessor.
More detailed reports (such as ILRs) are used by you (the Learner) to reflect on and review the training you’ve had with us. We might also share your ILR with relevant Partners, for instance your Needs Assessor. This is so that D&A and our Partners can ensure that we are providing you with the top-quality service you deserve.
Contact information, such as an email address or telephone number, is used solely by us to communicate directly with you. We might need to store your home address in order to deliver D&A Training where you live. We try to communicate with you however you would prefer, so we might organise Training sessions over the phone, by SMS, by email, etc. Your contact information is only shared with the people that need to know it, for instance your Trainer, or the D&A Bookings Team.
Timesheets are saved internally at D&A for financial audit purposes. We also send timesheets to funding bodies and employers as part of our invoicing process.
How is it stored?
The vast majority of the data that we collect is stored in our GSuite accounts. This includes emails, timesheets, ILRs, and information from D&A Partners. We are satisfied that Google provide adequate protection of this data, you can read about this protection on Google’s GDPR site.
We also store information in databases hosted for us by Heroku. Heroku is a US company, that operates inside the EU, and that is owned by Salesforce. We use Heroku to store information about our Learners and their sessions. This data includes names, addresses, dates of birth, and other personal data. We are satisfied that Heroku provide adequate protection of this data, you can read about this protection on Salesforce’s GDPR overview.