Data Protection Policy

This policy sets out the principles that STAIR Consultancy and Training will follow in relation to personal data that it holds about all data subjects. If any clarification of the terms of this policy is required, whether information amounts to personal data and/or whether certain actions amount to processing, contact should be made with the Director. Data protection laws protect personal data about identifiable individuals both in their private and professional capacities. As a business, STAIR Consultancy and Training may have personal data about candidates addresses, contact details, age and health (this is obtained during completion of their application form prior to some training). For PI courses a copy of these forms are sent to the candidates employer. For external certificated courses ‘Processing’ includes the holding, recording, consulting, disclosing, transferring, of information to the awarding body who will electronically hold a candidates name (in some cases their address and date of birth). After 3 years STAIR Consultancy and Training will destroy paper held information. For sub-contractors this extends to supervision, pay, disciplinary, grievance, complaints and performance management. For businesses STAIR Consultancy and Training hold business information on at least one of our computers. This information held can only be accessed by Directors of STAIR Consultancy and Training and is password protected. The information relates to your business role and our contact with you is via business email. STAIR Consultancy and Training keeps your contact information because we are engaged in commercial activity with you in relation to services which benefit both of us in our professional work.

STAIR Consultancy and Training may disclose personal data to comply with any legal or regulatory obligation or requirement. Security measures are appropriate and include the nature of the personal data and the potential harm which could result from unauthorised access. Data subject’s rights All data subjects of STAIR Consultancy and Training have the following rights with regards to their held data:

• the right to be informed;

• the right of access;

• the right to rectification;

• the right to erasure;

• the right to restrict processing;

• the right to data portability;

• the right to object; and

• the right not to be subject to automated decision-making including profiling.

Subject Access Request STAIR Consultancy and Training Data subjects have the right to request access to the data that relates to them. If requested, STAIR Consultancy and Training will comply within one month of receiving a request, however, can refuse or charge for requests that are manifestly unfounded or excessive. If a request is refused, STAIR Consultancy and Training will inform the Data Subject of the reason of refusal. The Data Subjects then have the right to complain to the supervisory authority and to a judicial remedy if they believe justified.