1. Overview

Harley J Associates Ltd (known here as HJA Ltd) collects and processes personal data only to provide services to our clients, answer enquiries, manage our operations, and meet legal requirements. The information outlined sets out how we use our clients' personal data - personal identifiers, contacts and characteristics (for example, name and contact details).

​

This information will be updated as required to ensure compliance with data protection legislation.

Where this policy refers to "we", "our" or "us" below, unless it mentions otherwise, it refers to HJA Ltd.

​

2. Who we are

HJA Ltd is the data processor. We receive, collect and coordinate data from and about enquirers and clients for training and consultancy purposes and to ensure we can deliver our services as agreed.

​

We also process personal data to enable us to obtain payment.

​

3. The information we collect and how we collect it

As soon as an individual contacts us, we create a record in their name in our client relationship management (CRM) system, HubSpot. This record holds the individual's name, email address and any other contact information provided (such as a telephone number). This record also holds email communication we have with individuals to ensure we carry out their instructions carefully.

Information may be automatically collected anonymously when individuals browse our website through Visitor Analytics. This is used to improve our website and provide a better service. See Section 5 for further details of the systems we use and links to their privacy policies.

​

4. How personal information is used

We collect and process an individual's personal data to deliver our services, to manage our operations effectively, and to meet our legal requirements.

​

5. Who we share personal data with

To make an informed decision about whether to provide consent for personal data to be processed or stored by HJA Ltd, please be aware of the organisations that act as sub-processors for us in the provision of our services, as follows:

​

• Visitor Analytics, a website analytics system. We use this to provide us with statistics and insights to improve site performance. The data is aggregated and anonymised and Visitor Analytics does not sell data or pass it to any third party. This information cannot be traced back to any individual. Visitor Analytics' privacy policy can be viewed at the following link: https://www.visitor-analytics.io/en/support/legal-data-privacy-certificates/gdpr-compliance/gdpr-compliance-overview/

• HubSpot, a client relationship management system. We use this to store contact information and correspondence with anyone who contacts HJA Ltd. Their data processing agreement is outlined here: https://www.hubspot.com/data-privacy/gdpr

• Canvas, a learning management system. We use this as a tool to deliver PRINCE2 training. Their data processing agreement is outlined here: https://www.instructure.com/canvas/privacy

• PeopleCert, an exam institute. We provide them with our candidates' contact information for exam and certification purposes. Their data processing agreement is outlined here: https://www.peoplecert.org/terms-of-service-and-privacy-policy#privacy-policy

• Xero, a cloud-based accounting software. We use this to manage our financial information. Their data processing agreement is  outlined here:  https://www.xero.com/uk/campaigns/xero-and-gdpr/

​

These providers only use personal information disclosed to them to provide their service. We have contracts in place requiring them to keep our clients' or enquirers' information secure and to be used only in accordance with our specific instructions.

​

Other ways we may share personal information

We may disclose personal information for us to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts, or to protect the rights, safety or property of our clients, enquirers and staff. However, we always aim to ensure that privacy rights continue to be protected.

​

6. The length of time we keep our clients' or enquirers' personal information

We only keep identifiable records for as long as they have a legal or business purpose.

​

Our data retention schedule is as follows:

​

We retain training records on our LMS for ten years. A person's training record is available to them should they require this in future.

​

All financial records are kept for seven years for tax purposes, in line with HMRC requirements for auditing purposes.

​

7. An individual's rights

Under the General Data Protection Regulation (GDPR) that came into force on 25 May 2018, individuals have additional rights over their personal data.

​

GDPR is focused on re-empowering individuals and giving them more control over their personal data, as well as holding data controllers and data processors accountable for the safety of the data they hold.

​

These new rights are as follows; an individual has the right to:

​

1. Be informed about how their data is being used

2. Access their data held on file

3. Have their data rectified if there are errors

4. Know about how automated decisions are made (for example, credit checks when applying for a loan)

5. Object to how their information is being used

6. Erasure - the deletion of all information an organisation holds on file about them (unless some records are kept to comply with a legal obligation, for example)

7. Restrict processing - so an organisation cannot use your data

8. Data portability - to transfer your data from one organisation to another

 

Individuals can request a copy of all data that is held about them which we are legally obliged to provide in electronic format within one month of a request, free of charge. We will need to confirm an individual's identity before we do so. Any corrections may then be requested, or object to the processing of the data, or request erasure of this information. We are also legally obliged to transfer an individual's records to another provider within one month, free of charge, if requested.

​

8. Contact us

To request a copy of personal data, or if an individual is concerned about how we have processed their personal information, please contact our data controller, as follows:

​

Email: info@harleyjassociates.co.uk

Telephone: 020 3131 0039

Post: Fuel Tank, Studio B105, 8-12 Creekside, London, SE8 3DX

​

We will acknowledge your request within 24 hours and will respond to the request, query or concern within 30 days.

​

9. Concerns and complaints

Any concerns with how we process an individual's data can also be addressed to the Information Commissioner’s Office (ICO) at the following link: https://ico.org.uk/concerns/