This policy applies to all COSAC customers, suppliers and business contacts.
In its everyday business operations, COSAC makes use of a variety of data about identifiable individuals, including data about:
In collecting and using this data, COSAC is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
The purpose of this policy is to set out the relevant legislation and to describe the steps COSAC is taking to ensure that it complies with it.
This control applies to all systems, people and processes that constitute the organisation’s information systems, including directors, employees, suppliers and other third parties who have access to COSAC systems.
COSAC is strongly committed to protecting your personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals or by others. We may use personal data provided to us for any of the purposes listed in this privacy statement.
Under the EU General Data Protection Regulation (GDPR) and UK Data Protection Laws personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
COSAC is an innovative, work-focused training academy in Cheshire. Not only do we have a state of the art Smart Meter Training facility and we are delivering our best in class Smart Meter Installation programmes. We are the first company to develop an online course approved by CSCS as an alternative course for the Green Labourer Card – Safe2Site. We also offer a variety of compliance training, we are a centre for CITB Site Safety Plus, offering both SSSTSand SMSTS courses as well a range of online courses.
COSAC is a trade name of The Compliance & Skills Academy Ltd Company Registration 07140001
COSAC processes personal data for a number of different reasons, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ. The retention periods for your data can be viewed upon request and found in our Data Management and Retention policy.
In order for us to provide you with our services we need to collect personal data for the purpose of correspondence, delivery of the services and billing. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose. The lawful basis for processing this data is for the purposes of a contract.
We may also use your data for marketing purposes to keep you up to date with activities that may be of interest to you, we may also send newsletters and magazines.
We will not market to you without consent if that is the lawful basis we process the data under. You can withdraw consent at any time. To withdraw consent, you can send an email to [email protected] or click the unsubscribe link at the bottom of any email you receive, and you will be immediately removed from any future emails.
COSAC may also process some data in the legitimate interest of the business, this information has been through a legitimate interest balancing test to ensure the data is not a risk ‘to the rights and freedoms’ of you as the data subject.
When collecting and using personal data, our policy is to be transparent about why and how we process it. The types of personal data we process are shown below:
The security of this data is taken very seriously, our information security management system is independently certified as complying with the requirements of ISO/IEC 27001: 2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the controls we have in place to ensure the data we hold is secure.
We will only share personal data with others when we are legally permitted to do so. When sharing data, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
The data subject also has rights under the GDPR. These consist of:
Each of these rights are supported by appropriate procedures within COSAC that allow the required action to be taken within the timescales stated in the GDPR.
These timescales are shown in Table 1.
Data Subject Request
|The right to be informed||When data is collected (if supplied by data subject) or within one month (if not supplied by data subject)|
|The right of access||Within one month|
|The right to rectification||Within one month|
|The right to erasure||Within one month|
|The right to restrict processing||Without undue delay|
|The right to data portability||Within one month|
|The right to object||On receipt of objection|
|Rights in relation to automated decision making and profiling.||Not specified|
Table 1 – Timescales for data subject requests
You are entitled to implement any of your rights above by writing to the Data Privacy Officer at Data Privacy Officer, COSAC, Stuart Road, Manor Park, Runcorn, Cheshire, WA7 1TS, or emailing [email protected].
There are some cases in which a data subject would not be lawfully within their rights to enact some of the individual rights. An example of this would be an employee requesting to ‘be forgotten’. In this case the employee data is required to be processed for the employee to have a contract of employment and receive their salary. The legal basis for this processing is contractual and therefore an employee cannot make a request for erasure of their information.
We require proof of your identity before we can disclose personal data. A scan / copy of your passport, driving licence or a recent utility bill with your name and address on it will be accepted as proof.
Alternatively if you would like to contact the supervisory authority for the UK they can be found at:
Switchboard: 01625 545 700
Email: [email protected]
Data Protection Help Line: 01625 545 745
Notification Line: 01625 545 740
COSAC is registered with the Information Commissioners Office under THE COMPLIANCE & SKILLS ACADEMY LTD Registration Number: ZA194271