Privacy – GDPR
Legal information – General Data Protection Regulation GDPR.
Grays Medic is committed to protecting and safeguarding your personal data. As part of this commitment, please find here our privacy policy to meet the high standards of the new European data protection law, known as the General Data Protection Regulation (GDPR).
Privacy Notice: Grays Medic.
Who we are
Grays Medic is a UK registered Learning Provider, a TQUK approved center and accredited provider of the CPD accreditation group. For the purpose of data protection legislation, Grays Medic is the data controller for the personal data collected and processed as part of our training courses registration and qualifications processing. We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice.
How we will use your information
We receive and process the personal data you provide when you book or attend one of our training courses, when you sign up to our newsletter, complete a survey, take part in a competition or when you fill the contact forms in our website. Either, because you have requested that we provide you with our training services, you are registered to obtain one of our qualifications, you request information about our services or you consent to receive our newsletters and relevant information.
Specifically, we will use your data in the following ways:
The information you provide in our website forms, by mail or phone (and any subsequent updates to your profile, including registration to events and booking courses) is managed internally by our administration assistant to ensure that we have an accurate picture of your preferences and circumstances in order to provide a tailored service and information to you. Any subsequent information you provide will also be recorded in order to continue to provide you with a tailored service.
We use your contact details to communicate with you by telephone and to send you email, and postal messages, providing you with the information requested, confirm your bookings, send your certificates and invoicing our services. We may also contact you to gauge your interest in taking on one of our courses. In each message, you will be given the opportunity to unsubscribe from further communications.
The information we collect from you as a client (such as company name, contact name and contact details) is used for identification, administration, analysis and targeting purposes. We do not share this information with third parties except:
- Trusted partners (trainers) – When you book a course with us we share your contact name, company and phone number with trusted partners working on our behalf in order for us to provide the training booked. or ‘the service’. These partners are required to strictly comply with our privacy policies that prohibit them using your personal data for any other purpose. We transfer this information by email.
The information we collect from you as a learner or course attendee (such as learner name, date of birth, age, job title, location, email and qualification information – course number, course date, certification type), is used for identification, administration, analysis and titled the learner to their qualifications. We do not share this information with third parties except:
- Awarding Bodies, when you attend an OFQUAL course in order to obtain a QCF qualification with us, we transfer the learners information to our awarding body. The information is transferred from the physical registers to our awarding body’s platform. Note: The date of birth is a variable to ensure the awarding body do not hold duplicate records.
- Your personal data, supplied for the purposes of this service, will be used as long as it is deemed necessary. We will delete this information if you request us to do so. It’s important to take into consideration that we need to have accurate information on learners (such as what qualifications they hold, when and where they undertook their training and when it expires).
Why our use of your personal data is lawful
In order for our use of your personal data to be lawful, we need to meet one (or more) conditions in the data protection legislation:
- Contractual requirement, where we need to perform the contract we are about to enter into or have entered into with you. When you have requested information about our services, you have agreed to your data being used to deliver the service.
- Legitimate interest, where it is necessary to collect and process your data to enable us to give you excellent and reliable services. It is a legitimate interest to collect and process the necessary data to entitled the learner to their qualifications.
- Where we need to comply with a legal or regulatory obligation.
| Data | Purpose/Activity | Lawful basis |
| Company Name Contact Name Tel number Address |
To register you as a new customer | Contractual requirement |
| Company Name Contact Name Tel number Address |
To process your booking and deliver the course | Contractual requirement Legal or regulatory obligation |
| Financial Contact and details Invoice address Tel Number |
To send an invoice and recover debts. To manage paymest, fees and charges |
Legitimate interest |
| Company name Contact Name |
To manage customer relationship: – Notify changes in terms and conditions. – Norify changes in the privacy policy – Ask for a review about our services |
Contractual requirement Legal or regulatory obligation Legitimate interest |
| Usage of services Company Name Contact Name Tel number Address |
To send relevant information and advertisements to you and study the use of our services to design our marketing strategy | Legitimate interest to grow our business and offer relevat information and services |
| Company Name Learners Course Course Date Certificate type Expiry date |
To obtain the qualification | Contractual requirement Legal or regulatory obligation |
| Learner name Date of birth (Just for Ofqual Courses) Age (Just for Ofqual Courses) Job title (Just for Ofqual Courses) Location (Just for Ofqual Courses) Course Course Date Certificate type Expiry date |
To perform identification, administration, analysis and entitled the learner to their qualifications. To assign the course to the learner |
Contractual requirement Legal or regulatory obligation Legitimate interest |
Who we will make your personal data available to
We need to make personal data available to third party organisations. These include trusted partners (as mentioned above) who help us deliver the service on our behalf or our awarding body in order to process the QCF qualifications.
We will only use your personal data for the purposes for which we collected it, reasons compatible with the original purpose or to satisfy any legal, accounting, or reporting requirements.
How long we will keep your personal data
We will only keep your personal data for as long as we need it for the purpose(s) of the service, after which point it will be securely destroyed. OFQUAL requirements state we must hold this information for at least three years. As long as your account is active with us we will retain learner information for record retrieval and reporting purposes.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Our data storage
Only authorised personnel have access to clients and learners data and they are subject to a duty of confidentiality and perform their work under instruction. we limit the access We have put in place appropriate security measures to prevent unauthorised access to your personal data and the procedures to deal with any suspected personal data breach. we store all data in an application that has role-based access privileges.
All of our data is stored in the cloud. We retain physical copies of the attendance registers, attendees register and assessment forms for auditing purposes.
Our website Security Standards.
Our Web propertyes use SSL (secure sockets layer) to encrypt data you transmit to us across the Internet and access to the server is controlled. We use cookies to make our services easy, useful and reliable.
Our Website Third-party links.
Our website may include links to third-party websites, plug-ins and applications that are not under our control and we are no responsible for their privacy statements. When you click on this links please make sure you read and understand their privacy notice.
Marketing consent.
Grays Medic requires direct marketing consent to process personal data from individuals, however, we are able to keep communication with our existing business-clients in a business to business basis, which is known as soft-opt in. We may use your data to offer you certain services that may be of interest to you, as a business customer you can opt out of this marketing communications at any time.
You may receive marketing communications from us if have not opted out of receiving these communications, you have requested information regarding our company and services or you have registered in any of our promotional programs.
Your data protection rights
You have the right:
- To ask us for access to information about you that we hold
- To have your personal data rectified if it is inaccurate or incomplete
- To request the deletion or removal of personal data where there is no compelling reason for its continued processing
- To restrict our processing of your personal data (i.e. Permitting its storage but no further processing)
- To object to direct marketing (including profiling) and processing for the purposes of offering our services.
If you need to contact us regarding any of the above, please do so via Grays Medic site.
You have the right to ask for deleting your data. You can do this by asking for a removal on this link.
If at any time you would like to view a copy of the data we hold on you, you can request it by contacting the freephone 08081661016 or contact us
If you are unhappy with our use of your personal data, please let us know by contacting here.
Alternatively, You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Last updated
We may need to update this privacy notice periodically so we recommend that you revisit this information from time to time. This version was last updated on 25 May 2018.
