Last updated 09 April 2018
iRed understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, www.ired.co.uk (“Our Site”) and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.
Definitions and Interpretation
In this Policy, the following terms shall have the following meanings:
- “Account” means an account required to access and/or use certain aras and features of our sites;
- “Cookie” means a small text file placed on your computer or device by our sites when you visit certain parts of our sites and/or when you use certain features of our sites. details of the Cookies used by our sites are set out below;
- “Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 and of EU Regulation 2016/679 General Data Protection Regulation (“GDPR”);
- “Personal Data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to us via our sites. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and
- “We/Us/Our” means iRed, a limited company registered in England under company number 04260219, whose registered address is iRed Ltd, Unit 6 The Old Flour Mill, Queen Street, Emsworth, Hampshire PO10 7BT.
Information About Us
- This website is owned and operated by iRed Ltd
- Our IT Administrator, who is responsible for our data protection compliance, is Mr. Tim Mammatt, and can be contacted by email at [email protected], by telephone on +44 (0)1243 219 202, or by post at iRed Ltd, Unit 6 The Old Flour Mill, Queen Street, Emsworth, Hampshire, PO10 7BT.
- Our VAT number is GB 787868343.
- As an accredited training provider, iRed are subject to third-party audits from the British Institute of Non-Destructive Testing (“BINDT”) and the Awarding Body of the Built Environment (“ABBE”).
- As an BS EN ISO 9001 certified organisation, iRed are subject to annual audits from Approachable Certification, a UKAS accredited ISO certification body within the United Kingdom.
- iRed has successfully achieved Tier 1 Certification with the Cyber Essentials Scheme, demonstrating our commitment to cyber security.
What Does This Policy Cover?
As a data subject, you have the following rights under the GDPR, which this policy and our use of personal data have been designed to uphold:
- The right to be informed about our collection and use of personal data;
- The right of access to the personal data we hold about you (see section 12);
- The right to rectification if any personal data we hold about you is inaccurate or incomplete (please contact us using the details in section 14);
- The right to be forgotten – i.e. the right to ask iRed to delete any personal data we may hold about you (iRed only holds your personal data for a limited time, as explained in section 6, but if you would like us to delete it sooner, please contact us using the details in section 14);
- The right to restrict (i.e. prevent) the processing of your personal data;
- The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
- The right to object to iRed using your personal data for particular purposes; and
- Rights with respect to automated decision making and profiling.
If you have any cause for complaint about our use of your personal data, please contact iRed using the details provided in section 14 and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
What Data Do We Collect?
- date of birth;
- business/company name
- business/company address
- job title;
- contact information such as email addresses and telephone numbers;
- equipment information such as manufacturer, model and serial numbers;
- IP address;
- web browser type and version;
- operating system;
- a list of URLs starting with a referring site and concluding with your last activity on our sites;
- any interactions between yourself and iRed, including with our employees, sub-contractors and online portals.
How Do We Use Your Data?
All personal data is processed and stored securely, for no longer than is necessary in light of the reasons for which it was first collected. We will comply with our obligations and safeguard your rights under the GDPR at all times. For more details on security, see section 7 below.
Our use of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests. Specifically, iRed may use your data for the following purposes:
- Providing and managing your account;
- Providing and managing your access to our sites;
- Personalising and tailoring your experience on our sites;
- Supplying our products and services to you (please note that we require your personal data in order to enter into a contract with you);
- Personalising and tailoring our products and services for you;
- Replying to emails from you;
- Supplying you with emails that you have opted into (you may unsubscribe or opt-out at any time by either selecting the ‘unsubscribe’ link at the bottom of any marketing emails or by contacting us directly at [email protected]);
- Market research;
- Analysing your use of our websites and gathering feedback to enable us to continually improve our sites and your user experience;
With your permission and/or where permitted by law, iRed may also use your data for marketing purposes which may include contacting you by email, telephone, text message or post with information, news and offers on our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.
We do not keep your personal data for any longer than is necessary in light of the reasons for which it was first collected. Data will therefore be retained for the following periods (or its retention will be determined on the following bases):
- Personal data, in accordance with BINDT legislation (CP08-CM), will be held for a period of no more than 7 years. Unless otherwise instructed, this period is deemed to ‘reset’ upon further interaction with iRed, its websites, its staff or sub-contractors.
- Anonymised data collected by analytics services is stored for a period of at least 25 months. As this data is unidentified in nature, anonymised data will be held indefinitely.
- Public data (i.e. data that is freely accessible from public authorities), where appropriate/necessary, will be held by iRed indefinitely.
How and Where Do We Store Your Data?
iRed only keeps your personal data for as long as we need to in order to use it as described above in section 6, and/or for as long as we have your permission to keep it.
Some of your data may be stored outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). You are deemed to accept and agree to this by using our sites and submitting information to us. If we do store data outside the EEA, iRed will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under GDPR including:
- Ensuring all data storage providers within the U.S. either maintain a Privacy Shield certification from the U.S. Department of Commerce, which ensures that adequate safeguards are in place when personal data is transferred from the EU to the U.S., or comply to the requirements set out by the EU-U.S. Privacy Shield Framework.
- Ensuring all data storage providers outside of the EEA and U.S. hold suitable processes, procedures or certification for the secure storage and transfer of data between their member state and the United Kingdom.
We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR.
Data security is very important to iRed, and to protect your data we have taken suitable measures to safeguard and secure data collected through our sites.
Steps iRed take to secure and protect your data include:
- SSL Encryption;
- TLS Transit encryption;
- Data encryption;
- Network firewalls;
- Restricted access;
- Password management policies and procedures.