Last revised 29/11/2022
City & Guilds Kineo, a City & Guilds business, is committed to data security and the fair and transparent processing of personal data. This privacy notice sets out how we will treat the personal data which you provide to us in compliance with applicable data protection law, including the General Data Protection Regulation (EU) 2016/679 (EU GDPR), The UK GDPR and Data Protection Act 2018 (DPA)You can find out more about the City and Guilds businesses here About us | City &Guilds (cityandguilds.com)
Please read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data, how to contact us and supervisory authorities in the event that you would like to report a concern about the way in which we process your data.
Who are we?
Interact Learning Pty Ltd ABN 20 095 674 28,trading as Kineo, and all other subsidiaries, business units and entities associated with City & Guilds businesses (“we, our, us”) are committed todata security and the fair and transparent processing of Personal Information or Personal Data (herein Personal Information) when providing services to corporate and government Clients across Australia, New Zealand, the United Kingdom and the United States of America.
For the purposes of applicable data protection law, Kineo, a City & Guilds business, is the ‘controller’ of the personal data you provide to us or one of our associated companies (together the City & Guilds businesses).
We are committed to protecting the privacy of your Personal Information. This Privacy Notice, together with our website terms ofuse and any other documents referred to in them, sets out the basis on which we process personal data via our website, how we collect, use, disclose and otherwise handle Personal Information and how we will treat the personal data which you provide to us in compliance with applicable data protection laws. It also tells you how you can ask to access and correct the Personal Information we hold about you or complain about a suspected privacy breach.
We are required to comply with all privacy laws applicable in the jurisdiction in which you reside (including, but not limited to, the Australian Privacy Principles (APPs), the Privacy Act 1988 (Cth) in Australia, the Privacy Act 1993 in New Zealand, General Data Protection Regulation (EU GDPR) 2016/679 (EU GDPR), the UK GDPR, Data Protection Act 2018(in UK) and all applicable US legislation). The APPs regulate the way Personal Information is handled. We are also required to comply with more specific privacy legislation in some circumstances, such as applicable State and Territory health privacy legislation, the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
For the purposes of applicable data protection law,‘we, us, our’ refers to the ‘processor’ of the Personal Information you provide to any entity within the City & Guilds businesses.
City & Guilds owns andoperates www.cityandguilds.com (C&G Website).
What personal data do we collect?
We may collect and process the following personal data.
Information you provide to us:
· complete a form on one of our Websites; or
· answer a question on one of our Websites; or
· completea survey; or
· correspond with us by phone, email, or in writing; or
· report a problem; or
· sign up to receive communications; or
· sign up to receive our newsletter; or
· create an account with us; and
· enter into a contract with us to receive products and/or services.
We may collect your name, gender, email address, postal address, telephone number, job role, drivers licence and/or passport details, student ID number username, password, security question and answer, work site details such as name, and address. If we need to communicate with you, we may collect your email, residential and postal addresses, and telephone numbers (if a work site we may collect your work site phone number and your worksite contact email). If you apply to enrol in a training course orotherwise access our services, we may collect details of your employment and employer (or, if you are a contractor, your head contractor), training and compliance history, qualifications, banking and payment details.
Information we collect about you
If you visit any of our Websites, we may automatically collect the following information:
· technical information, including the internet protocol (IP) address used to connect your computer to the internet, login information, browser type and version, timezone setting, browser plug-in types and versions, operating system and platform.
· information about your visit to our website such as the products and/or services you searched for and view, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
How we collect information and Personal Information about you
We will collect information about you, and when we collect Personal Information about you it will be by lawful and fair means, as follows:
· directly from you in person, over the phone, through written communications (either on paper or electronic) or by you completing forms or answering questions on our Websites; or
· from third parties if it is unreasonable and impracticable for us to collect it from you, including your employer, (or, if you are a contractor, your head contractor), direct marketing database providers, government agencies, our related companies and your authorised representatives; and
· from our own records of your use of our services which we have collected from you.
Information we receive from othersources
We may also receive personal data about you if you use any of the other websites which we, or another company within the City & Guilds business, or the other services and/or products which we, or another company within the City& Guilds business, provide. You can find out more about the City & Guilds business here About us | City &Guilds (cityandguilds.com). If it is unreasonable and impracticable for us to collect any Personal Information from you and you are a tutor, apprentice, learner, contractor or supplier we may also receive Personal Information or other information about you from your centre, training provider,or employer when they register to receive products and/or services from us, or a supplier or contractor when you register to receive products and/or services from us.
We use this information to help us improve our services. We may aggregate this information for our own statistical purposes. Provided that it remains anonymous, we may disclose that aggregated information to third parties or publish it for marketing or research purposes.
If you are a learner, we may also receive information about you from your training provider or employer when they register to receive products and/or services from us.
Information about other people
If you provide information to us about any person other than yourself, such as your colleagues, your employees, your advisers oryour suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to usand for you to allow us, and our outsourced service providers, to use it.
Sensitive personal information
In certain limited cases, we may collect certainsensitive personal data from you (that is, information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences, orgenetic or biometric data).
How do we use your personal data?
When we ask you to supply us with personal data, we will make it clear whether the personal data we are asking for must be supplied so that we can provide the products and services to you, or whether the supplyof any personal data we ask for is optional.
We may use your personal data to fulfil a contract,or take steps linked to a contract:
· toprovide the products and/or services to you
· tocommunicate with you in relation to the provision of the contracted productsand services
· toprovide you with administrative support such as account creation, security andresponding to issues
· toprovide you with industry information, surveys, information about our awardsand events, offers and promotions, related to the products and/or services
Where this is necessary for purposes which are in our, or third parties, legitimate interests. These interests are:
· providing you with newsletters, surveys, information about our awards and events, offers, and promotions, related to products and services offered by a City & Guilds business which may be of interest to you
· communicating with you in relation to any issues, complaints, or disputes
· improving the quality of experience when you interact with our products and/or services, including testing the performance and customer experience of our website
· performing analytics on sales/marketing data, determining the effectiveness of promotional campaigns
· developing, improving, and delivering marketing and advertising for products and services offered by a City & Guilds business.
The main purposes for which we collect, hold, use and disclose Personal Information are:
· to identify you and verify your identity; or
· to communicate with you about our services; or
· to provide our services to you, including but not limited to, facilitating yourenrolment in online training, facilitating your access to online training materials, verifying and validating your compliance history, facilitating your communications with others via our Websites and for obtaining payment for our services; or
· for purposes required or authorised by or under law; or
· to help us improve our services; and
· for any other purposes that you have consented to.
Where required by law, we may also process your Personal Information including but not limited to responding to requests by government or law enforcement authorities, or for the prevention of crime orfraud.
You have the right to object to the processing of your personal data on the basis of legitimate interests as set out below, under the heading ‘Your rights’.
We may process sensitive personal data where you have provided explicit consent to us, or a third party who has provided sensitive personal data to us.
We may also process your personal data if required by law, including but not limited to responding to requests by government or law enforcement authorities, or for the prevention of crime or fraud.
Who do we share your personal data with?
In some circumstances we share personal data within the City & Guilds business, including City & Guilds companies registered in the UK and outside of the UK (including Kineo companies and branches internationally), to maintain and improve current and future services,customer engagement, and sales opportunities across our business.
Any shared access of personal data is subject to restrictions both legally and contractually. We take all reasonable steps to ensure that our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a genuine business need to know it.
We may also share your personal data with trustedthird parties including:
· legaland other professional advisers, consultants, and professional experts;
· serviceproviders contracted to us in connection with provision of the products andservices such as providers of IT services and customer relationship managementservices; and
· analyticsand search engine providers that assist us in the improvement and optimisationof our website.
We will ensure there is a contract in place withthe categories of recipients listed above which include obligations in relationto the confidentiality, security, and lawful processing of any personal datashared with them.
We may disclose your Personal Information to any ofthe organisations that we deal with in the ordinary administration of our business for the purposes set out above, including:
· your employer, (or, if you are a contractor, your head contractor); or
· financial institutions; and
· our service delivery partners, including:
· information technology service providers (including cloud services providers); or
· mailing houses, postal, freight and courier service providers; or
· printers and distributors of client communications; and
· external business advisers (such as recruitment advisers, auditors and lawyers).
In each case, we may disclose Personal Informationor data to the service provider and the service provider may in turn provide us with Personal Information collected from you.
We may de-identify and aggregate the Personal Information of you and others for our own statistical purposes. Provided that it remains permanently de-identified, we may disclose that aggregated information to third parties or publish it for marketing or research purposes.
If you apply for a job with us, we may discuss your application with your nominated referees.
If you have an online account via any one of our Websites, and you need to change your privacy settings of your account, youwill need to contact us, some of the Personal Information in your user profile may be disclosed to other users.
IIf you post comments or otherwise communicate publicly with other users via any of our Websites, any information about yourself that you include in the communication may be stored on that Website and accessed by other users. For this reason, we encourage you to use discretion when deciding whether to post any information that can be used to identify you.
Australia/ New Zealand / United States / South Africa
Where a third-party recipient is located outside Australia, New Zealand, the United States of America and/or South Africa, we will ensure that the transfer of Personal Information will be protected by appropriate safeguards, to comply with the requirements of applicable privacy laws in the relevant jurisdiction and any provisions of the Privacy Act and the Australian Privacy Principles, the requirements of the Privacy Act 1993 in New Zealand and any applicable privacy laws in the United States and South Africa that apply to cross border disclosures. We will share personal data with law enforcement or other authorities if required by applicable law.
How long will we keep your personaldata?
Where there is a contract between us, we will retain your personal data for the duration of the contract, and for a period following its termination or expiry, to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities.
Where you receive marketing communications, you may change your preferences or unsubscribe from marketing communications at any time by clicking the unsubscribe link in any email from us.
We may send you email marketing communications about Kineo & City and Guilds businesses, products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with applicable law including any consent requirements that may be imposed by applicable law. When we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission,include you on our marketing information campaigns.
When you visit our Sites or online services, bothwe and certain third parties collect information about your online activitiesover time and across different sites to provide you with advertising about productsand services tailored to your individual interests (this type of advertising iscalled “interested-based advertising”). These third parties may place orrecognise a unique cookie or other technology on your browser (including theuse of pixel tags). Where required by applicable law, we will obtain yourconsent prior to processing of your information for the purpose ofinterest-based advertising.
You may see our ads on other websites or mobileapps because we participate in advertising networks. Ad networks allow us totarget our messaging to users based on a range of actors including demographicdata, users’ inferred interests and browsing context (for example, the time anddate of your visit to our Sites, the pages that you viewed, and the links thatyou clicked on). This technology also helps us track the effectiveness of ourmarketing efforts and understand if you have seen one of our advertisements.
We work with Google Ads, Google Display Network,LinkedIn, Twitter and other advertising networks.
You can opt out of receiving these communicationsat any time, in the following ways:
· ifyou have an online account via one of our Websites, you can update yourcommunications preferences by logging in to your account and following theinstructions on the relevant Website; or
· contactus and tell us; and
· whereyou receive marketing communications from us, you may change your preferencesor unsubscribe from marketing communications at any time by clicking theunsubscribe link in an email from us.
To learn how to opt out of behavioural advertisingdelivered by Network Advertising Initiative member companies, please visit theNetwork Advertising Initiative and Digital Advertising Alliance. You maydownload the “AppChoices” app to opt out in mobile apps. At present there is noindustry standard for recognising Do Not Track browser signals, so we do notrespond to them.
Where do we store your personal data and how is it protected?
Personal information received within the UK &EEA is stored with an industry recognised data centre based in the EU.
Personal information received from Australia andNew Zealand (including, in some circumstances, if you reside in the UK or theEuropean Union) is stored in secure data centres in Australia although we mayuse third parties to store your data outside of Australia, whenever thishappens we take reasonable steps to protect your personal data/information fromloss or destruction. We also have procedures in place to deal with anysuspected data security breach. We will notify you and any applicable regulatorof a suspected data/information security breach where we are legally requiredto do so.
Where you have a username or password (or otheridentification information) which enables you to access certain services orparts of any one of our Websites, you are responsible for keeping this passwordconfidential. We ask you not to share a password with anyone.
We take reasonable steps to protect your personaldata from loss or destruction. We also have procedures in place to deal withany suspected data security breach. We will notify you and any applicableregulator of a suspected data security breach where we are legally required todo so.
Unfortunately, the transmission of information viathe internet is not completely secure. Although we will do our best to protectyour personal data, we cannot guarantee the security of your personal datatransmitted to our site; any transmission is at your own risk. Once we havereceived your personal data, we will use strict procedures and securityfeatures to try to prevent unauthorised access.
Under applicable data protection law, you havevarious rights with respect to our use of your personal data:
Right to access
You have the right to request a copy of thepersonal data that we hold about you by contacting us at the email or postaladdress given below. Please include with your request information that willenable us to verify your identity. We will respond within 1 month of request.Please note that there are exceptions to this right. We may be unable to makeall information available to you if, for example, making the informationavailable to you would reveal personal data about another person, if we arelegally prevented from disclosing such information. Or if your request ismanifestly unfounded or excessive.
Right to rectification
We aim to keep your personal data accurate andcomplete. We encourage you to contact us using the contact details providedbelow to let us know if any of your personal data is not accurate or changes,so that we can keep your personal data up to date.
Right to erasure
You have the right to request the deletion of yourpersonal data where, for example, the personal data are no longer necessary forthe purposes for which they were collected, where you withdraw your consent toprocessing, where there is no overriding legitimate interest for us to continueto process your personal data, or your personal data has been unlawfullyprocessed. If you would like to request that your personal data is erased,please contact us using the contact details provided below.
Right to object
In certain circumstances, you have the right toobject to the processing of your personal data where, for example, yourpersonal data is being processed on the basis of legitimate interests and thereis no overriding legitimate interest for us to continue to process yourpersonal data, or if your data is being processed for direct marketingpurposes. If you would like to object to the processing of your personal data,please contact us using the contact details provided below.
Right to restrict processing
In certain circumstances, you have the right torequest that we restrict the further processing of your personal data. Thisright arises where, for example, you have queried the accuracy of the personaldata we hold about you and we are verifying the information, you have objectedto processing based on legitimate interests and we are considering whetherthere are any overriding legitimate interests, or the processing is unlawfuland you elect that processing is restricted rather than deleted. Please contactus using the contact details provided below.
Right to data portability
In certain circumstances, you have the right torequest that some of your personal data is provided to you, or to another datacontroller, in a commonly used, machine-readable format. This right ariseswhere you have provided your personal data to us, the processing is based onconsent or the performance of a contract, and processing is carried out byautomated means. If you would like to request that your personal data is portedto you, please contact us using the contact details provided below.
While we are happy for such requests to be made, weare not able to guarantee technical compatibility with a third-partyorganisation’s systems. We are also unable to comply with requests that relateto Personal Information of others without their consent.
If you would like to exercise any of the aboverights and request that your Personal Information is ported to you, pleasecontact us using the contact details provided below.
Please note that applicable data protection lawsets out exceptions to these rights. If we are unable to comply with yourrequest due to an exception, we will explain this to you in our response.
To the extent that we are processing your PersonalInformation based on your consent, you have the right to withdraw your consentat any time. You can do this by contacting us using the details in the Contactsection below.
Cross border disclosure of Personal Information
Processing outside of the United Kingdom (UK),European Economic Area (“EEA”), Australia (AUS), New Zealand (NZ), UnitedStates of America or South Africa.
To the extent that any Personal Information isprovided to third parties outside the UK,EEA, AUS, NZ, USA, South Africa or whowill access the information from outside the UK, EEA, AUS, NZ, USA, SouthAfrica we will ensure that approved safeguards are in place to ensure that wecomply with applicable data protection laws, including international datatransfer agreements in the UK, and the use of standard data protection clausesadopted or approved by the European Commission when applicable. Weprocess/collect Data and Personal Information on our server with theapplication located in Australia, however we may process your PersonalInformation on a server located outside the country where you live, includingoutside the UK, EEA, AUS or NZ. The primary location of user data and datauploaded to our Platform is a datacentre in the AUS operated by our third-partycloud hosting provider, Amazon Web Services (“AWS”). AWS is an ISO 27001 andData Protection certified.
Third Party Service Providers
As mentioned above, we will share your PersonalInformation with trusted third parties (with whom we have a contractualrelationship) where we have retained them to provide services that you or ourclients have requested, and to perform maintenance or respond to technicalincidents affecting our services.
Where we disclose Personal Information to thirdparties, we require minimum standards of confidentiality and data protectionfrom such third parties and the Information Security Handbook applies.
Automated decision-making takes place when anelectronic system uses Personal Information to make a decision without humanintervention. It is specifically regulated under applicable data protection lawwhere such decisions are taken which have legal or other significant effects onindividuals. It is permitted in the following circumstances:
· Whereit is necessary to enter into or perform our contract with you and appropriatemeasures are in place to safeguard your rights.
· Inlimited circumstances, with your explicit written consent and where appropriatemeasures are in place to safeguard your rights
· Youwill not be subject to decisions that will have a significant impact on youbased solely on automated processing, unless we have a lawful basis for doingso, we have notified you and given you a right to challenge the decision or torequire that the decision be taken by a person
Data quality and security
We hold Personal Information in a number of ways,including in electronic databases, email contact lists, and in paper files heldin secure premises. Paper files may also be archived off site in secure facilities. We take reasonable steps to:
· makes ure that the Personal Information that we collect, use and disclose isaccurate, up to date and complete and (in the case of use and disclosure)relevant; and
· protectthe Personal Information that we hold from misuse, interference and loss andfrom unauthorised access, modification or disclosure; and
· destroy or permanently de-identify Personal Information that is no longer needed forany purpose that is permitted by the APPs.
The steps we take to secure the Personal Information we hold include ICT security (such as encryption, firewalls,anti-virus software and login and password protection), secure office access,personnel security and training and workplace policies.
We process payments using PayPal/Stripe and online technologies. All transactions processed by us meet industry security standardsto ensure payment details are protected.
While we strive to protect the Personal Informationand privacy of users of our Websites, we cannot guarantee the security of anyinformation that you disclose online, and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact us by telephone or post.
You can also help to protect the privacy of your Personal Information by maintaining the confidentiality of your account(including your password), and by ensuring that you log out of your account onthe relevant Website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.
How can you access and correct your Personal Information?
You can request access to the Personal Information that we hold about you and request corrections by contacting our Privacy Officer (see section below).
If you have an online account via any of our Websites, you can access and change some of your Personal Information by logging in to your account and following the instructions on the relevant Website.
If you have a complaint about how we have handled your Personal Information, please contact our Privacy Officer who will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week.
If your complaint can’t be resolved at first instance, we will ask you to complete a Privacy Complaint Form.
We will endeavour to acknowledge receipt of the Privacy Complaint Form within 5 business days of receiving it and to complete our investigation into your complaint in a timely manner.
In most cases, we expect that complaints will be investigated, and a response provided within 30 days of receipt of the Privacy Complaint Form. If our investigation may take longer, we will let you know.
United Kingdom / European Union
If you believe that your data protection rights mayhave been breached, and we have been unable to resolve your concern, you may lodge a complaint to the applicable supervisory authority or to seek a remedy through the courts. Pleasevisit https://ico.org.uk/concerns/ for more information on how to report a concern to the UK Information Commissioner's Office. E-mail usat firstname.lastname@example.org or Contact us.
If you believe that your data protection rights mayhave been breached, and we have been unable to resolve your concern, you maylodge a complaint to the applicable supervisory authority or to seek a remedy through the courts. E-mail us at email@example.com or Contact us.
If you are unhappy with our response, you can refer your complaint to the Office of the Australian Information Commissioner or, in some instances, other regulatory bodies, such as the Australian Communications and Media Authority. E-mail us at firstname.lastname@example.org
If you are unhappy with our response, you can refer your complaint to the Office of the Privacy Commissioner Please visithttps://www.privacy.org.nz/your-rights/making-a-complaint/ for more informationon how to report a concern. E-mail us at email@example.com
Ifyou have any queries about this privacy notice, the way in which the City & Guilds businesses process personal data, or about exercising any of your rights, please send an email to firstname.lastname@example.org or write to Data Protection, City & Guilds , Giltspur House, 5-6 GiltspurStreet, London EC1A 9DE.
Australia & New Zealand
If you have any queries about this privacy notice, please contact our Privacy Officer or write to us at: Interact Learning Pty Ltd (Kineo), Level 24, RAA Place, 91 King William Street, Adelaide, SA, 5000
For online enquiries you can email email@example.com or reach us via telephone: +61 1300 303 318
Changes to our privacy notice
Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to ourprivacy notice.