Privacy Notice
Privacy Notice
This notice relates to the way in which Onefile Ltd (“Onefile”) processes personal information about individuals.
We have provided a glossary at the end of this document for your reference but if you have any difficulty understanding the information in this policy, please contact us at [email protected].
This policy only relates to instances where we are the Data Controller and we directly collect the information from individuals.
We do not process any personal data that we receive indirectly from third-parties, other than where we are acting on the instructions of our Clients. These may be your employer, an independent training provider, a college, university or any other organisation who may have engaged with us for the purposes of using our products and services to provide you with a service. In these circumstances our Clients are the Data Controller and we are the Data Processor. If you have any questions about how our Clients process your personal information, then you must contact that organisation directly.
Onefile has elected Robert Baker as our Data Protection Officer and you can contact him in several ways:
Email
[email protected]
Post
Data Protection Officer
6th Floor Cornerblock
Quay Street
Manchester
M3 3HN
We get your information from various channels and sources depending on how you choose to contact us or engage with any of our products or services. Please select from the following list to view how we process your personal information in each case, when you:
• Visit our website
• Sign in to any of our products using your login
• Sign in to any of our products as an external verifier or external quality assurer
• Join one of our resource mailing lists
• Make an enquiry
• Create and use a Onefile Keychain
• Apply for a job with us
• Make a complaint
• Request technical support for any of our services
• Book a sales demonstration
• Book a webinar
• Sign up to our newsletter
• Sign up for the OneFile ideas portal
• Sign up for the UX research programme
Analytics
When you visit any website using the onefile.co.uk domain name, we use a third-party service, Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out how many visitors are visiting which parts of our sites. This information is only processed in a way that does not identify anyone. We do not send your IP address to Google or let Google identify who you are.
We also record standard internet log information on our servers that are hosted with Microsoft Azure and Amazon Web Services which are located within the United Kingdom. This log information does record your IP address and we record and monitor this for security reasons. This information is only shared with Onefile employees.
Cookies
If you consent, we will use a cookies tool to track your IP address on the pages you visit on our website. You will be prompted for your consent when you first visit our website.
Security and performance
We use a third-party service called Cloudflare to protect our website at www.onefile.co.uk. Cloudflare is a security service that monitors the traffic flowing to our service is legitimate and can challenge or block access to anything it thinks might be malicious. Cloudflare servers are located worldwide but under normal working circumstances, if you are accessing our services within the United Kingdom then then traffic will be routed through a Cloudflare server based in the United Kingdom.
Purpose and legal basis for processing
The purpose for implementing all of the above is to maintain and monitor the performance of our websites and information services and to constantly look to improve the way we are doing this. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
What are your rights?
As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it. For more information on your rights please see the section “Your data protection rights”.
Pendo
When you use any of our products that are accessed with a login (such as our Eportfolio or Learning Hub), we may use a third-party service called Pendo. Whether or not we actually use this third-party will depend on whether the organisation from which you received your login, provided their consent for this service to be used. If they did provide such consent, then we will always seek your individual consent before using this service by presenting you with an option to provide such consent. Please note that if you do not see an option to opt into this service, then it means that it is not being used.
Purpose and legal basis for processing
The purpose for processing is to maintain and monitor the performance of our products and to constantly look to improve the way we are doing this.
What we collect and why we need it
We use Pendo to collect, store and analyse the pages you view, and the elements on the screen such as buttons and links, to understand how you are using our websites so that we may learn how our websites are performing so that we can continually improve them. By using this service, you will also benefit from on-screen guides and walkthroughs that will improve the user experience, helping you get the most out of our products. You will also be able to participate in short polls, surveys, and provide feedback.
Do we use any data processors?
Although Pendo is an incorporated company based in the USA, the information we collect is stored in an EU-located data centre.
Purpose and legal basis for processing
The purpose for implementing all of the above is to maintain and monitor the performance of our websites and information services and to constantly look to improve the way we are doing this. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
What are your rights?
As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. You may opt out of using this service at any time by stating your preference in our products.
If you are an external verifier or external quality assurer using our products
If you are an external verifier or external quality assurer, then also please see the section below to see how we additionally process your information.
Purpose and legal basis for processing
Our purpose for us collecting the personal data that you provide to us is to fulfil our obligations in providing you with the access required for you to complete your role. The legal basis we rely on to process your personal data is article (6)(1)(B) of the GDPR which allows us to process personal data in order to perform a contract.
What we need
Your name, email address and name of your awarding body.
Why we need it
We need your name and email address to create your login and the name of the awarding body is used to ensure that you have been assigned to the correct qualification.
What we do with it
When we receive a request with your information from a Centre Manager to create an account for you, we will contact you first to ensure that:
(a) you do not already have an account with us; and
(b) whether you are happy for us to create an account or assign the new centre to your existing account
Once you have confirmed one of the above, we will use the details provided to create your account on Onefile and send you an automatically generated email with your login information on.
How long we keep it
Your information will be kept on our systems until a Centre Manager, or yourself, contact us to ask to be removed.
What are your rights?
You have several rights – please see the section on “Your data protection rights".
Do we use any data processors?
The data is stored on Microsoft Azure and Amazon Web Services, both located in UK data centres.
When you visit the ‘Explore’ section of our website you will have the option of joining one of our online communities which is a resource mailing service that we provide that you subscribe to. The different online communities are:
• Apprenticeships
• Apprenticeship funding
• Further & Higher Education
• Training & CPD
• Healthcare
• Local authorities
Joining one or more of these communities will give you access to more detailed resources that are not available otherwise on our website. You will also receive future resources of similar interest in the future by email and you can opt out of this subscription service at any time. We will not contact you for any other reason than to supply you with future resources and information relating to the topic(s) you have selected.
Purpose and legal basis for processing
Our purpose for collecting the information is so we can provide you with a service and send you resources that you are interested in. The legal basis we rely on to process your personal data is your consent under article 6(1)(a) of the GDPR.
What we need
Your name, job title, organisation name and email address.
Why we need it
We need these details to provide you with our service and understand who our members are and the organisations they work for.
What we do with it
We use your name and email address to create an email that will send you your future resources and we use your job title and company to understand the make-up of the membership so that we can devise more appropriate resources in the future.
How long we keep it
We keep this information until you opt-out of the service and then it is erased.
What are your rights?
We rely on your consent to process the personal data you provide to us for marketing purposes. This means you have the right to withdraw your consent, or to object to the processing of your personal data for this purpose at any time. If you do that, we’ll update our records immediately to reflect your wishes.
For more information on your rights, please see “Your data protection rights”.
Do we use any data processors?
The information we collect from you is stored on a third-party called HubSpot which is located in the USA and uses standard contractual clauses within their contract which are approved under GDPR. Please see HubSpot’s privacy notice.
Purpose and legal basis for processing
Our purpose for processing your personal data is so we can fulfil your information request to us.
The legal basis for this is article 6(1)(f) of the GDPR which relates to processing required for our legitimate interests.
What we need and why we need it
We need information from you to respond to you and to locate the information you are looking for. This enables us to deliver a quality service.
What we do with it
When we receive a request from you we will set up an electronic case file containing the details of your request. This will normally include your contact details and any other information you have provided. We’ll also store on this case file a copy of the information that we send back to you and keep this as a communication history.
How long we keep it
We keep this information for 3 years from the time you make your enquiry. If your enquiry is a sales enquiry then we keep this information for 5 years.
What are your rights?
You have several rights – please see the section on “Your data protection rights".
Do we use any data processors?
If your enquiry has been sent from the online form on our website at https://www.onefile.co.uk/contact-us then the details you provide will be stored with a third-party service called HubSpot which is located in the USA and uses standard contractual clauses within their contract which are approved under GDPR.
If you are making a sales enquiry then your details will be stored within the EEA with a third-party service called salesforce.com.
Purpose and legal basis for processing
Our purpose for us collecting the personal data that you provide to us is to fulfil our obligations in providing you with the services that you have signed up for.
The legal basis we rely on to process your personal data is article (6)(1)(B) of the GDPR which allows us to process personal data in order to perform a contract.
What we need
Your name and email address.
Why we need it
We need your name as part of the contract and your email address is used to form part of your login and also, so we can send you communications regarding the services we are providing.
What we do with it
In addition to the information we collect from you when registering you may enter at your discretion further personal data that may include:
(a) Your logins to other OneFile services
We will track when you log in and monitor the frequency in which you log in.
How long we keep it
The data you store with us will remain with us until you terminate the agreement. We reserve the right to monitor the activity of your account and if it has been inactive for 12 months we will attempt to contact you and ask you if you wish to keep it.
What are your rights?
You have several rights – please see the section on “Your data protection rights".
Do we use any data processors?
The data is stored on Microsoft Azure and Amazon Web Services, both located in UK data centres.
Purpose and legal basis for processing
Our purpose for processing the personal data that you provide to us is to assess your suitability for the role you have applied for.
The legal basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract.
The legal basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnic information is article 9(2)(b) of the GDPR, which also relates to our obligations in employment and the safeguarding of your fundamental rights and article 9(2)(h) for assessing your work capacity as an employee. And Schedule 1 part 1(1) and (2)(a) and (b) of the DPA2018 which relates to processing for employment, the assessment of your working capacity and preventative or occupational medicine.
What we need
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
Application stage
If you use our online application system, this will be collected by a data processor on our behalf. We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our HR team will have access to all this information.
Shortlisting
Our hiring managers shortlist applications for interview. They will be provided with your name or contact details, plus your previous experience, education and answers to questions relevant to the role you have applied for.
Assessments
We might ask you to complete tests and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by Onefile Ltd.
If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise. If you say no, these details will be deleted.
Conditional offer
If we make you a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability. You will therefore be required to provide:
• Proof of your identity – you will be asked to attend our office with original documents, we will take copies
• Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies
• We will contact you to complete an application for a Basic Criminal Record check via the Disclosure and Barring Service
• We will contact your referees, using the details you provide in your application, directly to obtain references
• We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work
Final offer
If we make a final offer, we will also ask you for the following:
• Bank details – to process salary payments
• Emergency contact details – so we know who to contact in case you have an emergency at work
Why we need it
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect your application if you don’t.
What we do with it
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
Final recruitment decisions are made by hiring managers and members of our HR team. All the information gathered during the application process is considered.
How long we keep it
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the campaign, unless you request otherwise. Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign, unless you request otherwise.
What are your rights?
You have several rights – please see the section on “Your data protection rights".
Do we use any data processors?
If you use our online application system, you will provide the requested information to Workday who provide this online service for us and are used internally for HR records system. Once you click ‘Apply Now’ you will be taken to Workday website and they will hold the information you submit but OneFile will have access to it. If you accept a final offer from us, some of your personnel records will be held on Workday.
Workday will also provide us with management information about our recruitment campaigns. This is anonymised information which tells us about the effectiveness of campaigns, for example, from which source did we get the most candidates, equal opportunities information for monitoring purposes. This anonymised information will be retained for 6 years from the end of the campaign.
If you apply for a Secondment, then the data is stored on Microsoft Azure and Amazon Web Services, both located in UK data centres.
Secondments/work experience
We also offer opportunities for people to come and work with us on a secondment/work experience basis. We accept applications from individuals or from organisations who think they could benefit from their staff working with us.
Applications are sent directly to OneFile Ltd. Once we have considered your application, if we are interested in speaking to you further, we will contact you using the details you provided.
We might ask you to provide more information about your skills and experience or invite you to an interview. If we do not have any suitable work at the time, we will let you know but we might ask you, if you would like us to retain your application so that we can proactively contact you about possible opportunities in the future. If you say yes, we will keep your application for 6 months. If you say no, these details will be deleted.
You will be expected to adhere to a confidentiality agreement and code of conduct which will be agreed with your organisation. We might also ask you to complete our pre-employment checks so that we fulfil our obligations to avoid conflicts of interest and to protect the information we hold.
It will be retained for the duration of your secondment/work experience plus 6 years following the end of your secondment, unless you request otherwise.
Purpose and legal basis for processing
Our purpose is to investigate and resolve the issues that you are experiencing. The legal basis we rely on to process your personal data is article (6)(1)(F) of the GDPR which allows us to process personal data under legitimate interest (in resolcing your query and being able to return to you) which would be necessary.
What we need
We need information from you to investigate your complaint properly, so we ask for:
• your name
• the organisation for whom you work
• whether you are a customer, supplier or other
• telephone number
• email address
• nature of the complaint (which may contain information you have given us about the other parties in your complaint)
Why we need it
We will use your personal information to investigate your complaint and check on our level of service. We compile and publish statistics showing information, i.e. the number of complaints we receive, but this is anonymised. No third parties have access to your personal information unless the law allows them to do so.
We will try to respect that you may wish to remain anonymous if complaining about a particular member of staff however, it is not always possible to handle a complaint on an anonymous basis so we’ll contact you to discuss this.
If you are acting on behalf of someone making a complaint, we will ask for information to satisfy us of your identity and if relevant, ask for information to show you have authority to act on someone else’s behalf.
How long we keep it
An entry of each complaint received will be made within an electronic file, which will be maintained at all times. We will retain a record of each complaint received for at least 2 years from the date the complaint is resolved.
What are your rights?
You have several rights – please see the section on “Your data protection rights".
Do we use any data processors?
The data is stored on Microsoft Azure and Amazon Web Services, both located in UK data centres.
Purpose and legal basis for processing
Our purpose for us collecting the personal data that you provide to us is to fulfil our obligations in providing you with the services that you have signed up for. The legal basis we rely on to process your personal data is article (6)(1)(B) of the GDPR which allows us to process personal data in order to perform a contract.
What we need
Your name, company name, email address, UserID and details of your enquiry.
Why we need it
We need these details in order to find your account and assist you with the technical difficulties you may be experiencing.
What we do with it
If you have provided the information by telephoning us, the information will be used to access your OneFile account and assist you with your technical issues. If you have submitted your information on our Support page, then the details will be used to contact you and assist you with your technical issues.
How long we keep it
Your information will be kept on our systems for a period of 2 years from being resolved.
What are your rights?
You have several rights – please see the section on “Your data protection rights".
Do we use any data processors?
Your details and information relating to your enquiry will be stored in our support database within the EEA with a third-party service called FreshWorks. You can view their privacy policy here.
Purpose and legal basis for processing
Our purpose for us collecting the personal data that you provide to us is to provide a demonstration before you decide if you would like to enter into a contract.
The legal basis we rely on to process your personal data is article (6)(1)(B) of the GDPR which allows us to process personal data in order to perform a contract or in order to take steps at your request prior to entering into a contract.
What we need
Your name, email address, company name, telephone number, job title, industry of company and city.
Why we need it
We ask for the following:
• name
• email address
• company name
• telephone
so that we can contact you and arrange to book a demonstration.
We ask for the following:
• job title
• industry of company
• city
so that we can research and understand more about your company and tailor the demonstration based on what you may typically use and provide you with the best demonstration of the software. The city is also used to ensure that if you do go ahead with our software, we can assign an account manager and trainer close to you.
What we do with it
We would use your details to arrange a demonstration and email you a link to this registration. We would also add your details to a sales database which will ensure that we keep a track of your progress post-demonstration, should you wish to go ahead.
How long we keep it
A record of the information you have provided will be kept for 6 years.
What are your rights?
You have several rights – please see the section on “Your data protection rights".
Do we use any data processors?
A record of the information will be created and stored in our sales database within the EEA with a third-party service called salesforce.com. You can view their privacy policy here.
Purpose and legal basis for processing
Our purpose for us collecting the personal data that you provide to us is to provide a demonstration before you decide if you would like to enter into a contract. The legal basis we rely on to process your personal data is article (6)(1)(B) of the GDPR which allows us to process personal data in order to perform a contract or in order to take steps at your request prior to entering into a contract.
What we need
Your name, email address, company name, telephone number, job title, industry of company and city.
Why we need it
We ask for the following:
• name
• email address
• company name
• telephone
so that we can contact you and arrange to book a demonstration.
We ask for the following:
• job title
• industry of company
• city
so that we can research and understand more about your company and tailor the demonstration based on what you may typically use and provide you with the best demonstration of the software. The city is also used to ensure that if you do go ahead with our software, we can assign an account manager and trainer close to you.
What we do with it
We would use your details to arrange a demonstration and email you a link to this registration. We would also add your details to a sales database which will ensure that we keep a track of your progress post-demonstration, should you wish to go ahead.
How long we keep it
A record of the information you have provided will be kept for 6 years.
What are your rights?
You have several rights – please see the section on “Your data protection rights".
Do we use any data processors?
A record of the information will be created and stored in our sales database within the EEA with a third-party service called salesforce.com. You can view their privacy policy here.
Purpose and legal basis for processing
Our purpose for us collecting the personal data that you provide to us is to inform you about our services. The legal basis we rely on to process your personal data is article (6)(1)(A) of the GDPR which allows us to process personal data with your freely given, specific, informed and unambiguous consent of your wishes by signing up to our newsletter.
For existing customers who have consented previously, unless your consent is withdrawn, the legal basis we rely on to process your personal data is article (6)(1)(F) of the GDPR which allows us to process personal data under legitimate interest (in informing you of essential information related to our services) which would be necessary.
What we need
We collect your full name, email address and the name of your organisation.
Why we need it
We need this information to send you a personalised newsletter which will contain essential information about our services which you have signed up for.
What we do with it
We will use this information in the third-party processors mentioned below, which will be used to send newsletter to our mailing lists.
How long we keep it
The information you have provided will be kept with us until your organisation terminates their contract or you exercise one of your data protection rights.
What are your rights?
You have several rights – please see the section on “Your data protection rights”.
Do we use any data processors?
The information we collect from you is stored on HubSpot. A system located in the USA and which uses standard contractual clauses within their contract which are approved under GDPR. Please see HubSpot’s privacy notice.
Purpose and legal basis for processing
Our purpose for us collecting the personal data that you provide to us is to provide you with access to the OneFile Ideas Portal, which will allow you to add ideas, vote and comment on other ideas.
The legal basis we rely on to process your personal data is article (6)(1)(A) of the GDPR which allows us to process personal data with your freely given, specific, informed and unambiguous consent of your wishes by signing up to our OneFile Ideas Portal.
What we need
Your name and email address.
Why we need it
We will use your name and email address to create your account login and also to have visibility over who and which organisation has suggested which ideas.
What we do with it
We use your details to create your login and we may also use your email address to communicate updates on the status of an idea you may have suggested or shown an interest in.
How long we keep it
The data you store with us will remain with us until your organisation terminates the agreement.
What are your rights?
You have several rights – please see the section on “Your data protection rights".
Do we use any data processors?
The information we collect from you is stored on a third-party called Aha which is located in the USA and which uses standard contractual clauses within their contract which are approved under GDPR. Please see Aha’s privacy notice here. This information is also stored on Microsoft Azure and Amazon Web Services, both located in UK data centres.
Purpose and legal basis for processing
The purpose for us processing your personal data is so we can understand how to improve our products and services to you. The legal basis we rely on to process your personal data is your consent under article 6(1)(a) of the GDPR.
What we collect and why we need it
We collect:
· your name
· your email address
· your telephone number
· the role you play in using our products (e.g. a student or a tutor)
· the organisation you are affiliated with (which might be the name of your employer or the organisation delivering your training)
· the industry sector your work in; and
· answers you have provided through any surveys we have sent you (e.g. how useful they are or how they can be improved)
We need this so we can communicate with you and understand how to improve our products through understanding your needs as a particular type of user.
What we do with it
The data you provide will only be shared with personnel directly employed by Onefile Ltd and will be used to help us make decisions about how we improve our products and services in the future.
How long we keep it
We will keep your personal information (name, organisation name, email address, telephone number) until either:
· you opt-out of this service
· you specifically request us to delete your data; or
· there has been no contact from either party for 12 months
We will review any anonymous, non-personally identifiable information (role, sector and any survey answers) every 12 months and decide whether we need to keep it for another 12 months or destroy it.
What are your rights?
You have several rights – please see the section on “Your data protection rights” below.
Do we use any data processors?
The information we collect from you during the application is stored with a third-party service called HubSpot which is located in the USA and their terms are covered by Standard Contractual Clauses, an approved method under GDPR. Please see HubSpot’s privacy notice.
Purpose and legal basis for processing
The purpose of the surveys is to improve the customer experience by understanding what our customers value and want to see improved within our product offering. All of these surveys are undertaken purely on a voluntary basis and therefore the basis of processing is art6 1(a) the data subject has given consent to as such are governed by the concept of consent to the processing of his or personal data.
What we need
Your name and email address are the sole pieces of personal data that you are required to disclose in order to take part in any of our surveys.
What we do with it
We will aggregate your data with that of other participants of the survey in order to identify trends in the needs and requirements of our customers both at user type and organisational levels to better identify how to enhance our products.
We do not currently make such data available to third parties or sell any such data and would never do so without obtaining separate explicit consent.
How long do we keep it
We will store this data within hosting facilities that are compliant with GDPR and will dispose of such data after a period of two years.
Right to be informed
The GDPR states that you have the right to be informed about how we collect and use your personal information (“privacy information”).
Right of access
You have a right to access any of your personal data. In some circumstances you will be able to obtain your personal information through the various self-service facilities that we provide with our products and services. However, in other circumstances such information may not be available and you can send us a special request (known as a “subject access request”) to our Data Protection Officer at [email protected] who will assist in giving you access to the information we hold about you. We will provide this information to you within no longer than one month and free of charge, unless you make excessive requests in which case we will be entitled to charge a fee.
Right to rectification
This is your right to have any personal data recorded about you that is inaccurate rectified or completed if it is incomplete. If you believe that the personal data we hold about you is incomplete or inaccurate then please contact our Data Protection Officer. If we are the Data Controller for your personal data then we will be able to rectify or complete it as necessary, however if we are acting as a Data Processor for your personal data then we will provide you with the contact details of the Data Controller (which may be one of our Clients).
Right to erasure
This is your right to be forgotten and means that at your request, the personal data we hold about you can be erased. If you wish us to erase your personal data then please contact our Data Protection Officer and we will respond no longer than one month. Please note that in instances where we are processing your personal data as a Data Processor, we will promptly inform the Data Controller of your request and advise you of this when you make the request.
Right to restrict processing
This is your right to request the restriction or suppression of your personal data (instead of erasure or rectification). It means that we can still store your data but no longer use it. There are a few circumstances in which this right can be exercised:
(a) If you are contesting the accuracy of the personal data and in the meantime we are verifying the accuracy of the data
(b) If you believe the personal data has been unlawfully obtained and you oppose your right to erasure
(c) When we no longer need the data but you need it to establish, exercise or defend a legal claim
(d) You have objected to us processing your data and Onefile is considering whether our legitimate grounds override those of your own
It is therefore our policy to automatically restrict the processing whist we are considering the accuracy or the legitimate ground for processing the personal data in question.
Right to data portability
This is your right to receive a copy of the personal data we hold about you in a format that will allow to reuse your data for your own purposes across different systems. Whilst we can provide the data to you in a common format such as CSV or XML, we cannot guarantee that the service you decide to reuse your information in will accept the automatic importing of your data.
This right applies to Keychain and CPD, and the marketing subscription service.
Right to object
This is your right to object to us processing your information. It may relate to any direct marketing you may be receiving from us or if you object to our legitimate interests. Please contact our Data Protection Officer.
Rights related to automated decision making including profiling
Please note if you are using the CPD service then we reserve the right to place advertising content on your web pages that we think is appropriate to you, but this is based on the learning outcomes you have selected which is not classified as personal data. If you have any queries about your rights, then please contact our Data Protection Officer.
We review this Privacy Notice regularly and update it accordingly.
In this document the following words have the following meanings:
Clients means the business organisations that are Onefile’s customers that are typically either independent training providers, employers, colleges or universities. Our Clients will usually be purchasing our products and services to use with their own customers (e.g. students or employees), and usually in the context of this Policy, each Client will be a Data Controller and we will be a Data Processor.
Data Controller is an entity (e.g. an organisation) that determines the purpose and means for processing the personal data that it obtains.
Data Processor is an entity that processes personal data on behalf of a Data Controller and under their written instructions.
EEA means the European Economic Area and it includes the 27 members of the European Union plus Iceland, Liechtenstein and Norway.
Eportfolio means our software as a service that we sell and licence directly to our Clients, and in this context our Clients will be Data Controllers and we will be a Data Processor
Explore Community means any of the 4 communities that are featured within the Explore section of our website.
Keychain and CPD means our software as a service that we licence directly to individuals and in this context, we are a Data Controller.