Third Party Links
Enterprising Youth provides SafeguardingEFT.com as a website where users can read information and articles on safeguarding, EFT and the training we offer to users who may purchase digital products related to Safeguarding, Practitioner Skills and in Person events and workshops (the “Service”).
Collection of Information
Enterprising Youth is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice). The term “user,” “you” and “your” refers to site visitors, customers and any other users of the site. The term “personal information” is defined as information that you voluntarily provide to us which personally identifies you and/or your contact information, such as your name, phone number and email address.
We collect and hold personally identifiable information, like names, postal addresses, email addresses, etc., when voluntarily submitted by our visitors. Data will be collected, held, and processed in accordance with the data protection principles and with this Policy.
The information you provide is used to fulfil your specific request. This information is only used to fulfil your specific request, unless you give us permission to use it in another manner, for example to add you to one of our mailing lists.
Personal data means any information capable of identifying an individual. It does not include anonymised data.
Personal Data is defined by the Act as data which relates to a living individual who can be identified from that data or from that data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
The Company only holds personal data that is directly relevant to its dealings with a given data subject.
We may process the following categories of personal data about you:
Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
Customer Data that includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. This information is shared with our e-commerce software providers to ensure the delivery of your order. We use your email to communicate with you about your order and to manage our customer relationship with you. When you place an order you may be added to our mailing list from which you can unsubscribe at any time using the unsubscribe link in each email or by contacting us at email@example.com. We collect payment information for each order but we do not store payment information on our servers. Your payment information is securely communicated to and processed via our e-commerce software providers. All personal information collected for an order is used for the fulfilment of that order and to manage our customer relationship with you. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back-ups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.
Technical Data that includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
Marketing Data that includes data about your preferences in receiving marketing from us and our third parties and your communication preferences. We process this data to enable you to partake in our promotions such as competitions, prize draws and free give-aways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time.
Before we share your personal data with any third party for their own marketing purposes we will get your express consent. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you OR by emailing us at firstname.lastname@example.org at any time.
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.
We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to measure or understand the effectiveness of the advertising we serve you. Our lawful ground for this processing is legitimate interests which is to grow our business. We may also use such data to send other marketing communications to you. Our lawful ground for this processing is either consent or legitimate interests (namely to grow our business).
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Rights of Data Subjects
Under the Act, data subjects have the following rights:
The right to access a copy of their personal data held by the Company by means of a Subject Access Request
The right to object to any processing of his or her personal data that is likely to cause (or that is causing) damage or distress. Data subjects should make any such objection in writing to Dawn Cretney and the Company shall respond within 21 days either notifying the data subject of its compliance, or explaining why the Company feels that any aspect of the data subject’s request is unjustified;
The right to prevent processing for direct marketing purposes;
The right to object to decisions being taken by automated means (where such decisions will have a significant effect on the data subject) and to be informed when any such decision is taken (in which case the data subject has the right to require the data controller (by written notice) to reconsider the decision;
The right to have inaccurate personal data rectified, blocked, erased or destroyed in certain circumstances;
The right to claim compensation for damage caused by the Company’s breach of the Act.
Processing Personal Data (Data Retention)
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal (insurance and reporting) requirements. When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes, the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers. In some circumstances, we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Any and all personal data collected by the Company (as detailed in this Policy) is collected in order to ensure that the Company can provide the best possible service to its customers, and can work effectively with its partners, associates and affiliates and efficiently manage its employees, contractors, agents and consultants. The Company may also use personal data in meeting certain obligations imposed by law.
Certain data collected by the Company, such as IP addresses, certain information gathered by cookies, pseudonyms and other non-identifying information will nonetheless be collected, held and processed to the same standards as personal data.
Personal data may be disclosed within the Company, provided such disclosure complies with this Policy. Personal data may be passed from one department to another in accordance with the data protection principles and this Policy. Under no circumstances will personal data be passed to any department or any individual within the Company that does not reasonably require access to that personal data with respect to the purpose(s) for which it was collected and is being processed.
In particular, the Company shall ensure that:
All personal data collected and processed for and on behalf of the Company by any party is collected and processed fairly and lawfully;
Data subjects are always made fully aware of the reasons for the collection of personal data and are given details of the purpose(s) for which the data will be used;
Personal data is only collected to the extent that is necessary to fulfil the purpose(s) for which it is required;
All personal data is accurate at the time of collection and kept accurate and up to date while it is being held and/or processed;
No personal data is held for any longer than necessary in light of the purpose(s) for which it is required;
Whenever cookies or similar technologies are used online by the Company, they shall be used strictly in accordance with the requirements of the Privacy and Electronic Communications Regulations, providing full details of cookie use and guidance on privacy;
Individuals are provided with a simple, accessible method of amending any data submitted by them online;
Individuals are informed if any data submitted by them online cannot be fully deleted at their request under normal circumstances (for example, because a file uploaded by a user has been backed up) and how to request that the Company deletes any other copies of that data, where it is within the individual’s right to do so;
All personal data is held in a safe and secure manner, as detailed in this Policy, taking all appropriate technical and organisational measures to protect the data;
All personal data is transferred securely, whether it is transmitted electronically or in hard copy, by a HIPAA compliant app or encrypted on to SafeguardingEFT website, Wave Accounts, Mailchimp and Zoom.
No personal data is transferred outside of the European Economic Area (as appropriate) without first ensuring that the destination country offers adequate levels of protection for personal data and the rights of data subjects; and
All data subjects can fully exercise their rights with ease and without hindrance.
Data Protection Procedures
The Company shall ensure that all of its employees, agents, contractors, or other parties working on behalf of the Company comply with the following when working with personal data:
All emails containing personal data must be encrypted;
Personal data may be transmitted over secure networks only – transmission over unsecured networks is not permitted in any circumstances;
Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable;
Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted. All temporary files associated therewith should also be deleted;
Where Personal data is to be sent by facsimile transmission the recipient should be informed in advance of the transmission and should be waiting by the fax machine to receive the data;
Where Personal data is to be transferred in hardcopy form it should be passed directly to the recipient or sent using a trackable mail delivery service (Royal Mail Special Delivery).
No personal data may be shared informally and if an employee, agent, sub-contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from Dawn Cretney at Enterprising Youth;
All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet or similar;
No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without authorisation;
Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors or other parties at any time;
If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it;
Any unwanted copies of personal data (i.e. printouts or electronic duplicates) that are no longer needed should be disposed of securely. Hardcopies should be shredded and electronic copies should be deleted securely using secure file deletion software to remove files and prevent recovery;
No personal data should be stored on any mobile device (including, but not limited to, laptops, tablets and smartphones), whether such device belongs to the Company or otherwise, without the formal written approval [of Dawn Cretney at Enterprising Youth and, in the event of such approval, strictly in accordance with all instructions and limitations described at the time the approval is given, and for no longer than is absolutely necessary].
No personal data should be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the Act (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken);
All personal data stored electronically should be backed up daily with backups stored in Apple icloud, Dropbox and Microsoft OneDrive for Business. All backups should be encrypted using industry cryptographic standards such as TLS/SSL and AES to protect the confidentiality and integrity of customer data
All electronic copies of personal data should be stored securely using passwords and industry cryptographic standards such as TLS/SSL and AES data encryption;
All passwords used to protect personal data should be changed regularly and should not use words or phrases that can be easily guessed or otherwise compromised. All passwords must contain a combination of uppercase and lowercase letters, numbers, and symbols [. All software used by the Company is designed to require such passwords];
Under no circumstances should any passwords be written down or shared between any employees, agents, contractors, or other parties working on behalf of the Company, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method. IT staff do not have access to passwords;
All personal data held by the Company shall be regularly reviewed for accuracy and completeness. Where the Company has regular contact with data subjects, any personal data held about those data subjects should be confirmed at least annually.
If any personal data is found to be out of date or otherwise inaccurate, it should be updated and/or corrected immediately where possible. If any personal data is no longer required by the Company, it should be securely deleted and disposed of within 1 year;
Where personal data held by the Company is used for marketing purposes, it shall be the responsibility of Dawn Cretney at Enterprising Youth to ensure that no data subjects have added their details to any marketing preference databases including, but not limited to, the Telephone Preference Service, the Mail Preference Service, the Email Preference Service, and the Fax Preference Service. Such details should be checked at least annually.
Disclosures of your Personal Data
We may have to share your personal data with the parties set out below:
Service providers who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers
Government bodies that require us to report processing activities.
Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions. These trusted third parties agree to keep this information confidential. Your personal information will never be shared with unrelated third parties.
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:
We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
The Site may use cookie and tracking technology depending on the features offered. Cookie and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to the Site, and understanding how visitors use the Site. Cookies can also help customise the Site for visitors. Personal information cannot be collected via cookies and other tracking technology.
However, if you previously provided personally identifiable information, cookies may be tied to such information. Aggregate cookie and tracking information may be shared with third parties.
Distribution of Information
We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when: (1) permitted or required by law; or, (2) trying to protect against or prevent actual or potential fraud or unauthorised transactions; or, (3) investigating fraud which has already taken place. The information is not provided to these companies for marketing purposes.
Commitment to Data Security
Your personally identifiable information is kept secure. Only authorised employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information. All emails and newsletters from this site allow you to opt out of further mailings.
Whilst we maintain security measures to protect your personal information from unauthorised access, misuse or disclosure, no exchange of data over the Internet can be guaranteed as 100% secure. While we make every effort to protect your personal information shared with us through our Site, you acknowledge that the personal information you voluntarily share with us through this Site could be accessed or tampered with by a third party. You agree that we are not responsible for any intercepted information shared through our Site without our knowledge or permission. Additionally, you release us from any and all claims arising out of or related to the use of such intercepted information in any unauthorised manner.
How to Update Your Information
If you opt-in to our mailing list, the option to unsubscribe or update will be included in every email. You may also access and correct your personal information and privacy preferences by contacting us with your request at email@example.com
Your Legal Rights
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you. If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
Notification of Changes to this Policy
You acknowledge and agree that it is your responsibility to review this Site and this Policy periodically and to be aware of any modifications. Updates to this Policy will be posted on this page.
Date of last update – 25 May 2018
Privacy Contact Information