Privacy Policy

Who we are

Our website address is: https://uktda.co.uk.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

UK Training and Development Agency (UKTDA) Data Protection Measures

Secure Infrastructure

At UKTDA, we prioritize your security by utilizing state-of-the-art data centers equipped with firewalls, intrusion detection systems, and 24/7 monitoring to safeguard your data.

Encryption

All data transmitted to and stored within our servers is encrypted using industry-standard protocols such as SSL/TLS. This ensures that your information remains confidential and secure during transmission.

Access Controls

We have robust access control measures in place to ensure that only authorized personnel can access your data. Our employees undergo rigorous background checks and receive specialized training on data security.

Regular Audits and Assessments

We regularly review and update our security policies. Our systems undergo periodic security audits and vulnerability assessments to identify and rectify potential risks.

Data Backups

We perform regular data backups to multiple secure locations. In the event of a system failure or unforeseen catastrophe, we can quickly restore your data.

Two-Factor Authentication (2FA)

We offer two-factor authentication for added security during login. This extra layer of security ensures that your account remains secure, even if your password is compromised.

Data Minimization

We only collect data that is necessary for the services we provide. We adhere to the principles of data minimization to ensure we are not holding onto your information any longer than necessary.

Data Portability

Upon request, we offer the ability to export your data in a commonly-used, machine-readable format in accordance with applicable laws.

GDPR and Regulatory Compliance

We are committed to maintaining compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws, ensuring your data is handled with the utmost care.

Staff Training

Our staff receives ongoing training in data protection and compliance, ensuring they are aware of best practices and legal requirements for data management.

Incident Response Plan

We have a detailed incident response plan for potential data breaches, designed to quickly secure data and notify affected parties in compliance with data protection laws.

What data breach procedures we have in place

UK Training and Development Agency (UKTDA) Data Breach Response Plan

1. Identification and Verification

1.1. Any staff member who suspects a data breach must report it immediately to the Data Protection Officer (DPO) or designated authority within the organization.

1.2. The DPO will initiate an internal investigation to verify if a breach has indeed occurred.

2. Containment

2.1. Short-term: Take immediate steps to contain the breach, which may include temporarily disabling affected systems or accounts.

2.2. Long-term: Identify system vulnerabilities that led to the breach and take measures to secure them.

3. Risk Assessment

3.1. Assess the nature and scope of the breach.

3.2. Evaluate the types of data involved and the potential impact on individuals or other organizations.

4. Notification

4.1. Notify affected parties, which could include employees, clients, or third-party service providers, in accordance with data protection laws.

4.2. If required, notify the Information Commissioner’s Office (ICO) or other relevant regulatory bodies within 72 hours of becoming aware of the breach.

5. Recovery and Restoration

5.1. Restore and validate system functionality for business operations to resume.

5.2. Implement security measures to prevent future breaches.

6. Evaluation and Review

6.1. After handling the breach, conduct a debrief to identify shortcomings in the response process.

6.2. Update the Data Breach Response Plan accordingly.

7. Training and Updates

7.1. Regularly update staff training programs to include the latest best practices in data protection.

7.2. Periodically review and update the Data Breach Response Plan.

8. Documentation

8.1. Document each step taken during the breach response.

8.2. Maintain a record for compliance purposes and for informing any subsequent internal investigations or regulatory audits.

Contact Information

For any questions or to report a suspected data breach, contact:

Data Protection Officer
Email: {DPO’s email address}
Phone: {DPO’s phone number}

What third parties we receive data from

UK Training and Development Agency (UKTDA) Third-Party Data Sources

Analytics Providers

We receive data from analytics providers like Google Analytics to better understand how users interact with our website and services. This data helps us improve the user experience and optimize our content.

Payment Processors

For transactions made on our platform, we work with third-party payment processors. While we do not store financial information like credit card numbers, we do receive confirmation and status updates about payments.

Social Media Platforms

If you choose to link your social media accounts to our services, we may receive data from platforms such as Facebook, Twitter, or LinkedIn. This can include your public profile information, email address, and other data you choose to share with us.

Marketing Partners

We may partner with other companies for joint marketing activities. As a part of these partnerships, we may receive customer data, including contact details and preferences, to enable targeted marketing campaigns.

Survey and Research Organizations

From time to time, we may collaborate with survey providers or research organizations to gather insights about industry trends, customer satisfaction, or service effectiveness. Any shared data will be used for analysis and improvement of our services.

Educational Institutions

If you are a student or employee of an educational institution that partners with us, we may receive your educational records, course enrollments, or other relevant data to facilitate training and development activities.

Governmental Bodies and Regulators

In some instances, we may receive data from governmental agencies, either as required by law or to facilitate services that require some form of government documentation or verification.

Customer Relationship Management (CRM) Systems

We may use third-party CRM systems to manage customer data, through which we receive information on customer interactions, history, and preferences.

Employment Reference Agencies

If you are applying for a job with us, we may receive information from third-party reference agencies or background check services.

What automated decision making and/or profiling we do with user data

UK Training and Development Agency (UKTDA) Third-Party Data Sources

Analytics Providers

Payment Processors

Social Media Platforms

Marketing Partners

Survey and Research Organizations

Educational Institutions

Governmental Bodies and Regulators

In some instances, we may receive data from governmental agencies, either as required by law or to facilitate services that require some form of government documentation or verification.

Customer Relationship Management (CRM) Systems

We may use third-party CRM systems to manage customer data, through which we receive information on customer interactions, history, and preferences.

Employment Reference Agencies

If you are applying for a job with us, we may receive information from third-party reference agencies or background check services.

For any concerns or questions about our third-party data sources, please feel free to contact us at info@uktda.co.uk.

Industry regulatory disclosure requirements

UK Training and Development Agency (UKTDA) Regulatory Disclosures

General Compliance

UKTDA is committed to complying with all relevant local, national, and international laws and regulations governing our industry. This includes data protection laws, employment laws, and any sector-specific regulations that apply to training and development services.

Data Protection

We adhere to data protection laws such as the General Data Protection Regulation (GDPR) in Europe and other relevant data protection legislation in other jurisdictions. Our practices around data collection, storage, and processing are designed to protect your privacy and are fully disclosed in our Privacy Policy.

Licensing and Accreditation

Where applicable, we comply with requirements to maintain necessary licenses and accreditations that allow us to offer certain types of training and development services. Information related to our licenses and accreditations is available upon request.

Financial Disclosures

If we are obligated to make particular financial disclosures due to membership in financial associations or as dictated by securities laws, such disclosures will be made readily available in compliance with those requirements.

Health and Safety

We follow all health and safety guidelines and regulations applicable to our training facilities and operations. These policies are available for review upon request.

Advertising Standards

All our advertising and promotional materials meet the standards set forth by applicable advertising standards authorities. We strive to provide clear, accurate, and informative content that avoids misleading statements or omissions.

Reporting and Transparency

For certain types of services or partnerships, we may be required to issue regular reports to relevant authorities, which may then be publicly disclosed in accordance with the law.

Third-Party Vendors

All our third-party vendors and partners are required to comply with relevant laws and regulations. We take reasonable steps to ensure that these entities are in compliance with legal obligations.

Access to Regulatory Documents

Where required, we make available any regulatory documents for review by authorized parties and regulators. Some of these may also be available to the general public.

For further information or questions about our compliance with industry regulatory disclosure requirements, please contact us at info@uktda.co.uk.