Effective Date: November 11, 2024

Ford Rose Limited (“we,” “us,” or “our”) is committed to protecting and respecting your privacy and personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws. This Data Protection Policy outlines how we handle personal data, your rights, and our data protection practices.

1. Scope and Purpose

This Data Protection Policy applies to all personal data collected, processed, and stored by Ford Rose Limited in the course of conducting our business operations. We are committed to handling personal data lawfully, transparently, and securely to protect the privacy of our clients, employees, partners, and other stakeholders.

2. Data Collection and Use

We collect personal data necessary to fulfill our business functions, including but not limited to:

• Client Information: Name, contact information, job title, employer details, payment information, and training preferences.
• Employee Data: Employee records, performance reviews, payroll information, and other employment-related data.
• Technical Data: IP addresses, browser type, device details, and usage data collected through our website and services.
• Financial Data: Payment details, including bank information, billing address, and transaction history.

We collect personal data for purposes including service delivery, communication, personalization, security, and compliance with legal requirements.

3. Data Processing Principles

In accordance with UK GDPR, we adhere to the following data processing principles:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently.
• Purpose Limitation: Data is collected for specific, explicit, and legitimate purposes and not processed in ways incompatible with those purposes.
• Data Minimization: We collect only the necessary personal data for each purpose.
• Accuracy: We keep personal data accurate and up-to-date.
• Storage Limitation: We retain data only as long as necessary for the purposes it was collected or as required by law.
• Integrity and Confidentiality: Personal data is protected against unauthorized access, loss, or damage using appropriate security measures.

4. Legal Basis for Data Processing

Ford Rose Limited processes personal data under the following legal bases:

• Contractual Necessity: Processing is necessary for the performance of a contract with the individual, such as registering for a course or processing payments.
• Legal Obligation: We process data to comply with legal and regulatory obligations.
• Legitimate Interests: We process data based on our legitimate interests in providing and improving our services, provided it does not override individual rights.
• Consent: Where applicable, we obtain consent before processing personal data, especially for marketing purposes. Consent can be withdrawn at any time.

5. Data Security and Storage

We implement a range of technical and organizational security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction, including:

• Access Controls: Limiting access to personal data to authorized personnel only.
• Encryption: Encrypting data in transit and at rest to secure sensitive information.
• Regular Audits: Conducting regular security audits and risk assessments to identify and address vulnerabilities.
• Data Backups: Regularly backing up data to prevent loss and ensure continuity in case of technical failures.

Personal data is stored securely in the UK or, when necessary, transferred in compliance with UK data protection laws and adequate safeguards.

6. Data Retention

We retain personal data only as long as necessary to fulfill the purpose for which it was collected or as required by legal obligations. When data is no longer needed, it is securely deleted or anonymized.

7. Individual Rights

Under the UK GDPR, individuals have the following rights concerning their personal data:

• Right to Access: Request access to personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data, where legally permissible.
• Right to Restrict Processing: Request restriction of processing in certain circumstances.
• Right to Data Portability: Request to receive your data in a structured, commonly used, and machine-readable format.
• Right to Object: Object to certain processing activities, including direct marketing.

To exercise these rights, please contact us at letstalk@fordrose.com. We will respond within one month of receiving the request, as required by law.

8. Data Breach Response

In the event of a data breach that poses a risk to individual rights and freedoms, we will notify the UK Information Commissioner’s Office (ICO) within 72 hours. Affected individuals will also be informed if there is a high risk to their rights or if required by law.

9. Third-Party Data Sharing

We may share personal data with third-party service providers, including IT providers, payment processors, and marketing partners, to support our operations. All third parties must comply with our data protection requirements and are subject to confidentiality obligations.

10. International Data Transfers

If we transfer personal data outside of the UK, we ensure that adequate safeguards are in place, such as standard contractual clauses, to protect data in compliance with UK GDPR and related laws.

11. Data Protection Officer

Ford Rose Limited has appointed a Data Protection Officer (DPO) to oversee our compliance with data protection laws and to serve as the point of contact for data protection inquiries. If you have any questions or concerns about this policy, please contact us at:

Ford Rose Limited
Data Protection Officer
4-12 Regent Street
London, SW1Y 4PE
Email: letstalk@fordrose.com

12. Changes to This Data Protection Policy

We may update this Data Protection Policy from time to time to reflect changes in our practices or legal obligations. We will post any updates on this page and notify users of significant changes.

This Data Protection Policy was last updated on November 11, 2024.