Privacy Policy

Chartwell ACS Ltd, the privacy of visitors to our website www.chartwellacs.co.uk and the privacy of our clients is of extreme importance to us. You can view our Privacy Notice below.  Our Privacy Notice outlines our privacy policy including the type of personal information which is received and collected by us and how it is used. Our website design and hosting is provided Namesco, and the site is available through a secure SSL certificate.

Log Files
Like many other Web sites, www.chartwellacs.co.uk makes use of log files. The information inside the log files includes internet protocol ( IP ) addresses, type of browser, Internet Service Provider ( ISP ), date/time stamp, referring/exit pages, and number of clicks to analyse trends, administer the site, track user’s movement around the site, and gather demographic information. IP addresses, and other such information are not linked to any information that is personally identifiable.

Cookies and Web Beacons

www.chartwellacs.co.uk does use cookies to store information about visitors preferences, record user-specific information on which pages the user access or visit, customize Web page content based on visitors browser type or other information that the visitor sends via their browser.

If you wish to disable cookies, you may do so through your individual browser options. More detailed information about cookie management with specific web browsers can be found at the browsers’ respective websites.

Privacy Notice 

Please read the following information carefully. This privacy notice contains information about what data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.

Who we are? – Article 13(1)(a) and Article 14(1)(a) state you must provide the identity and contact details of the controller and their appointed representative and data protection officer if appointed.

Chartwell ACS collects, uses and is responsible for personal information about you. When we do this, we are the ‘controller’ of this information for the purposes of the General Data Protection Regulation and other applicable data protection laws.

What do we do with your information?

Information collected by us.

When carrying out training and assessing we collect and process personal information that is necessary in order to provide and administer a training and assessment service including full name, address, date of birth, contact details, national insurance number.

Information collected from other sources – Article 14(1)(d) Identify the categories of personal data concerned. Article 14(2)(f) Identify the source of the personal data and if applicable whether it came from publically accessible data.

Not applicable

How we use your personal information – Article 13(1)(c) and 14(1)(c) Identify the purpose of processing.

We use your personal information in order to provide training and assessment service to you.

Whether information has to be provided by you, and why? – Article 13(2)(e)- explain whether the provision of personal data is statutory or contractual, whether the data is obliged to provide the personal data and the possible consequences of not providing the information.

This personal information must be provided by you to us, to enable us to carry out training and assessment. When we collect information from you, we will inform you whether you are required to provide this information to us.

Legal reasons we collect and use your personal information – Article 13(1)(c) and 14(1)(c) Identify the legal basis of processing. Article 12(1)(d) and 14(2)(b) where legitimate interests will be the legal basis for processing, provide details of those legitimate interests. Article 29 Working party guidance recommends it is best practice to explain the balancing test here when relying on legitimate interests.

We rely on the terms of our business relationship with you and our obligations pursuant to current legislation as the legal basis for processing your information.

Who will we share your personal information with? – Article 13(1)(e) and 14(1)(e) identify any recipients or categories of recipients with whom the personal data will be shared. These should be as specific as it is possible to be.

We have relationships with a number of third parties that we routinely share personal information with such as certificating bodies, and our accountants.

This data sharing enables us to provide the training and assessment service and comply with our regulatory obligations.

We will not share your personal information with any other third parties without your consent.

Transfer of your information outside the European Economic Area (EEA) –Article 13(1)(f) and 14(1)(f) Where personal data will be transferred to a third country outside the EEA or to an international organization you must:

• Inform data subjects that their personal data is transferred this way
• Make an explicit list of all 3^rd countries to which the data will be transferred
• Explain the existence or absence of a commission adequacy decision

If it is a transfer referred to in Article 46 or 47 then you must provide details of appropriate or suitable safeguards and explain how the data subject can obtain a copy of such safeguards.

We will not transfer your personal information outside the EEA

How long will we store your personal data? – Article 13(2)(a) and 14(2)(a) requires you to confirm storage period or criteria used to determine storage period.

We store personal data for a period of six years from completion of your training and assessment or completion of our business relationship, which is to ensure compliance with the terms of our professional indemnity insurance, our obligations to the regulatory authorities and (if applicable) the requirements of our certificating bodies.

Consent – Article 13(2)(c) 14(2)(d), 7(4), where processing is based on consent or explicit consent, you must explain the data subjects right to withdraw consent at any time and how that consent can be withdrawn (it must be as easy to withdraw consent as it is to give the consent.

We are relying on your explicit consent to hold your personal data as part of our training and assessment service. You provided this consent when you signed our application for assessment or training agreement.

You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity we have carried out prior to you withdrawing your consent.

Your Rights – Article 13(2)(b) and 14(2)(c), Article 21(4), Article 29 Working Party Guidance. Explain the rights of the data subject. In each case the information should summarise what the right involves and how the data subject can exercise the right.

Under the General Data Protection Regulation, you have a number of important rights that you can exercise free of charge. In summary, these rights are:

• Access to your personal information and other supplementary information;
• Require us to correct any mistakes or complete missing information we hold on you;
• Require us to erase your personal information in certain circumstances;
• Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;
• Object at any time to processing of your personal information for direct marketing;
• Object in certain other situations to the continued processing of your personal information;
• Restrict our processing of your personal information in certain circumstances;
• Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way;

If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR.

If you want to exercise any of these rights, please:

• Email, call or write to us
• Let us have proof of your identity and address;
• State the right or rights that you wish to exercise;

We will respond to you within one month from when we receive your request.

How to make a complaint? – Article 13(2)(d) and Article 14(2)(e), Article 77, A data subject has a right to lodge a complaint with a supervisory, in particular in the Member State of his or her habitual residence, place of work or in place that the alleged infringement occurred.

We hope that you are happy with our service and that we can resolve any issues or complaints that arise. Please get in touch if you have any concerns (see ‘Get in touch’ below).

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office who can be contacted at https://ico.org.uk/concerns/.

Automated Decision Making – Article 13(2)(f) and 14(2)(g) where automated decisions including profiling are being used the data subject must be told that this type of activity is occurring, they must be given meaningful information about the logic involved and the significance and envisioned consequences of processing the data must be told.

We do not use automated decision making.

Future Processing

We do not intend to process your personal information for any reason other than stated within this privacy notice. If this changes, we will write to inform you.

Changes to this privacy notice

This privacy notice was published on 1^st of January 2024 and will be reviewed and if necessary updated annually thereafter. If we change this policy at any time we will inform you here.