Log In
Log In

Effective Command – Privacy Notice  

 

General information 

This notice relates to the way in which Effective Command Ltd (“Effective Command”) processes personal information about individuals. 

 

We have provided a glossary at the end of this document for your reference but if you have any difficulty understanding the information in this policy, please contact us at dpo@Effective Command.org 

 

This policy only relates to instances where we are the Data Controller and we directly collect the information from individuals. 

 

We do not process any personal data that we receive indirectly from third-parties, other than where we are acting on the instructions of our Clients. These may be your employer, an independent training provider, a college, university or any other organisation who may have engaged with us for the purposes of using our products and services to provide you with a service. In these circumstances our Clients are the Data Controller and we are the Data Processor. If you have any questions about how our Clients process your personal information, then you must contact that organisation directly. 

 

Data Protection Officer's contact details 

Effective Command has elected Katherine Lamb as our Data Protection Officer and you can contact her in several ways: 

 

Email 

dpo@Effective Command.org 

 

Post 

Data Protection Officer 

Effective Command Ltd 

Baywell House  

Fawler road 

Charlbury 

Oxfordshire 

OX7 3AE 

 

How we get your information 

We get your information from various channels and sources depending on how you choose to contact us or engage with any of our products or services. Please select from the following list to view how we process your personal information in each case, when you: 

 

  • Visit our website 

  • Sign in to any of our products using your login 

  • Make an enquiry 

  • Create and use a Effective Command account 

  • Make a complaint 

  • Request technical support for any of our services 

 

Visit our website 

Analytics 

When you visit any website using the Effective Command.org domain name, we use a third-party service, Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out how many visitors are visiting which parts of our sites. This information is only processed in a way that does not identify anyone. We do not send your IP address to Google or let Google identify who you are. 

 

We also record standard internet log information on our servers that are hosted with Microsoft Azure and are located within the United Kingdom. This log information does record your IP address and we record and monitor this for security reasons. This information is only shared with Effective Command employees. 

 

Cookies 

If you consent, we will use a cookies tool to track your IP address on the pages you visit on our website. You will be prompted for your consent when you first visit our website. 

 

Security and performance 

We use a third-party service called Cloudflare to protect our website at www.Effective Command.org Cloudflare is a security service that monitors the traffic flowing to our service is legitimate and can challenge or block access to anything it thinks might be malicious. Cloudflare servers are located worldwide but under normal working circumstances, if you are accessing our services within the United Kingdom then then traffic will be routed through a Cloudflare server based in the United Kingdom. 

 

Purpose and legal basis for processing 

The purpose for implementing all of the above is to maintain and monitor the performance of our websites and information services and to constantly look to improve the way we are doing this. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests. 

 

What are your rights? 

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it. For more information on your rights please see the section “Your data protection rights”. 

 

Sign into any of our products using your login 

Purpose and legal basis for processing 

Our purpose for us collecting the personal data that you provide to us is to fulfil our obligations in providing you with the access required for you to complete your role. The legal basis we rely on to process your personal data is article (6)(1)(B) of the GDPR which allows us to process personal data in order to perform a contract. 

 

What we need 

Your name, email address and personnel number. 

 

Why we need it 

We need your name, Personnel number and email address to create your login.   

 

What we do with it 

When we receive a request with your information from a Centre Manager to create an account for you, we will contact you first to ensure that: 

(a) you do not already have an account with us; and 

(b) whether you are happy for us to create an account or assign the new centre to your existing account 

 

Once you have confirmed one of the above, we will use the details provided to create your account on Effective Command and send you an automatically generated email with your login information on. 

 

How long we keep it 

Your information will be kept on our systems until a Centre Manager, or yourself, contact us to ask to be removed. 

 

What are your rights? 

You have several rights – please see the section on “Your data protection rights". 

 

Do we use any data processors? 

The data is stored on Microsoft Azure and IOMART data centres located in the UK. 

 

Make an enquiry 

Purpose and legal basis for processing 

Our purpose for processing your personal data is so we can fulfil your information request to us. 

 

The legal basis for this is article 6(1)(f) of the GDPR which relates to processing required for our legitimate interests. 

 

What we need and why we need it 

We need information from you to respond to you and to locate the information you are looking for. This enables us to deliver a quality service. 

 

What we do with it 

When we receive a request from you we will set up an electronic case file containing the details of your request. This will normally include your contact details and any other information you have provided. We’ll also store on this case file a copy of the information that we send back to you and keep this as a communication history. 

 

How long we keep it 

We keep this information for 3 years from the time you make your enquiry. If your enquiry is a sales enquiry then we keep this information for 5 years. 

 

What are your rights? 

You have several rights – please see the section on “Your data protection rights". 

 

Do we use any data processors? 

If your enquiry has been sent from the online form on our website at https://www.Effective Command.org then the details you provide will be stored with a third-party service called AirTable which is located in the USA and uses standard contractual clauses within their contract which are approved under GDPR. 

Make a complaint 

Purpose and legal basis for processing 

Our purpose is to investigate and resolve the issues that you are experiencing. The legal basis we rely on to process your personal data is article (6)(1)(F) of the GDPR which allows us to process personal data under legitimate interest (in resolving your query and being able to return to you) which would be necessary. 

 

What we need 

We need information from you to investigate your complaint properly, so we ask for: 

 

  • your name 

  • the organisation for whom you work 

  • whether you are a customer, supplier or other 

  • telephone number 

  • email address 

  • nature of the complaint (which may contain information you have given us about the other parties in your complaint) 

 

Why we need it 

We will use your personal information to investigate your complaint and check on our level of service. We compile and publish statistics showing information, i.e. the number of complaints we receive, but this is anonymised. No third parties have access to your personal information unless the law allows them to do so. 

 

We will try to respect that you may wish to remain anonymous if complaining about a particular member of staff however, it is not always possible to handle a complaint on an anonymous basis so we’ll contact you to discuss this. 

 

If you are acting on behalf of someone making a complaint, we will ask for information to satisfy us of your identity and if relevant, ask for information to show you have authority to act on someone else’s behalf. 

 

How long we keep it 

An entry of each complaint received will be made within an electronic file, which will be maintained at all times. We will retain a record of each complaint received for at least 2 years from the date the complaint is resolved. 

 

What are your rights? 

You have several rights – please see the section on “Your data protection rights". 

 

Do we use any data processors? 

The data is stored on Microsoft Azure and IOMART data centres located in the UK. 

 

Request technical support for any of our services 

Purpose and legal basis for processing 

Our purpose for us collecting the personal data that you provide to us is to fulfil our obligations in providing you with the services that you have signed up for. The legal basis we rely on to process your personal data is article (6)(1)(B) of the GDPR which allows us to process personal data in order to perform a contract. 

 

What we need 

Your name, company name, email address, UserID and details of your enquiry. 

 

Why we need it 

We need these details in order to find your account and assist you with the technical difficulties you may be experiencing. 

 

What we do with it 

If you have provided the information by telephoning us, the information will be used to access your Effective Command account and assist you with your technical issues. If you have submitted your information on our Support page, then the details will be used to contact you and assist you with your technical issues. 

 

How long we keep it 

Your information will be kept on our systems for a period of 2 years from being resolved. 

 

What are your rights? 

You have several rights – please see the section on “Your data protection rights". 

 

Do we use any data processors? 

Your details and information relating to your enquiry will be stored in our support database within the EEA. 

 

 

Your data protection rights 

Right to be informed 

The GDPR states that you have the right to be informed about how we collect and use your personal information (“privacy information”). 

 

Right of access 

You have a right to access any of your personal data. In some circumstances you will be able to obtain your personal information through the various self-service facilities that we provide with our products and services. However, in other circumstances such information may not be available and you can send us a special request (known as a “subject access request”) to our Data Protection Officer at dpo@EffectiveCommand.org who will assist in giving you access to the information we hold about you. We will provide this information to you within no longer than one month and free of charge, unless you make excessive requests in which case we will be entitled to charge a fee. 

 

Right to rectification 

This is your right to have any personal data recorded about you that is inaccurate rectified or completed if it is incomplete. If you believe that the personal data we hold about you is incomplete or inaccurate then please contact our Data Protection Officer. If we are the Data Controller for your personal data then we will be able to rectify or complete it as necessary, however if we are acting as a Data Processor for your personal data then we will provide you with the contact details of the Data Controller (which may be one of our Clients). 

 

Right to erasure 

This is your right to be forgotten and means that at your request, the personal data we hold about you can be erased. If you wish us to erase your personal data then please contact our Data Protection Officer and we will respond no longer than one month. Please note that in instances where we are processing your personal data as a Data Processor, we will promptly inform the Data Controller of your request and advise you of this when you make the request. 

 

Right to restrict processing 

This is your right to request the restriction or suppression of your personal data (instead of erasure or rectification). It means that we can still store your data but no longer use it. There are a few circumstances in which this right can be exercised: 

(a) If you are contesting the accuracy of the personal data and in the meantime we are verifying the accuracy of the data 

(b) If you believe the personal data has been unlawfully obtained and you oppose your right to erasure 

(c) When we no longer need the data but you need it to establish, exercise or defend a legal claim 

(d) You have objected to us processing your data and Effective Command is considering whether our legitimate grounds override those of your own 

 

It is therefore our policy to automatically restrict the processing whist we are considering the accuracy or the legitimate ground for processing the personal data in question. 

 

Right to data portability 

This is your right to receive a copy of the personal data we hold about you in a format that will allow to reuse your data for your own purposes across different systems. Whilst we can provide the data to you in a common format such as CSV or XML, we cannot guarantee that the service you decide to reuse your information in will accept the automatic importing of your data. 

 

Right to object 

This is your right to object to us processing your information. It may relate to any direct marketing you may be receiving from us or if you object to our legitimate interests. Please contact our Data Protection Officer. 

 

Rights related to automated decision-making including profiling 

Please note if you are using the CPD service then we reserve the right to place advertising content on your web pages that we think is appropriate to you, but this is based on the learning outcomes you have selected which is not classified as personal data. If you have any queries about your rights, then please contact our Data Protection Officer. 

 

Changes to this privacy notice 

We review this Privacy Notice regularly and update it accordingly. 

  

Glossary 

In this document the following words have the following meanings: 

 

Clients means the business organisations that are Effective Command’s customers that are typically either independent training providers, employers, colleges or universities. Our Clients will usually be purchasing our products and services to use with their own customers (e.g. students or employees), and usually in the context of this Policy, each Client will be a Data Controller and we will be a Data Processor. 

 

Data Controller is an entity (e.g. an organisation) that determines the purpose and means for processing the personal data that it obtains. 

 

Data Processor is an entity that processes personal data on behalf of a Data Controller and under their written instructions. 

 

Last Updated: 15/1/23

 

Currently involved in projects in:   Effective Command is involved in projects in Australia Effective Command is involved in projects in Canada Effective Command is involved in projects in Estonia Effective Command is involved in projects in Portugal Effective Command is involved in projects in South Korea Effective Command is involved in projects in the United Kingdom Effective Command is involved in projects in the United States Effective Command is involved in projects in the European Union Effective Command is involved in projects in Singapore

Copyright © 2024 K Lamb Associates Ltd. All Rights Reserved.
Policies
An error has occurred. This application may no longer respond until reloaded. Reload 🗙