We look after your data in line with both the GDPR and the high standards we set in our own quality policies. This notice will help you understand what information we collect at Impellus, how Impellus uses it and what choices you have.
1. Introduction
Impellus Limited respects your privacy and is committed to protecting your personal data.
This notice (together with our Terms & Conditions) sets out the basis on which any personal data we collect from you, or that you provide to us, will be used by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will use it.
Impellus Limited is the controller and responsible for your personal data (collectively referred to as “Impellus”, “we”, “us” or “our” in this privacy notice).
Our customers, delegates and those responsible for booking training are collectively referred to as to the “data subject” or “you” in this privacy notice.
2. Contacting Impellus
Please feel free to contact us if you have any questions about Impellus’ Privacy Notice or Terms and Conditions.
You may contact us at marketing@impellus.com, by phone on 01727 790790, or at our postal address below:
Impellus Ltd
PO Box 1254
St Albans
Hertfordshire
AL1 9JZ
3. Information we may collect from you
Impellus may collect use, store and transfer the following data about you via our websites, emails, telephone calls, post and face-to-face meetings (including training courses):
- Content that you enter online on our website, or within the Impellus Business Centre to form your ILM qualification assessments and Apprenticeship portfolio or otherwise information that you provide by filling in forms on our websites, or attending our courses which can include (but is not limited to) details of:
- your identity (name, date of birth, job title, organisation name);
- your contact details (including phone number(s), e-mail and postal addresses);
- your dietary requirements (when booking courses);
- your payments and transactions with us.
- Details of your visits to our website including, but not limited to, traffic data, location data, weblogs and the resources you access to track the site is being used. However, this is aggregate or de-identified information that cannot be linked to you personally.
- If you contact us, we may keep a record of that correspondence, including any information provided or required to resolve your enquiry
- We may also ask you to complete surveys that we use for research purposes, although you do not have to participate in them.
4. How we will use the information about you
Impellus will only use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
5. Purposes for which we will use your personal data
Impellus will use personal information held about you:
To perform a contract with you and/or which is necessary for our legitimate interests by:
- registering you on our courses, for an ILM qualification or Apprenticeship and creating an account for you on our Business Centre;
- processing your orders for courses and training (including managing and collecting your payments fees and charges);
- delivering courses and training to you;
- tracking the progress of your learning (including providing you with support and feedback); and
managing our relationship with you (including notifying you about changes to our products and services, sending joining instructions, post-course communication(s) and certificates (where relevant); - keeping our records updated and study how customers use our products/services, to develop them, grow our business and Informing our marketing strategy:
- to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you; and
- to use data analytics to improve our website, products/services, marketing, customer relationships and experiences.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. You can complete our online preference form where you can confirm your communication preferences, alternatively you can contact us on 01727 790790 or at marketing@impellus.com.
Opting out
You can ask us to stop sending you marketing messages at any time via our online preference form or by contacting us.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of any service purchase or other transactions.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
6. How we may share and disclose your information
Impellus will not pass your personal information onto any third parties for their marketing purposes.
Impellus may share your personal information with:
- Third party service providers and agents. We may engage third party companies or individuals to process your data on our behalf; such as third party payment processors, and data processors like Salesforce, ILM, the Education and Skills Funding Agency (ESFA).
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- We may disclose or use aggregate or de-identified information (that cannot be linked to you personally) for any purpose. For example, for partnering with a Management institute or academics to explore leadership and management research or with an organisation or Government body for funding opportunities.
Our email and postal communication is for use by the intended recipient only. Forwarding or redirection of our messaging by the intended recipient, their mail preferences or their electronic mail system, and any resulting disclosure of personal information, is beyond our control.
Impellus does not publish personal data on the social media channels of Twitter, LinkedIn and Facebook without express permission but does share Impellus content with its followers on these networks.
7. International Transfers
Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
8. Data Security
Impellus is Cyber Essentials compliant and has implemented appropriate security measures to protect information from accidental loss, misuse and unauthorised access, disclosure, alteration or destruction. Our security systems include authenticated access to internal databases, password encryption of data files in transit, audits of procedures and regular reviews of overall web security. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. How long do we keep hold of your information?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
10. Children’s information
Our products and services are not directed to children under 16. If you learn that a child under 16 has provided us with personal information without consent, please contact us.
11. Your rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data to:
- Request access to, correction of or erasure of your personal data;
- Object to processing of your personal data.
If you wish to exercise any of the rights set out above, please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Please note that if you make a formal ‘Subject Access Request’ we will first refer you to this notice and our policies (which answer many of the questions) and will happily confirm your personal data held by us verbally initially, including how and why we hold it. We will happily take any lawful instruction to amend, delete or treat this data differently. Should you wish us to complete a full written answer to all or any of the points listed on the ICO website then we will charge you at the rate of half a day of our professional fees.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
12. Changes to our Privacy Notice
Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by email.