THT_M524_010

Privacy Policy

 

Introduction

The purpose of this Privacy Policy is to describe how your personal information is collected, used, and shared for the provision of our products and services and the day to day running of our business. Fortify Institute Limited is committed to protecting your personal data and right to privacy. We will keep your personal data safe and comply with applicable data protection legislation.

 

How we process personal data

For people who contact us through our website, email or phone:

If you contact us using the information on the “Contact Us” page of our website, via email or phone, we use the personal data you provide to us to respond to your questions when you contact us. Our legal basis for this processing is our legitimate interest in the administration and operation of our business. Unless we have another lawful reason for keeping your personal data for longer (ie. you sign up for our newsletter or attend one of our courses) we will delete your personal data 1 year after your last contact with us.

For people who sign up for our Newsletter and Resources:

We use the contact information you have provided us to send you our newsletter and other updates. Our legal basis for this processing is the consent that you provided when you signed up. We always include an unsubscribe option in our marketing communications, so you can opt out of receiving such communications at any time. We will retain your contact information until you unsubscribe or opt out.

For our customers and potential customers:

If you register for and/or attend one of our courses, we will use the information that you or the person who registers you supplies to us in order to provide the course to you. That information could include your name, contact information, e-mails and other messages you have sent, records of your attendance, and your course work and exam results. Our legal basis for processing this information is that is necessary in order for us to perform our obligations under our contract with you (the course Terms and Conditions). We will retain your personal data from the course for 2 years after the course end date, in case you want a copy of your records or a question arises over the services we provided to you.

Similarly, if you purchase a product or service other than a course from us, or attend one of our events, we will use the information that you or the person who purchases the product, service or event for you supplies to us in order to provide that product, service or event to you. We will retain this personal data for 2 years after the end date of the purchase, service or event, in case you want a copy of your records or a question arises over the product, service or event we provided to you.

If you purchase a course or other service or product from us, including through our on-line store, we will process the billing information you provide us in order to process your payment. We will keep a record of all transactions for 6 years because we are legally required to keep them for that period of time.

 

Who we share data with

  • We share your personal data with:
  • our learning partners (training and certification organisations that assist in providing course training and materials to you),
  • our cloud-based software service providers, including Google business suite, our customer relationship management (CRM) software provider, and our accounting software provider,
  • our marketing and accounting consultants, who may have access to our CRM and accounting systems
  • Stripe, who powers our on-line store and processes payments for us.

These providers may only process your data for the purpose of providing us with their services, and are not permitted to use your data except on our behalf. We will not share your personal data with any other third parties, unless we have a legal or professional duty to do so.

 

Transfers of data outside the European Economic Area (EEA)

Some of our learning partners are located in the US and the UK, and we transfer data to them.

We also transfer data to our cloud-based software service providers, and they may process and store your data outside EEA. In all cases we have ensured the proper legal safeguards are in place for these transfers, such as an EU Commission adequacy decision, Privacy Shield certification (for US companies), or the European Commission approved standard contractual clauses with the learning partner or service provider.

 

Automated decision-making and profiling

We do not use any personal data for the purpose of automated decision-making or profiling.

 

Your rights

You have the following rights under the GDPR, in certain circumstances and subject to certain exemptions, in relation to your personal data:

  • Right to access – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
  • Right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
  • Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
  • Right to restrict or object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
  • Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
  • Right to withdraw consent – if we are processing personal data based on your consent, you may withdraw that consent at any time.

 

In order to exercise any of the rights set out above, or if you have questions or concerns about how we process your data, please contact us at [email protected] or by post at the address on our website.

You also have the right to lodge a complaint with the Data Protection Commission, whose contact details are as follows:

 

Data Protection Commission

Canal House,

Station Road,

Portarlington,

Co. Laois,

R32 AP23,

Ireland.

Telephone +353 (0761) 104 800 | LoCall 1890 25 22 31 | Fax +353 57 868 4757 |

Website https://dataprotection.ie/docs/Home/4.htm

Email [email protected]


Effective Date: 08/08/2023