Introduction

This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we will store and handle that data and keep it safe.

We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how Quiver Management uses your data.

We hope the following sections will answer any questions you have, but if not, please do get in touch with us.

It’s likely that we’ll need to update this Privacy Notice from time to time. You are welcome to come back and check it on our website whenever you wish.

If you have any questions regarding this policy, please contact us on QMadmin@quivermanagement.com.

1. Who is Quiver Management?

Quiver Management delivers executive and business coaching of senior leaders, leadership development, coaching training and management consultancy. We have won a number of awards and set a high standard for our services and professional conduct. We have been operating since 2002 and our clients include large corporates, high growth businesses, professional services companies, public services organisations and charities. For more information see www.quivermanagement.com.

2. Explaining the legal basis we rely on

The law on data protection sets out six ways which a company may collect and process your personal data, having analysed our customer database and business model we have assessed that Legitimate Interest is the primary basis. This is because by your interactions with our company and website we believe you may be interested in our services and also that the content we will be sending to you will be helpful for your business success.

3. When do we collect your personal data?

We collect personal data from a number of sources including

  • our website contact form,
  • our E-Commerce platform,
  • our open and inhouse training courses and events,
  • courses arranged by external parties, such as The Law Society of Scotland, ICAS, EMCC, Threesixty Services etc.,
  • exhibitions, conferences and events,
  • referrals from existing clients and individuals.

4. What sort of personal data do we collect?

The personal data we collect is limited to the level we need to deliver our services and is made up of some or all of the following:The personal data we collect is limited to the level we need to deliver our services and is made up of some or all of the following:

  • Name
  • Email address
  • Phone number
  • Company
  • Job Role
  • Contact address
  • Dietary requirements (for training events)
  • Gender (for ILM Learner registration only)
  • Date of birth (for ILM Learner registration only)

5. Use of ‘cookies’

Our website, like many other websites, uses cookies. ‘Cookies’ are small pieces of information sent to your computer and stored on your hard drive to allow our website to recognise you when you visit. The cookies collect statistical data about your browsing actions and patterns but do not identify you as an individual. We use this information to improve the website experience. It is possible to switch off cookies by changing your browser preferences.

6. How and why do we use your personal data?

Your personal data is used to ensure the services we deliver are suitable and appropriate and any data collected is only used to administer and deliver those services.

  • To respond to your queries.
  • To propose, quote, design, deliver, invoice and get feedback on our professional services.
  • To offer subscription to our newsletter (you are free to opt out at any time).
  • To share data with our accrediting professional bodies (e.g. ILM, EMCC)
  • To process any orders that you make by using our website.
  • To send you communications required by law or which are necessary to inform you about our changes to the services we provide you (e.g. updates to this Privacy Notice).
  • To comply with our contractual or legal obligations to share data with law enforcement.

7. How we protect your personal data

We use a number of Microsoft products including Office 365 which have data encryption and the privacy notice can be seen using the following link https://privacy.microsoft.com/en-gb/privacystatement.

We also use Dropbox for storing data and the privacy notice can be seen using the following link https://www.dropbox.com/en_GB/security/GDPR

We use a third-party provider, Future Content Ltd, to deliver our monthly e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see http://futurecontent.co/our-content/newsletter/privacy-policy/

When paying for courses or products on our website, we use PayPal for the transaction as they provide a secure payment platform. We will use the name and email contact details provided as well as the payment amount to confirm payment and provide further instructions on the services/products paid for. For more information about PayPal’s privacy policies see https://www.paypal.com/en/webapps/mpp/ua/privacy-full.

In addition, we have internal processes for our employees, associates and suppliers which clearly states their terms of reference and how personal data will be used and needs to be protected. Sensitive and confidential hardcopy information collected during interaction with clients will be held securely by the company and the individual employees, associates and suppliers involved.

8. How long will we keep your personal data?

Whenever we collect or process your personal data, we’ll only keep it for as long as is operationally valuable or required by accrediting bodies (e.g. ILM, EMCC) or law / regulation (e.g. HMRC).

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

9. Who do we share your personal data with?

We only share personal data with specific professional bodies, organisations, team members and associates who deliver relevant services. We will not sell or rent your information to third parties.

The professional bodies are the ILM (https://www.i-l-m.com/privacy) which is part of City and Guilds ( https://www.cityandguildsgroup.com/group-policies ) and EMCC (https://www.emccouncil.org/).

Organisations currently only include John Wiley & Sons, who delivers our DiSC online profiles.

ILM

Quiver Management is an Approved ILM Training Centre and an Approved ILM Provider. We only share personal data of individuals who are signed up for ILM accredited courses (i.e. ILM Learners).

For clarity the text below sets out the conditions that ILM require their partners to comply with.

  • ILM Centres/Providers must comply with the GDPR, including when they transfer learner personal data to ILM.
  • ILM must also comply with the GDPR, including when it processes learner personal data received from ILM Centres/Providers.
  • ILM and each ILM Centre and ILM Provider are independent data controllers.
  • ILM Centres/Providers must notify their learners that their personal data will be shared with ILM for the purposes of learning, assessment, and certification. This may be done in the ILM Centre’s or Provider’s privacy policy or notice.
  • ILM Centres/Providers must direct ILM learners to the ILM learner privacy notice, which sets out how ILM will process learner personal data, and is located at https://www.i-l-m.com/privacy/learnerpersonaldata/
  • ILM Centres/Providers may be required to share sensitive personal data with ILM where a reasonable adjustment is requested, or in the course of an investigation, complaint, or appeal. The ILM Centre/Provider is responsible for obtaining the explicit consent of the learner to share sensitive personal data with ILM.

City & Guilds Group
ILM is part of the City & Guilds Group. The City & Guilds Group is committed to data security and the fair and transparent processing of personal data. They have published a privacy policy which sets out how members of the City & Guilds Group, including ILM, will treat personal data in compliance with applicable data protection law, including GDPR https://www.cityandguildsgroup.com/group-policies.

EMCC UK
Quiver Management is an organisational member and European Quality Awarded training provider accredited by The European Mentoring and Coaching Council (EMCC), the leading professional body for coaches and mentors in Europe. We only share personal data with EMCC for the purpose of coaching/mentoring qualifications, accreditations or optional membership of EMCC. EMCC UK’s Privacy Notice is located on this page https://emcc.imiscloud.com/Public/About_Us/Privacy_Policy/public/

Please note that other awarding bodies may have different requirements.

DiSC Profiles
Quiver Management provides individual and team psychometric profiles. If you are receiving a personal Everything DiSC psychometric profile we will be sharing your name and email details with Everything Disc. They may use this data to contact you to process your Everything DiSC psychometric profile. They may also use the answers you provide in their questionnaire to carry out statistical analysis (on an anonymised basis) which may be carried out by Everything DiSC or selected third parties. We will also share the data with other members of the Quiver Management team as agreed with the sponsoring organisation. Everything DiSC is a brand of John Wiley & Sons. Their Privacy Policy is http://www.everythingdisc.com/Privacy-Policy.aspx.

Team members and associates
Team members and associates employed by Quiver Management to deliver the services are subject to a contractual agreement which sets out their responsibilities including access to and use of personal data. Their use is defined as data processors.

10. Where your personal data may be processed

Protecting your data outside the EEA.

The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway.

We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA such as Australia or the USA. This will only be done using the technology solutions highlighted in section 6.

If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times. Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

11. What are your rights over your personal data?

The GDPR provides the following rights for individuals:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling

Where any subject access request is made there is a requirement to prove identity before any information is divulged. This may involve physical presence with accompanying ID.Where a request to “Be forgotten” is made, this can only be complied with if there are no other legal frameworks that overrule GDPR (e.g. HMRC, FCA, etc.).

12.Regulation changes and remedial actions

GDPR is going live on 25th May 2018 and the UK Data Privacy Bill does not have a final date as yet. Therefore, this Notice is based on the regulations as they exist with a review process set up to make any adjustments required to become and stay compliant.

13. Contacting the Regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113.

Or go online to www.ico.org.uk/concerns/ (please note we can’t be responsible for the content of external websites)

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.