GDPR Compliance Statement for Training Intelligence
Training Intelligence (licensing to Ceteris) is committed to ensuring the security and protection of personal information processed through our services. We have built our data protection program around the principles of breach prevention and impact minimization, making data protection a core component of our business operations.
1. Personal Data Processing
1.1 Data Collection
Directly Provided Data:
- Full name and title
- Contact information (email, phone number, address)
- Date of birth
- Educational records and qualifications
- Employment information
- Login credentials
- Payment information (where applicable)
Indirectly Collected Data:
- IP addresses
- Device information and identifiers
- Browser type and version
- Platform usage patterns
- Learning progress and engagement metrics
- Cookie data
1.2 Data Storage and Access
All data is stored on secure servers located in the United Kingdom, hosted by [Cloud Provider Name]. Our infrastructure complies with ISO 27001 standards for information security management.
Data Access:
- Internal access: Limited to authorized staff members with role-based permissions
- Technical team: Development and maintenance personnel with restricted access
- Third-party providers: Limited access for specific service delivery (e.g., certification bodies)
2. Purpose and Legal Basis for Processing
2.1 Processing Purposes
| Data Category | Purpose | Legal Basis |
|---|---|---|
| Personal Information | Account creation, identity verification | Contractual necessity |
| Educational Records | Course delivery, progress tracking | Contractual necessity |
| Usage Data | Platform improvement, analytics | Legitimate interests |
| Financial Data | Payment processing, accounting | Legal obligation |
3. Risk Assessment and Mitigation
3.1 Identified Risks and Controls
Data Breach Risks:
- Technical Vulnerabilities
- Mitigation: Regular security audits, penetration testing
- End-to-end encryption for sensitive data
- Regular software updates and patch management
- Organizational Vulnerabilities
- Mitigation: Mandatory staff training
- Strict access control policies
- Regular security awareness programs
3.2 Data Retention Policy
- Learner records: 7 years post-completion
- Financial records: 7 years (legal requirement)
- Usage data: 2 years
- Marketing data: Until consent withdrawal
3.3 International Data Transfers
All data is primarily processed within the UK. Any necessary transfers outside the UK/EEA are protected by:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions where applicable
- Additional technical safeguards
4. Data Subject Rights
We ensure all data subjects can easily exercise their rights through:
- Dedicated data subject rights portal
- 48-hour response commitment
- Automated data export functionality
- Clear process for right to erasure requests
Contact Information
Data Protection Officer
Training Intelligence
Email: admin@tiq.awsapps.com
Online Support: Contact Us
Last updated: November 29, 2024