The Oxford Group, as part of the City and Guilds Group, is committed to data security and the fair and transparent processing of personal data. This privacy notice sets out how we will treat the personal data which you provide to us in compliance with applicable data protection law, in particular the General Data Protection Regulation (EU) 2016/679 (GDPR).
Please read this notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data, how to contact us and supervisory authorities in the event that you would like to report a concern about the way in which we process your data.
Who are we?
The Oxford Group Consulting and Training Ltd is a registered company (registered company number 02828084) (The Oxford Group). Our registered address is 1 Giltspur Street, London EC1A 9DD.
The Oxford Group is a member of the City & Guilds Group, which includes The City and Guilds of London Institute and its associated companies (City & Guilds Group).
The Oxford Group owns and operates www.oxford-group.com. For the purposes of the GDPR, The Oxford Group is the ‘controller’ of the personal data you provide to us (or a member of the City & Guilds Group) as a client or potential client of The Oxford Group, including through our website, an event, or other online or paper based form.
What personal data do we collect?
We may collect and process the following personal data:
Information you provide to us
- complete a form on our website;
- complete a survey;
- correspond with us by phone, e-mail, or in writing;
- report a problem;
- sign-up to receive our newsletter;
- enter into a contract with us to receive products and/or services,
we may collect your name, e-mail address, postal address, and job role.
You may also choose to provide us with your telephone number if you would like to be contact by telephone.
Information we collect about you
If you visit our website, we may automatically collect the following information:
- technical information, including the internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit to our website such as the products and/or services you searched for and view, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Information we receive from other sources
We may also receive information about you if you use any of the other websites we operate or the other services we provide.
If you are a learner, we may also receive information about you from employer when they register to receive products and/or services from us.
Information about other people
If you provide information to us about any person other than yourself, such as your relatives, next of kin, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
How do we use your personal data?
When we ask you to supply us with personal data we will make it clear whether the personal data we are asking for must be supplied so that we can provide the products and services to you, or whether the supply of any personal data we ask for is optional.
We may use your personal data to fulfil a contract, or take steps linked to a contract:
- to provide the products and/or services to you;
- to communicate with you in relation to the provision of the contracted products and services;
- to provide you with administrative support such as account creation, security, and respondin to issues; and
- provide you with industry information, surveys, information about our awards and events, offers and promotions, related to the products and/or services.
Where this is necessary for purposes which are in our, or third parties, legitimate interests.
These interests are:
- providing you with newsletters, surveys, information about our awards and events, offers, and promotions, related to products and services offered by a member of the City & Guilds Group which may be of interest to you;
- communicating with you in relation to any issues, complaints, or disputes;
- improving the quality of experience when you interact with our products and/or services, including testing the performance and customer experience of our website;
- performing analytics on sales/marketing data, determining the effectiveness of promotional campaigns.
You have the right to object to the processing of your personal data on the basis of legitimate interests as set out below, under the heading Your rights.
where you have given your express consent to receive marketing communications, we may use your personal data to:
- send you newsletters, surveys, information about our awards and events, offers, and promotions, related to products and services offered by a member of the City & Guilds Group which may be of interest to you;
- developing, improving, and delivering marketing and advertising for products and services offered by a member of the City & Guilds Group.
We only process your sensitive personal data when we have obtained your explicit consent to do so.
Where required by law: we may also process your personal data if required by law, including responding to requests by government or law enforcement authorities, or for the prevention of crime or fraud.
Who do we share your personal data with?
We may share your personal data with members of the City & Guilds Group. You can read more about our group companies at www.cityandguildsgroup.com
We take all reasonable steps to ensure that our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a genuine business need to know it.
We may also share your personal data with trusted third parties including:
- legal and other professional advisers, consultants, and professional experts;
- service providers contracted to us in connection with provision of the products and services such as providers of IT services and customer relationship management services; and
- analytics and search engine providers that assist us in the improvement and optimisation of our website.
We will ensure there is a contract in place with the categories of recipients listed above which include obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them.
Where a third party recipients is located outside the European Economic Area, we will ensure that the transfer of personal data will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission where the data protection authority does not believe that the third country has adequate data protection laws.
We will share personal data with law enforcement or other authorities if required by applicable law.
How long will we keep your personal data?
Where there is a contract between us, we will retain your personal data for the duration of the contract, and for a period of 6 years following its termination or expiry, to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities. Where you have consented to marketing communications, you may change your preferences or unsubscribe from marketing communications at any time by clicking the unsubscribe link in an email from us.
Where do we store your personal data and how is it protected?
We take reasonable steps to protect your personal data from loss or destruction.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Where you have a username or password (or other identification information) which enables you to access certain services or parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Under the GDPR, you have various rights with respect to our use of your personal data:
Right to Access
You have the right to request a copy of the personal data that we hold about you by contacting us at the email or postal address given below. Please include with your request information that will enable us to verify your identity. We will respond with 30 days of request. Please note that there are exceptions to this right. We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person, if we are legally prevented from disclosing such information. Or if your request is manifestly unfounded or excessive.
Right to rectification
We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
Right to erasure
You have the right to request the deletion of your personal data where, for example, the personal data are no longer necessary for the purposes for which they were collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed. If you would like to request that your personal data is erased, please contact us using the contact details provided below.
Right to object
In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes. If you would like to object to the processing of your personal data, please contact us using the contact details provided below.
Right to restrict processing
In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have queried the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. Please contact us using the contact details provided below.
Right to data portability
In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. If you would like to request that your personal data is ported to you, please contact us using the contact details provided below.
Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception we will explain this to you in our response.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
The Oxford Group requires cookies in order to operate fully. Most web browsers allow some control of cookies through browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
Further information about the cookies used by The Oxford Group is provided below.
Cookies used by The Oxford Group
The following Cookie categories are based on the classification presented in The International Chambers of Commerce (ICC) Cookie Guide:
Strictly necessary cookies. These cookies are strictly necessary to provide services that you have requested.
Category 1 Cookies used by The Oxford Group:
Load Balancing Cookies may be used to distribute load across our web servers – to ensure our websites perform well and give you the best possible experience.
User Subscription Data
Subscription cookies allow us to ensure that you can access resources which you have registered or paid for.
Performance cookies. These cookies collect information about how visitors use our website, for instance which pages visitors go to most often. The information collected by these cookies is aggregated, so these cookies don’t collect information that identifies a visitor. The information collected is anonymous and is only used to improve the way our website works.
Category 2 Cookies used by The Oxford Group:
Google Web Analytics, Site Catalyst cookies are used to improve the design and user experience of our website by providing statistics on site usage and pages visited.
Embedded video and audio
Functionality cookies. These cookies allow us to remember choices you make (such as your username, language or the region you are in) and provide enhanced, more relevant features.
Category 3 Cookies used by The Oxford Group:
Preference cookies remember settings you’ve applied to this site such as Layout, Default views, Search filters, Number of Search results per page, Video bandwidth etc..
Optimising User Experience
Remembering recently viewed pages. Remembering your last search term.
Access to Data
Under the Data Protection Act 1988 you have the right to be told what personal information we hold about you on our databases. You should write to us via firstname.lastname@example.org stating your full name, your address and any of our newsletters or emails which you know you subscribe.