We value the privacy of all our applicants, students, visitors, supporters, employees and customers, and strive to meet the highest standards in managing your personal information. This privacy notice explains how we collect and manage personal information, and how we comply with data protection law.
This notice aims to cover all of your rights, and to provide the information required under all applicable data protection laws, including the General Data Protection Regulation (GDPR) and the new Data Protection Act 2018, as well as anticipated regulations. We are continually working to improve our systems, processes and practices, and will update this notice as necessary. It is important that the personal data we hold about you is accurate and current. Please keep us informed at email@example.com if your personal data changes during your relationship with us.
Who are we?
Refraiz provides training, coaching and consultancy services in communications for business purposes and leadership.
If you have a question or concern about personal data at Refraiz please contact our Data Protection team at firstname.lastname@example.org
What personal information do we collect about you?
We collect and process a range of personal information.
Information you provide to us
We collect any information that you provide directly to us. This may be via our website when you make a request or query, whether by email, via our websites or on the telephone, or when you register to use our free wifi service. You may provide some of this information to us when visiting one of our venues, or to one of our staff.
This includes information that you provide when
- filling in forms on our websites, including information provided at the time of requesting our newsletters,
- applying for a course,
- attending a class, course, audition or interview,
- buying tickets to a performance or event,
- making a donation
- providing us (or offering to provide us) with goods or services
- submitting a CV or applying for a job.
This type of information is likely to fall into one of the following categories:
Identity and contact information
- contact details (for example, name, telephone number, email)
- demographic information (for example, date of birth or nationality)
- information relating to other members of your party and/or participants at any event
- your credit or debit card, bank and billing address details and other financial information that may be required to process a payment
- details of other financial information showing on invoices
- if you are a business, information on the company you’re running or working for that would be useful for the purposes of the consultancy services performed by Refraiz
- your views, opinions, questions and comments
- records of your correspondence with us
Information we collect about you
We also collect information indirectly about you and your business. This includes:
- transactional data: we will collect information related to your transactions, including the date and time, the amounts charged and other related transaction details;
- website usage and technical data: details of your visits to any of our websites and the resources you access. This may include your geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), and the data transmitted by your browser (such as your IP address, date and type of the request, and other information
- data entered on our websites including non-submitted (or abandoned) data
- images of you when we take photographs or film in our premises. We will endeavour to let you know by printed notices whenever such filming or photography will take place
- your image and name if we record video conferences which you attend.
- academic information about course attendance and progress including assessments and recordings of performances
- your correspondence with Refraiz and third parties across Refraiz platforms
Information we collect from third parties about you
Some of the above may be provided to us via third-party sources (i.e. from someone who is not part of Refraiz). For example:
- you may post reviews or other content relating to Refraiz or similar organisations via third- party social media platforms and channels, such as Twitter, Facebook or Instagram
- we sometimes run events or competitions with other companies and organisations, and they may pass some personal information about participants or entrants to us
- if you are a job applicant we may contact your recruiters, current and former employers and/or referees, who may be based inside or outside the EU, to provide information about you and your application;
- if you are a prospective student we may contact your academic referees to provide information about your application, and we may receive information about you from third parties
- we may collect personal information from our website developer, IT support provider and payment services providers who are based inside the EU. We may also collect personal information from our calendar scheduling software and our video conferencing host who are based in the US although are fully complaint with the requirements of the US-EU and Swiss Privacy Shields;
- we currently use social media plugins from the following service providers who are based both inside and outside the EU: Facebook, YouTube, Twitter, and Instagram. By providing your social media account details you are authorising that third-party provider to share with us certain information about you;
- if you are a student or prospective student we may receive an assessment from your medical practitioner, counsellor or other medical professional in order to assess your fitness to train or to ascertain the type and level of reasonable adjustment required in respect of our Higher Education provision
- If you are an employee or prospective employee we may receive an assessment from your medical practitioner, occupational health adviser or other medical professional in order to assess your fitness to work or to ascertain the type and level of reasonable adjustment required in respect of our obligations as an employer
- there may be publicly available information about you from trusted sources (such as Who’s Who, Debrett’s People of Today) that we may use to help us to tailor our communications, and the experiences and events we offer to you
- we are sometimes required to undertake checks on the sources of funds for donations and other contributions from supporters, and this may include information obtained from third parties
- We may add information from publicly available sources including data from, for example, reputable newspapers, Companies House, or LinkedIn/Twitter. We do this in order to manage our fundraising effectively and to give you the best experience by tailoring our approaches to you according to your interests as well as the level at which you could potentially support us.
We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.
Sometimes we may collate information that you have provided to us via multiple direct interactions with us with information from third parties or the technical data referred to below so that we can use this to try to improve the services and information we provide to you.
Technical information collected by us automatically about you
Our reasons for using your information
The law requires us to ensure we have a lawful basis for processing your personal information. We only use your personal information when we believe it is lawful to do so. Sometimes, we may ask you to consent to our collection and use of your personal information for certain purposes. Where this is the case, you can change your mind and withdraw your consent at any time by emailing us at email@example.com, or by using any of the contact details that appear at the end of this privacy notice. You can always opt out of receiving any marketing or promotional messages from us.
Otherwise we process your personal information because it is necessary for one of the following lawful reasons:
- the performance of a contract that you enter in to with us
For example, if you take a place on a course, buy tickets to a performance or event, or are employed or contracted by us, then we must deliver our obligations under the contract we have with you as a result, and your personal information will often be required in order for us to do this.
- compliance with a legal obligation
For example, the law requires us to retain certain information about contracts and transactions for tax and audit purposes
- for your vital interests
For example, if you are a registered student or employee, we may hold emergency contact or medical information that may be needed in an emergency.
- our legitimate interests or those of a third party
This means our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in
- personalising, enhancing, improving the services and or communications that we provide to
- promoting our services and studying how our website/services are used, to develop them, to grow our business and to inform our marketing strategy;
- safeguarding your wellbeing and monitoring your progression as a student on one of our courses, detecting and preventing fraud and operating a safe and lawful business;
- maintaining our reputation and standing as a Higher Education Provider; and
- improving security and optimisation of our network, sites and services.
When we hold or process your personal information on the basis of our legitimate interests, we only retain information that is necessary and proportionate, and we consider the impact on your right to privacy before doing so.
Why do we keep and use your information?
We may use your information for some or all of the following purposes in line with the lawful bases above:
- providing and delivering our services, goods or information you have requested from us including access to our website
- processing job applications and managing our staff
- compliance with relevant policies, procedures and laws
- administering donations and our relationships with supporters
- promoting our charitable aims, including fundraising activities
- gathering feedback
- developing and managing Refriz’s courses and commercial activities
- managing activities related to any course, performance, event or hire
- fulfilling and responding to requests from you, or made on your behalf
- managing the security and safety of Refraiz’s facilities, community and assets
- analysing, tailoring, developing or improving our offer
- communications with you including newsletters, marketing and promotional messages or surveys providing information relating to offers, events, opportunities and new services, or new activities
- running competitions and dealing with competition entries and results
- operating, managing and promoting our membership scheme
• for our internal operational and management purposes including record keeping, staff recruitment and management
• ensuring content from our websites is presented to you in the most effective manner for you and for your computer
• assessing credit risk, fraud or brand damage risk
- research and audit purposes
We may record video conferences and webinars for the purposes of training of our staff and development of our services. Participants will be advised when recording is taking place and be given the option not to participate.
Do you have to provide personal information?
If we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide a place on a course or to sell you a ticket to a performance). In this case, we may be unable to process a transaction and/or may have to cancel something you have requested from us – but we will notify you if this is the case at the time.
Who do we share your personal information with?
We maintain internal controls that limit who can access your personal information, but, where appropriate, your data may be accessed by and shared with all parts of Refriz
In addition, and in line with the lawful bases above, we may share personal information with third parties as follows:
- Partners and collaborators
- Service providers we work with to deliver our business, who are acting as processors and provide us with:
o Contracted creative, tuition and training services
o website development and hosting services
o IT, system administration and security services
o marketing and advertising services, analytics providers (including Google Analytics) based in the USA;
o social media plugin services including Facebook, Twitter, Instagram, Snapchat and
YouTube based in the UK and USA ;
o Video conferencing (including Zoom) and booking scheduling software
o payment services
o legal, accountancy, auditing and insurance services and other professional advisers based in Romania
- Regulators and governmental bodies
- Marketing parties: any selected third party that you consent to our sharing your information with for marketing purposes;
- Prospective sellers and buyers of our business: any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and
- Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) based in the United Kingdom where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
When we use third-party service providers, we disclose only the personal information that is necessary to deliver the service. We aim to ensure that we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes
Sometimes we may ask for your permission to share your details with others. For example, if you attend a training course, we may ask if delegates are happy for us to share their contact details with other delegates. We may release your information to third parties beyond those listed above only if we are required to do so by law (for example by a court order), or in connection with the prevention of fraud or other crime.
How do we protect the personal information you provide to us?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This includes:
o ensuring the physical security of our spaces;
o ensuring the physical and digital security of our equipment and devices by using appropriate
password protection and encryption;
o maintaining a data protection policy for, and delivering data protection training to, our employees; and
o limitingaccesstoyourpersonalinformationtothoseinourcompanywhoneedtouseitin the course of their work.
In addition, we limit access to your personal data to those employees, agents, contractors and other third-parties who have a business need to know. They will only process your personal data on our instructions (which, in the case of our employees and contractors, are set out in our policies) and
they are subject to a duty of confidentiality. We regularly review and update our procedures to deal with any suspected personal data breaches. In the event of any suspected personal data breach we will notify the individuals affected and the applicable data regulators, where legally required to do so.
How long will we keep your information?
We aim to keep personal information only for as long as is necessary to fulfil the purposes for which the information was collected. By law we have to keep certain basic information about our customers and supporters and their transactions with us for specified periods of time.
Will we transfer your information overseas?
Personally identifiable information may be transferred outside of the European Economic Area (EEA) to other third-party service providers incidentally in the course of our activities. Other countries in the EEA have laws that are substantially the same as the RO in order to ensure protection of your personal information. We will take steps to ensure that adequate protection is provided for information transferred overseas as required under data protection laws.
What rights do you have in relation to your personal information?
You have a number of legal rights affecting your personal data. You have the right to:
- Request access to your personal data (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which, if applicable, will be shared with you at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation that makes you want to object to processing on this ground, as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you
need it to establish, exercise or defend legal claims; or (d) you have objected to our use of
your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you,
or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially provided consent for us to use, or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time of your request. These don’t apply in all circumstances, as there are also legal exemptions which may apply, depending on why we have collected the data, and the legal basis on which we are holding the data. We will be happy to explain if you have questions about this.
If you wish to make a formal request for information we hold about you, or to make changes to the data we hold about you, or to opt out of being contacted for marketing purposes then you can contact us at firstname.lastname@example.org (as well as opting out of our marketing messages by using the unsubscribe link that appears on each of them). You may also use these contact details to ask questions or raise concerns about the privacy notice
Changes to this privacy notice
This privacy notice was last updated in November 2020. We may change or update this notice from time to time so please check this page occasionally to ensure that you’re happy with any changes. Previous versions of our privacy notice may be requested via email@example.com
How can you contact us and/or comment?
Email address: firstname.lastname@example.org
Postal address: 105-107 Vasile Lucaciu street, Bucharest, Romania; phone: +40759034805
Please use these details for any data protection requests or enquiries, including requests to exercise your rights (such as the rights of access, rectification, erasure, restriction of processing, and data portability).