Following the announcement on the 25 May 2018, in accordance with the requirements of the General Data Protection Regulation (GDPR), we seek to preserve your data. 

The following summary highlights how GDPR is being implemented by Apana Business Psychology Ltd, a company which provides psychological services and individuals will be asked to provide personal and sensitive information 

Introduction 

This privacy policy (“Policy”) sets out how Apana Business Psychology Ltd, registered in England and Wales, No. 07591226, use and protects any information that you provide when using our website or engaging with our services. Apana Business Psychology Ltd (“Apana Business Psychology Ltd”, “Apana”, “we”, “our” or “us”) are committed to protecting your privacy and we comply with the Data Protection laws applicable to the UK. 

Apana Business Psychology Ltd is registered with the Information Commissioner’s Office (ICO) with Linda Doe as a data controller. 

Your Privacy 

Apana Business Psychology Ltd places a high priority on safeguarding confidential information and processing personal data in an ethical manner, and we take our responsibility for the security of customer and employee data very seriously.  

Apana is registered with the Information Commissioners Office (ICO). This register is an online public register of Data Controllers and visible for anyone to check. 

Apana consultants are bound additionally by ethical and confidentiality and data care policies of professional bodies such as the BPS (British Psychological Society) and the HCPC (Health and Care Professions Council). 

We will not share your data with third parties for marketing purposes, and will only do so when necessary to provide a business service you have requested, or if legally obligated to do so. 

In order to carry out other business functions and to deliver our services, we rely on the following lawful conditions for processing personal data: 

Consent – the individual has given their Consent to the processing of their Personal Data. 

Contractual – processing of Personal Data is necessary for the performance of a contract to which the individual is a party or for Career Synergy to take pre-contractual steps at the request of the individual. 

Legal Obligation – processing of Personal Data is necessary for compliance with a legal obligation to which Career Synergy is subject. 

Legitimate Interests – processing is necessary under the Legitimate Interests of the Career Synergy or an associated third party, unless these interests are overridden by the individual’s interests or fundamental rights. 

We will be clear and transparent with you about which lawful basis is used when processing your personal data. 

Collecting Personal Data 

In order to deliver our services and to carry out necessary business functions, we may collect certain personal data from you in a variety of ways, such as, through our website, via email, an online portal, or verbally. These details may include (where applicable), names, contact information and basic employment details. Depending on the service we are delivering to you or your company, we may also ask for more detailed information about your employment such as the department or team you work in, your length of employment, career and professional performance goals. When receiving coaching from Apana, information considered sensitive may emerge during the course of discussions with your Apana coach. These relationships are bound by strict confidence, and any notes collated by your Apana coach are treated accordingly. 

Personal data we obtain is collected in a few key ways: 

Data disclosed by the individual 

Data disclosed by an authorised third party (i.e., employer) on the individual’s behalf 

Data obtained from linked system or database, such as LinkedIn 

Data generated through user interaction with systems/services 

Where your data is provided to us by an authorised third party such as your employer (i.e., in the form of course delegate lists), it is the third party’s responsibility to ensure they have the correct lawful basis in place to share this data with Apana. 

The Purposes of Processing Personal Data 

Your data may be used for a number of purposes including, but not limited to: to provide all the elements of the consulting & development services we have been contracted to provide by yourself or your employer’s contacting you in the event of a workshop time change or cancellation, to assess the quality of our services, administrative activities, crime prevention/detection (i.e. fraud), legal obligations of the business, statistical and marketing analysis, customer surveys, customer relations communications and offering you services and products we believe may interest you. 

You will always be told what we intend to do with any personal data we collect from you, however the principal reason is to support the delivery of our contracted services and products. 

When taking part in a service (e.g., diagnostic, survey, workshop) as part of a programme we are contracted to deliver, the information you provide will only be used for the stated purposes and/or those you consented to.  

We may need to provide your personal data to an Apana Coaching Faculty or Consultancy practitioner (an associate or independent practitioner authorised to deliver Apana solutions), or a Client Practitioner (a colleague in your organisation authorised to deliver Apana solutions) if you are enrolled on a programme delivered by either party for learning & development.  

We may collect information to better understand how visitors use our website and interact with our marketing content so we can offer timely and relevant information. When using our website to register for a webinar, or download a resource, your data may be used for the following: 

For our own internal records. 

To improve the products and services we provide. 

To contact you in response to a specific enquiry. 

To customise our website for user needs and preferences. 

To send you promotional emails about products, services, offers and other things we think might be relevant to you. 

To send you promotional mailings or to call you about products, services, offers and other things we think might be relevant to you. 

To contact you via email, telephone or mail for market research reasons. 

In this scenario, we would be relying on legitimate interests and where required, consent, as the primary legal bases for processing personal data. Apana will only keep data for as long as is necessary to meet these purposes. We will never share, sell, or rent individual personal information to an external party, unless ordered by a court of law.  

The personal data you provide to us is only available to relevant employees and contracted service providers. If required by law, Apana may disclose data to government and/or enforcement agencies. 

If we intend to use your data for a new purpose outside of those detailed in this Policy, this policy will be updated to keep you informed of the same; should consent be required from affected individuals, then it will be sought. Apana will never supply your data to third parties for marketing purposes. 

Keeping Personal Data Secure 

Any information you provide us with when using our services is stored centrally on secure cloud-based systems. Direct access to these databases is restricted to authorised personnel and their appointed agents only. We have taken every reasonable step to ensure that your personal data is held securely. 

Please be aware however, that no internet or email transmission is ever fully secure or error free. You should take special care in deciding what personal data you send to us via email and keep this in mind when disclosing any personal data to us via the internet. 

Personal information is also stored on an office computer. These are password protected. Malware and antivirus protection is installed on all computing devices. Confidential digital information may also be stored in a secure cloud service. 

Controlling Your Personal Data 

Any personal data we collect from you or we generate as a result of your interaction with our systems and services belongs to you. Under the data protection laws in the UK, you have the right to know if your data is being processed, why and for how long. This will include details of what categories of data we process (e.g., storing your name and contact details in a CRM system), whether your data has been disclosed to third parties and their identities, and how to raise a complaint with the Information Commissioner’s Office (ICO). 

In addition to your right of access to data we process, Apana will uphold other rights afforded to you under the applicable data protection laws in the UK, namely: 

the right to request that errors in your personal data processed by (or on behalf of) Apana is amended or corrected; 

the right to erasure of your personal data if those data are no longer needed for their original purpose, or where the processing is based on consent and you withdraw that consent (and no other lawful basis for the processing exists); 

the right to restrict processing where the relevant personal data either cannot be deleted (e.g., because the data are required for the purposes of exercising or defending legal claims) or where you do not wish to have the data deleted; 

the right to object to processing carried out for the purposes of direct marketing, where processing is likely to cause or is causing damage or distress, or where you may be evaluated or subject to decisions on the basis of automated processing; 

the right to request a copy of the personal data you have provided to us for yourself, or for it to be transferred to another organisation, if the processing was based on consent, the provision of business services under a contract, or processing carried out by automated means. 

If you believe that any information we are holding about you is incorrect or incomplete or wish to exercise any of your rights in relation to your personal data, please email lindadoe@apana.co.uk. However, please note that depending on the complexity and scope of your request, it may take up to 30 days for us to provide you with an adequate response. 

You can also contact lindadoe@apana.co.uk to query any aspect of our data processing activities if you have completed (or are about to complete) a diagnostic or psychometric survey with us. 

Who Has Access to Your Personal Data? 

The data we collect about you is generally accessed only by authorised Apana employees for legitimate business purposes and providing services as part of a contract. However, if we work with partners or contractors, they may have limited access to your personal data but only so much to do their job. 

If for example, a delegate has completed a personality diagnostic, the profile produced from this data will only be provided to the delegate and will not be shared with anyone else without their prior consent. If the delegate attends an Apana workshop, we would not share his or her profile with a group of their peers unless this has been specifically agreed by all parties concerned. During a workshop, an individual may be invited by the Apana accredited facilitator leading the session to share some information from their profile with the group, however this is their personal choice and done at their own discretion. 

The following outlines who has access to your personal data, and under what circumstances: 

Apana consultants who are involved in arranging and delivering the services you request  

An Associate/Approved Practitioner who is contracted by Apana to provide services to you on our behalf, and therefore bound under terms within their contract relating to confidentiality and privacy that is to the same standard and level as Apana employees; or 

A Client Practitioner. That is a person who is employed by the client company and authorised to deliver Apana solutions. Apana provides clear guidance on privacy requirements that is to the same standard expected of Apana consultants in their management of personal data. That employee will also have a contract of employment that will address handling confidential information. Should the Client Practitioner allow any other member of staff employed by the customer to handle any personally identifiable information (e.g., a member of administration staff is allowed to access the Apana software and our online systems in order to produce the profiles) then again, that employee is bound by their normal terms of confidentiality in their contract of employment.  

How Long We Hold Data 

It is Apana’s practice that personal data is retained only for the appropriate period of time – neither too long nor too short. We will need to keep certain information about consultants, clients, suppliers and other individuals or organisations we interact with over the course of business to carry out certain business functions for up to 6 years to monitor and improve the quality of our service, for our records and to meet certain legal and compliance requirements. 

In summary, client personal data will be held for as long as the individual or their employer is in receipt of services from Apana, plus up to a maximum of 6 years. Where a client makes a specific request for their data to be deleted sooner and it does not conflict with any legal or compliance requirement to hold data for longer, we will honour the request.  

While this section of the Privacy Policy summarises and clarifies parts of our Data Retention Policy, it does not supersede it. The time limits for certain items subject to legislation specified in detail in the Data Retention Policy remain in force. 

Cookies 

Cookies are used to identify you when you visit a particular site, analyse web traffic, and can help us facilitate a more personal web experience. Apana may use cookies to identify the pages that are being used and help us tailor our website to our customer’s needs, thus allowing our website to respond to you as an individual. 

Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us. Cookies can also be controlled by the functions within your browser, so do consider changing as you see fit. 

Links From Our Website 

Our website may contain links to other websites. However, once you have used these links to leave our site, you should note that we do not have any control over the other websites and are not responsible for the privacy practices of such other websites. 

If you submit personal data and other information to a website to which we link, we are not responsible for its protection and privacy. Always exercise caution when submitting data to websites. Read the site’s data protection and privacy policies fully. 

Changes To the Privacy Policy 

We reserve the right to amend or modify this Policy from time to time. Such modification shall be effective immediately upon posting of the modified Policy on this website. Please ensure you regularly review the information posted on our website to obtain timely notice of such changes. 

Your continued use and access of Apana services, including our website, will constitute your acceptance of any changes or revisions to this Privacy Policy. 

Contacting Us 

Apana has a designated Data Protection Officer with data protection responsibilities in all service areas. 

If you have any questions regarding this Policy, or wish to contact our Data Protection Officer, please get in touch by using the details below. 

The Data Protection Officer – Linda Doe 

Apana Business Psychology Ltd 

Company Address: 39 Church St, Deeping St James, PE6 8HF