ILS Privacy Policy
May 2018
Reviewed: March 2024
International Location Safety Ltd takes privacy and data protection very seriously. This privacy statement explains how ILS collects, stores and uses personal data when clients engage with our services. This policy will be kept under review and will be revised when required; notification of updates will be made on our website and all other marketing channels.
This privacy statement replaces the current Data Protection policy (August 2017) and is fully compliant with the UK General Data Protection Regulation (UK GDPR). The policy about personal data collection is written within the framework of the 6 data protection principles set out in the GDPR: 1. Lawfulness, fairness and transparency; 2. Purpose Limitation;3. Data Minimisation; 4. Accuracy; 5. Storage Limitation; 6. Integrity and confidentiality.
Definitions
When reading this statement, please note that the terms ‘ILS’, ‘We’,‘Us’ and ‘Our’ refer toInternational Location Safety Ltd. The terms ‘You’, ‘Your’, ‘Participant’, ‘Customer’ and ‘Client’ refer to anyone who pays for and engages in the use of our services.
‘Personal data’ refers to any information that directly or indirectly identifies a person (a ‘natural person’ as defined by the UK GDPR) including name, address, email, phone number, job title and employer information.
‘Special category data’ refers to the UK GDPR definition which is any information concerning race, ethnic origin, religion, politics, trade union membership, genetics, biometrics, health and sexual orientation.
The use of the term ‘Data Controller’ in this policy refers to International Location Safety. The term ‘Data Processor’ refers only to the services we use for payment processing, email campaign software, IT service providers, online survey software services and accommodation providers.
‘HEAT’ refers to our Hostile Environment Awareness Training programme, these courses have previously been referred to as 'SAFA', 'HEST' and 'SAFA Refresher'; these are a 3-day residential, 4-day Residential, and 1-day non-residential courses respectively. All of these courses involve outdoor learning, and involve some mild physical activity.
‘TSS’ refers to our Travel Safety &Security courses; this is a 1-day classroom-based or 5-day online course.
'PSAT' Refers to our Personal Safety Awareness Training; this is a 5-day online course.
'SMRT' Refers to our Security Risk Management Training; this is an 8-week online course.
'CMT' Refers to our Crisis Management Training; this is available either as an in-person or online training.
‘Risk Advisory Services’ refers to all bespoke project work, consultancy and support services to our clients; these are delivered independent of our training courses.
‘TRM’ refers to the Travel Risk Management services from our Risk Advisory Team available through the ILS website.
Your Personal Data
When engaging in any of our services you will be asked to voluntarily provide only the personal data that is necessary to ensure accurate project outputs, successful learning outcomes, and safe training experiences.
What data do we collect?
On our HEAT courses, the data collected on our booking and registration forms include name, email address, job title, employer, invoicing contact details, next of kin or emergency contact details, and medical insurance details.
For our TSS, PSAT and SRMT courses, the only personal data collected is a name, job title and employer. Participants are invited to opt-in to our email mailing list. All course feedback that we collect is anonymised after the statistics and comments have been collated.
On our CMT trainings we collect names, email addresses, phone numbers and job titles for the key participants in the training. We need these details to contact participants in order to effectively run the training which tests the readiness of clients' Crisis Management procedures. None of the data collected before the training is retained - all contact details and personal data are deleted after the training.
The personal data collected for our Risk Advisory Services include names, email addresses, telephone numbers, job titles, and invoicing contact details of the key contact people within the client’s organisation.
Risk Advisory projects may involve requests for key contact people to voluntarily provide contact details for interviewees who will be requested to provide insights into the client's security culture. These details may include name, email address, telephone number, and job title. The feedback from the interview will be anonymised and the contact details deleted after the project is complete.
TRM services require the collection of name, contact information, travel destinations and itinerary.
Special category data
The special category that we ask you to provide is within the health category and this is generally only collected for our HEAT course participants. Some examples of the information that we need are: pre-existing conditions, heart problems, mobility issues, dietary requirements, allergies, pregnancy, or any emergency medication etc. We do not collect or require any other special category data as defined by the UK GDPR.
Where Risk Advisory projects are specifically health-related (e.g. involving medical evacuation or incidents), only the medical details required to fulfil the project will be collected.
For TRM services, our Risk Advisory team invite clients to vountarily provide any special category data that they feel is relevant to inform the safety and security of the traveller to a specified location.
Why do we collect it?
Name: We collect your name for identification purposes during trainings, training certification, Risk Advisory workshops and interviews, TRM services, and for booking accommodation at our training venues.
Email address: We ask all learners and trainees for their email address in order to provide course agendas, joining instructions, follow-up information, an invitation to join the Hpass digital badge scheme, and any information about changes to course dates, venues or cancellations. Participants are invited to opt-in to our mailing list should they wish to, there is no automatic enrolment on the list. This mailing list is used for keeping clients updated with company news, details of new services, upcoming courses and special offers.
Job title and Employer: The information provided about job title and employer is used to provide our trainers with a general impression of the professional background, experience and knowledge of participants, thus being able to tailor the course and make the training relevant.
Invoicing contact details: In order to process fees for our services, we require the contact details of any person responsible for the payment of invoices on behalf of our participants. The details required are a contact name, email and billing address.
Emergency contact and medical insurance details: Due to the practical outdoor component of HEAT training, we require a next of kin contact in case of emergency as well as any medical insurance details that may be relevant. This is part of our duty of care and health & safety obligations.
Health details (Special Category Data): HEAT courses involve mild physical exertion, exposure to outdoor elements and practical exercises that may place you in mildly stressful conditions. The information provided allows ILS to account for any personal circumstances that need to be considered to ensure participants health and wellbeing.
Who do we share it with?
ILS uses a small number of carefully selected third parties to help provide our services to you. These act as ‘Data Processors’ as defined by the UK GDPR. Examples of the services we use are payment processing, email campaign software, IT service providers, online survey software services, Hpass digital badge scheme, and accommodation providers. In choosing to work with any such Data Processors, we will always ensure that the security policies and confidentiality arrangements and UK GDPR compliance of those third parties adhere to the same requirements. No ownership rights to the data will be transferred to any third party.
The data that we collect will not generally be transferred outside the European Economic Area ("EEA"). The only circumstance where this may occur is for training courses outside the EEA when we give accommodation providers your name, for booking purposes only. By submitting your data, you agree to this transfer, storing or processing. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this privacy policy.
Data Retention
ILS endeavours to minimise the retention of data as much as reasonably possible. In line with this principle the different circumstances under which we retain some personal data are as follows:
- HEAT course participants: we retain the name and employer of the graduates alongside the course date to determine who has attended our courses. HEAT certificates are valid for a period of 3 years, and we reserve the right to check the validity of our HEAT certificates. Online registration forms are only retained for this 3-year period where a serious pre-existing medical condition has been registered; this is for legal and insurance purposes. All paper feedback forms are anaonymous and are shredded after the statsictics have been collated. Email addresses are only retained where participants have explicitly opted into the mailing list on their registration form.
- TSS Course participants: we only retain the name and employer of the participant to keep a record of participation. These records are deleted after 3 years when the training certificate expires.
- Risk Advisory interviewees: personal data is deleted after survey data has been collated.
- TRM clients' personal data is deleted after the travel has been completed.
- CMT participants' contact details and personal data are immediately deleted after the trainings.
Security
All reasonable steps have been taken to ensure the security of personal data through the minimisation of collection, IT security measures, and best practice in handling data, both digitally and on paper. Our IT system meets UK GDPR requirements, including Hard drive encryption, remote wipe functions and the most up to date security software delivered by our IT support company who are Microsoft 365 partners. We are certified by the UK government-backed Cyber Essentials scheme.
Access
If you would like to get in touch with us regarding any of your personal data access rights, please email us: [email protected].
Or alternatively, use the address and phone number provided below:
FAO: Data Protection Enquiries
International Location Safety
Unit 7/8 Commercial House
52 Perrymount Road
Haywards Heath
West Sussex
RH16 3DT
Office Telephone: +44(0) 1273 833070
Office hours: 9am-5pm, Monday-Friday