Privacy Notice

Definitions

Data Controller means the organisation which determines the purpose and
manner in which personal data is processed.

Data Processor means any organisation which processes personal data on
behalf of a Data Controller.

EEA means the “European Economic Area” which is the countries of
the Economic Union (EU) plus a few other countries which make up the European
single-market.

GDPR means the “General Data Protection Regulation” which comes
into effect on 25 May 2018.

How we use your information

This privacy notice tells you what to expect when Onefile Ltd (“Onefile”) collects
personal information from individuals and how we use or process it. It applies to the following
instances where we collect about information about individuals who are:

Exclusions

This privacy notice excludes instances where you are using the service that is known as the
OneFile “Eportfolio”. In this scenario you may be studying with, learning with, or
employed by a third-party (e.g. college, employer, training provider) who will have a
commercial licensing agreement with Onefile Ltd. In this scenario, the third party will be the
Data Controller and we will be the Data Processor. We will be
processing your information on behalf of the third-party and under their written instructions. If you
would like to know how your personal information is being processed in these circumstances then
please contact the third-party directly instead.

Third Parties

Onefile may use third-parties to store and process some of the information we collect about
you. You can learn about when we use these third-parties when you read the rest of the notice,
but for ease of reference the most important are listed here.

  • Salesforce.com

    We use this third-party to store information about our customers and our prospective
    customers.

    You can view Salesforce’s privacy
    notice here

  • Hubspot

    We use this third-party to track information about our website visitors. Hubspot data is stored
    in the USA under the US Privacy Shield self certification scheme which is an approved scheme
    under GDPR regulations.

    You can view Hubspot’s privacy notice
    here

  • Eventbrite

    We use this third-party to allow our website users to book onto online webinars. Eventbrite
    data is stored in the EEA but it can be stored in the USA too. If it is transferred to the USA
    then Eventbrite will take the required legal steps to ensure appropriate safeguards are in
    place.


    You can view Eventbrite’s privacy notice here

Visiting our websites

Onefile operates from a number of different websites that are connected together using
hyperlinks. The websites we operate from are:

  • www.onefile.co.uk
  • learning.onefile.co.uk
  • support.onefile.co.uk
  • www.eventbrite.co.uk

Depending on which website you are visiting and what you are doing during your visit, there
will be differences in the way in which we process your personal information. You can check
which website you are on by looking inside the address bar which is usually at the top of your
internet browser software.

When someone visits www.onefile.co.uk we used two third-party services, Google Analytics and
Hubspot, to collect and analyse standard internet log information (including your IP address)
of the web pages that people visit. We do this to find out the number of visitors and the
number of times each page has been accessed. Other than your IP address, this information is
processed anonymously.

Whilst viewing pages, there are other activities that you may optionally engage with and the
way in which we use your details is described below:

Downloading documents

There are some hyperlinks on our websites that will take visitors to another website we
manage at learning.onefile.co.uk. Typically, you will be taken here if you are trying to
download a document that we make available — such as a downloadable PDF version of a web
page.

In consideration of you downloading such a document, you will be asked to provide your
personal details (which you will supply in the form of name, email, job title, company name and
phone number) for the purposes of us tracking which pages you have visited and us being able to
contact you, at our own discretion. This information is sent to Hubspot.

We also use automatic processing to determine whether we think you may be a prospective
customer and if this is positive then your details will be automatically sent to another
website we manage that is hosted by a third-party called salesforce.com. Your details are then
also emailed to our sales team.

The basis for us collecting and storing this information is so we can create a more
personalised sales experience for you.

Cookies will be used to remember what details you have provided and may re-appear as and
when required on other forms.

Making an enquiry through the “Contact Us” page

You will be asked to provide your name, company name, email address, telephone number and
information about your enquiry. When you submit the form, this information, along with your IP
address is sent into Hubspot, Salesforce and emailed to our sales team.

Booking a one-to-one sales demo

You will be asked to provide your name, email, telephone and information about your enquiry.
IP is used along with form data and details are sent into Hubspot, Salesforce and emailed to
the sales team.

Booking online training

You will be redirected to a third-party website called Eventbrite. Your name and email
address are collected and stored for the purposes of registering and booking onto an online
training webinar.

Booking online presentations and other non-training webinars

The booking registrations are taken on a third-party website called gotowebinar.com. Basic
registration details are collected. We may then copy these details into Salesforce.com and we
may contact them in the future.

Requesting standards

When requesting standards from us, you will be asked to visit our web page at https://www.onefile.co.uk/standards
and from there you will open up an online form to complete your request. Part of this request
will involve you including your name and contact details. We need this information to be able to
contact you with any issues or updates with your request. The information you provide will be
stored in our own UK-based, backoffice system and will not be shared with anyone else, only the staff
responsible for fulfilling your request.

Requesting help or advice using our services

Please see the section “Requiring technical support or advice
using our services

Subscribing to newsletter

Your email address will be stored as a cookie on your browser and will be used to
automatically populate other forms that appear on our website.

Your email address, along with your web page viewing history, will also be collected and
stored in a third-party website called Hubspot. Automatic processing on your website viewing
history will determine whether we think you are a prospective customer and if we think you are,
then your email address will be sent to Salesforce.com and we may contact you.

Signing-up to use our “Keychain” or “CPD”
services

Individuals who use our online services can optionally create a Keychain account which
is a type of password manager that lets you consolidate all of your logins from our other services and access them
from a single point. Individuals who have created a Keychain account may also optionally created a free CPD account
which lets them store records of their continuous professional development.

Please note that when you do this, Onefile will become a Data Controller of the information you provide into these services.
This will not replace or affect the agreements you may have with other third-parties who have given you
access to the accounts which you are attaching to your Keychain.

In order to register for a Keychain account you will need to provide your name and email address. Also, unless you
are signing in with Facebook or Microsoft, you will need to provide a password which we will store on our
system in a scrambled state.

Individuals who use our CPD service must first create a Keychain account, then the CPD account will be accessible using
the Keychain. In CPD you will provide details of any information that relates to your continuous professional development such
as courses attended, courses planned, learning objectives and learning outcomes, etc. In consideration for us providing you
with this service, you will give us permission for us to read which learning objectives you have created so that we may place adverts that we think are relevant to you
on the pages that you are viewing.

The information you provide for Keychain and CPD is hosted in the United Kingdom and it will not be shared with anyone else.

Requiring technical support or advice using our services

If you request help or support from us directly by email or telephone, we will collect your name
and contact details, the organisation (e.g. college, training provider, employer, etc.) you are
using the service with, your role within that organisation (e.g. manager, tutor,
learner, etc.). The details we collect will be logged in our helpdesk software which is hosted and managed
by us.

We do from time to time, compile reports on technical support enquiries but we do not include your personal
details in any of these.

Making a complaint

When we receive a complaint from a person we make up a file containing the details of the
complaint. This normally contains the identity of the complainant and any other individuals
involved in the complaint.

We will only use the personal information we collect to process the complaint and to check
on the level of service we provide. We do compile and publish statistics showing information
like the number of complaints we receive, but not in a form which identifies anyone.

We usually have to disclose the complainant’s identity to whoever the complaint is
about. This is inevitable where, for example, the accuracy of a person’s record is in
dispute. If a complainant doesn’t want information identifying him or her to be disclosed,
we will try to respect that. However, it may not be possible to handle a complaint on an
anonymous basis.

We will keep personal information contained in complaint files in line with our retention
policy. This means that information relating to a complaint will be retained for two years from
closure. It will be retained in a secure environment and access to it will be restricted
according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to
us to deal with the enquiry and any subsequent issues and to check on the level of service we
provide.

Your rights

Under the Data Protection Act 1998, you have rights as an individual which you can exercise
in relation to the information we hold about you. You can read more about these rights here:
https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

From the 25 May 2018, the General Data Protection Regulations will be enforced and you can read
more about your individual rights here:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
.

Complaints or queries

Onefile aims to meet the highest standards when processing personal information. For this
reason, we take any complaints we receive about this very seriously. We encourage people to
bring it to our attention if they think that our collection or use of information is unfair,
misleading or inappropriate. We would also welcome any suggestions for improving our
procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide
exhaustive detail of all aspects of Onefile’s collection and use of personal information.
However, we are happy to provide any additional information or explanation needed. Any requests
for this should be sent to the address below.

Access to personal information

Onefile aims to be as open as it can be in terms of giving people access to their personal
information. Individuals can find out if we hold any personal information by making a
‘subject access request’ under the Data Protection Act 1998 and GDPR. If we do hold
information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

To make a request to Onefile for any personal information we may hold you need to put the
request in writing to the address provided at the bottom of this page – see “How to contact us“.

Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We
encourage you to read the privacy statements on the other websites you visit.

Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 16
April 2018.

How to contact us

If you want to request information about our privacy notice you can email us at [email protected] or write to:

Data Protection Officer
Onefile Ltd
6th Floor Arndale House
Arndale Centre
Manchester
M4 3AQ