Privacy Policy

Privacy Policy

NRS Training Services is committed to protecting your privacy and ensuring that any information that we collect about you is never misused.

This policy explains what information we collect, how and why we use it, how we keep it safe, and what your rights are.

By using our websites, services and products, you will be asked to agree to the way we collect and use your personal information according to the terms of this privacy policy at the point at which you book or use our services.

  • About us and this policy
  • How we collect and use your information
  • Your rights
  • Our products and services

About us and this policy

Who we are

We are NRS Training Services Ltd, a limited company registered in Scotland (SC585551)

If you have any comments or concerns about an aspect of this policy or any privacy or data protection issue, please email our Privacy Team at info@nrstrainingservices.com or write to:

NRS Training Services Ltd
Drumbreck Farm
Eastfield Road
Caldercruix
ML6 7RP

Our Principles

These 8 principles summarise our commitment to protecting your privacy:

  • We only collect and use the personal information we need to provide or improve our products and services
  • You can check whatever information we hold about you
  • We will keep your personal information safe
  • We are fair and open about how we use your details
  • We will never sell your details or share it except in the ways mentioned in this policy or unless you ask us
  • We will let you know if there are important changes that affect your information or how we use it
  • We take responsibility for the information we hold about you
  • We only keep your information for as long as necessary.

Changes to the policy

When we review our privacy policy we will note the date it was last updated and try to let you know by email, if we have it, of any changes.

This privacy policy was last reviewed and updated in May 2018.

The Law

All policy and procedure of NRS Training Services Ltd is compliant with legislative requirements including but not limited to the General Data Protection Regulation ((EU) 2016/679) (GDPR) and all national legislation transposing the provisions of this regulation. Copies or explanations of NRS Training Services Ltd policies and procedures are available on request.

How we collect and use your information

How we collect your information

You give us information when you use our websites, products and services, including when you:

  • Submit one of our forms
  • Correspond with us by phone, email or otherwise
  • Register with us
  • Subscribe to our services and newsletters
  • Search for a course
  • Participate in our discussion boards, chat or social media
  • Enter a competition or promotion
  • Respond to a survey.

We collect information about you when you visit our websites through the use of cookies (read Cookies section below for full details).

We may also get information from other sources, including:

  • Third parties
  • Those websites and services we help to operate or contribute to
  • Closed circuit television (CCTV) (read CCTV section below for full details).
  • The information we collect from you could include your:

What we collect

  • Name, address, email and phone number
  • Date of birth
  • National Insurance number
  • Photographic ID
  • Financial and credit card information
  • Personal description
  • Photograph
  • Family status
  • Lifestyle
  • Social circumstances
  • IP address
  • Geographical location
  • Browser type
  • Device type
  • Operating system
  • Browsing data, such as access times
  • Navigation history.

We will also have additional sensitive information where medicals have been conducted, including about your:

  • Previous medical conditions
  • Employment history
  • GP details
  • Physical health
  • Mental health
  • Racial or ethnic origin
  • Religious or other beliefs

How we use your information

We use your information for many purposes, including to:

  • Carry out our functions as a training organisation
  • Administer our records and accounts
  • promote our interests
  • Manage our employees and sub-contractors
  • Provide education, training, medical and drug and alcohol testing
  • Carry out trading
  • Advertise, promote and market our services
  • Undertake research
  • Administer certification and qualifications
  • Confirm identities and prevent crime
  • Notify you about a change to our service
  • Carry out our contractual obligations
  • Provide and improve our services
  • Analyse your website behaviour
  • Improve the operation, security and presentation of our sites
  • Target our online advertising to your interests and preferences
  • Measure and understand the effectiveness of our online content and marketing
  • Enable you to participate in interactive features on our website.

How we keep it safe

We take the security of your personal information very seriously.

We use technical measures, such as encryption, and carry out regular security reviews to keep our protections up to date. We also strictly control access and ensure staff who are authorised for access are adequately trained in keeping your information safe.

Our procedures mean that we may ask you to prove your identity before we share your personal information with you.

Third-party websites you access through links on our websites will have their own privacy policies. We do not accept any responsibility or liability for them.

Sharing your information

We do not share your information with others unless you have consented, or it is necessary to do so because:

  • The law requires us to
  • Of administrative or operational needs
  • It is part of our terms of use of a certain service.

When we do have to share information, it is likely to be with:

  • Our service providers or agents
  • Your employer or prospective employers
  • Users of our card schemes and training registers
  • Funding bodies
  • Law enforcement agencies.

Data Transfer outside of the European Economic Area

Sometimes we may transfer your details to third parties outside of the European Economic Area (EEA). If of this happens we will make sure the transfer and storage your information still complies with UK or EEA laws and this privacy policy.

Cookies

When you visit NRS websites we place cookies on your device.

Cookies are small text files that help our websites to work and us to understand what information is most useful to our users. They also speed things when you come back to a site. We do not use them to identify you personally.

You can delete cookies stored on your device at any time.

What we collect

Cookies allow us to gather information about your visits to our site, including your:

  • IP address
  • Geographical location
  • Browser type
  • Device type
  • Operating system
  • Browsing data, such as access times
  • Navigation history
  • Preferences

Phone

Phone calls we make or receive for quality assurance or training purposes. We let you know if we are recording.

What we do

We identify recorded calls using the originating telephone number and the time and date.

A recorded call may contain your personal information relating to the products and services we offer.

We use a ‘pause and resume’ function so we don’t record any part of your call that involves payment details, or other security methods to make sure that your information is secure.

We may ask you for some personal information over the phone to confirm your identity, depending on the nature of your enquiry to prevent fraud and protect your data.

Who has access to your information

We keep your recorded calls securely, and only specific NRS staff are authorised to review them.

We contract a company to maintain call recording and a ‘pause and resume’ function. The company is authorised to access recorded calls only for fault diagnosis, testing and administration purposes.

How long we keep it

We delete recorded calls after 24 months unless they are part of an active investigation.

Email, Chat and Social Media 

There are many ways you may communicate with us online, including by:

  • Chat and instant messaging (such as Skype for Business)
  • Email
  • Social media (such as Facebook or Twitter)
  • Video conferencing
  • File sharing platforms (such as OneDrive and SharePoint)

What we do

When you use email, chat, social media and other online platforms, it is likely you know what information you are sharing with us.

How we use and process your information, who accesses it, and how long we keep it, depends on the context in which we collected it, but follows the terms of our privacy policy and UK law.

The information is normally handled by our authorised staff, but if we intend to share it with third parties, we will make every effort to let you know.

CCTV

Images from closed-circuit television (CCTV) of a recognisable person are treated as personal data in data protection law.

How we use CCTV

We use CCTV to:

  • Maintain the safety and security of our property, premises, and people
  • Prevent and investigate crime
  • Monitor staff
  • To assist disciplinary procedures in cases of serious misconduct.

Who has access to your information

Our CCTV system is operated from a self-contained security control room, access to which is strictly limited to the security supervisor, contract security staff, NRS Estates and Facilities Manager, NRS Estates Contract Compliance Officer, and NRS Receptionist.

Where necessary we may share CCTV image information with:

  • The person in the image
  • Employees and agents
  • Services providers
  • Police forces
  • Security organisations
  • Individuals making an enquiry.

How long we keep it

Unless we need them for an active investigation, we keep recorded images for 30 days. After that, the images are automatically overwritten by the recording equipment.

We destroy recordings that are part of an active investigation as soon as they are no longer needed.

Your rights

You can ask for a copy of your information recorded by CCTV, except in certain circumstances described by applicable legislation. You do not have the right to instant access.

Your payment details

We use your payment details to process orders and collect payments

How we use your information

We do not use your information for any purpose you have not authorised, or disclose it to third parties without your permission. We process credit and debit card transactions following the Payment Card Industry Data Security Standard (PCI DSS).

Who has access to your information

NRS staff and contracted data processors have access to your payment details to carry out your transaction.

What we do

For bank and building society account transactions, we may make a record of your:

  • Name
  • Branch address
  • Sort code
  • Account number
  • Signature

Where possible, we only store the verification code of card transactions and other data needed to process the payment once the transaction is complete. Where this is not feasible, we use other security methods to keep your data secure. We may process data such as the:

  • Cardholder’s name
  • Card number
  • Card security code (CSC)
  • Validity and expiry dates
  • Issue number

How long we keep it

We keep your bank or building society details for as long as you authorise and delete them when they are no longer needed. We do not keep payment card information.

Your rights

Summary of your rights

You have the right to:

  • Ask for a copy of any information we hold about you
  • Withdraw any consents you have given
  • Lodge a complaint with us or the Information Commissioner’s Office or with any other relevant supervisory authority about how we handle your personal data
  • Ask us to correct any inaccurate or incomplete information we have about you
  • Ask us to delete your information from our records
  • Ask us to send a copy of your information to a third party in a data portable format.

Changing your preferences

You can change your contact preferences or withdraw your consents at any time by writing to us at info@nrstrainingservices.com or:

Privacy Team
NRS Training Services Ltd
Drumbreck Farm
Eastfield Road
Caldercruix
ML6 7RP

Making a subject access request

To see the information we hold about you, you should make a Subject Access Request in writing, including your:

  • Full name, including previous or other names, if appropriate
  • Address
  • Telephone
  • Date of birth

and send it to:

Privacy Team
NRS Training Services Ltd
Drumbreck Farm
Eastfield Road
Caldercruix
ML6 7RP

Our products and services

Booking courses

We manage a booking system for construction training courses.

How we use your information 

We use your information to find you the right course, venue and, if appropriate, accommodation, to deliver the course, and to process your booking.

Who has access to your information

Employees who operate the course booking system or deliver training have access.

What we do

We use your:

  • Contact details to administer the course
  • Identification information to prevent fraud
  • Profile data so we know your contact preferences and so on.

How long we keep it

We keep your profile information for no more than 6 years from the date you made your last booking, and we delete information about the courses you attended after 6 years.

We delete accommodation booking information 12 months after your departure date. Medical records will be held by the organisation for a period of not less than 10 years. Any records of ‘Positive’ screening results will be held by the company indefinitely.