GDPR Statement and Privacy Notice
Any organisation which collects, stores or processes Personal or Sensitive Data relating to any UK or EU data subject must comply with the Data Protection Act 2018, the UK General Data Protection Regulation, where applicable, the EU General Data Protection Regulation and the Privacy Electronic Communications Regulation 2003 (‘PECR’).
We are Achology and Achology Transactions Ltd, operating as a group of companies. You will know us by our trading name, Achology.
Achology works to protect the privacy of its community members, event attendees, suppliers, employees and any other data subject whose personal data we process.
We aim to ensure the proper use of personal data and disclosure of any such information, in addition to fostering a culture which values the privacy of individuals and the need to protect their data. Where you provide personal data when completing a survey, this is generally restricted to your contact details only.
Sometimes this can involve information being transferred outside your country of residence, and where this is the case, we ensure that the appropriate safeguards are in place.
We may record some of our events for future viewing and access. Please read our full privacy notice below for full details of our lawful basis, your own options and how we protect your data. A hard copy of this notice is also available on request.
Full Privacy Notice
The Academy of Modern Applied Psychology Ltd and Achology Transactions Ltd operate as a group of companies under the trading name, Achology. We take your data privacy seriously. We collect and process your personal data when we deliver our courses, certifications, communications and manage our forums. This means that we are a ‘Data Controller’.
We are responsible for and committed to protecting your privacy and complying with the UK General Data Protection Regulations (UK GDPR), Data Protection Act 2018, and any subsequent laws or regulations applicable.
In this Privacy Notice, we want to inform you about what information we collect, how we use it and what rights individuals have in relation to the collection and processing of their personal data.
Our Contact Details:
Achology Transactions Ltd.
Office 10, Dunnock House
63 Dunnock Road
Dunfermline
KY11 8QE
Email: support@achology.com
If you have any questions in respect of this Privacy Notice or how we manage your personal data, please contact us using the contact details above.
What personal data does Achology collect and process?
We collect the following types of data:
. Images and Recordings of Events
Special Categories of Personal Data that we collect:
We do not collect, process or store Special Categories of Personal Data
How we collect your information
In most cases, we collect your data directly from you. We collect data and process it when you:
o Send us a CV
o Provide Information in relation to a contract of employment
We also receive your data indirectly from the following sources:
Please Remember: Where you provide any of this information relating to or on behalf of another individual, such as a nominated contact, you must remember to ensure that you have the consent of the individual and provide them with a copy of or access to this Privacy Notice.
We do not ask or aim to collect or store additional information other than that which is detailed above. When you modify or add additional information to your account, please remember to check your privacy settings and set them as required.
Why do we collect your information?
Where we collect and process personal data, we identify both the purpose and legal basis for doing so. There are 6 possible legal bases which are:
Consent – where we have consent from the individual to process his or her personal data for one or more specific purposes.
Contract – where the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal Obligation – The processing is necessary for compliance with a legal obligation to which we are subject.
Vital Interests – Where the processing is necessary in order to protect the vital interests of the data subject or another natural person.
Public Interest – Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Legitimate Interests – Where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Our purpose and legal basis for the information we collect and process allow us to:
Our Purpose for Processing |
Our Lawful basis |
To understand your requirements prior to entering into a contract with you to complete or attend a course or event |
The processing is necessary for the performance of an anticipated Contract |
To fulfil our contract with you and provide you with the agreed course and content therein |
The processing is necessary for the performance of our Contract with you |
To manage our business operations and comply with any internal policies and procedures |
It is in our legitimate interests to use your personal information to ensure that we continually improve and adapt our services |
To notify you about updates and changes to our service |
It is in our Legitimate Interests to use your personal information to keep you informed about any changes that may affect you |
For Email Marketing of similar events and courses to existing or previous customers |
It is in our legitimate interests to use your personal information for marketing purposes where the services being marketed are relevant to you. |
For newsletters and promotions to individuals who sign up to our mailing list |
When you agree to join our mailing list by selecting this option when visiting our website, forums or courses, we rely on your Consent. |
For electronic Marketing of services to new customers via personal business email addresses |
It is in our Legitimate Interests to use personal business email addresses for marketing purposes where we can support individual rights |
For electronic Marketing of services to new individuals |
We rely on Consent for direct marketing to previously unknown individuals, including those who sign up to receive our newsletter. |
To comply with our legal obligations, law enforcement, court and regulatory bodies requirements |
To comply with our Legal Obligations |
To identify and prevent fraud |
It is in our Legitimate Interests to act as a responsible business |
To decide whether to enter into a contract of employment or supplier services with you |
The processing is necessary when considering a Contract |
To carry out background and reference checks in relation to recruitment |
The processing is necessary when considering an Employment Contract |
To communicate with you about a potential or existing contract (for service or employment) |
The processing is necessary for the performance and compliance with any Contract of employment |
To manage payroll and employment services for existing employees |
The processing is necessary for the performance and compliance with any Contract of employment |
Where we rely on your consent, you have the right to withdraw this consent at any time by contacting us using the contact information at the beginning of this notice.
Legitimate Interests – Where personal data is processed based on our Legitimate Interests, it is to improve our service and security and prevent fraud or illegal activity in favour of the wellbeing of our customers, employees and shareholders.
Direct Marketing
We may send you details of similar services, courses or events to those you have enquired about or purchased from us previously. In addition, when you sign up to our mailing list, we will send you details of services, courses and promotions. You can opt out of receiving this information from us at any time by contacting us at the above address or clicking ‘unsubscribe’ on any messages you may receive.
We will never share or sell your information to any other party for marketing purposes.
Who do we share your information with?
From time to time we may share your personal information with the following third parties for the purposes set out above:
. Associates and Contractors who provide services for us, including marketing and business support services.
Registering with our Community or Attending online events – Information Sharing
When you register as a member of our community, your profile details are shared with other members. You can upload as little content as you wish within your profile, depending on your own privacy preferences.
We record some of our courses and events to allow us to make these accessible in the future. Where you attend any virtual event, please remember your image and name, if displayed will be visible to other attendees or those who view these sessions in the future. You also have the option to amend your settings and how your name appears should you choose to anonymise this.
Where you collect details of attendees, community members or information shared via chat functions, please remember that you are responsible for and must comply with both the GDPR and the PECR (Privacy and Electronic Communications Regulations) in relation to any processing you intend to carry out using these details including any intended marketing of your services.
Please also remember that our forums and the content or blogs you upload, including any comments, are accessible to all community members.
International data transfers
Although we don’t process your information outside of the UK, with today’s modern technology, including Cloud Storage and software, some recipients of your personal data can be located outside your country or have offices in countries where data protection laws may provide a different level of protection than the laws in your country. Where this is the case, we ensure that additional safeguards are in place, such as ensuring that those countries have a decision of adequacy or have included standard contract clauses in their terms to support the protection of your data.
Automated decision-making or Profiling
We do not process personal data for automated decision-making or profiling
How Long do we keep personal data for?
We will retain personal data in accordance with legal and regulatory requirements and for no longer than is necessary to fulfil the purposes set out in this privacy policy. We maintain and review a detailed retention policy which documents how long we will hold different types of data. The time period will depend on the purpose for which we collected the information and is never on an indefinite basis. Subsequently, we will delete your personal data in accordance with our data retention and deletion policy or take steps to properly render the data anonymous unless we are legally obliged to keep your personal data longer (e.g. for tax, accounting or auditing purposes).
The following details the criteria used to establish the retention period set out within our policy:
Where it is still necessary for the provision of our Services
This includes the duration of any contract for services we have with you and for a period of 5 years after the end of any contract with a view to maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. Most of our retention periods are determined on the basis of this general rule.
Where required by Statutory, contractual or other similar obligations
Corresponding storage obligations may arise, for example, from laws or regulations. It may also be necessary to store personal data regarding pending or future legal disputes. Depending on national law, personal data contained in contracts, notifications, and business letters may be subject to statutory storage obligations. Where this is the case, we will retain the data per our obligations.
Your Rights as a Data Subject
As a data subject, you have rights in relation to your personal data. These are:
The Right to Access – You have the right to request details of personal information held or processed and to copies of this data. We do not usually charge for this service.
The Right to Rectification – You have the right to request that any information be corrected that you believe is inaccurate or to complete any information that you believe is incomplete.
The Right to Erasure – You have the right to request that we erase your personal information under certain conditions.
The Right to Restrict Processing – You have the right to request that we restrict the processing of your personal data under certain circumstances
The Right to Object to Processing – You have the right to object to our processing of your data under certain conditions.
The Right to Data Portability – You have the right to request that we transfer the data that we have collected to another organisation or directly to you, under certain conditions.
You also have the Right to Withdraw Consent where you have previously provided this at any time.
To exercise any of these rights, or if you have a complaint, please contact us using the contact details at the beginning of this notice.
You also have the right to complain to the Supervisory Authority. In the UK, where you wish to report a complaint or feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office at:
The Information Commissioner’s Office – Scotland
Queen Elizabeth House
Sibbald Walk
Edinburgh
EH8 8FT
Telephone: 0303 123 1115
Email: Scotland@ico.org.uk
Contractual Obligations and Consequences
In some circumstances, the provision of personal data is partly required by law (for example, tax regulations, employment and legal obligations) or can also result from contractual provisions. This means that it may sometimes be necessary to conclude or fulfil a contract that the personal data be provided. In those circumstances where the data is not provided or where certain rights are exercised (Erasure, Object), there is a possible consequence that the contract could not be fulfilled or concluded and may be cancelled.
Cookies & similar technologies
When you visit our websites, we use cookies and similar technologies to provide you with a better, faster and safer user experience or to show you personalised advertising. Cookies are small text files that are automatically created by your browser and stored on your device when you visit or use the Website. For full information on our use of cookies and how to manage them, please see our Cookie Policy
To learn more about how to manage your browser cookie settings in genera, please see www.allaboutcookies.org
Remember: When clicking on external links via our websites or when you find us via social media platforms, you are visiting or redirected to the domain of those websites. We have no control over the privacy settings on these websites or the cookies they set, so please bear in mind that you should set your preferences in line with their own policies and cookie controls separately.
Data security
We aim to protect your personal data through technical and organisational security measures to minimise risks associated with data loss, misuse, unauthorised access and unauthorised disclosure and alteration.
We store customer records in cloud-based services and data centres which have controlled and restricted access. We also operate internal policies and procedures detailing physical security, cloud storage security monitoring, access control and password security measures.
Changes to our Privacy Notice
All businesses change from time to time. At Achology, we keep our Privacy Notice under regular review. This Privacy Notice was last updated on 5th December 2023.