FireQual collects personal data typically:
FireQual is constantly working on the end user experience and through cookies we can monitor user/visitor behaviour on the website. Personal/individual data is not captured, and our analytics data is treated as anonymous users.
Please note denying the use of or removing cookies may impact the FireQual website experience and some services may not work as desired.
This privacy notice does not cover the links within the FireQual site or social media channels linking to other websites or social media channels. We encourage you to read the privacy policies on the other websites or social media channels you visit.
Legal Basis for Holding Data
FireQual is required to rely on one or more lawful bases to use personal information. We consider the grounds listed below to be relevant:
GDPR requires the collection and processing of personal information to be reasonably necessary to achieve our or others’ legitimate interests, as long as the processing of the information is fair, balanced and does not unduly impact on the rights of individuals.
In broad terms, “legitimate interests” means the interests of running FireQual as a commercial entity and ensuring that appropriate levels of certified awards are granted to candidates in line with our standards and the requirements of the government authorised Regulator(s).
When FireQual processes personal information to achieve such legitimate interests, we consider and balance any potential impact on individuals, both positive and negative, and on the rights of the individual under data protection laws. We will not use personal information for activities where our interests are overridden by the impact on the individual, for example where use would be excessively intrusive unless, for instance, we are otherwise required or permitted to by law.
Information Held About an Individual or Organisation
To complete the day to day operations of FireQual, there are specific sets of data that we will collect and be required to hold:
The General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about health, ethnicity and religious beliefs.
In certain situations, FireQual may collect and/or use these special categories of data, for example, information on candidates’ medical conditions so that we can make arrangements for reasonable adjustments and/or special considerations. We will only process these special categories of data if there is a valid reason for doing so and where GDPR allows us to do so.
Uses of Data
FireQual uses data for the following reasons:
Sharing of Data
We may disclose personal information to selected third parties to achieve the purposes set out in this policy.
These parties may include (but are not limited to):
In particular, we reserve the right to disclose personal information to third parties:
FireQual uses a third-party provider, Salesforce, to record all information regarding FireQual enquiries, Centres, candidates, and all other communications that have taken place between FireQual and external organisations and individuals.
FireQual uses a third-party provider, Calibrand, to provide examinations for the achievement of FireQual qualifications where required.
Where data is shared with this provider, it will only be done so for the purpose of carrying out this function and the level of data shared will be at the minimum level required for the system to be able to process examination functions.
FireQual does not sell or share information to third parties, with the exception of as required to meet our regulatory duties, further details below.
All FireQual Centres have the right NOT to appear on the FireQual website search feature. If the Centre does not wish to appear on the search feature, please contact the FireQual office so this can be actioned.
Please note that the decision of a Centre NOT to appear on the FireQual website may impact on an individual’s ability to locate details of a location where they could undertake a FireQual qualification.
In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove personal information from our records six years after the date it was collected. However, if before that date (i) the personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) an individual validly exercises their right of erasure, we will remove it from our records at the relevant time.
If an individual requests to receive no further contact from us, we may keep some basic information on our suppression list in order to comply with the request and avoid sending you unwanted materials in the future.
We may also keep some basic information where an individual has been a party to an appeal, complaint, investigation with regards to FireQual services and products if it is felt that by keeping it will support future investigations taking place by the appropriate authorities.
Data held on FireQual systems is password protected using two-factor authentication for access with expiring passwords ensuring they are regularly update. We also adopt user access rights so that data is only accessible to those individuals that require access for their given roles and responsibilities.
Unless permission has already been sought and gained, data is only accessible to FireQual staff members and to the relevant legal and regulatory authorities who have statutory powers to have access to our data.
In the instance of a cyber data breach, FireQual has cyber insurance that provides technical support and guidance to address any potential breaches that may have occurred.
FireQual Communications (including e-newsletter)
FireQual communicates with our Centres primary contacts and/or other nominated contacts as part of its ‘provision of service’ regarding our existing services and products or those planned for the future.
We will send information to those that have provided permission for us to do so and, where an individual has previously done so but no longer wishes to receive communications, please notify us by email and we will remove the details from the mailing lists.
Please note that FireQual issues updates about our services and products by electronic means and so if a Centre does not have at least one point of contact receiving published updates, important information will be missed that could impact on the provision of services and products.
FireQual uses two third party providers, Salesforce and MailChimp, to deliver the FireQual e-newsletters. We gather statistics around email opening and clicks to help improve this service.
FireQual uses third party providers, Twitter, Facebook, LinkedIn, Google+ and Hootsuite to manage our social media interactions. If an individual sends any FireQual social media account a private or direct message, it will be stored in accordance with their retention policies. If this is not a predetermined time, this will be retained indefinitely for our records.
Accessing Personal Information
Subject Access Request
Individuals can find out if FireQual holds any personal information by making a ‘subject access request’. If FireQual does hold information about an individual we will:
Requests for any personal information we may hold need to be put in writing clearly stating it is a Subject Access Request to firstname.lastname@example.org.
If an individual agrees, we will deal with the request informally, for example by providing the specific information needed over the telephone or via email.
Fees for dealing with a subject access request
Subject access request information is provided free of charge. However, FireQual reserves the right to charge a reasonable fee when a request is manifestly unfounded or excessive, particularly if it is repetitive.
FireQual may also charge a reasonable fee to comply with requests for further copies of the same information.
If we do hold information about an individual, they can request for FireQual to correct any mistakes by contacting the FireQual office.
Please note this will only apply to personal information and not to information held with regards to the registration and/or certification of a FireQual qualification for auditory and regulatory purposes we are unable to alter this data.
Right to be Forgotten
Any personal data can be requested to be erased but, please note that we are required to keep data with regards to the registration and/or certification of a FireQual qualification for auditory and regulatory purposes.
Data Breach Notification
‘Personal data breach’ means,
‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
- EU GDPR “Definitions” Article 4, (12) ‘personal data breach’
In the case of any personal data breach that is likely to “result in a risk for the rights and freedoms of individuals” those affected will be made aware within 72 hours of FireQual first having become aware of the breach. The ICO (https://ico.org.uk) will also be notified.