MSCM Training Ltd ("we", "us" or "our" or “Middlesex School of Complementary Medicine” or "MSCM") is committed to protecting and respecting your privacy and using any information you provide to us responsibly. We will deal with your personal data in compliance with the current UK data protection legislation. The data controller is MSCM Training Ltd.

When you supply any personal information to MSCM Training we have legal obligations towards you in the way we handle that data. We have to collect the information fairly, and to let you know how we will use it, how we protect it and whether we will pass the information on to anyone else. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

This Privacy Policy applies to MSCM Training Ltd and www.mscmtrainging.co.uk. Please read the following carefully to understand how we use your personal information. If you have any questions about our Privacy Policy or the use of your information please contact us at
Email: [email protected]
Telephone: 0208-429-2895
Post: The Data Protection Officer, MSCM Training Ltd, PO Box 639, Harrow, HA5 9JD

This privacy policy sets out how MSCM Training Ltd uses and protects any information that you provide.

MSCM Training Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

Details of the MSCM Notification to the Information Commissioner, setting out brief details of how we use your data, can be found by visiting ico.org.uk and searching MSCM Training Ltd.

This policy is effective from 25th May 2018. It may change from time to time by updating this page, and you can check our website for the latest version or ask for a copy of the policy at any time by emailing [email protected] to ensure that you are happy with any changes. If we change our Privacy Policy we will post the changes on this page and may place notices on other pages of the website, so that you may be aware of the information we collect and how we use it. Continued use of the site will signify that you agree to any such changes.

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).

GDPR is bringing in new legal protection for personal information from 25th May 2018. This tells you what personal information we hold and why, and what your rights are.

Company Name/Identity: MSCM Training Ltd
Telephone: 0208-429-2895
Email address: [email protected]

Data Controller Name: MSCM Training Ltd
Role of Data Controller: To decide how your personal data is processed and for what purposes.

The purpose of this processing is to understand your needs and provide you with a better service, to provide you with the best possible learning experience, support and advice.

The lawful basis under which we hold and use your information is “our legitimate interests” i.e. our requirement to retain the information you provide to us in order to provide you with the best possible training related support and related services support and to enable us process data in order to fulfil a contract.

More specifically:

1. Contacting you about news, events, activities and services

The lawful basis under which we hold and use for information from 25^th May 2018 is your explicit consent of the data subject so that we can keep you informed about news, events, activities and services.  Our legitimate interests i.e. our requirement to retain the information in order to provide you with details of future training you may be interested in.

2. Other legal reason to hold your personal information:

• for the administration of the Site;
• to ensure that content from our Site is presented in the most effective manner for you and for your computer;

• to administer school records
• to manage our students, employees and volunteers
• to maintain our own accounts and records

• for processing and delivering your course bookings and responding to any queries or requests for information from you
• to enable us to invoice you and receive payment
• to allow you to participate in interactive features of our service, when you choose to do so;
• to give search engines access to publicly available information in your profile if your settings allow;
• to notify you about changes to our service;
• to carry out any obligations or provide you with any other services, functionality or content which you specifically agree to on the Site.

• For Internal record keeping.
• To improve our services.

• to provide you with information or services that you expressly request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
• To send you information about courses, workshops and other similar events which we think you may be interested in via www.createsend.com – see their Privacy Policy https://help.createsend.com/how-we-keep-your-data-private-and-secure#gdpr
• Send you details of any fundraising or other campaigns which we may run.
• Send you promotional information about third parties we think you may find interesting.

3. Lawful Basis for holding and using case study Information 

The lawful basis under which information is held is legitimate interest in order to provide you with the most appropriate training, follow up support, and advice. If you submit case studies as part of your training course, these will include health related information and in this instance our requirement is to hold this information until we cease to offer training courses or the information is no longer needed for reference. All case study documents will be anonymised. Students are required to get signed privacy statements from any person they keep records on, including case studies. This is for their records only.

Information will not be shared other than with:

• An internal verifier
• An external verifier
• The Awarding body

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

Students of the School may receive information from relating to their courses and courses which may be of some interest to them. In all other cases we will never use your information to send you marketing materials unless you have asked us to send these to you or consented to us sending these to you.

Where we collect information from you we will identify why we have collected the information and what we will use it for and ask you whether you are happy for us to contact you with regard to similar products and services or unrelated products and services.

We will not, without your permission or unless indicated in this Privacy and Cookies Policy or agreed to by you on a form on the Site, transfer any of your information to any third parties unless we are required by law to do so.
Except for the mailing list activities which we run on some parts of our Site, where you explicitly consent to receive materials from us, we will not use your personal information collected from our site to carry out unsolicited marketing activities. You may change your choice at any time by clicking the "unsubscribe" link at the bottom of the promotional email, by phoning us on 0208-429-2895 or by emailing us at [email protected].

When you submit personal data to us, you understand and agree that this data will be supplied to MSCM Training Ltd who will take appropriate steps to ensure that personal data is protected from unauthorised use and kept in a secure manner either electronically or on manual records. You have no legal requirement to share information with me, but if you do not I will not be able to offer you a place on a course. You can withdraw your permission for me to use your information at any time, although it would mean leaving the course if you are still a student.

The types of information which we may collect and process about you are:

• Your name and contact information including postal address, email address and any phone number which you provide.
• Your learning and payment preferences
• Information about yourself provided by you to us for specific purposes.
  • Information which you provide when you complete an application for entry into a course of study at MSCM.
  • Information you provide for examination registration – this is forwarded by an on-line booking system to ITEC – the examination board
  • Information which you provide when you complete an application for entry into the therapist directory, including name, town, email, phone number, photo and description
  • Information which you provide when you complete an application for entry into the case study volunteer list including name, town, email and phone
  • Information that you provide by filling in forms on our Site. This includes information provided at the time of registering to use our Site (where applicable) and subscribing to our services (where applicable)
  • Information pertaining to your grades in internal and external assessments
• A record of any correspondence which you sent us via the website.
• If you contact us, we may keep a record of that correspondence.
• Details of transactions you carry out through our Site and of the fulfilment of your course bookings. However, we never store your payment details

• If we ask you to enter a username and password to access our services then, in addition to the information set out above, we may also collect information about the areas of the website or network you have visited, the pages you have looked at, and any materials you have viewed or downloaded.
• Even if we do not require you to enter a username and password in order to access our services, we will hold information about your visit to the website, including but not limited to the services and resources on the site which you have visited, pages you have visited, and information about website traffic.
• Whenever you are asked to fill in a form on the website, look for the box that you can tick to indicate that you wish to "opt in" in respect of our newsletters, special offers and updates on new courses.

We retain your data until further notice. In the event of MSCM Training Ltd ceasing trading, your data will be retained for 8 years after closure.

in line with the lawful basis listed above.

Generally, we do not seek to collect "sensitive personal information" - that is, information relating to: race or ethnic origin; political opinion; religious or other similar beliefs; trade union membership; physical or mental health; sexual orientation; criminal records. We recommend that you do not provide such information to us. If you choose to do so for any reason, this will mean that you have given (and we accept) your explicit consent for us to use that information for the reasons described in this policy, or as explained at the time you provide the information.

MSCM Training Ltd complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect from you.

We will contact you using the contact preferences you have given us.

We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy and Cookies Policy.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We take security very seriously. All staff are made aware of the security procedures they must follow when handling personal information. Data is protected from unauthorised access and we are confident no-one will be able to access your personal information unlawfully.

We also protect data being transferred. As long as your web browser supports the Secure Sockets Layer (SSL), any personal data transmitted from your browser to our web service, or from the service to your browser, will be encrypted. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our Site, any transmission is at your own risk.

Please note that email is never a 100% secure way of communicating. By using it, you agree that you will send any information by email at your own risk.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We do not sell our mailing lists and we will never pass your details on to third parties for any purpose unless you have consented to us doing so unless it is for the following reasons:

if we are under in line with the lawful basis listed above.

• a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect our rights, property, or safety of our employees, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
• To protect our property or that of our staff, students, other users of our website or services, or any other person (which may include third parties who claim that you have infringed their privacy or their intellectual property rights).
• If MSCM Training Ltd, or substantially all of its assets, were acquired, or in the unlikely event that MSCM Training Ltd goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of MSCM Training Ltd may continue to use your personal information as set forth in this policy.
• in the event that we outsource any of our business functions under which we collect or store your information (including the hosting and maintenance of our Site) in which case we will ensure that any such service provider keeps your information confidential and adheres to at least the same obligations of security with regard to your information as undertaken by us.
• Your data will not be transferred outside the EU without your consent.
• Student personal data will only be shared with other students with your explicit consent to communicate to other students and practitioners or for purposes connected with the MSCM Training Ltd.

The GDPR provides eight rights for individuals as follows:

• The right to be informed:
  To know how your information will be held and used (this notice).
  
• The right of access:
  To see your records of your personal information, so you know what is held about you and can verify it.
• The right to rectification:
  To tell us to make changes to your personal information if it is incorrect or incomplete.
• The right to erasure (also called “the right to be forgotten”):
  For you to request us to erase any information we hold about you
• The right to restrict processing of personal data:
  You have the right to request limits on how we use your personal information
• The right to data portability:
  under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
• The right to object:.
  To be able to tell us you don’t want us to use certain parts of your information, or only to use it for certain purposes.
• Rights in relation to automated decision-making and profiling.
• The right to lodge a complaint with the Information Commissioner’s Office:
  To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way that you have given permission for, or if they are being stored when they don’t have to be.

When an individual makes a request regarding any of these rights then, before any action is taken concerning the request, MSCM will check that:

• The request is reasonable.
• Their identity is confirmed.
• There is no impact on other individuals’ personal data and their rights.
• There is no legal, regulatory or contractual requirement to retain the data in its current form.

Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

If you wish to exercise any of these rights, please email [email protected]

If you are dissatisfied with the response you can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

You also have the right to:

• access details of personal information which we hold about you, free of charge
• have your personal data corrected promptly if you believe it is incomplete or incorrect.
• If you have consented to us sending you marketing information you have the right to change your mind and ask us not to send you marketing information any more. As mentioned above we will always ask you (before collecting your information) if you would like to receive information from us for such purposes.
• You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your information. Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you give consent for us to contact you again for marketing purposes.
• If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time:

To access data, correct data or remove data and your consent

• write to Data Protection Officer, MSCM Training Ltd, PO Box 639, Pinner, HA5 6JD
• email us at [email protected]
• click on the unsubscribe link included with every copy of the MSCM Newsletter or Mailing