Purpose

The Data Protection legislation (The General Data Protection Regulation (GDPR) and the Data Protection Act 2018) protect individuals with regard to the processing of personal data, in particular by protecting personal privacy and upholding an individual’s rights. It applies to anyone who handles or has access to people’s personal data.

This policy is intended to ensure that personal information is dealt with properly and securely and in accordance with the GDPR and the Data Protection Act 2018 (DPA 2018). It will apply to information regardless of the way it is used, recorded and stored and whether it is held in paper files or electronically.

Scope

The GDPR and DPA 2018 have a wider definition of personal data than the Data Protection Act 1998 and includes information generated from cookies and IP addresses if they can identify an individual.

‘Personal data’ is any information that relates to an identified or identifiable living individual, which means any living individual who can be identified, directly or indirectly, in particular by reference to—

a. an identifier such as a name, an identification number, location data; or

b. an online identifier; or

c. one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The DPA 2018’s wider definition of personal data is broadly defined and is not limited to confidential or sensitive data. It also includes any expression of opinion about an individual, personal data held visually in photographs or video clips (including CCTV) or sound recordings.

This GDPR Policy explains how Magic Training LTD (“Magic Training”, “we”, “us”, or “our”) collects, uses, and discloses personal data in connection with our EAL (products and services (the “Products”).

1. What data do we collect?

We collect a variety of personal data from users of our Services, categorized as follows:

2. How do we use your data?

We use your data for the following purposes:

3. Legal basis for processing your data

We process your data on the following legal bases:

4. How long do we store your data?

We will store your data for as long as it is necessary for the purposes for which it was collected, or as required by law. Here’s a general guideline:

We will implement appropriate technical and organizational measures to ensure the security of your data in accordance with GDPR best practices.

5. Your data protection rights

Under the GDPR, you have a number of rights in relation to your data, including:

Data Security

Magic Training will use proportionate physical and technical measures to secure personal data. We will store hard copy data, records, and personal information out of sight and in a locked cupboard.

Breaches of the policy will be dealt with in accordance with the centre’s disciplinary policy and could amount to gross misconduct.

Breaches

Magic Training will notify the individual and the ICO of breaches of personal or sensitive data within 72 hours of becoming aware of the breach.

Notifying the Information Commissioner

Magic Training is required to ‘notify’ the Information Commissioner of the processing of personal data. This information will be included in a public register, which is available on the Information Commissioner’s website.

Open chat
Hello 👋
How can we help?