Firebrand takes the security and protection of personal data very seriously. We are committed to providing a compliant approach to data protection. We have always had a robust data protection program in place and we have reviewed this program to ensure that it meets the requirements of the General Data Protection Regulation (GDPR) which came into force on 25th May 2018. When we process any personal data, we will do so according to the data processing principles of the GDPR.
As part of the review of our program, we have carried out the following activities to ensure our GDPR compliance on 25 May 2018:
This privacy notice tells you what to expect when Firebrand Training (Firebrand) collects personal information.
You will be asked for personal data such as your name, address and email address when you register to attend a course, make an enquiry or ask about services from us.
Where appropriate, we use your personal data:
If you leave your details or register for a course you will receive email communications alerting you to news and offers. You may choose not to receive these by requesting to unsubscribe from email communications.
Firebrand does not sell, trade or rent your personal information to others. Your details will be added to Firebrand’s database in order to process your request, and so that you can be kept up to date with relevant details of our training services.
From time to time Firebrand holds joint events with selected partners. If you book to attend one of these events your details may be made available to the event partner. You will be advised of this at the time of booking, to opt-out of receiving any communications from Firebrand and/or the event partner, please notify us.
Your personal data may be required to be passed to a third party if they need it in order to fulfil your order(s) for our services or to execute the communications we send to you. Except as set out above, we shall not disclose your personal information unless obliged to or allowed to do so by law, or where we need to in order to run our business (e.g. where other people process data for us). In such circumstances, we ask those people to give us confidentiality or non-disclosure undertakings.
Firebrand takes the security and protection of personal data very seriously. We are committed to providing a compliant approach to data protection. We have always had a robust data protection program in place which complies with existing law and abides by the data protection principles. We have reviewed this program to ensure that it meets the requirements of the EU General Data Protection Regulation (“GDPR”) which came into force on 25 May 2018.
The GDPR is retained in domestic law now the transition period has ended. The ‘UK GDPR’ sits alongside an amended version of the Data Protection Act 2018. When we process any personal data, we will do so according to the data processing principles of the GDPR defined in this legislation.
View our full GDPR and Data Protection Compliance statement to read about all of the processes, policies and procedures we have in place to comply with GDPR.
A subject access request (SAR) is a request for access to the personal information that the Company holds about you, which we are required to provide under the GDPR (unless an exemption applies). The information that we provide is covered in section GDPR Compliance of this page. You can submit your access request electronically via the address provided in the contact us section on this page. Where a request is received by electronic means, we will provide the requested information in a commonly used electronic form (unless otherwise requested by the data subject).
Subject Access Requests (SAR) are passed to the appointed person as soon as received and a record of the request is made. The person in charge will use all reasonable measures to verify the identity of the individual making the access request, especially where the request is made using online services.
We will utilise the request information to ensure that we can verify your identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to actioning any request. This is to protect your information and rights.
If you have provided enough information in your SAR to collate the personal information held about you, we will gather all documents relating to you and ensure that the information required is provided in an acceptable format. If we do not have enough information to locate your records, we may contact you for further details. This will be done as soon as possible and within the timeframes set out below.
Once we have collated all the personal information held about you, we will send this to you in writing (or in a commonly used electronic form if requested). The information will be in a concise, transparent, intelligible and easily accessible format, using clear and plain language.
We aim to complete all access requests within 30-days and provide the information free of charge. Where the request is made by electronic means, we provide the information in a commonly used electronic format, unless an alternative format is requested.
Whilst we provide the information requested without a fee, further copies requested by the individual may incur a charge to cover our administrative costs. The Company always aim to provide the requested information at the earliest convenience, but at a maximum, 30 days from the date the request is received. However, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months. If this is the case, we will write to you within 30 days and keep you informed of the delay and provide the reasons.
The GDPR contains certain exemptions from the provision of personal information. If one or more of these exemptions applies to your subject access request or where the Company does not act upon the request, we shall inform you at the earliest convenience, or at the latest, within one month of receipt of the request..
Where possible, we will provide you with the reasons for not acting and any possibility of lodging a complaint with the Supervisory Authority and your right to seek a judicial remedy. Details of how to contact the Supervisory Authority are laid out in the Supervisory Authority section of this page.
When someone visits Firebrand Training websites we use third party services, e.g. Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site, who they were referred to the website by, geographically where they are based and, if provided, the company registered to the IP address the visitor browsed the site from.
In order to provide you with the best, tailored experience our site will need to place small text files, or 'cookies', on your computer.
Most cookies that we use are 'session' cookies and only exist for the time that you are using our site. They perform functional tasks – such as remembering that you are logged in as you move from page to page or to pre-load your personal details into forms to save you time.
We also track cookies anonymously to fuel our site analytics and learn how to improve your experience and hone the relevance of our products and services.
You can set your browser to reject all cookies. Please note that if you do this then certain areas of this website will not be able to function for you. Choose a browser setting that rejects third-party cookies but allows the benign, functional ones that make the good stuff work. We've worked hard to make our website intuitive to your needs – why would you want to miss out?!
We also use technology that uses Internet Protocol (IP) information exchanges during the course of normal web activity combined with data-enhancement technology to get detailed analytics information. This doesn't allow us to spy on you – it just allows us to see how well our site is working.
We use third party providers to deliver our emails. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our emails.
Firebrand uses third-party services to help maintain the security and performance of the Firebrand website. To deliver this service it processes the IP addresses of visitors to the Firebrand website, blocking potentially harmful traffic.
We use third-party services, e.g. Blogger or Wordpress, to publish blogs. These sites are hosted by the provider. We use standard services provided by these platforms to collect anonymous information about users' activity on the site, for example, the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. Blogs require visitors that want to post a comment to enter a name and email address. For more information about how they process data, please see their privacy notices.
We use third party providers to manage our social media interactions.
If you send us a private or direct message via social media the message will be stored by these platforms. It will not be shared with any other organisations.
When you call Firebrand we collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness.
We use Transport Layer Security (TLS) to encrypt and protect email traffic in transit to us. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected all the way to us.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
We use third-party providers to supply and support our chat service, which we use to handle customer enquiries in real time.
If you use the chat service we will collect your name, email address (optional) and the contents of your chat session. This information will be retained and will not be shared with any other organisations.
You can request a transcript of your chat session if you provide your email address at the start of your session or when prompted at the end.
You can opt out of any marketing messages we send you at any time using the unsubscribe link in our emails.
We use services such as Google AdWords Remarketing to advertise Firebrand across the Internet. Remarketing will display relevant ads tailored to you based on what parts of the Firebrand website you have viewed by placing a cookie on your internet browser. Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.
How to Opt Out of Remarketing and Advertising - If you do not wish to participate in Remarketing, you can opt out by visiting the remarketing services preferences manager which is normally presented as a link on the advert.
To offer (ISC)2 exams we must comply with Pearson VUE Select Status requirements which include, where permitted by law, the use of biometric palm recognition. This is used to authenticate all delegates taking (ISC)2 exams. Neither Firebrand Training Ltd nor (ISC)2 collect or retain the raw biometric data. However, for a period of five years following the person's last contact with (ISC)2, data based upon an algorithm of the palm scan received when accessing an examination site is stored. This assists (ISC)2 in assuring the identity of those taking its exams but cannot be used to identify delegates outside of the (ISC)2 database. This data is destroyed after the five-year period and is used for no other purpose.
For more information on (ISC)2 and Firebrand Training's use of palm vein pattern recognition please see our blog post.
Unfortunately, no data transmission over the Internet is guaranteed 100% secure, but we do take appropriate steps to protect the security of your personal data, before it arrives, and certainly once we have it.
We endeavour to keep your personal data accurate and up to date. If you become aware of errors or inaccuracies, please email email@example.com
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
Firebrand tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Firebrand’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If you want to make a complaint about the way we have processed your personal information, you can contact us via firstname.lastname@example.org. Alternatively you can contact the Information Commissioner - the statutory body which oversees data protection law – at www.ico.org.uk/concerns.
Firebrand tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the GDPR Act 2018. If we do hold information about you we will:
To make a request to the Firebrand for any personal information we may hold you need to put the request in writing addressing it to email@example.com.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting us in writing at firstname.lastname@example.org.
In many circumstances we will not disclose personal data without consent. However when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies.
You can also get further information on:
By the nature of the Internet, the personal data you supply through this website may be sent electronically to servers anywhere in the world. It may be used, stored and processed anywhere in the world, including countries outside the European Economic Area. If Firebrand transfers the data outside the EEA it will ensure that all reasonable security measures are taken and that any third party processors will be required to process the data in accordance with Firebrand’s instructions.
This privacy notice does not cover the links within this site to other websites or the services they provide. We encourage you to read the privacy statements on the other websites you visit.
If you remain dissatisfied with our actions, you have the right to lodge a complaint with the Supervisory Authority. The Information Commissioner’s Office (ICO) can be contacted at: - Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate) Fax: 01625 524 510 Email: email@example.com
We keep our privacy notice under regular review. This privacy notice was last updated on 11 July 2019.