1. About Us
In compliance with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) Droman Limited provides website visitors with a Data Use Notice regarding our data collection and processing policies and procedures.
This Policy applies to individuals who provide personal data and information as a result of visiting our website, registering to use our Services, and registering to attend events and join our business network. “Personal data” and “personal information”, as used herein, means data, including data about individuals in European Union Member States (“EU Persons”), that is within the scope of the EU regulation 2016/679), that is received by Droman Limited and recorded in any form.
2. Information Collected
We may collect, store and use certain personal information in line with this policy as it pertains to our legitimate business practice. We may also ask for your information when we are in correspondence or for marketing purposes. Records will be kept of any correspondence.
Droman Limited may collection information that is not personal data. This information could include the type of internet browser you use, type of computer operating system being used, and the domain name of a website from which you linked to the Droman Limited site.
We may receive information about you from third parties (clients and partners) who are legally entitled to disclose that information.
How we collect and store information depends on the website you visit, the activities in which you participate, and the Services you use. You can use some of the Services without providing any information, although several categories of information are automatically collected from you when you use the Services, as described below:
a. Information You Provide
When expressing an interest in obtaining additional information about the Services or registering to use the Services, Droman Limited requires you to provide personal data, such as name, company name, address, phone number, and email address (“Required Contact Information”). When purchasing the Services, Droman Limited may require you to provide financial qualification and billing information, such as, but not limited to, billing name and address, birth year, credit card number, and the total number of employees within the organization that will be using the Services (“Billing Information”). Droman Limited may also ask you to provide certain optional additional information, such as, but not limited to, company annual revenues, number of employees, or industry (“Optional Information”).
b. Automatically-Collected Information
Droman Limited may automatically collect certain information about the computer or devices that are used to access the Site and Services, including mobile devices, through commonly-used information-gathering tools, such as cookies.
We may also collect and analyse information such as: (i) location information (as described in the next section below), unique device identifiers and other information about your mobile phone or other mobile device(s), browser types, browser language, operating system, the state or country from which you accessed the Services; and (ii) information related to the ways in which you interact with the Services, such as referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, error logs, and other similar information. As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.
c. Location Information
We may use information about your location to customize the Services with location-based information, advertising, and features. If you access the Services through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this.
d. Information from Others
We may obtain information about you from third parties, such as marketers, partners, researchers, and others. If you access the Services through a third-party connection, you authorise Droman Limited to collect, store, and use, in accordance with this Policy, any and all information available to Droman Limited through the third-party interface. Should you choose to voluntarily disclose information through the Services, such as on message boards, third parties can view publicly and collect that information without our knowledge and such disclosure may result in unsolicited messages from other individuals or third parties.
e. Aggregate or Pseudonymised Data
We may aggregate and/or pseudonymise or redact information collected by the Services or via other means, such as corporate events, so that the information is not intended to identify you. This Policy does not restrict our use or disclosure of aggregated and/or pseudonymised information.
The Cookies are not able to read data off your hard disk or read cookie files created by other sites and they do not damage your system.
• Analytics & Research – To help us better understand how people use our Services, we work with an analytics partner, Google Analytics; to help us improve and understand how people use the Services. For example, cookies help us test different versions of our Services to see which particular features or content users prefer. We might also optimise and improve your experience using the Services by using cookies to see how you interact with the Services, such as when and how often you use them and what links you click on. To find out more about how Google uses data when you visit a website that uses Google Analytics, please visit https://www.google.com/policies/privacy/partners/
We use these technologies on the Services, including our website. We do not release the information collected to any third parties, other than to our service providers who assist us in providing the Services and only in accordance with this Policy.
4. Use of Your Information Collected
By contacting us or using our services, you agree that your personal information may be collected, stored, used and shared by us, our partners or third parties we work with, for any of the following purposes:
(a) to provide, maintain, protect and improve the quality of services we offer, including by conducting anonymised market research, and to protect us and our clients;
(b) to provide you with a personalised experience when dealing with our products;
(c) to fulfil any contractual agreements between you and us;
(d) to check financial qualifications and collect payment;
(e) to tailor our advertising and marketing strategy;
(f) to allow you to use the full range of our services available;
(g) We may send service-specific email notification, including update notifications and payment renewal warnings following the agreed period, using your email address;
(h) to comply with legal and regulatory requirements;
(i) to contact you occasionally in order to invite you to share your opinion and experience with our product;
(j) to allow partners including those who are providing accreditation for our services to conduct administration and research;
(k) in order to provide third party goods or services available through our product, including confirmation of the completion of our training products and/or award you have achieved as a result (if applicable) for accreditation or CDP purposes; and
(l) to improve our Site.
5. Storage of Information
We have appropriate physical, electronic and managerial procedures to safeguard and help prevent unauthorised access and maintain data security of, and to use correctly, the information we collect online. These safeguards vary based on the sensitivity of the information that we collect.
Although, we take appropriate measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal data that we collect will never be disclosed in a manner that is inconsistent with this Policy.
In addition, we (or third parties acting on our behalf) may also store or process information that we collect about you in countries outside the European Economic Area (EEA), which may lower the standards of data protection. We have put in place technical and organisational security measures to prevent the loss or unauthorised access of your personal information. However, whilst we have used our best efforts to ensure the security of your data, please be aware that we cannot guarantee the security of information transmitted over the Internet.
6. Legal Basis for Processing Your Information
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally only collect personal information for you only (i) where we have your consent to do so, (ii) where we need the personal information to perform a contract with you, (iii) where the processing is in our legitimate interests and not overridden by your rights. In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your information).
Similarly, if we collect and use your personal information for our legitimate business purposes (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
7. Disclosure of Your Information
We may disclose your personal information to third parties when permitted by law including:
(a) with your consent;
(b) to our suppliers in order for them to help us provide our services to you, including:
• partner organisations and subject matter experts that provide our service content;
• our customer relationship management services (which allows us, for example, to send personalised email communications to you);
• our file storage and management services if you email us directly;
• our payment service provider when you make a purchase to process your payment;
• when applicable, our customer service if you contact our support team; and
• providers of assessments, marking and awarding services when you sign-up for an assessment.
Such suppliers’ use of your personal data may be subject to their own privacy policies, which will be available either on their websites or contacting them directly, and which we suggest you familiarise yourself with in the relevant circumstances set our above.
(e) if we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our Terms and other agreements; or to protect our rights, property, or safety, our users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
8. Data Retention
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
9. Your Rights
You have the following data protection rights:
• You can edit your personal details. We will maintain a procedure in order to help you confirm that your personal information remains correct and up-to-date or choose whether or not you wish to receive materials from us or some of our partners.
• You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details below.
• If we have collected and processed your personal information on the basis of your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• If you have any privacy-related questions or unresolved problems, you may contact us using the information below.
• You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
In the UK, it is the Information Commissioner Office (ICO). The ICO Scotland contact details are:
o The Information Commissioner’s Office – Scotland, 45 Melville Street, Edinburgh, EH3 7HL
o Telephone: 0303 123 1115
o Email: Scotland@ico.org.uk
• Our products may, from time to time, contain links provided by third parties to their website or services. If you follow any links provided by third parties, please note that they will have their own privacy policies. Please check these policies before you submit any personal information.
We are completely committed to protecting the privacy of children. Accordingly, we do not knowingly collect or maintain personal information from persons under 18 years of age, and none of our services currently are directed to persons under 18 years of age. If you are under 18 years of age, then please do not use or access our services at any time or in any manner. We will take urgent and appropriate steps to delete any personal information of persons less than 18 years of age.
We have partners that provide content to our services who may carry out research in order to develop and provide or improve service content.
Any research will always be conducted in an ethical and secure manner.
Your activities in connection with the service provided will be shared with the client for academic research purposes or to provide statistics or evidence needed by public sector bodies. This may include any feedback provided by users where you may disclose personal information which will be anonymised.
This policy does not create rights enforceable by third parties.
Contacting Droman Limited
FAO: Data Protection Lead
1 Summerhall Place,
Edinburgh, EH9 1PL
©2018 Droman Limited – All Rights Reserved