the governance forum Ltd is known as the ‘Controller’ of the personal data you provide to us. Stewardship of your personal data is important to us and a responsibility that we take very seriously. Data is processed in accordance with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) governed by the Information Commissioners Office updated in May 2018.
To enable us to provide you with the service you have contracted us to provide, we collect basic personal data about you. We collect and associate with your account information like your name, email address, phone number, payment info, physical address and account activity.
We may need to collect additional data however we will seek your consent to collect this data only for the purpose of which it is intended. Here we describe how we collect, use and handle your information when you use our services, websites and software.
We need to collect your basic personal data for the administration of the services you have requested. This may also include the data pertaining to other employees and officers of your organisation who may be involved in the process of the work we have been contracted to deliver. We will not collect any personal data from you that we do not need.
What data do we collect
Name and address of your organisation
Names and emails of key contact personnel
Contact details such as your address and postcode and telephone numbers
Data we collect in the process of our scope of work with you
Records of your contact and communications with us
All the personal data we process is processed by our staff in the UK and we have a data protection officer who oversees the management of such data, however for the purposes of IT hosting and maintenance this information may be located on servers both inside and outside the European Union. No Third parties have access to your personal data without our express permission, your consent, and the law allows them to do so.
We have a Data Protection process in place to oversee the effective and secure processing of your personal data. More information on this framework can be found in our data protection/GDPR policy.
We’ll retain information for as long as we need it to provide you with the Service/s you contracted us to provide. We often need to retain information to comply with our legal obligations, resolve disputes, or enforce our agreements. We have provided below an indication of our file retention times.
TGF Clients – Client records and files which include contact details, copies of reports and working papers are kept for a period of XX years on our servers. Soft copies are scanned and are shredded onsite. Where a client file remains inactive for 24 months it is archived. Files which remain inactive for a further 12 months following archiving are deleted from our servers however contact names and emails may be retained on our database to remind you of when reassessments become due. If you have provided us with permission to send the governors blogs to you this will be retained indefinitely. Subscribers have the ability to self unsubscribe at anytime.
EBM Delegates – EBM delegate records and files which include contact details, copies of assessments/assignments, delegate monitoring, certificates and results of exams or outcomes are kept on our servers indefinitely. Due to the accreditation of our programmes, delegate files are retained for audit purposes and to comply with the accrediting authority. Due to the nature of our educational programmes, follow up is a key benefit afforded to delegates therefore to ensure we keep delegates up to date we retain contact details to enable us to keep in contact and to provide governance and CPD updates and non executive director opportunities. You do have the right to request we erase your details from any of these updates and you have the ability to self unsubscribe from governor updates at anytime.
We are required under UK tax law to keep financial data for a minimum of 6 years after which time it will be destroyed. This may include (name, address, contact details of organisations that we have invoiced). Information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information.
General Enquiries – Where an organisation makes an enquiry for services and we provide a written proposal which does not result in a terms of reference, this proposal will remain on file for a period of 12 months at which time the file will be deleted from our system.
We may share information as discussed below, but we will never sell it to advertisers or other third parties.
TGF uses certain trusted third parties (for example, providers of customer support and IT services) to help us provide, improve, protect, and promote our services. These third parties will access your information only to perform tasks on our behalf in compliance with this Privacy Policy, and we’ll remain responsible for their handling of your information and data as per our instructions.
We will also provide third parties access to your information for the provision of our cloud service CG First ™. Their use of your information will be governed by their privacy policies and terms.
We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with UK law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of our clients; or (d) protect TGF’s property rights.
We may occasionally advise you of services which are relevant to your organisation based on our understanding of your needs.
Email Marketing – We will ask you for your permission to contact you by email and you can opt out of this at anytime.
Telephone Marketing – We may call you from time to time to advise you of services which are relevant to your organisation based on our understanding of your needs.
Postal Marketing – We do not market by post in line with our environmental policy.
Subject Access Request
You have the right to see the information we have on our files which relate to you personally, this is called a subject access request (SAR).
Notice of Correction
If at any point you believe the information we process on you is incorrect you can request to see this information and have it corrected, this is called a notice of correction (NOC).
The Right To Erasure
If at any point you decide you no longer want your details retained by us you may have the right to request your details to be deleted (certain data may be exempt from this). This is called notice of erasure (NOE).
If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated by emailing admin@thegoverananceforum.com for the attention of the data protection officer.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office https://ico.org.uk/
We may revise this Privacy Policy from time to time, and will post the most current version on our website or is available upon request.