Your data is safe with PassPACES

We use your personal data to help us provide a great experience for you. We respect your privacy and work hard to meet strict regulatory requirements.

We never sell your personal data to third parties.

We’ll always protect your personal data and, as part of this, we regularly review our privacy notice so that you can see how we use your data and what your options are. If there are any changes to the General Data Protection Regulation (or GDPR) or related laws, we may need to amend this statement in the future.

This privacy policy applies to you if:

  • Use any of our services
  • Visit our website
  • Email, call or write to us.

Our ICO registration number is Z2598768.

If you have any questions relating to this privacy policy or how we use your personal data, please email them to External link opens in new tab or or call +447971971000.

What personal data do we collect

We will collect and use your personal data (this means any information which identifies you, or which can be identified as relating to you personally, such as your name, address, phone number and email address). We’ll only collect the personal data we need and we’ll make it clear at the point of collection why we are collecting it.

This personal data you give us may include your name, address, date of birth, email address, telephone numbers and payment card details

We sometimes have to collect extra information including ‘sensitive personal data’ on our employees and volunteers (such as references, criminal records checks, details of emergency contacts or medical conditions). We will keep this information for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim), and for safeguarding purposes.

How we use your personal data

We’ll only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation and Privacy of Electronic Communication Regulation.

We will use your personal data for the purpose or purposes outlined at the time you gave it to us to provide the services you expect from us.

We may need to provide your personal data if we’re asked by the police, or any other regulatory or government authority investigating suspected illegal activities. 

We process customer data in order to fulfil course bookings. Your data will be used to communicate with you throughout the process, including confirming we’ve received your booking and payment, to clarify where we might need more detail to fulfil a booking, or to resolve issues that might arise with your order or booking.

Links to other websites

Our website may, from time to time, contain links to other websites. If you follow a link to any of these websites, they will have their own privacy policies for which we do not accept any responsibility or liability.

How we secure your data

We want to keep our customers, volunteers and employees safe, so the security of your data and of our information systems is incredibly important to us.

External threats to our data security are changing all the time, so we have a robust process for assessing, managing and protecting all of systems to ensure they are up to date and secure.

Our staff complete mandatory information security and data protection training when they start with us, to reinforce their responsibilities and requirements.

When you trust us with your data we will keep your information secure to maintain your confidentiality.

We are based in the UK and we store all of your data in the UK. We do not transfer any data to third parties outside the EU.

Payment card security

PassPACES has an active PCI-DSS (Payment Card Industry Data Security Standard) compliance programme. This is the stringent international standard for safe card payment processes. As part of our compliance, we ensure that our IT systems do not collect or store your payment card information, such as the full 16-digit number on the front of the card or the security code on the back.

Our payment solutions are carried out using a ‘payment gateway’ (such as Worldpay and Tyl) which are payment services provided by a bank. This means that your payment card information is handled by the bank.

Disclosing and sharing information

We do not sell or share your personal information for other organisations to use.

We may disclose your personal information to third parties in order to comply with a legal obligation, or to enforce other agreement. It may also be used to protect the rights, property or safety of PassPACES, our staff and our volunteers. This includes exchanging information with other companies and organisations to protect against fraud.

Sharing employee personal data

In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier.

To meet an employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.

In order to fulfil our statutory responsibilities, we’re required to provide certain aspects of an employee’s personal data to government departments or agencies; for example, to provide salary and tax data to HM Revenue & Customs.

Keeping your information

We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.

Access to personal data

You have a right of access to personal data held by us as a data controller. This right may be exercised by contacting us by email External link opens in new tab or or calling +447971971000.

We will need you to confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (30 days). This timeframe may be extended by up to two months if your request is particularly complex.

You have the right to contact the Information Commissioner's Office (“ICO”) (the UK data protection regulator).  For further information on your rights and how to complain to the ICO, please refer to External link opens in new tab or windowthe ICO website.