COSAC Privacy Notice
This policy applies to all COSAC customers, suppliers and business contacts.
In its everyday business operations, COSAC makes use of a variety of data about identifiable individuals, including data about:
- Current, past and prospective employees
- Guests and customers
- Users of its websites
- Other stakeholders
In collecting and using this data, COSAC is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
The purpose of this policy is to set out the relevant legislation and to describe the steps COSAC is taking to ensure that it complies with it.
This control applies to all systems, people and processes that constitute the organisation’s information systems, including directors, employees, suppliers and other third parties who have access to COSAC systems.
COSAC is strongly committed to protecting your personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals or by others. We may use personal data provided to us for any of the purposes listed in this privacy statement.
Under the EU General Data Protection Regulation (GDPR) and UK Data Protection Laws personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Who We Are
COSAC is an innovative, work-focused training academy in Cheshire. Not only do we have a state of the art Smart Meter Training facility and we are delivering our best in class Smart Meter Installation programmes. We are the first company to develop an online course approved by CSCS as an alternative course for the Green Labourer Card – Safe2Site. We also offer a variety of compliance training, we are a centre for CITB Site Safety Plus, offering both SSSTSand SMSTS courses as well a range of online courses.
COSAC is a trade name of The Compliance & Skills Academy Ltd Company Registration 07140001
How we use your data
COSAC processes personal data for a number of different reasons, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ. The retention periods for your data can be viewed upon request and found in our Data Management and Retention policy.
In order for us to provide you with our services we need to collect personal data for the purpose of correspondence, delivery of the services and billing. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose. The lawful basis for processing this data is for the purposes of a contract.
We may also use your data for marketing purposes to keep you up to date with activities that may be of interest to you, we may also send newsletters and magazines.
We will not market to you without consent if that is the lawful basis we process the data under. You can withdraw consent at any time. To withdraw consent, you can send an email to firstname.lastname@example.org or click the unsubscribe link at the bottom of any email you receive, and you will be immediately removed from any future emails.
COSAC may also process some data in the legitimate interest of the business, this information has been through a legitimate interest balancing test to ensure the data is not a risk ‘to the rights and freedoms’ of you as the data subject.
When collecting and using personal data, our policy is to be transparent about why and how we process it. The types of personal data we process are shown below:
- Employee information;
- Recruitment Applicants;
- Supplier Contacts;
- Business Contacts;
- Visitors to our website;
- Visitors to our offices;
- Visitors to us at trade shows and events;
- Individuals whose personal data we obtain whilst providing services to our customers;
- Others who contact us.
The security of this data is taken very seriously, our information security management system is independently certified as complying with the requirements of ISO/IEC 27001: 2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the controls we have in place to ensure the data we hold is secure.
We will only share personal data with others when we are legally permitted to do so. When sharing data, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
The data subject also has rights under the GDPR. These consist of:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Each of these rights are supported by appropriate procedures within COSAC that allow the required action to be taken within the timescales stated in the GDPR.
These timescales are shown in Table 1.
|Data Subject Request||Timescale|
|The right to be informed||When data is collected (if supplied by data subject) or within one month (if not supplied by data subject)|
|The right of access||Within one month|
|The right to rectification||Within one month|
|The right to erasure||Within one month|
|The right to restrict processing||Without undue delay|
|The right to data portability||Within one month|
|The right to object||On receipt of objection|
|Rights in relation to automated decision making and profiling.||Not specified|
You are entitled to implement any of your rights above by writing to the Data Privacy Officer at Data Privacy Officer, COSAC, Stuart Road, Manor Park, Runcorn, Cheshire, WA7 1TS, or emailing email@example.com. Under GDPR guidelines COSAC are not required to have a Data Protection Officer however we have appointed a person to deal with any requests to enact individual rights. Michele Walker is the named COSAC point of contact.
There are some cases in which a data subject would not be lawfully within their rights to enact some of the individual rights. An example of this would be an employee requesting to ‘be forgotten’. In this case the employee data is required to be processed for the employee to have a contract of employment and receive their salary. The legal basis for this processing is contractual and therefore an employee cannot make a request for erasure of their information.
We require proof of your identity before we can disclose personal data. A scan / copy of your passport, driving licence or a recent utility bill with your name and address on it will be accepted as proof.
If you would like further information on the information within this privacy notice please contact Michele Walker on firstname.lastname@example.org or you can call her on +44 (0) 1928 597777.
Alternatively if you would like to contact the supervisory authority for the UK they can be found at:
Switchboard: 01625 545 700
Data Protection Help Line: 01625 545 745
Notification Line: 01625 545 740
COSAC is registered with the Information Commissioners Office under THE COMPLIANCE & SKILLS ACADEMY LTD Registration Number: ZA194271