Terms and Conditions.
Public Course Booking T&Cs
1. TRANSFERS AND CANCELLATION OF TRAINING COURSES
Delegates may transfer their registration for one course to another course up to 14 days prior to the original course date. Once a delegate has transferred no refunds can be made for the cancellation of either course. One transfer per delegate is permitted. Any subsequent transfers will be permitted or denied at the sole discretion of SQMC.
If you cancel a Training Course: - You may cancel a place/places on our training courses at zero charge within 7 days of your initial booking. Thereafter, cancellations made up to 30 days before the start of the relevant Training Course are subject to an administration fee of GBP 30.00 + vat. Cancellations made up to 14 days before the training dates will be subject to a cancellation fee of 95.00 GBP + vat. Full training fees apply for cancellations made 13 days or less before the course begins. At the sole discretion of SQMC management, we may waive part of or all of the training fees if we manage to re-sell your place/places on the same course. We only accept cancellations made in writing (email, fax or letter). If a delegate fails to attend a Training Course, full payment will be required - unless alternative arrangements have been agreed with SQMC.
If we cancel a Training Course, or change course content: - we reserve the right to cancel a Training Course at any time, without incurring any additional liability to the Licensor or any delegate. In such circumstances, we will offer the choice of alternative dates, or a full refund.
2. TERMS OF PAYMENT
Payment may be made by cheque or Bank Transfer (BACS). Credit card facilities may be made available upon request.
Invoices payment terms are 28 days from date of invoice and full payment must be received before the start of the training course - whichever is sooner - unless prior arrangements have been agreed with SQMC.
3. EVENTS OUTSIDE OUR CONTROL
We will not be liable or responsible for any failure to perform, or delay in performance of, any of our obligations that is caused by events outside our reasonable control (Force Majeure Event).
A Force Majeure Event includes any act, event, non-happening, omission or accident beyond our reasonable control.
Our performance is deemed to be suspended for the period that the Force Majeure Event continues, and we will have an extension of time for performance for the duration of that period. We will use our reasonable endeavours to bring the Force Majeure Event to a close or to find a solution by which our obligations may be performed despite the Force Majeure Event.
4. DISTANCE SELLING REGULATIONS
The provisions of Regulation 13(1) of The Consumer Protection (Distance Selling) Regulations 2000 (“the Regulations”) shall apply where the purchase to which these Conditions apply is made by a Buyer who is a consumer (being someone purchasing Publications outside the course of a business) who will therefore not be able to cancel this Contract under Regulation 10 of the Regulations once the Buyer has with the consent of the Seller commenced performing the Contract by starting to download a Publication.
5. SATISFACTION GUARANTEE
SQMC's Satisfaction Guarantee applies to all public courses presented by SQMC within the United Kingdom. It does not apply to private or in-house courses (however our Customer Care policy dictates that we shall always seek to provide a satisfactory solution to any client in the unlikely event that they are not fully satisfied with their private or in-house SQMC training course). Full training fees will be refunded upon written request, minus the Day Delegate venue charges. The written request must be made within 7 days of attending the training course, and SQMC are at liberty to retain any certificate of attendance or successful completion. If appropriate, free attendance on an alternative course may be offered to the delegate; and the delegate will have sole discretion whether to accept the free training, or claim the refund of training costs.
6. OUR RIGHT TO VARY THESE TERMS AND CONDITIONS
SQMC retain the right to revise and amend these terms and conditions from time to time.
Data Protection (GDPR) Policy
1.0 INTRODUCTION AND PURPOSE
SQMC believe it is of the utmost importance that information we may store or use in order to deliver our various functions is done so in compliance with legal requirements.
A number of key pieces of legislation and guidance inform the development of our policy and associated procedures, they include:
o Data Protection Act 1998
o The General Data Protection Regulation (GDPR)
o Data Sharing Code of Practise (ICO Guidance)
SQMC is committed to the lawful and correct treatment of personal, sensitive, and commercially sensitive information. This is important to successful working and to maintaining the confidence of those with whom we deal.
We need to collect and use certain types of information about the people (called data subjects in GDPR) who come into contact with us in order to carry out our work. A data subject is the individual whose personal information is being held or processed by us. These individuals include, but are not limited to, people we make contact with, work with, such as our customers, suppliers, employees and associates.
This personal information must be collected and dealt with appropriately, whether on paper, a computer or recorded on other materials. There must be safeguards in place to ensure compliance with the Act.
To ensure this compliance, SQMC must ensure it has at least one legitimate reason for processing (collecting, storing, using, managing or disclosing) personal data. In some instances, the consent of the individual may not be necessary.
Compliance with the Act is a legal requirement and any breach of this will be considered serious and may result in penalties.
1.1 Definitions of terms used in GDPR and interpreted in this policy are:
Data controller – the person who decides what personal information SQMC will hold and how it will be held or used.
Data Processer - is a person who deals with personal data as instructed by a controller for specific purposes.
Data subject – the individual whose personal information is being held or processed by SQMC.
Personal data/information – data/information relating to a living person (e.g. name and address)
Personal data includes but is not limited to: -
o email address;
o medical information;
o photos and audio-visual formats;
o financial transactions;
o posts on social networking sites;
o MAC/IP addresses;
o mobile phones IMEI (International Mobile Equipment Identity);
o location data;
o user login credentials;
o browsing histories; and more.
This may require consent from the individual if there is not a lawful basis to share the data.
• The individual will be made aware in most circumstances how and with whom their information will be shared through the use of clear, fair processing notices located on the website, on application forms and on other relevant documentation. There are circumstances where the law allows SQMC to disclose information without the individual’s consent. These are:
I. Carrying out a legal duty or as authorised by the Secretary of State
II. Processing vital interests of an individual or other person
III. The individual has already made the information public
IV. Conducting any legal proceedings, obtaining legal advice or defending any legal rights
V. Monitoring for equal opportunities purposes (however always anonymised)
VI. Providing a confidential service where the individual’s consent cannot be obtained or where it is reasonable to proceed without consent e.g. where we would wish to avoid forcing stressed or all individuals to provide consent signatures.
This policy will be reviewed and revised as and when it becomes necessary and at least every 3 years.
THE 8 PRINCIPLES OF DATA PROTECTION
1. Personal information shall be processed fairly and lawfully
2. Personal information shall be obtained for one or more of the purposes specified in the Act
3. Personal information shall be adequate, relevant and not excessive
4. Personal information shall be accurate and where necessary, kept up-to-date
5. Personal information should not be kept for longer than is necessary
6. Personal information shall be processed in accordance with the rights of the individuals under the Act
7. Personal information shall be kept secure by the Data Controller and/or Data Processor(s)
8. Personal Information shall not be transferred to a country or territory outside of the European Economic Area (unless that country or territory ensures an adequate level of protection for the rights and freedoms of individuals in relation to the processing of personal information.
APPLICATION OF CRITERIA AND CONTROLS
SQMC will ensure the appropriate actions are taken to comply with legal requirements through the application of criteria and controls. These would mean adhering to the 8 principles by:
• Observing the conditions regarding the fair collection and use of information
• Meeting legal obligations to specify the purposes for which information is used
• Collecting and processing appropriate information and only to the extent it is needed to fulfil any operational needs or to comply with any legal requirements.
• Ensuring the quality of the information used
• Ensuring that the rights of people about whom information is held can be fully exercised, including: -
o The right to be informed that processing is being undertaken
o The right of access to one’s personal information
o The right to prevent processing on certain circumstances
o The right to correct, rectify, block or erase information which is regarded as wrong information
• Taking appropriate technical and organisational security measures to safeguard personal information.
• Ensuring that personal information is not transferred abroad without suitable safeguards
• Treating people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information
• Setting out clear procedures for responding to requests for information.
SQMC will ensure that data is collected within the boundaries defined within this policy. This applies to data that is collected in person (face to face) or over the telephone, electronically or by completing a form. It applies to any location that is being used by employees and associates to deliver SQMC business.
When collecting data SQMC will ensure, wherever possible that there is a fair process in place and that the individual: -
o Clearly understands why the information is needed
o Understands what it will be used for and what the consequences are should the individual decide not to give consent to processing
o Understands who the data may be shared with and why
o Has the option to agree to sharing data
o Gives explicit written or verbal consent to collect and share sensitive data wherever possible
o Gives explicit consent to contact via email
o Is competent enough to give consent and has given so freely without any duress
The above indicates that the individual will have enough information for them to give informed consent. Any concerns regarding competence should be referred to a health care professional.
Information and records relating to individuals will be stored securely and will only be accessible to authorised employees, associates and SQMC Directors.
Information will be stored for only as long as it is needed or required by statute and will be disposed of appropriately in line with the Control and Retention of Records Procedure
It is SQMC’s responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation when passed on/sold to a third party.
DATA ACCESS AND ACCURACY
All individuals have the right to access the information that SQMC holds about them. SQMC will also take reasonable steps to ensure that this information is kept up-to-date by asking individuals if there have been any changes.
All employees have the responsibility of ensuring information stored about an individual is factual and not subjective, except where tutor discretion and judgement is required in the classroom when assessing practical involvement of students.
In addition, SQMC will ensure that: -
o It has allocated responsibility to someone to ensure compliance with GDPR.
o Everyone processing personal information understands that they are contractually responsible for following good data protection practice.
o Everyone processing personal information is appropriately trained to do so.
o Everyone processing personal information is appropriately supervised.
o Everyone processing personal information will report a suspected or actual breach of data management using the correct procedure
o Anybody wanting to make enquiries about handling personal information knows what to do.
o It deals courteously and promptly with any enquiries about handing personal information.
o It describes clearly how it handles personal information.
o It will regularly review and audit the ways it holds, manages and uses personal information.
o It regularly assesses and evaluates its methods and performance in relation to handling personal information.
o All employees, associates and Directors are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them.
This policy will be updated as necessary to reflect best practice in data management, security and control to ensure compliance with any changes in the law.
Date of policy: - May 2018
Date of review: - April 2019 (or earlier if there are changes in the law)
APPENDIX A – GAINING CONSENT
Under GDPR, a lawful basis needs to be identified before personal data can be processed. If there is no other lawful purpose identified, then consent must be sought.
To be considered a lawful basis to process data, one of the following must apply: -
¬ Processing is necessary for the performance of a contract with the individual or to take steps to enter into a contract. This could be to fulfil an employment contract or a contract to provide goods and services.
¬ Processing is necessary to comply with a legal obligation.
¬ Processing is necessary to protect the vital interests of an individual or another person.
¬ Processing is necessary to fulfil a task that is in the public interest or in the exercise of official authority vested in the Data Controller.
¬ Processing is necessary for the purpose of legitimate interests of SQMC and those legitimate interests are not outweighed by possible harm to the individuals’ rights and interests.
¬ Processing of data has the consent of the individual.
WHAT IS VALID CONSENT?
Consent must be: -
• Freely given: the individual has choice and control on how their personal data may be used.
• Specific and informed: the individual understands all the purposes for which their data may be used. If there are multiple purposes, consent must be sought for each.
• Unambiguous: the individual knows what they have consented to, and that they have given their consent.
• A deliberate action by the individual e.g. signing/verbal/electronic binary choice options.
Consent may provide a soft ‘opt-in’ for further contact. For example, details may be captured to provide a service and it would be reasonable to send details about similar services as long as there is the ability to opt-out every time there is contact. For charities, this would not be permissible for campaigning or other direct marketing activities.
OBTAINING, RECORDING AND MANAGING CONSENT
Consent must be clearly distinguishable form other matters, written in an accessible and intelligible form and in clear and plain language.
It must be clear who has consented, when the consent was given, how it was given, what was consented to (it may be appropriate to note which version of the privacy notice was in use at the time) and when the individual withdrew consent.
Consent is likely to degrade over time. If there is still interaction with the individual renewed consent will not be necessary. However, if the processing or purposes the personal data is used for changes then the original consent may not be specific enough.
Cookies, Communications and Content Policies
1. INFORMATION THAT WE COLLECT
In running and maintaining our website we may collect and process the following data about you:
* Information about your use of our site including details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data.
* Information provided voluntarily by you. For example, when you register for information or make a purchase.
* Information that you provide when you communicate with us by any means.
We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally; it is statistical data which does not identify any personal details whatsoever.
You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the “settings” section of your computer. For more information please read the advice at AboutCookies.org.
3. STORAGE AND USE OF YOUR INFORMATION
SQMC is committed to General Data Protection Regulation (GDPR).
We use the information that we collect from you to provide our services to you efficiently. In addition to this, we may use the information for one or more of the following purposes:
* To provide information to you that you have requested from us, relating to our products or services.
* To provide personally tailored information to you relating to other products or services that may be of interest to you.
* To inform you of any changes to our terms and conditions.
Information you send us via any of our website's contact forms is stored on SQMC's PCI-DSS compliant and HTTPS secured web server; and emailed to our encrypted devices for local and convenient access. We'll store it for as long as is helpful to our service provision, and you may write to SQMC to request its deletion, any time.
Occasionally we may have to forward these details to externally-located SQMC personnel, in order that they can assist you directly; and if so, we cannot guarantee the security of their IT device. However, we won't share your data with anyone outwith the SQMC organisation, except for our accreditors the CQI/IRCA, if you consent, during our CQI/IRCA Lead Auditor courses.
We will not use your data for general marketing purposes, except if you have specifically signed up for our newsletters.
Any data you provide to SQMC via other electronic means (such as email) or mechanical means (such as telephone or print) will be stored securely on fully-encrypted hard drives and servers, or in filing cabinets or similar filing solutions within our office, which is locked when unmanned, inside a secure and alarmed building.
Student certificate data is stored indefinitely. This is to enable us to verify your historical attendance/achievement on any given course, for your personal benefit (for example, to a potential employer). Only your name, course details and certificate number is stored indefinitely, whereas your other data is deleted completely after a reasonable period of time after your last communication with SQMC.
SQMC utilise third party, cloud-based applications, such as Kashflow.com for accounting; SecureTrading for credit card payment processing; Mail Chimp for our newsletters, and Microsoft OneDrive for data back up and intranet provision. All of these are secured with the HTTPS protocol.
SQMC respects your right to be forgotten, and any data we hold about you (including certificate data) can be deleted at your request (made in writing).
4. DISCLOSING YOUR INFORMATION
We reserve the right to share your information in the unlikely circumstances detailed below:
* In the event that we sell any or all of our business to the buyer.
* Where we are legally required by law to disclose your personal information.
* To further fraud protection and reduce the risk of fraud.
5. LINKS TO EXTERNAL WEBSITES
6. ACCESS TO INFORMATION
In accordance with the Data Protection Act 1998 you have the right to access any information that we hold relating to you. Please note that we reserve the right to charge a fee of £10 to cover costs incurred by us in providing you with the information.
7. CONTACTING US
Please do not hesitate to contact us regarding any matter relating to our Policies via telephone on 0333 939 0045.