We are committed to ensuring that your privacy is protected and we strictly adhere to the provisions of all relevant Data Protection Legislation including the EU General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003. In order for Miss Macaroon to provide our products and services we need to process a certain amount of data, some of which is personally identifiable. All personal data is handled in line with the principles outlined in the GDPR that state personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to the data subject
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Accurate and, where necessary, kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Trainees and prospective trainees
- Trainee referrers and prospective trainee referrers
- Customers and prospective customers
- Website visitors and online customers
- Newsletter/ marketing subscribers
- Suppliers, sub-contractors and freelancers
- Staff (and 3rd party personal data they provide)
- Prospective staff (job applicants)
- Trainees and prospective trainees
In order to access Miss Macaroon’s Macaroons that Make A Difference online courses, complete training and other associated activities, users require an account. Having an account means Miss Macaroon is storing the personal data you provide, and we further process this to determine training outcomes and retain certification records as well as analyse content and system usage, improve our products and services and respond to support queries and evaluation comments. Where a learner has accessed or is allocated a Miss Macaroon course, directly from Miss Macaroon, Miss Macaroon is the data controller. If your login details or training has been provided by a 3rd party (e.g. your employer, another training organisation or a Miss Macaroon reseller) then they will be joint data controller, along with Miss Macaroon where applicable, and also have access to and will be processing your personal data. Should you require any further information you should contact them directly. If you are unsure who to contact Miss Macaroon may be able to assist, please email firstname.lastname@example.org. Where a 3rd party has provided system access, and no Miss Macaroon content is allocated to the user, then Miss Macaroon is a data processer, and the relevant 3rd party sole data controller.
Miss Macaroon retains learning records on an ongoing basis, under its commitment to lifelong learning, to enable us to provide factual information on what a learner has studied and achieved, i.e. name, courses studies, CPD gained, test results etc. This is in line with JISC best practice and Guidance on Managing Student Records. Where learners complete one of our externally accredited courses, personal data is shared with the external accrediter to enable them to issue their certification. In addition to a learner record within Miss Macaroon’s data is also stored within our Learner System and shared with the Education & Skills Funding Agency. Its is a requirement of the ESF programme that all documents necessary to verify co-financed provision (including those with learner data) are retained until at least December 2030.
Trainees referrers and prospective trainee referrers
When you refer a trainee to us on our website, by phone or in person, we will ask you to provide certain personal information, for example:
- your name
- your email address
- your job role
- your telephone number
- your organisation
Please note that we require this information to be able to process your trainee request and inform you of future courses and work opportunities. In order to refer your clients on to Miss Macaroon’s Macaroons that Make A Difference training courses, we will collect and store data on referral organisations and individuals within those organisations. Miss Macaroon stores the personal data you provide and we will use this data to contact you about our courses, improve our products and services and respond to support queries. Miss Macaroon is the data controller. Miss Macaroon retains referral organisation records on an ongoing basis, to enable us to provide factual information on what support a trainee has received.
Customers & prospective customers (purchasing via our sales team)
Miss Macaroon use Google apps and Xero to manage our business development and account management activity. All customers and prospective customers have a record with our CRM database. Along with details about the organisation and products purchased, we also store contact information for those people we know at the organisation. For customers we process this data in order for us to meet our contractual obligations, for prospective customers our condition for processing is legitimate interest. Online payments where required are processed using Stripe.
Website visitors & online customers
When you place an order with us on our website, we will ask you to provide certain personal information, for example:
- your name
- your email address
- your delivery address
- your billing address
Please note that we require this information to be able to process your order and fulfil our contractual obligations (our condition for processing under GDPR). Our third party payment provider (Stripe) may require additional personal information in order to process such payment. Your personal information will then be used by us to provide you with the services you ordered and to communicate with you regarding the provision of those services. We also monitor website usage and provide statistics to third parties for the purposes of improving and developing our website and the services we provide via our website. Please note that any such statistics and/or information provided to third parties will be made on a confidential basis and will not include information that can be used to identify any individual.
We will hold your data for up to 24 months in case of any food safety issues or in the event of a product recall.
Newsletter/ marketing subscribers
When you fill out a webform to sign up to a newsletter, download a resource, such as a an infographic, or enquire about a product, we may ask you to provide certain personal information, including your:
- Email Address
- Job title & the organisation you work for
- Telephone number
By completing the form and ticking the relevant boxes you are providing your consent for Miss Macaroon to process your personal data, and this is the legal basis we are relying on to do so. We will use the information that you give us to send you relevant emails containing Miss Macaroon news & marketing communications. Your information will be stored by a third party data processor; AutoPilot, whose servers are located in the US. In addition, if you have enquired about a product or service we will use the information you have given to update our customer relationship management system so one of our consultants or advisors can contact you. This information will also be stored by another third party data processor, Google. Some automation and profiling may be used to send emails or a series emails based on your indicated preferences and your interactions with the emails we send to you. For example if you have enquired about a particular product we may send you a series of emails outlining features or benefits of that particular product. You can withdraw your consent and unsubscribe at any time by clicking the link at the bottom our email communications or by emailing this address. If you continue to interact with our emails or website, we will retain your data indefinitely so we can continue to send you emails. We will not sell or rent your information to third parties.
How do we safeguard your personal data?
Protecting your security and privacy is extremely important to us and we make every effort to secure your information and maintain your confidentiality in accordance with all relevant Data Protection regulations including the EU General Data Protection Regulation (GDPR). Our systems are protected by various levels of security technology, which are designed to protect your information from any unauthorised or unlawful access, processing, accidental loss, destruction and damage. Please note that we may need to disclose your personal information where we: are under a legal duty to comply with any legal obligation or in order to enforce or apply our terms and conditions; or need to disclose it to protect our rights, property or safety of our customers or others, including the exchange of information with other companies, organisations and/or governmental bodies for the purposes of fraud protection and credit risk reduction.
The GDPR provides the following rights for individuals: The right to be informed The right of access The right to rectification The right to erasure The right to restrict processing The right to data portability The right to object Rights in relation to automated decision making and profiling For further information on these rights you can contact the ICO via one of the options on their website https://ico.org.uk/global/contact-us/ If any of the information you provide to us changes, please let us know as soon as possible so that we can make the necessary changes to the information we hold for you on our database(s) so that your records are accurate and up to date. If you wish to makes changes to, or see the information we hold on you, you can make a subject access request by emailing us on admin @ missmacaroon.co.uk. and we will respond to your request within 1 month of the date we receive it.