This document contains the Privacy notices for both Aviation Resourcing Services (recruitment) and Resource Training Solutions (training) divisions of Resource Group.

Privacy Notice – Aviation Resourcing Services

We understand that your privacy is important to you and, in our capacity as data controllers, we are committed to protecting and respecting it. This document sets out how we keep your personal data safe, and describes your rights, in accordance with local data protection laws adopted both in the EU as the General Data Protection Regulation (GDPR) and the UK as the UK GDPR and Data Protection Act 2018. Throughout this notice, the term GDPR is used to represent both EU and UK data protection regulations.
Resource International Group Investments AG (RIGI) is the ultimate holding company of the Resource Group of companies, operating as:
Contractair Ltd (trading as Flight Crew Services), providing clients with flight deck or cabin crew on a permanent or contract basis.
Resource Consulting Ltd, Resource Consulting AG, Resource Consulting Spain, Resource Consulting GmbH (collectively trading as Aviation Resourcing Services), which provides skilled manpower across line & base maintenance, aircraft production, interiors, maintenance & completions, and business aviation on both a temporary and permanent basis.
LRTT Ltd (trading as Resource Training Solutions), which provides regulatory approved training services and products to aviation and its allied industries, through both classroom based and online provision. This Privacy Statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read it carefully to understand our views and practices regarding your personal data and how we will treat it.
It is important to point out that we may amend this Privacy Notice from time to time. Please visit our website if you want to stay up to date as we will post any changes there.
The territorial scope of the regulation covers data subjects in both the member states the European Economic Area as well as the United Kingdom whether the controller/processor is located within this geographic scope or where member state law applies by virtue of public international law.
If you have any questions, or want more details about how we use your personal information, you can contact us at data@resourcegroup.co.uk

The Type of Data We Collect

Recruitment candidate data
To provide the best possible employment opportunities that are tailored to you, we need to process certain information about you. We only collect data that will genuinely help us to help you, such as your name, age, contact details, educational history, industry-related qualifications, employment history, right to work status, financial details (including bank account and current remuneration) and social security number. You may also voluntarily share other information with us. Where appropriate, and in accordance with local laws and requirements, we may also collect information related to your health, diversity, or details of any criminal convictions.
If you are found placements outside of your country of residence, we may also require you to provide information to allow us to process documentation on your behalf relating, for example, to national insurance and local/national tax matters. This may include photographic proof of identity (usually a scan of your passport or other formal identification documents), your marital status and local social security number.
Emergency contact details give us somebody to call on in an emergency.
To ask for a reference, we’ll obviously need the referee’s contact details (such as name, email address and telephone number).

Outsourced service data
Where we provide an outsourced solution to clients who you are working for, we are required to collect details such as your name, age, contact details, educational history, industry-related qualifications, employment history, right to work status, financial details (including Bank account details, payroll records and tax status information,
salary, annual leave and pension information, social security number, as well as disciplinary and grievance details.

RG employed contractor data
During recruitment activity we gather a range of information about you including:
• Your name, date of birth and contact details, including email address and telephone number.
• Details of your qualifications, skills, experience, and employment history.
• Scanned copy of national identity card or passport.
• Information about your current level of remuneration, including benefit entitlements.
• Whether or not the organisation needs to make reasonable adjustments during the recruitment process. information about your entitlement to work in the country where the employment is offered.
Once you are employed this information will be retained in your HR file. Additionally, we will collect personal data relating to your employment with us which may include:
• Recruitment data as detailed above.
• Payroll information including, bank account details, tax & social security records, tax processing detail, insurance & pension contribution details.
• Personnel files containing offer letter, scanned copy of passport (or other right to work document), health questionnaire, job description, background checks, references, contract of employment (and variation letters), Flexible working requests, restrictive covenants, confidentiality letters, privacy notices, data consent forms, remuneration data and next of kin.
• Performance and development, including records of training courses attended, performance reviews and annual appraisals.
• Your health records including absence records, medical reports, sickness, and injury records.
• Disciplinary and grievance records including warnings issued, investigations and grievances raised.
• Travel and expenses claims.

HR services
When we are providing HR services on behalf of a client, we may need to collect the following data:
• Your name, address and contact details, including email address and telephone number.
details of your qualifications, skills, experience, employment history and references.
• Scanned copy of national identity card or passport.
• Payroll information including, bank account details, tax & social records, tax, insurance & pension contribution details.
• Social security number, date of birth.
• Emergency contacts and next of kin.
• Performance and development, including records of training courses attended, performance reviews and annual appraisals.
• Your health records including absence records, medical reports, sickness and injury records.
• Test results and supporting documentation.
• Disciplinary and grievance records including warnings issued, investigations and grievances raised.
• Travel and expenses claims.
• Eligible documentation for restricted areas access.

Client data
We generally only need to have your contact details, or the details of individual contacts at your organisation (such as their names, telephone numbers and email addresses), to enable us to ensure that our relationship runs smoothly. If we need any additional personal data for any reason, we will let you know.

Supplier data
We will collect the details of our contacts within your organisation, such as names, telephone numbers and email addresses. We will also collect bank details so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.

Referees & emergency contact data
All we need from referees is confirmation of what you already know about the candidate or prospective member of staff, so that they can secure that job they really want. Emergency contact details give us somebody to call on in an emergency. To ask for a reference, we will obviously need the referee’s contact details (such as name, email address and telephone number). We will also need these details if our candidate or a member of our staff has put you down as their emergency contact so that we can contact you in the event of an accident or an emergency.

Website user data
When you visit our website there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date, the time, the frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via the website.

How we collect your Data

Recruitment candidate data
We collect candidates’ personal data in three primary ways:
Personal data you give to us, which may include:
• Entering your details on our website or via an application form, as part of the registration process.
• Providing us with a hard-copy CV.
• Emailing your CV to us in electronic format.
• Applying for jobs through a job aggregator, which then redirects you to our website.
Personal data we receive from other sources:
• Your referees may disclose personal information about you.
• Our clients may share personal information about you with us.
• We may obtain information about you from third party sources, such as LinkedIn and other job sites.
Personal data we collect automatically:
• When you access our website, we collect your data automatically via cookies, in line with cookie settings in your browser. (Please see the section on how we use your personal data.)
Outsourced service data
Where we act as the outsourced agency related to your employment, we collect data in the following ways:
Personal data you give to us, which may include:
• Entering your details on our website or via an application form, as part of the registration process.
• Providing us with a hard-copy CV.
• Emailing your CV to us in electronic format.
• Applying for jobs through a job aggregator, which then redirects you to our website.
Personal data we receive from other sources:
• Your referees may disclose personal information about you.
• Our clients may share personal information about you with us.
• We may obtain information about you from third party sources, such as LinkedIn and other job sites.

RG employed contractor data

We may collect this information in a variety of ways. For example, data might be provided as part of the recruitment process or as part of your induction program. We will ask you to supply copies of certain documents We may obtain data from the disbarment and barring service and references. Other information will be gathered as it is submitted by you or as determined by group policies.

HR services
We may collect this information in a variety of ways. For example, data might be provided as part of the recruitment process or as part of your induction program. We will ask you to supply copies of certain documents We may obtain data from third parties relating to criminal records and references. Other information will be gathered as it is submitted by you or as determined by employer policies.

Website users
IP addresses and cookies
We may collect information, such as through Google Analytics (http://www.google.com/analytics), about your computer, including, where available, your IP address, operating system, and browser type. This would be for system administration purposes and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
Similarly, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and to deliver a better and more personalised service. They enable us to:
estimate our audience size and usage pattern.
store information about your preferences, and so allow us to customise our website according to your individual interests.
speed up your searches.
recognise you when you return to the site.

Our website is run on WordPress which utilises cookies for two purposes:
Registered members need a cookie to be able to log in. This is strictly necessary as WordPress won’t work without it.
Visitors who leave a comment on a blog post will also have a cookie set on their computer. This is not “strictly necessary” as it is a user preference.
When you purchase via the website WooCommerce, it makes use of three cookies:
• woocommerce_cart_hash.
• woocommerce_items_in_cart
• wp_woocommerce_session_
The first two cookies contain information about the cart as a whole and helps WooCommerce know when the cart data changes. The final cookie contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our website.

How we use your personal data

General
Some personal data we collect from you is required to enable us to fulfil our contractual obligations to you or to others. Some data are required by statute or other laws. Other items may simply be needed to ensure that our relationship can run smoothly.
Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.

Recruitment candidate data
The main reason for using your personal details is to help you find employment or other work roles that might be suitable for you. The more information we have about you, your skillset, and your ambitions, the more bespoke we can make our service.
We have listed below various ways in which we may use and process your personal data (sometimes it will be to comply with local laws). Please note that this list is not exhaustive:
• Collecting your data from you and other sources, such as LinkedIn.
• Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to.
• Providing you with our recruitment services and to facilitate the recruitment process.
• Assessing data about you against vacancies which we think may be suitable.
• Sending your information to clients, in order to apply for jobs or to assess your eligibility for jobs.
• Enabling you to submit your CV, apply online for jobs or to subscribe to alerts about jobs we think may be of interest to you.
• Carrying out our obligations arising from any contracts entered into between us.
• Carrying out our obligations arising from any contracts entered into between us and third parties in relation to your recruitment.
• Facilitating our payroll and invoicing processes.
• Verifying details, you have provided, using third party resources (such as psychometric evaluations or skills tests), or to request information (such as references, qualifications and potentially any criminal convictions, to the extent that this is appropriate and in accordance with local laws).
• Complying with our legal obligations in connection with the detection of crime or the collection of taxes or duties.
• Fulfilling our obligations to engage agencies to carry out relevant national security checks when required to do so.
• Processing and responding to individual complaints through Corrective Action Reporting.
• Processing your data to enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you.
• We may use some of the information provided to email you details of jobs/vacancies which relate to your sector of the aviation and aerospace industry.

Outsourced service data.
The main purpose for processing your data is to fulfil our contractual obligations with your employer, we may process your personal data for payroll and human resource purposes including the processing of any post or pre-employment test results. We have listed below various ways in which we may use and process your personal data (sometimes it will be to comply with local laws). Please note that this list is not exhaustive:
• Checking you are legally entitled to work.
• Paying you and, if required by law, deducting tax and National Insurance contributions.
• Liaising with your pension provider (if applicable)
• Administering the contract, we have entered into with our client.
• Making decisions about your continued employment or engagement.
• Arranging for the termination of our contract with you.
• Dealing with legal disputes involving you, or other employees, workers and subcontractors including accidents at work.
• Ascertaining your fitness to work.
• Managing sickness absence.
• Complying with health and safety obligations.

RG employed contractor data.
We need to process personal data in order that we can fulfil our contractual obligations to you, ensure our business interests are maintained and to ensure we meet any regulatory requirements and local laws. Data collected using occasional monitoring techniques will only be used during investigation into staff activities and will only be a short-term measure. Monitoring via interception will always be in line with local laws. This data will only be accessed where there has been a safety or security incident and may be used for lawful purpose.

HR services
The main purpose for processing your data is to fulfil our contractual obligations with your employer, we will process your personal data for human resource purposes including the processing of any post or pre-employment test results. We have listed below various ways in which we may use and process your personal data (sometimes it will be to comply with local laws). Please note that this list is not exhaustive:
• Checking you are legally entitled to work.
• Paying you and, if required by law, deducting tax social security and insurance contributions.
• Managing pension contributions (if applicable)
• Administering the contract, we have entered into with our client.
• Making decisions about your continued employment or engagement including, when necessary, the termination of our contract with you.
• Dealing with legal disputes involving you, or other employees, workers and subcontractors including accidents at work.
• Ascertaining your fitness to work (including any mandatory psychological or physical test results).
• Managing sickness absence.
• Complying with health and safety obligations.
• Managing access to work sites

Use for marketing.
We may periodically send you information that is relevant to your relationship with us. Additionally, we may wish to use your data for the purposes listed below:
• To enable us to develop and market other products and services.
• To market our full range of recruitment services to you.
• To use testimonials from you on our website (but only where we have obtained your express consent to do so).
If you are not happy about any of these, you may opt out by writing to data@resourcegroup.co.uk

Use for profiling.
Although we do not carry out fully automated decision making, we do use algorithms within our database to identify jobs that match your profile. This would be acceptable as it allows for entry into or the performance of a contract.
You may wish to object to this form of processing. in which case we will revert to only processing your details manually. This could make it more difficult to match you with jobs and, in the worst-case scenario, it may mean we have to stop working with you.

Use for legal claims.
Occasionally we may have to use your personal data to help us to establish, exercise or defend legal claims.

How the Law Protects You

Your privacy is protected by law. This section explains how that works.
Data protection laws say that we can use personal information only if we have a proper reason to do so. This includes sharing it outside Resource Group. The law says we must have one or more of the following reasons:
• To fulfil a contract, we have with you.
• When it is our legal duty.
• When it is in our legitimate interest.
• When you consent to it.
A legitimate interest is when we have a business or commercial reason to use your information. But, even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
In the following sections we will describe all the ways that we may use your personal information, and which of the reasons we rely on to do so, including our legitimate interests.

Legal bases for processing data

General
Under Article 6 of the GDPR, the data you supply must be processed under one of six lawful bases:
• Consent to the processing of personal data for one or more specific purposes.
• Where necessary, for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
• processing is necessary for compliance with a legal obligation to which the controller is subject.
• processing is necessary to protect the vital interests of the data subject or of another natural person.
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Legitimate interests

Recruitment candidate data
We believe that all our processing of data relating to recruitment activities is in line with our legitimate interests. The only exceptions to this are for marketing reasons, where we have a lawful basis under soft opt-in consent, and for legal reasons when we have a legal obligation to process your data (see below).
It is reasonable to expect that, if you are looking for employment or have posted your professional CV information on a job board or professional networking site, you are happy for us to collect and use your personal data, offer, or provide our recruitment services to you, share that information with prospective employers and assess your skills against our bank of vacancies.
Prior to being accepted for a job vacancy, any prospective employer may also want to check the information you have given us to confirm, for example, your references, qualifications, and criminal record.
We will always make sure that we operate in a manner that is satisfactory for both of us, whether we are processing your data to carry out an essential business function (like preparing the payroll or processing invoices) or helping you to find suitable employment.

Client data
We believe that contacting our clients about recruitment activities and keeping records of our business meetings and communications, constitute legitimate business interests. We also believe that conducting customer surveys and appropriate targeted marketing are all legitimate interests.

Supplier data
We believe that we have a legitimate business reason to contact you in connection with our business dealings, to perform a legal obligation and/or to carry out business checks (such as in the interest of due diligence).
Referees & Emergency contacts
We believe that contacting referees to request candidate information that enables us to carry out background checks on candidates is a legitimate interest. We also believe that processing emergency contact details is a legitimate interest to us and of personal interest to the candidate.

Contractual Obligation

Outsourced service data and HR services
As we provide an outsourced service to our client which may involve managing Payroll and HR services on their behalf, we must process your data to fulfil a contractual obligation to our client.

Employee data
We have a lawful basis of contract to process the following personal data:
• Offer letter, scanned copy of passport (or other right to work document).
• Job description, DBS checks, references, contract of employment (and variation letters), Flexible working requests, restrictive covenants, confidentiality letters, Privacy notices and data consent forms & pay scale data.
• records of training courses attended performance reviews and annual appraisals.
• disciplinary and grievance records.
• Travel and expenses claims.

Consent

Recruitment Candidate data
A soft opt-in consent is a specific type of consent which applies when, by virtue of your having engaged with us (for example by submitting a job application or CV, or registering a vacancy to be filled), we consider that you would like us to send you information on other recruitment-related services. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For most, this is beneficial as it allows us to suggest other jobs to you alongside the specific one you applied for, significantly increasing the likelihood of us finding you a new position. For other types of e-marketing, we are required to obtain your explicit consent.
If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time by writing to us at Data@resourcegroup.co.uk .

Legal obligation

Like all businesses, we have a legal duty to provide information relating to crime detection, tax collection or actual or anticipated litigation. In these circumstances we will process your information as a legal obligation.
Special categories of personal data
Sensitive personal data is data which is described in Article 9 of GDPR as that relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We will not collect or process sensitive data unless required to do so by law or as part of a contractual obligation.

Third parties’ disclosure

General
We employ external agencies, for example, to manage our IT, Web, and payroll services. Each of the businesses employed to manage our activities has made guarantees that your data will be securely processed in line with the General Data Protection Regulation.

Recruitment candidate data
Primarily we will share your personal data with prospective employers to increase your chances of securing employment. Unless you specify otherwise, we may also share your information with any of our group of companies and associated third parties where we feel this will help us to provide you with the best possible service.

Outsourced service data
Where we perform outsourcing functions on behalf of your employer, this may include processing test results which form part of your terms of employment.

Employee data & HR Services
The following data may be shared with third parties:
• Payroll information necessary to process your salary is shared with our outsourced payroll service. The lawful basis for processing this data is contract.
• Pension information is shared with the company pension provider, the lawful basis for processing your data is contract.
• References will be sent to future employers on request. We assume that as you will have nominated us as a reference source, you consent to us providing this data.
• As an employee, you may be required to provide regulatory test results to us. Where the legal authorities require notification of test results, we will supply the information as a legal obligation.
To ensure that your personal information receives an adequate level of protection, we will put in place appropriate procedures with third parties with whom we share your personal data to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.

Retention Period

We will delete from our system or securely archive your personal data, if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for up to ten years unless you request us to remove your data. This period may be extended if we believe in good faith that the law or relevant regulators require us to preserve your data for longer. After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.
Employee and HR services data will be retained in line with local data retention laws.

How we store and transfer your data internationally

For recruitment services
To provide you with the fullest and best service possible it may be necessary to transfer your data as follows:
• between and within our business.
• to overseas clients.
• to clients within your country who may, in turn, transfer your data internationally.

We want to make sure that your data is stored and transferred in a way that is secure. We will therefore only transfer data outside of the territorial scope of GDPR/ UK GDPR when it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
• when we have a data transfer agreement with the recipient, incorporating approved standard contractual clauses.
• only transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation.
• where it is necessary for the conclusion or performance of a contract between us and a third party and the transfer is in your interests for the purposes of that contract. Or
• where you have consented to the data transfer.
To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties with whom we share your personal data to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.

Your rights as a data subject

Under Article 13 of the GDPR, we are bound to provide you with information relating to your rights, which are as follows:

Right to object
If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days.
Right to withdraw consent
Where we have obtained your consent to process your personal data, you may withdraw your consent at any time.
Data subject access requests
You have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. We are required to confirm your identity before processing any such request and, where we are legally permitted, we may decline your request, but we will explain the reason why to you.
Right to erasure
You have the right to request for us to “erase” your personal data. We will respond to your request within 30 days and will delete your data unless there is a legal reason for keeping your data which prevents us from agreeing to your request, in which case we will let you know why.
Right of data portability
If you wish, you have the right to transfer your data from us to another data controller. This will be by directly transferring your data to you in a commonly used machine-readable format.

Contact details.
If you wish to legitimately exercise any of your rights, please contact:
Resource Group Data Protection Lead:
Email: data@resourcegroup.co.uk
Phone +44 (0)1285772669
You also have the right to lodge a complaint with your local supervisory authority.
The UK supervisory authority is:
Information Commissioner’s office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
https://ico.org.uk/
The Spanish Supervisory Authority is:
AEPD
C/Jorge Juan, 6,
28001 Madrid
Tel: +34 901 100 099/ +34 91 266 35 17

Privacy Notice – Resource Training Solutions

We understand that your privacy is important to you and, in our capacity as data controllers, we are committed to protecting and respecting it.

This document sets out how we keep your personal data safe, and describes your rights, in accordance with local data protection laws adopted both in the EU as the General Data Protection Regulation (GDPR) and the UK as the UK GDPR and Data Protection Act 2018. Throughout this notice, the term GDPR is used to represent both EU and UK data protection regulations.
Resource International Group Investments AG (RIGI) is the ultimate holding company of the Resource Group of companies, operating as:
Contractair Ltd (trading as Flight Crew Services), providing clients with flight deck or cabin crew on a permanent or contract basis.
Resource Consulting Ltd, Resource Consulting AG, Resource Consulting Spain, Resource Consulting GmbH (collectively trading as Aviation Resourcing Services), which provides skilled manpower across line & base maintenance, aircraft production, interiors, maintenance & completions, and business aviation on both a temporary and permanent basis.
LRTT Ltd (trading as Resource Training Solutions), which provides regulatory approved training services and products to aviation and its allied industries, through both classroom based and online provision. This Privacy Statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read it carefully to understand our views and practices regarding your personal data and how we will treat it.
It is important to point out that we may amend this Privacy Notice from time to time. Please visit our website if you want to stay up to date as we will post any changes there.
The territorial scope of the regulation covers data subjects in both the member states the European Economic Area as well as the United Kingdom whether the controller/processor is located within this geographic scope or where member state law applies by virtue of public international law.
If you have any questions, or want more details about how we use your personal information, you can contact us at data@resourcegroup.co.uk

The term Training Services is used throughout this document and refers to Resource Training Solutions (RTS), who provide Approved Training, Examination and Certification which is regulated by law. It also provides online training and practical workshop training to individuals and clients.

The Type of Data We Collect

From learners
In order for us to provide a full range of training services including examination and certification in line with the aviation and aerospace industry regulator’s requirements. We need to process certain information about you. We collect data which allow us to place you on course(s) and receive examination and certification in line with the requirements of the regulatory authorities. This data will include your name, address, Telephone number, email address, date of Birth, Place of Birth, a copy of either your Passport/ Driving Licence or other formal identification document, relevant educational qualifications.
We may also use this data to email details of our training courses which we believe are relevant to the industrial sector you work within.
In order for us to process payments for our services, we may require payment card details, although we may take these for phone bookings, we will destroy the card details as soon as the payment has been taken.

From clients
If you are a client of ours, we need to collect and use information about you, or individuals at your organisation, in the course of providing you with services such as: sponsoring training to your staff. This is may either be through attending courses or online training services. In these circumstances we will correspond with you regarding details of the staff being sponsored. We will also require an address to send documentation relating to successful course completion.
We may from time to time contact you to request feedback on the quality of training services we have provided and may discuss any future training courses that we feel may be of interest to your organisation.

From suppliers
We will collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We will also collect bank details, so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.

From website users
When you visit our website there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content. We will also collect data from you when you contact us via the website.

How we collect your Data

Learner data
We collect data applicants who wish to use our training services in three primary ways:
1. Personal data you give to us, which may include:
• Entering your details on our website or via an application form, as part of the registration process.
• When you email us a course booking form.
• When you contact us via phone, we may record your details on a course booking form.
• When you first attend one of our training courses, we may require a copy of your passport for our training records.

2. Personal data we receive from other sources:

• Your employer may provide data about you if they are sponsoring your training.
• Your employer may provide data about you if they are booking a training course on your behalf.
• Your colleagues may occasionally provide us with data that will allow us to provide you with information about our training products. (We assume that this is at your request)

3. Personal data we collect automatically:

• When you access our website, we collect your data automatically via cookies, in line with cookie settings in your browser. (Please see the section on how we use your personal data.)

Clients
We collect client personal data in three ways:

1. Personal data we receive directly from you:
• Where you contact us, usually by phone or email.
• Where we contact you by either phone or email as part of a business development activity.
2. Personal data we receive from other sources:
• By analysing your online media presence.
• From third parties such as candidates.
3. Personal data we collect via our website:
• We may collect data about the extent to which you access our website.

Suppliers
During the course of our business with you we may ask for details from you relating to contact and payment.

Website users
IP addresses and cookies
We may collect information, such as through Google Analytics (http://www.google.com/analytics), about your computer, including, where available, your IP address, operating system, and browser type. This would be for system administration purposes and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
Similarly, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and to deliver a better and more personalised service. They enable us:
• To estimate our audience size and usage pattern.
• To store information about your preferences, and so allow us to customise our website according to your individual interests.
• To speed up your searches.
• To recognise you when you return to the site.

Our website is run on WordPress which utilises cookies for two purposes:
• Registered members need a cookie to be able to log in. This is strictly necessary as WordPress will not work without it.
• Visitors who leave a comment on a blog post will also have a cookie set on their computer. This is not “strictly necessary” as it is a user preference.

When you purchase via the website WooCommerce, it makes use of three cookies:
• woocommerce_cart_hash
• woocommerce_items_in_cart
• wp_woocommerce_session_
The first two cookies contain information about the cart as a whole and helps WooCommerce know when the cart data changes. The final cookie contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. No personal information is stored within these cookies.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our website.

How we use your personal data

General
Some personal data we collect from you is required to enable us to fulfil our contractual obligations to you or to others. Where appropriate, some data are required by statute or other laws. Other items may simply be needed to ensure that our relationship can run smoothly.
Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.

Learner data
The main reason for using your personal data is to maintain an accurate record of your details for the purposes of examination and certification. In certain circumstances this is a regulatory requirement.
We have listed below various ways in which we may use and process your personal data (sometimes it will be to comply with local laws). Please note that this list is not exhaustive:
• To compile documentation relating to course availability and ensure courses are not oversubscribed.
• Recording attendance on taught courses as mandated by the regulatory authorities, to provide evidence of attendance to employers and also in case of legal dispute.
• The provision of any relevant training material related to the course you are attending either in person or online.
• Compiling and discussing individual feedback from you and possibly your employer which support our course review and improvement strategies.
• Confirming the identity of candidates who are attending courses and associated exams.
• Producing online exams and confirming the identification of the candidate(s).
• Producing and distributing certificates to successful candidates.
• Processing and responding to individual complaints.
• To allow us to correctly invoice you.
• Carrying out our obligations arising from any contracts entered into between us.
• Carrying out our obligations arising from any contracts entered into between us and your employer/sponsor in relation to your training.
• Carrying out our obligations arising from any contracts entered into between us and third parties in relation to your training.
• Processing your data to enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you.

Marketing
We may periodically send you information that is relevant to your relationship with us. Additionally, we may wish to use your data for the purposes listed below:
• To enable us to develop and market other products and services.
• To market our full range of training services to you.
• To use testimonials from you on our website (but only where we have obtained your express consent to do so).
If you are not happy about any of these, you may opt out by writing to data@resourcegroup.co.uk
Legal Claims
Occasionally we may have to use your personal data to help us to establish, exercise or defend legal claims.

Client data
Training activities
We mainly use client data to assist us with recruiting activities and may:
• Store your details on our database so that we can contact you in relation to training activities.
• Keep records of our communications so that we can provide targeted services to you.
• Contact you to carry out customer satisfaction surveys.
• Process your data for targeted and appropriate marketing.

Marketing activities
We will not seek consent to send marketing literature to a corporate postal or email address. If you are not happy with this, you may opt out by writing to data@resourcegroup.co.uk .

Supplier data
We will only use data supplied by you to:
• Allow us to contact you in relation to our business agreements.
• To perform legal obligations.
• To perform checks, such as due diligence, should this be necessary.

How the Law Protects You

Your privacy is protected by law. This section explains how that works.
Data protection laws say that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside Resource Group. The law says we must have one or more of the following reasons:
• To fulfil a contract we have with you.

• When it is our legal duty.
• When it is in our legitimate interest
• When you consent to it.
A legitimate interest is when we have a business or commercial reason to use your information. But, even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
In the following sections we will describe all the ways that we may use your personal information, and which of the reasons we rely on to do so, including our legitimate interests.

Legal Basis for processing data

General
Under Article 6 of the GDPR, the data you supply must be processed under one of six lawful bases:
• Consent to the processing of personal data for one or more specific purposes.
• Where necessary, for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
• processing is necessary for compliance with a legal obligation to which the controller is subject.
• processing is necessary in order to protect the vital interests of the data subject or of another natural person.
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Legitimate interests
Learner data
We believe that to run our training course in an efficient manner and to ensure your place on any training course is reserved is in both our interests as a business and yours as a student. We also view legitimate interests as the lawful basis for administration of courses and for collection of feedback from both you and where appropriate, your employer/sponsor.
In order for us to continue as a business it is in our interests to also use data for invoicing and accounting purposes. This may also help you with your tax affairs.
When you attend a course either you or your employer/ sponsor enter into a contract with us, which is in our interests to administer to ensure that all parties abide by the content, we believe it is our legitimate interests to process this data to ensure both parties are adequately protected.
Clients
We believe that there are legitimate business interests to contact our clients about training activities, and keeping records of our meetings and communications where they are related to business training activities. Furthermore, we believe that it is customer surveys and appropriate targeted marketing are all legitimate interests on balance.
Suppliers
We believe that being able to contact you serves as legitimate business interests whether in relation to our business dealings, performance of legal obligation and performing checks such as due diligence.

Consent
Learner data
Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us (for example by expressing an interest in or completing training activities with us), we consider that you would like us to send you information on other training-related services.. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For most people, this is beneficial as it allows us to suggest other training courses to you alongside the specific one(s) you have already undertaken with us, for example annual mandatory training or other modules you will need attend and pass to achieve career progression. For other types of e-marketing, we are required to obtain your explicit consent.
If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time by writing to us at Data@resourcegroup.co.uk .

Legal obligation
Like all businesses, we have a legal duty to provide information relating to crime detection, tax collection or actual or anticipated litigation. In these circumstances we will process your information as a legal obligation.
When you undertake approved training or examinations, we are required to process and retain all your training, examination and assessment records for an unlimited period.

Special categories of personal data

Sensitive personal data is data which is described in Article 9 of GDPR as that relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We will not collect sensitive data, unless required to do so by law.
However, you may voluntarily offer us information relating to yourself especially where you may be concerned that it may prejudice you if you do not supply such data.

Third parties disclosure

General
We employ external agencies to manage both our IT and Web services. Each of the businesses employed to manage our activities has made guarantees that your data will be securely processed in line with the General Data Protection Regulation.
Online learning is via a Learning Management System which is managed through a third party supplier who has made guarantees that your data will be securely processed in line with the General Data Protection Regulation.
Certificate generation for successful candidates is managed by a third party hosted solution which is provided through a third party supplier has made guarantees that your data will be securely processed in line with the General Data Protection Regulation.
On occasion we may be required to disclose information relating to your training when it has been requested by the National Aviation Authorities to whom you have made a licence application.
We use Worldpay to provide third party payment services, however they act as the data controller for any data collected relating to payment for our services. You need to talk to them about how they handle your data.

Retention period

Except for training records which we are obliged to retain securely for an indefinite period (see legal obligation above), we will delete from our system, or securely archive your personal data, if we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for ten years. This period may be extended if we believe in good faith that the law or relevant regulators require us to preserve your data for longer. After this period, it is likely your data will no longer be relevant for the purposes for which it was collected.

How we store and transfer your data internationally

Transfer of your data to countries outside the territorial scope of GDPR will only take place when the person/business who is sponsoring your training is based outside of them.
We may also be required to provide information to support an application you have made, where a security pass is required and we are asked to provide data as a referee, in which case we will assume it is with your consent.

Your rights as a data subject

Under Article 13 of the GDPR, we are bound to provide you with information relating to your rights, as follows:

Right to object
If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days.

Right to withdraw consent
Where we have obtained your consent to process your personal data, you may withdraw your consent at any time.
Data Subject Access Requests
You have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. We are required to confirm your identity before processing any such request and where we are legally permitted, we may decline your request, but we will explain the reason why to you.
Right to erasure
You have the right to request us to “erase” your personal data. We will respond to your request within 30 days and will Delete your data unless there is a legal reason for keeping you data which prevents us from agreeing to your request, in which case we will let you know why.
Right of data portability
If you wish, you have the right to transfer your data from us to another data controller. This will be by directly transferring your data to you in a commonly used machine-readable format.

Contact details

Resource Group

If you wish to legitimately exercise any of your rights, please contact:
Resource Group Data Protection Officer:
Email: data@resourcegroup.co.uk
Phone +44 (0)1285772669

Supervisory authority

Right to lodge a complaint with a supervisory authority:
You also have the right to lodge a complaint with your local supervisory authority by contacting:
The supervisory authority is:
Information Commissioner’s office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
https://ico.org.uk/