Applied Service Management Global Ltd Privacy Notice

1. Introduction
This document explains how ASM Global Ltd collect, use and protect your personal data and l also explains what rights you have with regards to your personal data and how you may exercise those rights. The document covers data collected through personal contact, by telephone or social media, through our website and through organisations contracting us to provide training and consultancy services.

2. Who we are
Applied Service Management Global Ltd is the data controller for its own activities and determines what data is collected, how this data is going to be used and how this data is protected.
Our registered office address is:

Suite D5,
Sheffield Business Centre
Europa Link
Sheffield
S9 1XZ
UK


For questions about how we process personal data, or exercising your data subject rights, please email us at privacy@asmglobal.co.uk or write to us at the address provided in section

3. Collection of personal data
We collect personal data from you for one or more of the following purposes:

  1. To provide you with information that you have requested.
  2. To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services.
  3. To fulfil a contract that we have entered into with you or with the organisation that you represent. In these circumstances it may be your organisation , rather than you, that provides us with your personal data.
  4. To ensure the security and safe operation of our websites and underlying business infrastructure.
  5. To manage any communication between you and us.

The table below provides detail about the data that we collect for each of these purposes, the lawful basis for doing so.


4. Lawful basis for the processing of personal data

The table below describes the various forms of personal data we collect and the legal basis for processing this data and the period for which we will retain the data. A number of data elements are collected for multiple purposes and some data may be shared with third parties; where this happens, this is also identified below.

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply:

  • Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
  • Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
  • Vital interests: the processing is necessary to protect someone’s life.
  • Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

 

Purpose of collection

Information category

Data collected

Purpose for collection

Lawful basis for processing

Data shared with?

Retention period

1. To provide you with requested information

Subject matter information

Name, organisation name, addresses including , email address, telephone number, business sector.

To provide appropriate information about requested services

 

Contractual fulfilment

Internally only

Maximum eight years from the date the information is collected.

 

 

To provide further, related, online or email information and ongoing news updates in relation to the identified area of interest.

Legitimate interest

Internally only

Telephone number.

Follow-up to ensure requested information meets needs and identify further requirements.

Legitimate interest

Internally only

Personal contact information provided through personal contact, trade shows, website forms or any other means.

General mailing list subscription.

Consent

Internally only

2. Transactional information

Transaction details

Name, physical address, email address, telephone number, bank account details (for credit accounts).

To process purchase transactions for products and services with customers, and to ensure any transaction issues can be dealt with.

Contractual performance

Internally only

Maximum eight years from the date of the performance of the contract.

Eight years for VAT records from the performance of the contract

For accounting and taxation purposes

Statutory obligation

Internally and professional advisers

Documentation should any contractual legal claim arise.

Legitimate Interest

Internally and professional advisers

Payment card data

Primary account number (PAN), cardholder name, service code, expiration date

To fulfil purchase requests using payment cards.

Contractual performance

Payment card companies, all in line with the PCI DSS

Retained while authorisation is pending.

3. Course delivery information

Fulfilment data

Name, dietary requirements, special needs relating to disability.

Appropriate catering arrangements for training courses.

Contractual performance

Consent

Legal Obligation

Internally and training venues

Maximum six years from the date of the performance of the contract.

Name, contact and identification details.

Access to training courses, attendance registers.

Contractual performance

Internally and training venues

Name, contact and identification details.

Exam attendance, exam results and certifications.

Contractual performance

Internally and external examiners, proctors and certification bodies

Name, contact details.

Licensing details necessary for allocation and maintenance of licence to use software and products for e-learning and examinations.

Contractual performance

Internally and any third parties whose products or services you purchase from us.

Name, address(es), email address, contact details.

Actual delivery of products or services, in physical or digital form, that you may have purchased from us.

Contractual performance

Internally and any third party companies with whom we contract to deliver these requirements.

4. Security

Security information

Technical information that may be required for this purpose.

To protect our website and infrastructure from cyber attack or other threats and to report and deal with any illegal acts.

Legitimate interest

Internally, forensic and other organisations with which we might contract for this purpose.

Relevant statutes of limitation.

5. Communications

Contact information

Names, contact details, identification details.

To communicate with you about any issue that you raise with us or which follows from an interaction between us.

Legitimate interest

Internally and, as necessary, with professional advisers.

Relevant statutes of limitation.

6. Product development

Survey data

Names, contact details, identification details.

To develop existing and new products that meet the expectations and requirement of our customers.

Consent

Internally and where additional consent is given for marketing purposes.

Maximum of three years.

 


5. Storage of personal data
Applied Service Management Global Ltd is a UK-domiciled organisation whose primary offices are in the UK.
  • Our website is hosted in the UK and is accessed only by our UK based staff.
  • We use Cloud service providers (CSP) as part of our processing environment. Unless we specifically state otherwise, we are, in respect of all these CSPs, the data controller. These cloud service providers are hosted in the EEA and the United States.
  • We ship and deliver physical products around the world; we therefore sometimes use logistics companies that may be based outside the UK and operate in other countries. We have appropriate legal and security relationships with those partners.
  • We resell products supplied by organisations outside the EU. This may mean that our resale partner will have access to information about data subjects who purchase their products.
  • We operate a data retention policy in respect of all data, whether paper-based or digital, and those aspects of it that relate to personal data are contained in the table above.

6. Security measures
Our payment card processing is in compliance with the PCI DSS (Payment Card Industry Data Security Standard).
Based on risk assessment, including assessing risks to the rights and freedoms of data subjects, we believe we have appropriate security controls in place to protect personal data.
We do not have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.

7. Your rights as a data subject
You have the following data protection rights:
  1. To access, correct, update or request deletion of your personal information.
  2. To object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
  3. You can opt-out of marketing and telemarketing communications we send you.
  4. You can withdraw any consent you may have granted to collection and processing of personal data. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  5. You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
  6. If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.

If you wish to exercise any of these rights, please contact us using the details below. To process your request, we will ask you to provide two valid forms of identification for verification purposes.

8. Contact us
Any requests comments, questions or suggestions about this privacy policy or our handling of your personal data should be emailed to privacy@asmglobal.co.uk

Alternatively, you can contact us at our office using the following postal address
Applied Service Management Global ltd
Suite D5
Sheffield Business Centre
Europa Link
Sheffield
S9 1XZ

9. Complaints
Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.

Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the UK, this is the ICO (Information Commissioner’s Office), which is also our lead supervisory authority.

https://ico.org.uk/concerns/
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113