Last updated: May 24, 2018
MIT SKILLS ("us", "we", or "our") operates the mitskills.com website (the "Service").
Your Rights & Our Data Handling Responsibilities
At MITSkills we are committed to protecting the privacy and security of the people who use our website, products and services. As part of our operations we have to collect and ‘process’ certain information about the individuals who use our site or contact us in any identifiable way. We appreciate that this data belongs to you not us, and so we aim to avoid the collection of any data that is not necessary to successfully facilitate these services. We also avoid storing data unnecessarily and purge our systems to delete any personal data that is held beyond its useful life. We therefore fully appreciate and respect the importance of data privacy and security on the Internet.
We believe you should feel both informed and empowered when it comes to our handling and usage of your information. This notice therefore explains:
- what information we collect when you’re using our platform and systems;
- why we collect that information;
- how we may then use that information;
- how we share that information with other parties;
- how long we keep your information, and how we protect it whilst we have it;
- what we won’t do with your information;
- what choice and options you have to control your information.
If you have any queries or questions please contact our team using the contact details provided at the bottom of this notice.
Throughout we aim to be as clear and open as we can with you on what information we collect, why we collect it and how we use it, so you are informed and able to make decisions to control your information in ways that you’re comfortable with. Whilst we hold your information, we will keep it up to date and protect it as if it was our own sensitive information, using appropriate security safeguards. We continually take into account the latest industry standards and best practice.
How do we collect information about you?
In any interaction you may have with MITSkills we collect information in three possible ways:
- When you directly give it to us (“Directly Provided Data”).
- When you log into our system and you give us permission to use that data (“User Authorised Data”).
- When you contact our customer service team to check any aspect of our service.
What information do we collect about you, why do we collect it and what do we do with it?
We need to collect information about you, your business and the products and services you are interested in so that we can improve the performance of said products and services. To achieve that we may collect:
- Personal data about you including name and address, contact details such as telephone number and email address, and where appropriate service enquiry preferences (for example requests for course details, and or course advice)
- Transactional information (non-personally identifiable) about your purchase such as the order number, date, original delivery details.
We may share that information with companies within our supply chain (processors) and other businesses that are part of our service offer. When we share any information with these organisations we do so under strict contractual terms that include equivalent privacy policies, processing agreements and information security to protect your information.
We store your data on servers within the European Economic Area (EEA). If operating outside of the EU we always ensure that we comply with the local, national or regional rules regarding data for example for the United States that any business we share data with must be registered under the US Privacy Shield framework. By submitting your information you agree to this.
We keep your information only for as long as it takes to process our services and for a period shortly afterwards , usually to answer or respond to any queries related to our services, following which the data is deleted or anonymised. During that period we may contact you to request that you assess the standard of our service and that prompt will be by email or SMS and the data you submit with be anonymous via a website.
What about cookies?
By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies. Further information about cookies can be found at www.aboutcookies.org.
How do we share the information we collect?
We are conscious that you are trusting MITSkills with your information but in addition, to be able to carry out an efficient service, we do need to work with a number of third parties (supply chain) who are experts in their particular fields. We are very careful who we share your information with, but it is important that you understand when that sharing takes place and why, and that’s what this section explains. The limited instances where we may share your information include:
We share your information externally with our core service providers when required for our business to function and provide you with our service. In addition, we may request your specific opt-in to enable us to share your data with the wider MITSkills partner groups of companies.
mitskills.com uses the following cookies on this website, for the following purposes:
· To allow you to carry information across pages of our site and avoid having to re-enter information within registration to allow you to access stored information.
· To help us recognise you as a unique visitor (using a number, you cannot be identified personally) when you return to our website.
· To allow us to tailor content or advertisements to match your preferred interests or to avoid showing you the same ads repeatedly.
· To compile anonymous, aggregated statistics that allow us to understand how users use our site and to help us improve the structure of our website. We cannot identify you personally in this way.
Each of the external companies we work with has been carefully selected due to their ability to provide an efficient high-quality service including their ability to handle sensitive data (such as your personal information) securely and appropriately. Each of these external companies has a contract with us which clearly sets out our expectations and requirements in handling any of your information, and holds them fully responsible for meeting those expectations and requirements. On that basis and only on that basis, we may therefore disclose your personal information (including your personally identifiable information) to such third parties who need to be given specific tailored access to your information to facilitate a successful return of services by performing key tasks on our behalf, and who are obligated to only use it in line with our instructions, and not to disclose or use it for other purposes. We are confident that we can trust those third-party service providers with your information.
We also share your information when we’re required to comply with any legal request as we are required to liaise with a number of regulators and other law enforcement agencies in any of the countries that we operate in. In some cases, we are also required to share information with Customs authorities. We may be required to share information for legal reasons for example to provide information for a ‘Subject Access Request’ to ourselves or our partners where we hold a processing responsibility.
If we use your data for marketing purposes or share it with any other organisations for marketing, market research or commercial purposes, we will first ensure that we have your consent to do so.
Our Service does not address anyone under the age of 13 ("Children").
We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we discover that a Children under 13 has provided us with Personal Information, we will delete such information from our servers immediately.
In this Section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
- the supply of appropriate evidence of your identity. For this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address.
- In practice, you will usually either expressly agree (opt in) in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
- To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Protecting your security
We are always striving to securely protect the data in our care and we aim to operate at least at industry standard. Consequently, your data is held on secure servers in the UK or in the cloud located in the EEA.
When transferring data to other organisations as described earlier to deliver our service, we use secure file transfer protocols (SFTP).
Secure data is not sent externally by email and internal systems are hosted securely.
Where some returns are paid for, our payment gateway operates independently of our systems and is PCI compliant to ensure that payment data is not held on our main platform or systems and only exists in an extremely secure ‘banking’ environment.
The information you provide to us is controlled by MITskills as the ‘Data Controller’ however data that may be supplied to us by any third party is controlled by them, including for the purpose of the Data Protection Act 1998 (the Act) and any other applicable laws.
You can contact us by email at GDPR@mitskills.com.or alternatively write to us at:
c/o Hani Zubeidi (Data Controller)
12/13 Camphill Industrial Estate
Changes to this Policy