How we use your information
- visitors to our websites
- customers who order products or services or who subscribe to our newsletters or request information from us
- prospects who make enquiries about our products, prices or services
- suppliers, enquirers and third parties that interact with us
- complainants and other individuals in relation to a data protection
- job applicants and our current and former employees.
Legal Basis for Processing (EEA only):
We process personal information to enable us to sell our goods and services to our customers; to promote and advertise our services; maintain our own accounts and records and to support and manage our employees. If you place an order for goods or services, processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is good reason to protect the individual’s personal data which overrides those legitimate interests.
Where we rely on your consent to process the personal information, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
Type/classes of information processed
We process information relating to the above reasons/purposes. This information may include:
- personal details e.g. name, contact information including email address, demographic information such as postcode, preferences and interests. Other information relevant to customer surveys and/or offers.
- good and services
- financial details
- family details and next of kin details for our employees
- education and employment details for our employees
We may also process sensitive classes of information about our employees that may include:
- physical or mental health details
- racial or ethnic origin
- religious or philosophical beliefs
We process personal information about:
- professional advisers and consultants
Who the information may be shared with
We sometimes need to share the personal information we process with the individual them self and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA) and GDPR. What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons. In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Where necessary or required we share information with:
- current, past or prospective employers
- educators and examining bodies
- family, associates and representatives of the person whose personal data we are processing
- employment and recruitment agencies
- business associates
- financial organisations
- consultants and professional advisers
- credit reference agencies
- debt collection agencies
- central government
Financial transactions relating to our various websites and services are handled by our payment services providers, Shopify, PayPal, SagePay and Stripe. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at:
We may choose to transfer your data to a third party or server who not based or located within the European Economic Area (EEA), for example if a customer orders goods from one of our websites to be delivered outside the EEA and to other parts of the world then to deliver the goods we need to let carrier/delivery companies and their local customs/enforcement agencies know the details. In these circumstances, we may contact you prior to doing so to confirm that you are happy for us to transfer such data.
CCTV for crime prevention
CCTV is used for maintaining the security of our property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.
When we ask you for personal data will:
- Make sure you know why we need your personal data and if you can say no when we ask for it; ask only for the personal data we need and not collect information that is irrelevant or excessive;
- Protect it and make sure no unauthorised person has access to it;
- Only where appropriate and necessary share it with other organisations for legitimate purposes;
- Make sure we don’t keep it longer than is necessary;
- Not make your personal data available for commercial use without your consent; and
- Consider your request to stop processing your personal data.
In return we ask you to:
- Give us accurate information; and
- Tell us as soon as possible if there are any changes to your personal circumstances or contact details such as your address or email address. This helps us keep your personal data reliable and up to date.
Visitors to our websites
When someone visits one of our websites such as: www.test-meter.co.uk or www.pat-training.co.uk or www.pat-testers.co.uk or www.thermal-camera.co.uk or www.NAPITdirect.co.uk or www.pat-test-labels.co.uk or www.solar-test-equipment.co.uk and enters personal information into them, then we may use and share this personal information with data processors and third party service providers.
In addition to the above list of data processors for payment services, here is a list of data processors we may share information with in relation to this website:
To improve our website user experience we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of our websites. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. For website visitors the Google Analytics Data Retention is set to 26 months before user-level and event-level data stored by Google Analytics is automatically deleted from Analytics’ servers. When data reaches the end of the retention period, it is deleted automatically on a monthly basis.
Help us to validate registered NAPIT membership numbers on the NAPIT Direct website so that only registered members can purchase certain items. They also provide support for enquirers and customers of that website only.
DPD is a parcel carrier for some of our goods and services. For customer convenience, some deliveries and collections may utilise their Predict service, where they provide parcel recipients with a one hour delivery window, notified by SMS and email, so they don't have to wait in all day. This often enables receivers to watch the progress of their delivery on a real-time map, all the way down to a final 15 minute times. The service also allows customers to take delivery of their goods in a way that suits.
We use them for delivering letters and parcels containing goods that you may have ordered from us or for any postal communication.https://www.royalmail.com/privacy-notice
Security and performance
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
People who call our telephone numbers
When you call any of our telephone numbers we may collect your information to help you, process your order and payments for goods or services and for the purposes of compliance to our procedures and policies. We reserve the right to monitor this form of communication.
People who email us
We monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Complaints or queries
PAT Training Services Limited tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
Job applicants, current and former PAT Training Services Limited employees
Under the Data Protection Act 1998 and GDPR from 25th May 2018, you have rights as an individual which you can exercise in relation to the information we hold about you. At any point whilst PAT Training Services Limited is in possession of or processing your personal data, all data subjects have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
In the event that PAT Training Services Limited refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
Access to personal information
PAT Training Services Limited tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To access what personal data is held; identification will be required, please request from our Company Data Controller our “Data Subject Access Request Form” then complete and return the form to the Company Data Controller. To protect your privacy and security, we will take steps to verify and prove of your identity before complying with the request. If you find it impossible or unreasonably difficult to make a subject access request in writing, then we will treat a verbal request for information as though it were a valid subject access request and again we will take steps to verify and prove your identity before complying with the request.
If we do hold information about you, you can ask us to correct any mistakes or not use any of the information by, once again, contacting the Company Data Controller.
Disclosure of personal information
In many circumstances we will not disclose personal data without consent. However when we investigate a complaint, for example, a missing/ damaged parcel we will need to share personal information with the organisation concerned and with other relevant bodies. We may also pass on your personal information if we have a legal obligation to do so for example the police, other law enforcement agencies and the Inland Revenue, or if we have to enforce or apply our Terms and Conditions and other agreements. You can also get further information on:
- agreements we have with other organisations for sharing information;
- circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
- our instructions to staff on how to collect, use and delete personal data; and
- how we check that the information we hold is accurate and up to date.
Links to other websites
Notice of Breach of Security
If a security breach causes an unauthorized intrusion into our systems that materially affects you, then we will notify you or people on systems within 72 hours of first becoming aware of it, where feasible. We will also later report the action we took in response and if necessary explain the reason for the delay.
Change of ownership
Information Commissioner’s Office registration
You can find our registration with the Information Commissioner’s Office using our registration number of ZA311074 at https://ico.org.uk/esdwebpages/search
How to contact us
The Company Data Controller
PAT Training Services Ltd
1 Town End Close