The type of personal information we collect

We currently collect and process the following information:

  • Personal identifiers, contacts and characteristics (for example, name, email address and contact details)
  • Financial information

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • Initiating communication with us
  • Booking a course
  • Using any of our professional services

We use the information that you have given us in order to answer any queries you may have and provide the requested or contracted services.  With your permission, we may also advise you of upcoming courses or promotions running.

We may share this information with third party trainers or associates to assist with our courses or professional services.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. You are able to remove your consent at any time. You can do this by contacting dpo@athenesecure.com. We may use consent as a legal basis where you initiate contact via the website. 
  • We have a contractual obligation. Where a contract exists to provide either professional services or a booked course, we use contractual obligation as a legal basis.
  • We have a legal obligation. We are obliged to retain transactional information by the HMRC.  This could include your personal details.

How we store your personal information

Your information is securely stored within the Microsoft Office 365 environment as well as Dropbox.  Where data is stored on local computing devices, your data is protected by appropriate security controls including encryption and user authentication.

We keep records of any contact for 2 years in case of any follow up, the last thing anyone wants to do is repeat themselves.

We keep records of provided services for the minimum permitted duration of “current tax year plus 6 years” as required by the HMRC.

We will then dispose your information by secure methods including deletion of files / records.  We may also retain the file / record but use anonymisation to remove your data and so protect your privacy.

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us via email at dpo@athenesecure.com, via phone on 0121 295 1717 or via post at Izabella House, 24-26 Regent Place, Birmingham, B1 3NJ if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us via the dpo contact details above.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Privacy notice v2.1 July 2020

Scroll to Top