General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) comes into force on 25th May, 2018 and we have been working with expert GDPR compliance consultants in order to make the relevant preparations which will ensure that our training, policies, procedures and processes reflect these changes. We will be making further announcements regarding these changes over the coming weeks.

Additionally, we are working towards attaining ISO:27001 Certification to provide our customers with further reassurance of how seriously we take the security and privacy of their data.

We have also contacted all of our 3rd party suppliers and strategic partners to ensure that they are compliant with GDPR or are working towards it.

We have undertaken Legitimate Interests Assessments (LIA) and Data Protection Impact Assessments (DPIA), which we believe provides us with lawful grounds for personal data processing; all of our terms, conditions and policies will be updated accordingly prior to GDPR’s implementation and users prompted to accept or decline them before being able to proceed to use our online training.

Obviously, given the nature of the services which we provide, those who opt not to agree to these terms and conditions will be unable to use our eLearning platforms.

Below are some frequently asked questions about Blue Stream Academy Ltd. and GDPR:

What information does Blue Stream Academy Ltd. collect?
  • Name and job title.
  • Contact information including email address and telephone number.
  • Demographic information such as place of work.
  • Training records.
  • Profile pictures.
  • Membership details of registered regulatory organisations.
  • Network/device information and data relating to use of our website, applications, products and services.
Why do Blue Stream Academy Ltd. need to collect this information?
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • To provide organisations and their employees with training records.
  • To administer accounts.
  • Internal record keeping.
  • To verify accounts/activities.
  • To promote safety and security inside and outside of our products/services, such as by investigation suspicious activity or violation of our terms, conditions and policies.
  • To obtain feedback to improve our products and services.
  • To send marketing communications about our products/services.
  • To let users know about any changes to our terms, conditions, policies or procedures.
  • To respond to users when they contact us.
  • To test features in development.
  • To customise the website according to user requirements.
Do Blue Stream Academy Ltd. require consent from users?
We do not require signed consent from Users (Data Subjects) for the transfer of their records. Once the Organisation (Data Controller) has registered with Blue Stream Academy Ltd. (Data Processor), they (the Organisation) have consented to the Users data being processed as part of their agreement with us.
Do organisations who use Blue Stream Academy Ltd.'s services require consent from their employees before allowing the data to be processed?
Whilst it is ultimately the responsibility of the Organisation to ascertain their own requirements/obligations under GDPR; generally speaking, given the terms of the User’s employment, it would reasonably be expected that their data would be used for such purposes as the recording of training etc. negating any need for consent in this instance.
Where is our data stored?
Our data is stored at a secure UK based data centre and backed to a secure cloud based service.
How long do Blue Stream Academy Ltd. store data for?
After an organisation ceases to be a Blue Stream Academy Ltd. customer, their data and that of their users is retained for a period of five years; unless a direct and authorised request for deletion has been made.
Following the implementation of GDPR, what is the process for users who want to transfer their training records?
Users wanting to transfer their training records to a new Organisation must initially request this from the Organisation currently holding their data, who will in turn provide us with the request. We will then contact the user to confirm the request before proceeding with the transfer of data.
Following the implementation of GDPR, what is the process for users who want to delete their training records?
Users wanting to delete their training records must request this from the Organisation currently holding their data, who will in turn provide us with the request. We will then contact the user to confirm the request before proceeding with the deletion of data. IMPORTANT: It is the responsibility of the Organisation to ensure that they do not have legal obligations/requirements requiring them to retain the data, or reasonable grounds for doing so. Once data has been deleted in cannot reinstated.
How can I find out want information Blue Stream Academy Ltd. holds about me?
If you would like a copy of the information held about you please write to Blue Stream Academy Ltd., Suites 11 and 12 – Riverside Business Centre, Milford, Derbyshire, DE56 0RN.

Should you have any further queries or questions relating to this or any other matter, please don’t hesitate to contact our Support Department via email to info@bluestreamacademy.com or telephone 01773 822549.

General Data Protection Regulation Infographic

print

1 Comment

AdminMarch 27, 2018 at 4:27 pm

concise ,transparent and helpful.

 Leave a Reply

Your email address will not be published. Required fields are marked *


Posts By Date

About Us

We have developed a suite of interactive training modules which are easy to use, in line with CQC Outcomes, cost effective and providing proof of competency.

Join the 175,000+ users of our software and sign up today!

All of our eLearning modules are RCGP accredited and CPD certified, providing more than 50 hours of training ✔
Proud to support Time to Change