Fermata Development Solutions Ltd (Fermata) is committed to data security and the fair and transparent processing of personal data. This policy sets out how Fermata treats personal data.
Most data collected by Fermata is not personal in nature as Fermata is primarily a “business-to-business” organisation. However, on the occasion that Fermata might need to collect and process personal data, please read this Policy carefully as it contains important information on who we are, how and why we collect, store, use and share your personal data (process), your rights in relation to your personal data, how to contact us, and how to contact supervisory authorities in the event that you would like to report a concern about the way in which we process your personal data.
For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and the UK Data Protection Act 2018 (DPA), Fermata is the ‘controller’ of personal data.
Fermata is a private limited company registered in England and Wales under Company Number 10061139. Fermata provides leadership and management development training, coaching, assessment and supports businesses and individuals in other learning and development interventions. Our registered address is 255 Poulton Road, Wallasey, Wirral, CH44 4BT.
You can read more about Fermata on its website; www.fermata.co.uk
If you have any queries about this Policy, the way in which we process personal data, or about exercising any of your rights, you may send an email to terry@fermata.co.uk or write to Terry Foster, Fermata Development Solutions Ltd, 40 Yorke Road, Reigate, Surrey, RH2 9HB
We collect your name, gender, contact information, and any other personal data when it is necessary in relation to a specific programme or assessment. We might also collect personal data as required to administer any complaints or ordinary administration of your account with us. This personal data is provided either directly by you or by your employer with whom you have contracted to receive learning, training or assessment, and/or other services provided by us.
In exceptional circumstances, we may also collect and/or be provided with special category data, such as data about your physical or mental health or condition, to enable us to administer requests for reasonable adjustments, or in relation to a complaint or appeal.
Such data should be collected and/or provided to us only if you have provided your explicit consent or if we are otherwise permitted to receive and process it under the GDPR and/or DPA (including as set out below).
We may process your personal data where this is necessary to pursue our legitimate interests as a provider of learning, training, assessment, and/or services, including to:
We may also process your personal data in pursuance of our legitimate interests to contact you directly in relation to new and existing products, services and news. Where you do receive such marketing communications from us, you may change your preferences or unsubscribe from marketing communications at any time by contacting us at terry@fermata.co.uk or writing to Terry Foster, Fermata Development Solutions Ltd, 40 Yorke Road, Reigate, Surrey, RH2 9HB
We may also process your personal data if required by law.
With respect to special category data, we may process such data when we have obtained your explicit consent to do so. We may also process such data if necessary, for reasons of substantial public interest, including for the prevention or detection of unlawful acts or in compliance with, or to assist third parties to comply with, any regulatory requirements relating to the investigation of unlawful acts, dishonesty or malpractice
We may also share personal data (including any special category data) with law enforcement or other authorities or agencies if required by law or where we otherwise deem it necessary in pursuance of our legitimate interests.
We may also share your personal data with trusted third-party service providers including:
We will ensure that there is a contract in place with such third party service providers, which includes obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them, and which upholds your rights and freedoms with respect to personal data.
Where a third party recipient is located outside the European Economic Area, we will ensure that the transfer of personal data is protected by appropriate safeguards, including by the use of standard data protection clauses adopted or approved by the European Commission where the Commission does not believe that the country has adequate data protection laws
We may also share personal data (including any special category data) with law enforcement or other authorities or agencies if required by law or where we otherwise deem it necessary in pursuance of our legitimate interests.
You should be aware that, where personal data is shared with a public authority, it will become subject to the Freedom of Information Act 2000 (FOIA) and may potentially fall within the scope of any future FOIA request made to such public authority.
We will keep personal data relating to your learning, training or assessment in order to:
We will also keep personal data relating to our quality assurance processes and complaints, in order to comply with applicable contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities.
We keep personal data for no longer than as is necessary for the above purposes.
We take all reasonable steps to ensure that both we and our third-party service providers protect your personal data. This includes ensuring that our we and they are aware of their information security obligations, providing training, and limiting access to your personal data to those who have a genuine business need to know.
We also take reasonable steps to protect your personal data from loss or destruction and have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Any change in our processes will include structured assessment of information security and data privacy risks. We will ensure that all proposed system changes of Fermata from time to time fully align with the GDPR and good practice to uphold data subjects’ rights and freedoms with respect to personal data.
Under the GDPR, you have various rights with respect to our processing of your personal data:
You have the right to request a copy of the personal data that we hold about you by contacting us at the email or postal address given below. Please include with your request information that will enable us to verify your identity. We will respond within one month of request. Please note that there are exceptions to this right. We may be unable to make all data available to you if, for example, making the data available to you would reveal personal data about another person, if we are legally prevented from disclosing such data, if there is no basis for your request, or if your request is excessive.
We aim to keep your personal data accurate, current and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
You have the right to request the deletion of your personal data where, for example, the personal data is no longer necessary for the purposes for which it was collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed. If you would like to request that your personal data be erased, please contact us using the contact details provided below.
In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes. If you would like to object to the processing of your personal data, please contact us using the contact details provided below.
In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have queried the accuracy of the personal data we hold about you and we are verifying the personal data, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. If you would like to make such request, please contact us using the contact details provided below.
In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another ‘controller’, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. If you would like to make such request, please contact us using the contact details provided below.
Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception, we will explain this to you in our response.
If you have any queries about this Policy, the way in which Fermata processes personal data, or about exercising any of your rights, you can email terry@fermata.co.uk or write to Terry Foster, Fermata Development Solutions Ltd, 6 Burnham Drive, Reigate, Surrey RH2 9HD
If you believe that your data protection rights may have been breached, and we have been unable to resolve your concern, you may lodge a complaint with the applicable supervisory authority or seek a remedy through the courts. Please visit the UK Information Commissioner’s Office website for more information on how to report a concern.
Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Policy.
Updated September 2021
With respect to special category data, we may process such data when we have obtained your explicit consent to do so. We may also process such data if necessary, for reasons of substantial public interest, including for the prevention or detection of unlawful acts or in compliance with, or to assist third parties to comply with, any regulatory requirements relating to the investigation of unlawful acts, dishonesty or malpractice.