The Retail Banking Institute Ltd is part of Lafferty Group, trading as Lafferty Holdings Ltd. The Retail Banking Institute Ltd cares about your privacy and is committed to processing your personal information in accordance with fair information practices and applicable data privacy laws.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the Data Protection Act 1998 and the General Data Protection Regulation 2016/679 (the “GDPR”).
In the case of a corporate contract involving registrations with more than one delegate/user/candidate, it is the responsibility of the client to share this data privacy notice with all the parties involved/registered to inform them of their rights and of how their data will be processed.
Who are we?
Retail Banking Institute Ltd will be what’s known as the ‘Controller’ of the personal data you provide to us. We collect personal data about you which does includes name, address, email, phone number, bank details. This means Retail Banking Institute Ltd decides how your personal data is processed and for what purposes.
How do we process your personal data?
Retail Banking Institute Ltd complies with its obligations under the Data Protection Act / GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes:
For Contract customers
- To enable us to provide ongoing support to Candidates;
- To administer customer records;
- To maintain our own accounts and records.
- We also use your personal data to maintain, support and manage websites, access, and other related services that individuals have requested; to inform individuals of alerts and notifications related to their access to the websites as applicable; and to contact individuals about their opinions of current services or of potential new services that may be offered.
What is the legal basis for processing your personal data?
- Processing is necessary for the performance of a learning/service agreement contract with the data subject;
- Processing is necessary for the provision of support and related services;
- Processing is necessary for compliance with a legal obligation;
- Processing is necessary to protect the vital interests of a data subject or another person;
- Processing is necessary for the performance of a task carried out in the customers interest or in the exercise of official authority vested in the data controller;
- Processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity.
- The processing relates only to existing customers and there is no disclosure to a third party without consent (except in cases of legal intervention, where we are obliged by law to divulge such information).
Sharing your personal data
Your personal data will be treated as strictly confidential and will be shared only with contacts you have specifically asked us to share data with. We will only share your data with third parties outside of the Retail Banking Institute Ltd with your consent.
Where do we store your data?
We store customer and related data in our CRM system, which is an application running on UK- and Irish-based servers. For the purposes of IT hosting, backups, cloud services and maintenance this information is located on secure servers in the UK and Ireland.
We have a Data Protection regime in place to oversee the effective and secure processing of your personal data which will continue to be monitored.
Data access control
We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your personal information. Both hard and soft version of the documents containing personal information are safe, and their access is restricted based on our legal obligations, contract requirements and your consent.
We have measures to prevent our systems from being used by unauthorised persons. This is achieved by having:
- Individual and role-based user accounts.
- Centralised, standardised password management and password policies.
- Deactivation of user accounts after 3 failed login attempts.
Individuals that are granted access to our systems are only able to access the data that is required to be accessed within their scope of responsibilities and to the extent covered by their respective access permission; and such data cannot be read, copied, modified or removed without specific authorisation. This is accomplished by:
- Authentication at operating system level.
- Segregation of duties and authorisations between users, administrators and system developers.
- Remote access only via VPN including appropriate authorisation and authentication
- Logging of system and network activities to produce an audit trail in the event of system misuse.
How long do we keep your personal data?
We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed if it is no longer required. Your information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information.
Your rights and your personal data
Unless subject to an exemption under the Data Protection Act / GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of personal data Retail Banking Institute Ltd holds about you;
- The right to request that Retail Banking Institute Ltd corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Retail Banking Institute Ltd to retain such data;
- The right to request that Retail Banking Institute Ltd provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable);
- The right to lodge a complaint with the Information Commissioners Office.
To exercise all relevant rights, queries of complaints please in the first instance contact the Data Protection Officer, Lafferty Group by email at: firstname.lastname@example.org.
All data breaches (accidental disclosures/losses of personal data) must be reported to the Data Protection Officer as soon as the breach has been discovered so that appropriate measures can be taken to recover the data and limit any damage. The Lafferty Group is obliged to report any breaches to the Information Commissioner Office (ICO) within 72 hours.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Types of information collected on this website
The following kinds of information may be collected on this site in order to better understand your needs and to provide you with a better service:
a. Information about your computer, your visits and your use of this website. This may include your computer’s IP address, its geographical location, your browser type and version, your computer operating system, the referral source, the length of visit, the number of page views and your navigation of the website.
b. Information relating to transactions carried out on this website including information relating to the purchase of goods or services.
c. Information that you provide for the purpose of registering to use services on this website and/or in order to subscribe to our website services such as email notifications and newsletters.
d. Any other information that you specifically choose to send to Retail Banking Institute Ltd.
This website may use ‘session’ cookies, ‘persistent’ cookies and ‘third-party’ cookies including ‘Google cookies’.
a. Session cookies
Session cookies help Retail Banking Institute Ltd to track your use of this website as you navigate the pages. Session cookies are automatically deleted from your computer when you close your browser.
b. Persistent cookies
Persistent cookies enable Retail Banking Institute Ltd to recognise you when you make a return visit and may be used to register any preferences set on previous visits. Persistent cookies will remain stored on your computer until they are deleted or until they reach a specified expiry date.
c. Third-party cookies
d. Google cookies
Links to other websites
This website may contain links to other websites. Please note that Retail Banking Institute Ltd has no control over other websites and Retail Banking Institute Ltd cannot be held responsible for the protection and privacy of any information which you provide whilst visiting such sites.