Privacy Policy

Privacy Policy

This privacy policy is for this website www.startyourownbusinessacademy.com and served by Start Your Own Business Academy and governs the privacy of its users who choose to use it. The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy

Who we are

Our website address is http://startyourownbusinessacademy.com. Start Your Own Business Academy is a business start up education project that seeks to enable people in the community to realise their dreams of starting their own successful business. This project was started by New-Living Int. Christian Centre Ltd. (Company Number 08747196 registered at 70 Scott Road, Essex RM16 4EJ). For more information about NICC please check out our website www.yournicc.com.

 

The Website

This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.

 

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Who we share your data with

Your data will not be shared with any third parties without prior consent. Your data will be kept safely by NICC who run the Start Your Own Business project; and only their staff and/or volunteers will use it to contact you in relation to the course alone.

How long we retain your data

The data you choose to provide for booking and enquiry purposes will be kept until we are able to contact you and establish your level of interest. You will be asked if you wish to be kept informed about future courses and events. If the answer is no, your details will be erased.

What rights you have over your data

You can write to us (NICC Ltd.) via email to boomy@startyourownbusinessacademy.com or via post to our registered address (70 Scott Road, Grays, ESSEX RM16 4EJ) to request what, if any data we may have on you, and for that data to be deleted from our records (this is in the case where you have consented to receiving information about upcoming courses and events).

Where we send your data

Your data is sent to project staff who will contact you in regards to booking a course or an enquiry. If you consent to being kept updated about upcoming courses and events; your data will be put on a mailing list for that purpose.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

There is a part of the website provided for the purposes of booking a place on courses or enquiries. Where an individual chooses to input their contact details, they will be giving their consent for booking staff to contact them about the course only. This is clearly explained on the website itself. These details will not be passed on to any third parties nor used for marketing purposes without prior consent.

 

Use of Cookies

This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer / device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer / device.

Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google’s privacy policy here for further information [http://www.google.com/privacy.html ].

Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

External Links

Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites, similar to; Folded Book Art or Used Model Trains For Sale.)

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

 

Contact & Communication

Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.

This website and its owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.

 

Email Newsletter

This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.

Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act 1998. No personal details are passed on to third parties nor shared with companies / people outside of the company that operates this website. Under the Data Protection Act 1998 you may request a copy of personal information held about you by this website’s email newsletter program. A small fee will be payable. If you would like a copy of the information held on you please write to the business address at the bottom of this policy.

Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list].
This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will by detailed instead.

 

Adverts and Sponsored Links

This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.

Clicking on any such adverts will send you to the advertisers website through a referral program which may use cookies and will track the number of referrals sent from this website. This may include the use of cookies which may in turn be saved on your computers hard drive. Users should therefore note they click on sponsored external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

 

Social Media Platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Shortened Links in Social Media

This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example: http://bit.ly/zyVUBo).

Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.

 

Additional information

How we protect your data

NICC Ltd will take reasonable steps to keep any personal information which we hold secure, accurate and up to date. Personal information, held electronically, is stored in a secure server or secure files. We take security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. These include hard copy data being locked away in designated cabinets only accessible by specific staff / volunteers. Staff at NICC Ltd. undergo training so that they know how to correctly and safely handle data in accordance with Data Protection legislation. Data held on electronic devices such as laptops and designated phones are password protected and cloud storage and files containing data are also password protected; accessible to staff / volunteers who have undergone relevant training. We also seek to ensure that firewall, anti-virus software and general cyber
security.

What data breach procedures we have in place

Definitions / Types of breach

For the purpose of this policy, data security breaches include both confirmed and suspected incidents. An incident in the context of this policy is an event or action which may compromise the confidentiality, integrity or availability of systems or data, either accidentally or deliberately, and has caused or has the potential to cause damage to NICC Ltd.’s information assets and / or reputation. An incident includes but is not restricted to, the following:

  • loss or theft of confidential or sensitive data or equipment on which such data is stored (e.g. loss of laptop, USB stick, iPad / tablet device, or paper record);
  • equipment theft or failure;
  • system failure;
  • unauthorised use of, access to or modification of data or information systems;
  • attempts (failed or successful) to gain unauthorised access to information or IT system(s);
  • unauthorised disclosure of sensitive / confidential data;
  • website defacement;
  • hacking attack;
  • unforeseen circumstances such as a fire or flood;
  • human error;
  • ‘blagging’ offences where information is obtained by deceiving the organisation who holds it.

Reporting an incident

Any individual who accesses, uses or manages NICC Ltd.’s information is responsible for reporting data breach and information security incidents
immediately to the Data Protection Officer ( niccdisciples@gmail.com ). If the breach occurs or is discovered outside normal working hours, it must bereported as soon as is practicable. The report must include full and accurate details of the incident, when the breach occurred (dates and times), who is reporting it, if the data relates to people, the nature of the information, and how many individuals are involved. An Incident Report Form should be completed as part of the reporting process (refer to Appendix 1). All staff should be aware that any breach of Data Protection legislation may result in Disciplinary Procedures being instigated. Containment and recovery The Data Protection Officer (DPO) will firstly determine if the breach is still occurring. If so, the appropriate steps will be taken immediately to minimise the effect of the breach.

  • An initial assessment will be made by the DPO in liaison with relevant officer(s) to establish the severity of the breach and who will take the lead investigating the breach, as the Lead Investigation Officer (this will depend on the nature of the breach; in some cases it could be the DPO).
  • The Lead Investigation Officer (LIO) will establish whether there is anything that can be done to recover any losses and limit the damage the breach could cause.
  • The LIO will establish who may need to be notified as part of the initial containment and will inform the police, where appropriate.
  • Advice from experts as appropriate may be sought in resolving the incident promptly.
  • The LIO, in liaison with the relevant officer(s) will determine the suitable course of action to be taken to ensure a resolution to the incident.
  • Investigation and risk assessment.
  • An investigation will be undertaken by the LIO immediately and wherever possible, within 24 hours of the breach being discovered / reported.
  • The LIO will investigate the breach and assess the risks associated with it, for example, the potential adverse consequences for individuals, how serious or substantial those are and how likely they are to occur.

The investigation will need to take into account the following:

  • the type of data involved;
  • its sensitivity;
  • the protections are in place (e.g. encryptions);
  • what has happened to the data (e.g. has it been lost or stolen;
  • whether the data could be put to any illegal or inappropriate use;
  • data subject(s) affected by the breach, number of individuals involved and the potential effects on those data subject(s);
  • whether there are wider consequences to the breach.

Notification
Every incident will be assessed on a case by case basis; however, the following will need to be considered:

  • whether the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms under Data Protection legislation1;
  • whether notification would assist the individual(s) affected (e.g. could they act on the information to mitigate risks?);
  • whether notification would help prevent the unauthorised or unlawful use of personal data;
  • whether there are any legal / contractual notification requirements;
  • the dangers of over notifying. Not every incident warrants notification and over notification may cause disproportionate enquiries and work.
  • Individuals whose personal data has been affected by the incident, and where it has been considered likely to result in a high risk of adversely affecting that individual’s rights and freedoms, will be informed without undue delay.

Notification will include a description of how and when the breach occurred and the data involved. Specific and clear advice will be given on what they can do to protect themselves, and include what action has already been taken to mitigate the risks.Individuals will also be provided with a way in which they can contact NICC  Ltd. for further information or to ask questions on what has occurred. The LIO and / or the DPO must consider notifying third parties such as the police, insurers and banks. This would be appropriate where illegal activity is known or is believed to have occurred, or where there is a risk that illegal activity might occur in the future. A record will be kept of any personal data breach, regardless of whether notification was required.

Evaluation and response
Once the initial incident is contained, the DPO will carry out a full review of the causes of the breach; the effectiveness of the response(s) and whether any changes to systems, policies and procedures should be undertaken. Existing controls will be reviewed to determine their adequacy, and whether any corrective action should be taken to minimise the risk of similar incidents occurring. The review will consider:

  • where and how personal data is held and where and how it is stored;
  • where the biggest risks lie including identifying potential weak points
  • within existing security measures;
  • whether methods of transmission are secure; sharing minimum amount of data necessary;
  • staff / volunteer awareness;
  • implementing a data breach plan and identifying a group of individuals responsible for reacting to reported breaches of security.
  • If deemed necessary, a report recommending any changes to systems, policies and procedures will be considered by NICC Leaders.

Policy Review

This policy will be updated as necessary to reflect best practice and to ensure compliance with any changes or amendments to relevant legislation.

Resources & Further Information

v.2.0 November 2018 Edited & customised by: Startyourownbusinessacademy.com 395 Barking Road, Plaistow, London E13 8AL +44 7032394620