The OCM Group Privacy Policy

The OCM is professional coaching and mentoring services firm based in Oxfordshire, UK. This privacy policy explains how we use any personal information we collect about you when you are a client of ours, use our website, or opt-in to receive useful knowledge materials, articles and newsletter

Your privacy is important to The OCM Group. This privacy statement provides information about the personal information that The OCM Group collects and the ways in which The OCM Group uses that personal information. It also outlines how we protect your data and your rights to access, correct or delete it.

Privacy and The OCM Group website

Personal information collection and cookies

We collect the e-mail addresses and certain personal information of those who communicate with us via e-mail or register with us to receive useful knowledge materials, articles and newsletters. We also collect certain information regarding which pages users access or visit, and information volunteered by the users (such as any surveys or web forms that may appear on our site).

We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you.  This helps us to update, expand and analyse our records, identify new customers, and provide products and services that may be of interest to you.  If you provide us with personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.

The OCM Group may also collect and analyse from visitors and users certain information regarding the use of the The OCM Group site and services available therein. Information collected may include but is not limited to web site traffic volume, frequency of visits, type and time of transactions, type of browser and operating system, etc.

We may provide your personal information to companies that provide services to help us with our business activities such as payment processing. These companies are authorized to use your personal information only as necessary to provide services to us.

Privacy as a client of The OCM

Why we collect information

When you become a client of The OCM Group we will collect some personal data either in order to deliver our services to you, typically a coaching contract, qualification or training programme or for the purposes of our legitimate interesting in performing our business ethically and in line with our terms and conditions and Privacy Statement.

This includes enabling The OCM Group Staff and contracted Associates to contact our clients to schedule coaching sessions and/or meetings in accordance with our contractual commitments. As a client of The OCM Group we may also have legitimate interest to contact you for the purposes of communicating useful ‘knowledge’ materials, articles and newsletters.

What information we collect

In order to fulfil our contractual obligations we may collect the following information:

  • Client name
  • Company title and company name and company address
  • Contact telephone numbers
  • E-mail and/or Skype address(es)
  • Basic notes of actions and key points arising from our coaching sessions when working together
  • Any information relating to your qualification or training programme including all Assessment material that we have a legal obligation to keep for the purposes of fulfilling our Quality Assurance responsibilities to our accreditation partner the European Mentoring and Coaching Council (EMCC)

Consent

For coaching clients

We will seek the client consent via electronic agreement, see link below. You are advised to refer to The OCM Handbook for the Coaching Process to see what you are required to action when.  As a guide this will include:

  • Notifying the OCM Client Support Administrator to issue the link for consent to the client/coachee prior to commencing coaching sessions
  • Confirming with the OCM Client Support Administrator that the client has signed the consent form prior to starting coaching
  • Any queries to be directed, in the first instance, to the OCM Client Support Administrator

To provide consent please follow this link: http://www.theocm.co.uk/provide-gdpr-consent

For qualification or training clients

We will seek consent when you apply to enrol on one of our qualification or training programmes. The consent form will be part of your online application.

The systems we use to process your data

In order to fulfil our contractual obligations we may use one or several of the following proprietary or third party systems:

  • The OCM Learning Portal
  • The OCM Programme Support System
  • The OCM 180 Feedback Tool
  • The OCM Coach/Mentor Selector Tool
  • Sugar CRM (3rd party, Sugar CRM, Inc, USA)
  • Act-On (3rd party Act-On Software, Inc, USA)
  • Lead Forensics (3rd party, Lead Forensics Ltd, UK)
  • The Learning Pathway (3rd party, People Alchemy Ltd, UK)
  • Accelerate (3rd party, Cambria Consulting, Inc, USA)

Please see our Third Party and International Transfer statements below.

Your rights

The OCM Group use Sugar CRM as our main platform to store and process the data we hold on you. Sugar CRM is in the process of releasing Sugar 8.0 that will include a new Data Privacy module. This new module, which the OCM Group will acquire at the earliest possible opportunity, will ensure we can efficiently process data subject requests and record all actions taken to address those requests making us fully compliant with the GDPR regulations.

Until that point The OCM Group will ensure you have the following rights:

Access to your information and correction of data

Whatever your contact with us, you have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us at the address located at the end of this policy. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. We will delete or update your information within 48 hrs. If you would like to access the data we hold on you, again please email or write to us. We will reply in full within 1 month unless the information is particularly complex. If we need more time we will let you know.

Please leave contact details on any correspondence sent to us. We will contact you to know it has been received, where the 1 month time frame will start.

Withdrawing consent and objections to processing

You have the right to withdraw consent for us to have your data and the right to object to it being processed in any particular way. If you wish to do this, please email or phone us with the contact details given below. Please note that in accordance with the law around data protection, we aim to anonymize data as soon as possible. If we have already anonymized your responses, it may not be possible for us to give you a copy of the data you have not submitted, or to correct, remove or withdraw it.

Your right to lodge a complaint

If you would like to complain about how your data has been treated by us please contact our Data Protection Officer, Deborah Raffell, at the address below. To take your complain further, contact our Chief Executive, Ed Parsloe. Under GDPR, you also have a right to lodge a complaint against with the supervisory authority in your state of residence, place of work or where the alleged breach of GDPR occurred. In the UK this is the ICO.

Keeping your data safe

The OCM Group takes information security risks very seriously and takes all reasonable technical and organizational precautions to prevent the loss, misuse and / or alteration of your personal information.

In addition, we plan to seek accreditation to become certified with the Cyber Essential Certificate which will further enshrine best practice principles into all our organisational processes. The OCM Group securely store all the personal information you provide and, if not already in existence, we will create a number of company policies related to this. These include policies on:
• BYOD
• Monitoring for breaches and breach protocols
• Employee access and password changes
• Leavers and starters policies
• Work station security
• Wireless communication use
• VPN use
• Software installation
• Server Malware Protection
• Router Security
• Remote access
• Mobile Employee Endpoint Responsibility
• Information sensitivity
• Bluetooth security
• Email & IM use
• Acceptable use
• Acceptable encryption
• Anti-virus

Policies are and will be revised at a minimum annually with discussions on requirements to change built into our weekly Directors meeting on a monthly basis All staff are or will be given training on cyber security risks and policies annually or when policies change.

Retention of your data

We will keep your data no longer than is necessary. We conduct regular audits of our data and this PDF outlines our policy in relation to retaining your data.

International data transfers

The GDPR imposes restrictions on the transfer of personal data outside the EEA, to third countries or international organisations. We follow these regulations, meaning that without your explicit consent your personal data will only be transferred outside of the EEA under the following circumstances:

• Where the Commission has decided that a third country, a territory or one or more specific sectors in the third country, or an international organisation ensures an adequate level of protection.
• Where the organization receiving the personal data has provided adequate safeguards e.g. certification under an approved certification mechanism.

Third parties

With the exceptions below, The OCM Group does not share, sell, rent, or trade personally identifiable information with third parties for their promotional purposes. However, we may need to share your information with our agents or sub-contractors or third parties to deliver our contractual obligations. For example, we will shre personal data to associates coaches, mentors, supervisors or facilitators when appropriate. When this is the case, for these purposes, the agent or sub-contractor or third parties in question will be obligated to use that personal information in accordance with the terms of this privacy statement.

If the ownership of our business changes, for example we are bought by another company or merged with one, we would need to transfer your data to this new owner. We would ensure that your data is transferred to them securely and in accordance with our privacy policies.

In addition to the disclosures reasonably necessary for the purposes identified above, The OCM Group may disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.

Changes to our privacy policy

We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated 1st May 2018.

How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you by email to deborah.raffell@theocm.co.uk or phone us on +44 (0) 1869 338989.

The OCM Group Ltd, Orchard House, Hopcraft Lane, Deddington, Oxfordshire, OX15 0TD, UK

Please leave contact details on any correspondence and we will contact you to let you know it has been received.