Privacy and The OCM Group website
Personal information collection and cookies
We collect the e-mail addresses and certain personal information of those who communicate with us via e-mail or register with us to receive useful knowledge materials, articles and newsletters. We also collect certain information regarding which pages users access or visit, and information volunteered by the users (such as any surveys or web forms that may appear on our site).
We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyse our records, identify new customers, and provide products and services that may be of interest to you. If you provide us with personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
The OCM Group may also collect and analyse from visitors and users, certain information regarding the use of the The OCM Group site and services available therein. Information collected may include but is not limited to web site traffic volume, frequency of visits, type and time of transactions, type of browser and operating system, etc.
We may provide your personal information to companies that provide services to help us with our business activities such as payment processing. These companies are authorized to use your personal information only as necessary to provide services to us.
Privacy as a client of The OCM
Why we collect information
This includes enabling The OCM Group Staff and contracted Associates to contact our clients to schedule coaching sessions and/or meetings in accordance with our contractual commitments. As a client of The OCM Group we may also have legitimate interest to contact you for the purposes of communicating useful ‘knowledge’ materials, articles and newsletters.
What information we collect
In order to fulfil our contractual obligations we may collect the following information:
- Client name
- Company title and company name and company address
- Contact telephone numbers
- E-mail and/or Skype address(es)
- Basic notes of actions and key points arising from our coaching sessions when working together
- Any information relating to your qualification or training programme including all Assessment material that we have a legal obligation to keep for the purposes of fulfilling our Quality Assurance responsibilities to our accreditation partner the European Mentoring and Coaching Council (EMCC)
For coaching clients
The coach will seek the client consent during the first coaching session.
For qualification or training clients
We will seek consent when you apply to enrol on one of our qualification or training programmes. The consent form will be part of your online application.
The systems we use to process your data
In order to fulfil our contractual obligations we may use one or several of the following proprietary or third party systems:
- Sugar CRM (3rd party, Sugar CRM, Inc, USA)
- Act-On (3rd party Act-On Software, Inc, USA)
- The Learning Pathway (3rd party, People Alchemy Ltd, UK)
- Excelerated (3rd party, Cambria Consulting, Inc, USA)
- Stripe (3rd party Stripe, Inc, USA)
- GetFeedback, (3rd Party, GetFeedback, Inc, USA)
Please see our Third Party and International Transfer statements below.
The OCM Group use Sugar CRM as our main platform to store and process the data we hold on you, unless you are part of a qualification or training programme where information is held on the Learning Pathway. If you are receiving coaching information is held in Excelerated.
Access to your information and correction of data
Whatever your contact with us, you have the right to request a copy of the information that we hold about you. If you would like to access the data we hold on you, please email or write to us at the address located at the end of this policy. We will reply in full within 1 month of receiving your request, unless the information is particularly complex. If we need more time we will let you know. Please leave contact details on any correspondence sent to us.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. We will delete or update your information within 48 hrs.
Withdrawing consent and objections to processing
You have the right to withdraw consent for us to have your data and the right to object to it being processed in any particular way. If you wish to do this, please email or phone us using the contact details given below. Please note that in accordance with the law around data protection, we aim to anonymize data as soon as possible. If we have already anonymized your responses, it may not be possible for us to give you a copy of the data you have submitted, or to correct, remove or withdraw it.
Your right to lodge a complaint
If you would like to complain about how your data has been treated by us please contact our Data Protection Officer, Deborah Raffell, at the address below. To take your complain further, contact our Chief Executive, Ed Parsloe. Under GDPR, you also have a right to lodge a complaint with the supervisory authority in your state of residence, place of work or where the alleged breach of GDPR occurred. In the UK this is the ICO.
Keeping your data safe
The OCM Group takes information security risks very seriously and takes all reasonable technical and organisational precautions to prevent the loss, misuse and / or alteration of your personal information.
In addition, we plan to seek accreditation to become certified with the Cyber Essential Certificate which will further enshrine best practice principles into all our organisational processes. The OCM Group securely store all the personal information you provide and, if not already in existence, we will create a number of company policies related to this. These include policies on:
- Monitoring for breaches and breach protocols
- Employee access and password changes
- Leavers and starters policies
- Work station security
- Wireless communication use
- VPN use
- Software installation
- Server Malware Protection
- Router Security
- Remote access
- Mobile Employee Endpoint Responsibility
- Information sensitivity
- Bluetooth security
- Email & IM use
- Acceptable use
- Acceptable encryption
Policies are and will be revised at a minimum annually with discussions on requirements to change built into our weekly Directors meeting on a monthly basis All staff are or will be given training on cyber security risks and policies annually or when policies change.
Retention of your data
We will keep your data no longer than is necessary within UK Law. We conduct regular audits of the data.
International data transfers
The GDPR imposes restrictions on the transfer of personal data outside the EEA, to third countries or international organisations. We follow these regulations, meaning that without your explicit consent your personal data will only be transferred outside of the EEA under the following circumstances:
• Where the Commission has decided that a third country, a territory or one or more specific sectors in the third country, or an international organisation ensures an adequate level of protection.
• Where the organization receiving the personal data has provided adequate safeguards e.g. certification under an approved certification mechanism.
With the exceptions below, The OCM Group does not share, sell, rent, or trade personally identifiable information with third parties for their promotional purposes. However, we may need to share your information with our agents or sub-contractors or third parties to deliver our contractual obligations. For example, we will share personal data to associates coaches, mentors, supervisors or facilitators when appropriate. When this is the case, for these purposes, the agent or sub-contractor or third parties in question will be obligated to use that personal information in accordance with the terms of this privacy statement.
In addition to the disclosures reasonably necessary for the purposes identified above, The OCM Group may disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.
How to contact us
The OCM Group Ltd, Orchard House, Hopcraft Lane, Deddington, Oxfordshire, OX15 0TD, UK
Please leave contact details on any correspondence and we will contact you to let you know it has been received.