Policies

During your Subscription Term, we provide the Services and make available to you subject to the terms of your agreement.

We shall use all reasonable endeavours to make the Services available 24 hours a day, seven days a week, except for:

• planned maintenance which may be performed outside Normal Business Hours; and
• unplanned maintenance which may be performed at any time, provided that the Supplier has used reasonable endeavours to give the Customer at least 6 Normal Business Hours’ notice in advance.

In the event that the Services are unavailable for any period of more than 36 hours no payment shall be due from you in respect of the period for which the Services are unavailable and any advance payment shall be refunded on a pro rata basis within ten days.

We will, as part of the Services and at no additional cost to you, provide you with our standard customer support services during Normal Business Hours in accordance with our Support Services Policy (see contract). We may amend the Support Services Policy subject to the written agreement of you, the Customer. You may purchase enhanced support services separately at our then current rates.

We shall ensure that it has the capacity to deliver Services to the full number of Authorised Users and to meet your requirements in respect of the volume of use of the Services.

This privacy policy sets out how we use and protect any information that you give us when you use this website or any of our services.

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website or our services you can be assured that it will only be used in accordance with this privacy statement.

What we collect

We may collect the following information:

• Name, address and job title
• Contact information, including email address
• Demographic information such as your postcode
• Other information relevant to customer surveys and/or offers

The data that we collect from you may be transferred to and stored within Microsoft Windows Azure cloud services, located in the Western Europe in the Netherlands. It may also be processed by staff operating within the European Economic Area ('EEA') who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

• The provision of training and qualifications
• Internal record keeping
• Proof to responsible authorities of due diligence through the provision of training
• To improve our products and services
• To send promotional emails about new products, special offers or other information, which we think you may find useful or interesting using the email address which you have provided
• To contact you for market research purposes. We may contact you by email, phone, fax or mail

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Payments & Credit Cards

We do not store credit card details nor do we share customer details with any 3rd parties.

The following detailed service parameters are the responsibility of CPL Online in the ongoing support of this Agreement.

1.1. Service Scope

The following Services are covered by this Agreement;

• Telephone support : 8:00 A.M. to 6:00 P.M. Monday - Friday
  - Calls received out of office hours will be forwarded to an answer phone service.
• Email support: Monitored 8:00 A.M. to 6:00 P.M. Monday - Friday
  - Emails received outside of office hours will be collected, however no action can be guaranteed until the next working day.
  - Email cover is provided on Saturday and Sunday.
• Dedicated Project Manager: Available 9:00 A.M. to 6.00 P.M. Monday – Friday
  - Any calls/emails received when Dedicated Project Manager is out of the office will be passed to a senior member of staff and dealt with quickly.
• Management report production
• Management review (to include agenda topics, KPIs, budget control and % achievement)

1.2. Service Provider Requirements

CPL Online responsibilities and/or requirements in support of this Agreement include:

• Meeting response times associated with service related incidents
• Appropriate notification to Customer for all scheduled maintenance

In support of services outlined in this Agreement, CPL Online will respond to service-related incidents and/or requests submitted by the Customer within two hours.

Overview

This policy defines the Data Security Policy for data within the organisation and any data we hold for client’s organisations. Data is typically saved on servers but is not necessarily limited to servers. Servers expected to be backed up include the file server, the mail server, the web server and the database server.

Key Security Points

• All servers are behind a managed Cisco firewall which is controlled by Rise.
• To access the servers you need either a client VPN connection or Site 2 Site VPN
• The only open ports are ports HTTP 80, HTTPS 443 for the web servers. The email server has ports SMTP 25, IMAP 143 and POP 110 to allow mail flow. The database server has no external access
• The web servers are fully redundant if one was to fail
• The servers are backed up fully each night to a repository server which only CPL has access to
• The SLA from Rise is 99.9%
• The data centre is manned 24/7 and has UPS and backup generators in place
• Rise has 10GB internet connections and diverse routing to ensure that connectivity is not lost.

ESCROW Agreement

The licensees’ data will be released to the subjected licensee in the event of CPL Online becoming bankrupt; no information will be held by the licensor in the event of this happening.

Overview

This policy defines the backup policy for data within the organization. Data is typically saved on servers but is not necessarily limited to servers. Servers expected to be backed up include the file server, the mail server, the web server and the database server.

Purpose

This policy is designed to protect data in the organization to be sure it is not lost and can be recovered in the event of an equipment failure, intentional destruction of data, or disaster.

Scope

This policy applies to all data owned and used by the organization.

Definitions

• Backup: the saving of data onto mass storage devices for the purpose of preventing loss of data in the event of equipment failure or destruction.
• Restore: the process of bringing off line storage data back from the offline media and putting it on an online storage system such as a file server.

Timing

Full backups are performed daily.

Responsibility

The IT department manager shall delegate a member of the IT department to perform regular backups. The delegated person shall develop a procedure for testing backups and test the ability to restore data from backups on a monthly basis.

Data Backed Up

Data to be backed up include the following information:

• User data stored on the hard drive
• System state data
• Web site files
• Database backups

Systems to be backed up include but are not limited to:

• File server
• Mail server
• Production web server
• Production database server
• Domain controllers
• Test database server
• Test web server

Storage Locations

Offline storage devices will be stored off site in a fire proof safe.

Opening statement from senior management

The CPL Training Group is committed to preventing acts of modern slavery and human trafficking from occurring within its business, and to communicate this policy throughout its supply chain.

Structure of the organisation

The CPL Training Group Limited is comprised of CPL Training Limited, CPL Online Limited, ABV Training Limited, UK Legion Marketing Limited and Parsecs Data Limited.

The commercial activities of the Group are principally the delivery of vocational training and qualifications (offline and online), software development, licensing services and sales and marketing services related to the sectors which we service.

Scope of the Modern Slavery Act 2015

The Act defines modern slavery as “slavery, servitude and forced or compulsory labour” and “human trafficking” (Modern Slavery). The Act requires commercial organisations operating in the UK (i.e. that supply goods or services from or to the UK) and have a global turnover above £36 million, to publish a statement each financial year, which sets out the steps they have taken to ensure there is no Modern Slavery in their business or supply chains. CPL Training Group’s combined turnover is below this limit, but we nevertheless published this Modern Slavery Policy and undertake to review it annually.

As part of our commitment to combating Modern Slavery, we have formulated this Modern Slavery policy.

• CPL Training Group operates a zero-tolerance approach to Modern Slavery in our organisation.
• We will inform and highlight the steps that our staff can take if they are concerned about any such type of behaviour.
• We will also take steps to ensure that our suppliers are aware of our policy.

Our due diligence processes

Because of the skilled nature of the employment positions we offer, we consider the risk of Modern Slavery existing within our business to be low. Our focus is therefore on ensuring that people we recruit to our organisation have a right to work here and are doing so of their own volition. We operate a right to work check system, as detailed below:

Right to work check

• Any person who applies for employment with us is subject to a right to work check before a job offer is made to that person.
• This check ensures that we are compliant with the Immigration Act 2016, but also reduces the risk of employing a person who is the victim of forced or compulsory labour.

Application of the ‘PeopleSearch’ right to work check

We have developed ‘PeopleSearch’, a cloud-based system that enables us to verify the identity of job applicants and existing employees by checking the authenticity of the official documents the applicant provides as proof of identity. The system enables us to check that:

• The document is genuine, and
• That it relates to the person presenting it as a proof of identity

Through using this system, we can establish a ‘right to work’ in the UK for anyone identified as an EU citizen, and to check the authenticity of any work permit provided by an applicant from a non-EU country that gives them a right to reside and work in the UK. This reduces the risk of employing a person who has been trafficked or is working under duress.

Our supply chain

To deliver its services, the Group works with a small range of suppliers, all of whom are based in a low risk jurisdiction, i.e., the United Kingdom.

The contractual terms and conditions that we put in place with our suppliers are being updated to include clauses that forbid the use of slavery and human trafficking.

Training

General awareness training is to be provided via an e-learning course available online and this training will form part of every new employee’s induction process.

Whistleblowing

The Group has a Whistleblowing Policy and all staff are informed of their responsibility to voice any concerns to our HR department, which will deal with these concerns in the strictest confidentiality.

Board Approvals

This Policy will be reviewed by the CPL Training Group Limited Board of Directors on an annual basis.

Responsibility for Policy:

Board of Directors.

Responsibility for Implementation:

All employees at CPL Training Group.

Our website uses cookies to allow the website to function correctly and to distinguish you from other users. This helps us to provide you with a good experience when you browse our website and also allows us to improve the functionality. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree.

Cookies contain information that is transferred to your computer’s hard drive. We use the following categories of cookies:

Strictly necessary cookies

These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

Analytical/performance cookies

They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies

These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

All data or information which is collected by the setting of a cookie is anonymous, and cannot identify you or your use of the website personally. You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookies

If you do not consent to our use of cookies, we will not be able to display our web pages properly and your experience of our website will be greatly affected.

Remove consent

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.

Collecting your personal data

CPL Online needs to use and store certain information about its employees, clients and others to allow it to effectively carry out its business operation. For example, we monitor performance and learning to ensure our courses are fit for purpose. We also record health data to ensure that we can make the required adjustments to fully support our delegates in their learning experiences.

We may also collect information from you as a result of your relationship with one or more of our clients or other service providers.

We may also automatically collect certain non-personally identifiable information when you visit our website - for further details on this please see our Cookie Policy.

The information we process includes personal data. We must process personal data according to the General Data Protection Regulation (GDPR).

The GDPR is a new EU legal framework for data protection. The GDPR will apply to all member states from the 25th May 2018.

Protection of your information

CPL Online has developed its Privacy Policy to ensure that everyone associated with us understands their rights and responsibilities. We have has also drawn up a series of detailed guidelines to help deal with the everyday implications of the policy in practice.

We apply the highest standards of security when it comes to hosting and protecting your information.

We have the necessary policies and technical measures in place to protect your Personal Data against unauthorised access, accidental loss, improper use and disclosure. All of our employees and any third parties we engage to process your personal information are obliged to respect the confidentiality of your information.

We do not sell, rent, distribute or otherwise make personal information commercially available to any third party, except as described in our Privacy Policy or with your prior permission.

However, the internet is not completely secure and, although we deploy the most relevant measures best to protect your Personal Data, the transmission of your data to use is done at your own risk.

Marketing

We may provide you from time to time with information that we think may be of interest to you such as service and product updates, new services, details of events or competitions hosted by us. If you prefer not to receive promotional material from us, please email us at data.protection@cplonline.co.uk

In compliance with data protection and electronic communication rules, we may provide you from time to time with information that we think may be of interest to you. This information may be service and product updates, new services, details of events or competitions hosted by us. If you prefer not to receive promotional material from us, please click the unsubscribe link in the email or drop us an email at data.protection@cplonline.co.uk

Breach reporting

We have appointed David Dasher, our Chief Technical Officer, as our Data Protection Lead.

Suspected or actual compromises of data must be reported to us immediately using the Information Security Incident Reporting Form, which will be escalated to our DP Lead and other relevant internal parties immediately.

This is a requirement of our Information Security Policy which contains further details of our response procedures.

Completed forms should be submitted to data.protection@cplonline.co.uk

For advice, support and assistance in the event of a suspected breach, please contact us on 0151 647 1057.

Your rights

You have a right of access to Personal Data that we may hold about you, to have inaccurate information about you corrected and to request that we stop using your Personal Data for marketing purposes. Access requests should be put in writing and addressed to the Data Protection Lead at the address shown below. Please help us to keep you information up to date by informing us of any changes.

Revisions to our polices

We may change our policies from time to time, including information contained on this page. You should check this page from time to time to ensure that you are happy with any changes.

Contact Information

If you have any comments or questions about our data protection and privacy practices, please contact the Data Protection Lead by email data.protection@cplonline.co.uk or by letter at CPL Online Limited, Bridge Court, 110 Canning Street, Birkenhead, Wirral, CH41 1FN.