welcome to the evolution of e-learning
Statement of Compliance
The General Data Protection Regulation (GDPR) came into force in 2018 and impacts every organisation which holds or processes personal data. It introduced new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties.
The GDPR is currently retained in domestic law now the UK has left the EU. The ‘UK GDPR’ sits alongside an amended version of the DPA 2018.
flick is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing all data in accordance with accepted standards, and have achieved IASME Governance certification and are working towards Cyber Essentials Certification to publicly evidence our compliance.
flick comply with all applicable Data Protection and GDPR regulations, including as a data processor, while also working closely with all our 3rd party data processors to ensure they meet their contractual obligations under law.
To ensure we meet our obligations, we can confirm the following statements:
- We have carried out a data ecomap to identify all Personal Information held and understand how the information flows between us and external data processors. We do not hold any Special Category Data on Customers or Prospective Customers.
- We have a documented Data Protection Impact Assessment (DPIA) and Privacy Impact Assessment (PIA), which covers our day to day business. Should we take on new project works, a DPIA and/or PIA will be conducted before the start of the project as required.
- Should a data breach occur, we will inform any clients who may be affected, report the breach to the ICO and implement any corrective actions necessary to prevent any such reoccurrence.
- All our staff are trained on their responsibilities to handle data securely on induction and then every 2 years (or sooner if there are major legislative changes).
- You have a right to erasure from our systems and a right to a record of the information we hold on you. If you would like to request this information, please submit your request in writing to gdpr@flicklearning.com.
- We have a Privacy Notice (https://www.flicklearning.com/privacy-notice) and a Fair Processing Notice (https://www.flicklearning.com/fair-processing-notice), which together informs people what we do with their personal data.
- Where Personal Data is being transferred outside the EU, this will be detailed in our Fair Processing Notice. All Personal Data, where held, is held securely with limited access for our staff based on the role they hold.
- When processing data we undertake the following:
- The processing is lawful, fair and transparent.
- We are transparent about what the data is being used for.
- Data is collected for a specific purpose.
- The data is necessary for the purpose.
- The data is accurate and kept up to date.
- Data is not kept for longer than necessary.
- The data is kept safe and secure.
For further clarification on any of the above, please address correspondence to gdpr@flicklearning.com.
We last updated this page and its content for you on 1st Jan 2021.