Privacy policy for ONCORE ePD

Customer privacy and our core beliefs

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) replaces the Data Protection Regulation (Directive 95/46/EC) from 25th May 2018. The Regulation aims to harmonise data protection legislation across the EU member states, enhancing the privacy rights for individuals.

ONCORE ePD is committed to complying with the GDPR regulation from its implementation date. Our current procedures are already closely aligned with the new regulation, however we have released this updated Privacy Policy in order to clarify our compliance and update some areas that benefited from improvement.

ONCORE is, and has always been committed to protecting the privacy of its customers. We will only use the information that we collect about you lawfully and in a manner you have consented to. We collect information about you to process your order and also to provide you with the best possible services. We do not pass your information to third parties without first gaining your explicit consent.

About us and who controls your data

ONCORE ePD is the owner and operator of this website. We collect and process your personal data. The data controller is ONCORE ePD. Our contact details are set out below.

Postal Address:

ONCORE ePD
Walnut Lodge
Farm Lane
South Littleton
Worcestershire
WR11 8TL
United Kingdom

Telephone: 0121663 1971
Email: [email protected]

ONCORE ePD websites:
https://www.oncoreepd.co.uk
https://oncorevle.co.uk

Our lawful basis for collecting and processing your personal data

We only collect and process personal data with a sound lawful basis to do so. We collect and process data under the following lawful bases:

Consent: where you, as an individual have given clear consent to us in order to process your personal data for a specific purpose.
Contract: the processing is necessary for a contract we have with you, the customer, or because you have asked us to take specific steps before entering into a contract.
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect you, the individual’s personal data which overrides those legitimate interests.

Personal data we collect, and why we collect and process it

We may need to collect the following information from you in order to process your order, notify you of the status of your order, and in the provision of our services to you. It may be used for email marketing where you have given clear consent to receive this marketing. The information we collect will only be that required to provide you with the services you have requested, or in the fulfilment of the sales contract you are entering into with us. Additional information, such as date of birth and telephone number may be collected in order to be used for verifying your identity if we need to discuss private issues relating to your contract with us.

Name
Date of birth
Job title
Qualifications
Area of work
Practice name
Address (work or home) including postcode
E-mail address
Contact telephone number(s)
Credit or debit card details

There may be occasions when we need further information from you in the provision of an additional service, but you can be assured it will be treated in the same confidential and secure manner as any other data we collect.

Personal information third parties collect, and why they collect and process it

We use a number of third parties in the running of ONCORE ePD and in our provision of our services to you. We satisfy ourselves that these third parties meet at least the same data protection standards that ONCORE ePD expect and adhere to for both data collection, processing and storage. In some cases we have entered into an agreement with these third parties, in other cases we use their services as required. All these third parties have clear privacy policies that confirm their adherence to the GDPR, and are freely accessible on their websites. Those that have servers that are not based in the EU conform to the EU-US Privacy Shield.

Below is a list of the primary third parties that we use in a provision of a service to you.

• G Suite – email provider
• Google Analytics – anonymous user data provider
• Alphaquad – secure website hosting
• Web One Solutions – secure VLE hosting
• MailChimp – mailing list management
• Cognito Forms – integrated web forms
• WooCommerce – shopping cart/ecommerce
• World Pay – secure online payment system
• pCloud, Dropbox and Spider Oak – online data storage solutions (encrypted)

Data retention and our policy

We will retain and process your personal data for no longer than is necessary to provide you with a service, to protect your rights, where we have a legitimate interest and as required by law. We retain your personal data in accordance with the agreed legal bases as stated above, and in accordance with any legal obligation we may be subject to.

Cookies

We may store information about you using ‘cookies’ (files which are sent by us to your computer or other access device) which we can access when you visit our site in the future. Cookies are used to make the interaction between users and our web sites faster and easier. Without cookies, for example, it would be very difficult for web sites to allow a visitor to fill up a shopping cart, or to remember the user’s preferences or registration details for a future visit. Web sites use cookies mainly because they save time and make the browsing experience more efficient and enjoyable.

We use ‘Google Analytics’ to anonymously track the patterns of behaviour of visitors to our site. This helps us improve the way our website works for visitors.

Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our site.

Security of personal information

We ensure that any locally stored personal data is password protected and where practical, encrypted. All reasonable steps are taken to ensure the physical security of any hardware. All backup personal data stored on and off site is password protected and encrypted.

When you enter credit and debit card information on the ONCORE web site we use secure servers to ensure that all details are encrypted at your browser before they are sent to our third party data processors. All ONCORE websites use https secure connections, this is indicated by a green padlock in the address bar, so that your information is encrypted before being sent over the internet.

You should be aware that email correspondence is not always secure and you should take all reasonable steps not to send sensitive data using this method of communication. As an example, never send credit or debit card details via email.

Virtual Learning Environment (VLE)

The conditions and regulations contained in this privacy notice apply to both the ONCORE home website and the VLE website. However there are additional items that candidates who are using the VLE should be aware of.

By enrolling onto a course or module and logging on to the VLE website, you agree to share your name, personally selected profile details, discussion forum posts and other contributions to the course, with other members of the course, tutors, moderators, and any other parties deemed appropriate or necessary by ONCORE under the above legal bases.

Your profile icon/avatar and name may be visible to persons not logged on to the VLE website or not enrolled onto courses. You are responsible for creating your profile and altering your privacy settings to the level that which you require, and we do not accept any responsibility for any personal profile information, or other information, being shared with or beyond the enrolled members of your course as you have the choice on what to share and how to share it.

You are responsible for the security of your account login details. You can improve security by:

• Changing your password on first accessing the VLE website
• Not sharing your login details with any other party
• Restricting browser settings so that passwords are not automatically entered
• Restricting access to your computer to prevent unauthorised access to your course/s
• Logging out of the VLE website every time you complete a session

When enrolled on a course or module with ONCORE, you agree to maintain full confidentiality with respect to matters discussed and disclosed by any candidate(s) and/or the tutor(s).

You should not discuss confidential or contentious issues with any other party, in a manner which discloses any other person’s or candidate’s identity.

This privacy policy does not supersede any similar guidelines contained in the RCVS Code of Professional Conduct for Veterinary Surgeons and Veterinary Nurses which also pertain to such issues.

Know your rights under the GDPR

You have rights under the GDPR, and it is important you are aware of them. In essence they are:

1. Your right to be informed about the collection and use of your personal data.
2. Your right to access your personal data held by us.
3. Your right to have inaccurate personal data rectified, or completed if it is incomplete.
4. Your right to have your personal data held by us erased.
5. Your right to request the restriction or suppression of your personal data.
6. Your right to data portability.
7. Your right to object to the processing of your personal data in certain circumstances.
8. Your rights in relation to automated decision making and profiling.

Further information on your rights can be found on the Information Commissioner’s Office website: https://ico.org.uk/

Changes to this privacy policy

ONCORE reserves the right to modify this privacy policy at any time without prior notice. Any modification of this privacy policy will be deemed to be effective from the date and time of posting on the website. Any updates and editing will be appended onto this privacy policy together with the implementation date.

This privacy policy is effective as of 24th May 2018.

If you have any questions or would like to contact us about anything in this privacy policy, then please use the contact information at the start of this document.