1. Definitions

APM – the Association for Project Management – Ibis House, Regent Park Summerleys Road Princes Risborough Bucks HP27 9LE is incorporated by Royal Charter RC000890 and a registered charity No. 1171112. APM is an accrediting organisation approved by Royal Charter to set examinations in Project /Programme and Portfolio Management

APMG – APM Group UK – Number 12 The Valley Business Centre, Gordon Road, High Wycombe, Buckinghamshire, HP13 6EQ

AXELOS – AXELOS are a new joint venture company, created by the Cabinet Office on behalf of Her Majesty’s Government (HMG) in the United Kingdom and Capita plc to run the Best Management Practice portfolio, including the ITIL® and PRINCE2® professional standards. AXELOS’s goal is to nurture best practice communities, both in the UK and on a truly worldwide scale, establishing an innovative and high quality, continuous learning and development destination that is co-designed by and co-created for those who use it.

GDPR – The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).

Website – https://balance-global.com

2. What is a privacy policy

2.1 Balance Global’s privacy policy (the “Privacy Policy”) is all about letting you know as a Balance Global customer that we take the protection and management of your personal information very seriously. As a UK-based business handling of your information is governed by :-

a) the UK Data Protection Act 1998
b) EEC GDPR directive
c) Electronic Communications (EC Directive) Regulations 2003

or any replacement for these acts or directives, where Balance is the data controller for your personal data. Our regulator is the UK Information Commissioner: http://www.ico.org.uk/. Data Protection Registered (registration number Z3445939)

2.2 Balance has a designated data protection officer who’s direct contact details are available on request and has been passed to our local Data Protection Agency.

3. When do we collect your data

3.1 Balance collects personal data from individuals when one or more of the following occurs

a) when you buy anything on the Website
b) when you raise via the website, telephone /email technical support queries
c) when eLearning Course subscribers raise via the website, telephone /email learning support queries with their appointed online Tutor
d) when you book Exams via the website or via email and telephone.
e) when you make a Classroom course booking
f) when you post learning support queries via forums
g) when you post comments on our Facebook page
h) email or written hard copy documents sent between you and Balance
i) telephone calls made between you and Balance for the purposes of evidence, security, fraud prevention, training and exam support.
j) when you enquire via the website, telephone, email with an interest in buying our service /products
k) whenever we call you with the purpose of trying to make a sale.
l) when APMG /AXELOS /APM advise of subscriber exam results or examination issues such as exam fraud.

3.2 once you have subscribed to our website Balance becomes the Data Controller of this information.

4. What data do we retain

4.1 Your personal data we collect and hold :-

a) full name
b) postal address
c) telephone number
d) mobile
e) e-mail address.
f) optional Profile picture uploaded by the subscriber.
g) User Name
h) Passwords (Please see section 2 of this policy)
i) Suggested Exam Booking dates and times.
j) Course exam booking type i.e Foundation /Practitioner
k) subscriber learning disabilities
l) prerequisite passed examination passes with certificate numbers
m) email or written hard copy documents sent between subscribers and Balance
n) recorded Telephone Calls
o) Course progress statistics
p) Classroom course feedback sheets
q) Classroom course attendance records
r) Classroom course assignment results (homework)
s) Course Test Question Performance statistics
t) In-house certification awards
u) Excellence Badges awarded by the website
v) Accredited Examination Results Supplied by PeopleCert /APMG /AXELOS /APM
w) Order information (sales) from the website or via telephone detailing all the inventory sold to you together with pricing information and amounts of money spent.

4.2 when you subscribe to or browse the website your activity and identification information is retained in the following key areas:-

a) IP node address – all website visitors
b) computer Location – all website visitors
c) computer operating system & Browser being used – all website visitors
d) access History – only logged in website users
e) complete page and file access history – only logged in website users
f) We do not use cookies to do this and is managed via our website firewall and associated data protection suite.

4.3 Personal data we do not retain

a) Credit Card Numbers
b) We do not use cookies or retain website cookies accept to store user course module progress
c) Bank Account number and sort codes.

5. What do we do with your data?

5.1 we hold data for the purpose of evidence, security, quality, control, training, support and marketing.

5.2 we are required when requested to share exam booking personal data with AXELOS, APMG, APM and PeopleCert for one or more of the following reasons:-

a) to allow these accreditation and examination institutes to carry out quality and surveillance audits in line with our approved Quality Standards and associated Quality plans. These documents are always available on request.
b) Setting of examinations and collection and delivery of results to specific website users.

5.3 we use your data along with other data we hold, to carry out assessment, analysis and research in relation to our business, products, services, website, including: to assist in the provision of services to you; to facilitate reviews, developments, personalisation and improvements of the services and products; to improve our website, including to improve the layout and design of our website, and to ensure that that content from our website is presented in the most effective manner for website users computers and associated browsers; and to enhance subscriber, browsing and purchasing experience, including to provide your subscribers where possible a more personalised training service which is tailored to suit their specific needs such as those subscribers with learning disabilities such as dyslexia and hard of hearing. The information we gather is analysed either in the aggregate or at a customer level as appropriate.

5.4 we use your data along with other data we hold for the purposes of assessing the effectiveness of and managing advertising by us and by third parties who advertise on other training websites we own, including to help third party advertisers to reach the kind of audience they want to target (for example, people living in a certain area of the country, and to target the display of advertisements to their target audience). The information we gather will always be anonymized and analysed in-house by the licensor at the aggregate customer level and will never be passed to any third party.

5.5 we may from time to time contact you for market research purposes which may be done using email, telephone, or mail. All such research interventions will only be carried after a course subscription has expired and subscribers will always be offered an opt out from being contacted in future.

5.6 we reserve the right to contact you in order to assist you with course reactivation and course access extension once a subscribers course has expired.

5.7 we may use and disclose to third parties any data we hold on you for the purposes of administration and enforcement of any website sale and other contracts with the website subscriber /website user and for other related purposes. We may also supply your data to relevant authorities and other third parties where legally required or reasonably required in connection with any legal process, or any legal obligations binding on us.

5.8 we reserve the right to add courses to the website supplied by third party suppliers where part of the reseller agreement is to pass on your email address in order to activate these courses. Any emails from such resellers will always include unsubscribe options and all such courses will always be clearly marked as being supplied by a third party.

5.9 we have the right to use your data for advertising, marketing and review purposes. You will be given the opportunity to opt out of such advertising and marketing activities whenever we contact you with this intention.

5.10 where we use third parties to host, provide, operate or supply any part of our website, databases, systems, business, or services, then we may provide your personal data to them as required to perform these functions. All such third parties will be required to have a mutually agreed Privacy Policy in place which does not allow them to use your data for marketing and advertising purposes and in no way conflicts with this policy agreement.

5.11 if we at any time wish to transfer any part of our business to a third party, or a third party is to take any interest in our business, then we may share your data with them for the purpose of enabling them to evaluate and negotiate the transaction with us, and we may transfer your data to them if we subsequently transfer to them any part of our business in which your data is used. You will not normally be informed of this, but if your data is transferred to a third party on conclusion of such a transaction, then in relation to personal data the law requires that we write to you to confirming that you are aware of the change in data controller, and provide you with a new privacy policy.

5.12 resolve website technical and tutor support requests by you.

5.13 contact you to let you know if you have passed, failed or had your exam rejected through breaching of the Proctor U examination conduct rules and recommend where appropriate future course and examination opportunities in order to optimize your learning outcome.

5.14 all Proctor U personal examination booking data is shared with PeopleCert /APMG /APM within 24 hrs of receiving a Proctor U exam booking via the website. The purpose of this is to give PeopleCert /APMG /APM the necessary information to enrol you on relevant Proctor U examination systems to facilitate the fulfilment of the Proctor U examination/s. PeopleCert /APMG /APM have declared they are GDPR compliant and as such you will be asked to agree to their unbundled Privacy Policy and their Terms and Conditions before being allowed to sit your exam.

5.15 Balance receive emailed copies of all exam booking data submitted by you. This information is also stored on the website and our company file server but is not accessible directly by anyone accept website administrators.

5.16 website exam booking information will be stored by Balance for as long as we reasonably need to in order to comply with any contractual or legal obligations to which we are subject, or to provide evidence so long as we may be subject to or make any claims within applicable legal liability limitation periods.

5.17 Balance Global has no influence over data shared with PeopleCert /APMG /APM and Proctor U and you should read these organisations respective privacy policies before agreeing to sit a Proctor U examination.

5.18 you sales transaction data will always be shared with one or more of the following in order to make your purchases possible and ensure necessary funds are successfully transferred to Balance Global to support any Sales Contract :-

a) PayPal
b) WorldPay
c) Xero Cloud Accounting Software
d) Santander Banking

All these organisations have stated they are GDPR compliant and registered with the requisite local data protection agency.

5.19 Balance Global shall not sub-contract to any third party any of its obligations to process your personal data on behalf of Balance.

5.20 all use of your exam booking and results data held by Balance will strictly follow the provisions of the Data Protection Act and GDPR regulations and will be stored and retained until you inform us that they no longer wish us to hold your personal data.

5.21 Balance Global undertakes that any information which is received from you during the process of selling, marketing, delivering and administration of eLearning Products, Proctor U examinations and other related services will only be used for the purposes set out in this Agreement.

6. Rights to see your data

6.1 you have a right to see what data we hold on you at any time within 14 days of a written request from you and your identity being verified. All such requests must be emailed to dpaenquiry@balance-global.com.

7. Your right to be forgotten

7.1 under GDPR regulations you have the legal right to be forgotten /stop us using your data for any purpose, where that purpose is causing you unwarranted substantial damage or distress.

7.2 all website data with the exception of transactional order information retained for HMRC reasons and shared with our ecommerce accounting platform Xero can be removed by you selecting to delete your account via your website learner dashboard.

7.3 in order to make sure all off website data we might hold on you such as exam results, support tickets and email correspondence are deleted we request you email us on dpaenquiry@balance-global.com

7.4 and we will make sure within 7 days of being contacted and verifying your identity carry out the following:-

a) List all the data held outside of the website
b) Confirm deletion of the listed data along with respective deletion dates.

7.5 where data deletion requests result in invalidating an exam booking made by you and already accepted by AXELOS /PeopleCert /APMG or APM then we reserve the right to charge a £60 exam cancellation fee and cancel your exam voucher without compensation.

7.6 you have the right to ask Balance Global for rectification, erasure or blocking of any of their data which is inaccurate which we will always comply with.

8. Your legal rights

8.1 we recognise that you have the right to claim compensation for damage and (in certain cases) distress suffered if we do not comply with data protection laws.

8.2 in addition to the rights highlights above, it is open to you, if you have a complaint or concern, to seek assistance from our regulator, who has powers to compel us to comply with applicable laws and fine us for non-compliance.

8.3 you have the right to request from Balance at any time within 7 days written notice details of the measures we have undertaken in order to comply with the Data Protection Act /GDPR and will, at our own cost, implement any further steps that are necessary for compliance with the same.

9. Data breaches

The following is the procedure we will following relating to a potential data breach under GDPR

a) Notify the Data Protection Officer (Company CEO) of the suspected data breach
b) The Data Protection Officer will instruct a team to investigate the potential breach to establish if it is real
c) The impact to individuals and organisations will be assessed
d) Notify the Information Commissioners Office (ICO) within 72 hours with details of:

• The nature of the personal data breach
• The categories and approximate number of individuals concerned
• The categories and approximate number of personal data records concerned
• The name and contact details of the Data Protection Officer
• A description of the likely consequences of the personal data breach
• A description of the measures taken, or proposed to be taken, to deal with the personal
• data breach and, where appropriate, of the measures taken to mitigate any possible
• adverse effects

e) This is only necessary if the breach could result in:

• Discrimination
• Damage to reputation
• Financial loss
• Loss of confidentiality
• Economic disadvantage
• Social disadvantage

f) Notify any individuals concerned if there may be a risk to the rights and freedoms of those individuals

10. Cyber security

10.1 Balance will never expose your website data without you having logged into the website via the home login page using user name and password authentication with the later conforming to the following password standard in line with our IT Security Policy :-

a) passwords must be at least 8 characters in length, and must contain at least 3 of the following 4 types of characters:
• lower case letters (i.e. a-z)
• upper case letters (i.e. A-Z)
• numbers (i.e. 0-9)
• Special characters (e.g. -=[]\;,./~!@#$%^&*()_+{}|:<>?)

b) passwords for systems or applications that cannot support the above standard must be longer — at least 10 characters in length, if possible — and incorporate the maximum complexity the system or application can support.

10.2 Balance does not guarantee that the streamed eLearning products, downloadable apps and files under this agreement are free from all viruses. You acknowledge and agree that it is solely your responsibility to conduct appropriate virus scanning of streamed eLearning products, downloadable apps, and files prior to downloading and using them.

10.3 the law requires Balance to put in place appropriate technical and organisational measures against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, personal subscriber data. We have accordingly implemented security policies, rules and technical measures with a view to achieving this, and all information you provide to us is therefore stored on secure servers.

10.4 all website data and codebase is continuously backed up real-time using a dedicated mirrored fail over server hosted with OVH mentioned in section 10.6. In this way our website and subscriber data is protected against accidental loss or destruction, or damage to, personal subscriber data. Also all other data repositories outside of the website including email and files servers are continuously backed up and encrypted behind an enterprise level firewalls in order to prevent unlawful access to subscriber personal data.

10.5 we do not use proprietary Firewall and other associated security software unless the manufacturers have appropriate data protection policies and privacy terms and conditions which are in line with GDPR regulations and do not conflict with this agreement. We cannot disclose the software types and their respective manufacturers for security reasons. However, on request we can provide this information only as long as this information request can be related to a need to verify GDPR compliance. We reserve the right to refuse security software information requests if in our judgement such requests might compromise the security of the website and the personal data it contains.

10.6 the website is hosted on a dedicated and secure server provided through a third party under the name of OVH

OVH, New London House, 6 London Street, EC3R 7LP, London
Registration number: 5519821

OVH is a member of CISPE, a coalition of cloud computing leaders and have stated they comply with the CISPE Data Protection Code of Conduct. The purpose of the CISPE Code of Conduct is to help cloud customers ensure that their cloud infrastructure provider observes correct data protection standards such as Europe’s Data Protection Directive and the General Data Protection Regulation (‘GDPR’) that will come into force in May 2018. Cloud providers adhering to the Code must give customers the choice to store and process their data entirely within the European Economic Area. Providers must also commit that they will not access or use their customers’ data for their own purposes, including, in particular, for the purposes of data mining, profiling or direct marketing. All cloud infrastructure service providers complying with the CISPE Data Protection Code of Conduct are available on the CISPE Public Register: www.cispe.cloud/PublicRegister (this includes OVH) and will be easily recognised with the compliance mark opposite.

“The CISPE Data Protection Code of Conduct also complies to internationally recognized certification and accreditations including ISO 27001, ISO 27018, ISO 9001, SOC 1, 2, 3, PCI DSS Level 1.

10.7 we use Secured Socket Layer (“SSL”) software in order to encrypt your data that you provide to us whilst it is in transit over the internet from your browser to our website. This will work if your browser is SSL enabled (which most are). You can verify that this is working by looking for the symbol of a closed lock or solid key on the bottom bar of your browser window, and checking that the prefix for the web address in the browser address bar has changed from “http” to “https”. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data transmitted to our site or that SSL is completely secure.

10.8 all data we hold on corporate and individual subscribers is secured in accordance with the following company policies:-

• Data transit policy
• Data Security policy
• Information Classification Policy
• Information Security Policy

all of these policies are available on request and wherever possible these policies require electronic communications and storage of data in encrypted format and are only accessible by people designated by website subscribers or authorised by senior management on a need to know basis
10.9 data, may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. The UK Data Protection Act 1998 sets out rules which govern when and how we may transfer personal data outside the EEU.

11. Contact Information

by law individuals have the rights in relation to their personal data under the UK Data Protection Act 1998. If you wish to exercise any of these rights, they are welcome to contact us directly using the following email address:- dpaenquiry@balance-global.com

We will endeavour to respond to your email requests within 24 hrs.

12. Policy change

we may change our privacy policy terms at any time and Balance will where possible advise you in writing when such changes have been made with the option to opt out from these changes if you do not agree.

13. Legal agreement

this Privacy Policy forms part of the legal agreement between you and Balance Global whenever you engage to use our services or buy our products.

14. Revison history

Version 1.2

<

Who’s Online

Profile picture of Michael
Profile picture of Colin
Profile picture of Gbenga
Profile picture of Roberta
Profile picture of Fionnuala
Profile picture of Heather
Profile picture of Rajesh
Profile picture of Hakan Gonen
Profile picture of Ann
Profile picture of Adrien
top
Balance Global Facebook Balance Global Linkedin Balance Global Facebook

Balance Global. All rights reserved. Registered Office: Kingsmead Internet Investments Ltd t/a Balance Global 16 Garston Lane, Kenley, Surrey CR8 5BA Registered in England. 6954654.The company's main country of operation is the United Kingdom. ITIL/PRINCE2/PRINCE2 Agile/MSP is a registered trade mark of AXELOS Limited,used under permission of AXELOS Limited. All rights reserved. The Swirl logo is a trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved. APMG-International Change Management is a trade mark of The APM Group Limited. The APMG-International Change Management and Swirl Device logo is a trade mark of The APM Group Limited.