Healix Privacy Notice for e-Learning
Who is collecting your personal data?
The data controller responsible for your personal data is:
Healix International Limited (Healix)
Healix House,
Esher Green,
Esher,
Surrey,
KT10 8AB, UK
We are a company registered in England and Wales with registration number 3912483. For the purposes of the data protection laws that apply, such as the GDPR, we are the ‘controller’. If you want to contact us regarding this Privacy Notice and our data protection compliance please find our contact details in the ‘Contacting Healix’ section of this Privacy Notice. Healix will process your personal data for the purpose of providing and managing e-learning via an online e-learning platform based on a contractual agreement with you employer or other applicable facilitator.
How we collect personal information
Healix will collect information directly from you when you complete the registration process for the e-Learning. During the registration process you will be asked to provide your name, email address, the name of your company/policy or scheme details (where applicable) or registration code.
Usage data: We collect information about how you use the e-Learning including log-in, usage activities and completion attempts.
What information, purpose and disclosure
All the personal data we collect is relevant and limited to what is necessary in relation to the purposes for which it is processed, this is in accordance with the data minimisation principle of the GDPR Article 5(1)(c).
The following tables in this document list the types of personal data collected by Healix, the purposes for which it is used, retention and who it is disclosed to.
Information stored by Healix
Healix will collect the data listed below to facilitate the service.
Data | How is it collected? | Purpose | Retention | Who is it shared with? |
---|---|---|---|---|
Name, company and position | During registration process | To identify you as an eligible user | Until the end of the legal contract with Company | Company appointed Point of contact |
Registration code /policy number | During registration process | To identify you as an eligible user | Until the end of the legal contract with Company | Company appointed Point of contact |
Email address | During registration process | To identify you as an eligible user | Until the end of the legal contract with Company | Company appointed Point of contact |
Country of residence | During registration process | To identify you as an eligible user | Until the end of the legal contract with Company | Company appointed Point of contact |
Course Usage Data and results | When completing available eLearning training | To document completion of training | Until the end of the legal contract with Company | Company appointed Point of contact |
Cookies
When you use the Forma e-Learning we may collect personal data from you automatically using cookies, which are small text files that can be placed on your device that allows us to recognise who you are. For further information on cookies please see the Healix Privacy and Cookies Policy.
Transfer of personal data
All the personal data we process is processed by our employees in the UK, Singapore and Canada, for which we have a Data Protection regime in place to oversee effective and secure processing including lawful data transfer mechanism. Personal data may be subject to cross border transfer depending on where the service is accessed.
How we store data
Your personal information is hosted securely on Amazon Web Servers (AWS) in the UK. Healix always aim to minimise the amount of data processed and has strict organisational and technical measures in place to protect your data at all times in compliance with our ISO27001 Certification, best practice information security and the General Data Protection Regulation.
How long we keep your personal data for
Healix will keep a record of the personal data for the duration of the contractual engagement with the Client. When the contract comes to an end the access to the service will be disabled and the associated records will be deleted following the retention schedule.
Your rights
Under Data Protection legislation, you have rights in regards to your personal information. You can exercise your rights by contacting Healix Global Data Protection Officer. You have the right to:
- Request access to your personal information and receive information about how Healix process it (Subject Access Right – please see below).
- Be informed and provided with clear, transparent and easily understandable information about how Healix uses your personal data. This Privacy Notice is provided for this purpose.
- Request rectification of the information held by Healix if it is inaccurate.
- Request that Healix erase the information if it has been collected without adherence to legal requirements or is no longer needed.
- Request restriction of the data processing activity in situations where you believe Healix no longer need to process your personal data.
- Complain if you consider Healix has breached its privacy obligations.
Subject access right
You have the right to access Personal Information held about you. To do so you must provide a written request to Healix including as much information as possible (reference number, dates, specific issue etc.) to enable us to comply with your request as quickly as possible. Please see contact details below.
Contact details
Please contact us if you have any questions about anything in this document or think that your personal data has been misused or mishandled:
- privacy@healix.com, or Healix Global Data Protection Officer, Healix House, Esher Green, Esher, Surrey, KT10 8AB, UK.
You can also make a complaint to the Information Commissioner, who is an independent regulator if you do not believe Healix has addressed your concerns: casework@ico.org.uk