Who we are

We are Positive Success Group (PSG). A training and development company specialising in the areas of Coaching, Leadership and Emotional Intelligence.

Our website address is: https://www.positivesuccessgroup.com.

Introduction

Positive Success Group (PSG) is committed to the safety and proper use of the data entrusted to us, according to Data Protection law and regulations. This includes the Data Protection Act from 1998 and the General Data Protection Regulation effective from May 2018.

PSG requests, retrieves and processes only the data needed to carry out its core functions, such as delivering courses, communicating with interested parties or performing coaching sessions.

Purpose

The purpose of this policy is to define internal procedures related to data gathering and handling in compliance with the GDPR principles. At PSG, data is

  • Collected according to lawful processing and transparency principles, and processed under one of the following bases.
  1. Consent: data is retrieved and processed after explicit consent from individuals and according to the needs of the information or services requested by them.
  2. Contract: data necessary to stablish a contract relationship with an individual.
  3. Legitimate interest: processing of data for the legitimate interest of PSG or associated bodies. This can be overridden by the existence of a good reason to protect an individual’s data above legitimate interest.
  • Limited strictly to what is needed for PSG to carry out its core functions.
  • Accurate and up-to-date. We put into place reasonable processes in order to keep data accuracy and relevance.
  • Stored for a minimum of 2 years, depending on the information or service requested by the individual and delivered by PSG. Individuals can request a copy of the data we keep, updates on their data or full deletion of their details from our archives.
  • Shared only when required by third party certification bodies (e.g. QQI) who are also obligated under the same regulations. It may also be shared when required by law and to protect individuals’ rights, security or PSG’s rights. In such case, reasonable measures would be put in place according to GDPR principles.

Types of data collected

We collect the following types of data:

  • Contact details for those interested in our courses and services
  • Data related to students’ identification and performance throughout the courses, as well as data required for administrative processes inside PSG.
  • Other data requested by external certification bodies, e.g. QQI requires gender, date of birth and PPSN
  • Any other data provided voluntarily by individuals
  • Our web sites use cookies to improve performance. Full information on how they operate and consent option on the web sites.

We also collect relevant data needed for recruitment and employment purposes, which is also treated in compliance with the GDPR principles.

How data is used

Personal data is processed depending on the type of service requested.

  • For PSG students, we collect data through registration forms, direct contact with PSG staff and other digital platforms to support the learning process.
  • For general interest in courses and services, data is collected via registration forms, via emails, on the web site or via interaction (email, phone, SMS, meetings etc) with PSG staff.
  • Data may be used to generate aggregate analysis – courses preferences or web site visits, for example- which do not identify particular individuals.
  • Individuals can request a copy of the data we keep, update their data or ask for full deletion of their details from our archives.

Access, storage and security

Data gathered and stored by PSG can only be accessed by authorised PSG staff and according to procedures that comply with GDPR regulation. In order to keep data secured, we take all necessary precautions, such as:

  • Physical data is kept under secured and locked location in site and cannot be taken out of the premises unless it is absolutely necessary and under explicit permission and responsibility by the member of staff in charge.
  • Digital data access is password protected or stored in a secure- encrypted disk from a reliable cloud storage provider.
  • We are based at Marino Institute of Education, Griffith Avenue, Dublin 9. (MIE). The local network is administered and secured within the MIE premises, therefore, access to the system remains only within members of the staff. Specifically, the Principle of Least Privilege is applied and members of staff can access only the data relevant to fulfil their functions.
  • Members of PSG staff are forbidden from sharing data with third or external parties.
  • Access to the physical premises is subject to ownership of identifiable access cards.
  • Procedures for appropriate discarding of physical and digital data are also in place.

Communications

We may contact individuals who have expressed interest in PSG and have voluntarily given contact details, with information on our services.

Individuals can opt out at any time or withdraw consent.

Individuals rights

In compliance with GDPR principles, at PSG we recognise the rights of every individual regarding the personal data they share with us:

  • The right to be informed in a clear and unambiguous way the data we retrieve and how it is processed.
  • The right to access a full copy of the data we keep at a specific time, in a portable, readable and reusable format.
  • The right to rectification; this means, to update or correct the data held by us.
  • The right to request the full deletion of any type of personal data held by us.
  • The right to restrict the processing of such data, as well as to object at any time the methods in which it is processed at any time.

Policy updates and regular reviews

This policy will be revised annually and updated as required.

May 2018