Here at Reset Compliance Systems Ltd (Reset) we have always managed your data responsibly and that is never going to change. We respect your privacy and are committed to protecting your personal data. Our Privacy Policy and Terms and Conditions comply with General Data Protection Regulations (GDPR) and we are registered with the Information Commissioner's Office (ICO).
Reset may change this policy occasionally by updating this page. You can access this document via our website anytime to view.
The following information shows why we collect your personal information, what information we collect, how it is used and collected, who we share your details with, what your rights are and for how long we retain your information.
Why Do We Collect and Use Your Personal Information?
We collect and use your personal information in order for us to provide the services that are offered by Reset.
The personal information that we collect is primarily processed in line with Article 6(1)(b) of the GDPR where: "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract".
With your consent, we would very occasionally like to keep you updated with new products, services and opportunities that Reset can offer.
Reset Member Companies and Reset Individual Cardholders
What Information Do We Collect About You?
The following personal information is collected:
Reset Member Company
- Your contact details, including email address and phone number (our company contact, not a Reset Individual Cardholder).
- Financial details of the business for payments (if not registered through GoCardless or Stripe). Please see the section "How is your information collected" for further details regarding financial details.
- Details to complete the Reset Member Company profile such as insurance details and policies are entered by yourselves, not Reset.
Reset Individual Cardholder
- Your personal details, home address, email addresses, contact numbers, title, date of birth, a photograph and a piece of photographic ID.
- Qualifications and accreditations that you hold and submit to Reset.
- Name of your employer, their contact details and your job title.
- System generated logs consisting of name, employer, job title, age band, status of qualifications held (this is a snapshot of the profile at that point in time).
We will only ask for information that is essential to meet our contractual obligations and we do not ask for any information that is classified as 'Special Category' data under the GDPR.
Reset does not process or request any personal data relating to criminal convictions and offences, however we do provide a section to store a record of DBS checks made and the decision taken by either an employing Company or Verifier.
How Will We Use the Information Collected?
To Meet Contractual Obligations
The personal information that we collect is processed lawfully to allow us to fulfil our contractual obligations. We only collect information that is essential to allow us to provide the services that we offer.
Reset Member Company
| Purpose | Information Used |
|---|---|
| Carry out business to business communications | Name, company address, email address, telephone number |
| Carry out financial transactions | Payment card details provided by you at the time of a payment (if not registered through GoCardless or Stripe) |
| Create Reset Company Profiles | Data entered by the company to complete the digital Reset Company profile (for example insurance details, etc) |
| Issue Reset Access jobs | Name, employer |
| Send Qualification Status emails | Name, email address, qualification status (if a Reset Individual Cardholder's qualification or accreditation is due to expire or is expired) |
Reset Individual Cardholder
| Purpose | Information Used |
|---|---|
| Carry out security checks – incoming phone calls | Name, company details, home address, date of birth |
| Make contact relating to our contract with you | Name, email address, contact numbers, qualification expiries |
| Create Reset Individual profiles | Name, home address, email addresses, contact numbers, title, date of birth, a photograph and a piece of photographic ID. Qualifications and accreditations that you hold. Name of employer, their contact details and your job title |
| Create system reports (Qualification reports, site log-on records) | Name, job title, company details, contact numbers, photograph, qualifications, accreditations and date of birth. (Date of birth is not shared with anyone but is used to put an individual within the relevant age bracket of 16-17, 18-20, 21-24 or 25+) |
| Issue Reset Access jobs | Name, employer |
| Send Qualification Status Report emails | Name, employer, email address, qualification status (if a qualification or accreditation is due to expire or is expired) |
| Log on to cardholder Dashboard / App | Date of birth is used as a security question when logging on |
To Keep You Informed of Other Issues
With your consent, using the email address which you have provided we would occasionally like to send you our latest Connected Newsletter and Connected Magazine as well as information relating to new Reset products which would complement your existing subscriptions. We may also from time to time send you details of any developments, special offers, new opportunities for your business as well as industry specific advice and articles that we think may be of interest to you.
How Is Your Information Collected?
The personal information gathered above is collected by the following means:
Reset Member Company contacts
- Company completes an electronic registration. Once registration is complete the company completes the digital Reset Company profile.
- Direct Debit details are collected and stored securely through the third party organisation GoCardless – full details of their compliance with GDPR can be viewed by visiting https://gocardless.com/legal/gdpr/.
- Card details are collected and stored securely through the third party organisation Stripe – full details of their compliance with GDPR can be viewed by visiting Stripe GDPR Compliance.
- Card details for payments via telephone are provided by yourselves only at the time that you wish to make payment (if not through Stripe).
- System generated logs – automatically produced when a verifier checks a Reset Company profile.
Reset Individual Cardholders
- Submission of an online Reset Individual application and supporting documents.
- A paper-based signed and completed Reset Individual application form sent directly to Reset with the requested supporting documents.
- Occasionally, information not completed on the application form may be requested by email or telephone.
- System generated logs – automatically produced when a verifier checks a Reset Individual card or an individual logs on to a Reset site.
Who Will We Share Your Personal Information With?
Due to the nature of Reset Compliance Systems Ltd, certain elements of personal information are shared with Reset registered Verifiers to allow the checking and verification of Reset Member Company and Reset Individual Cardholder competence.
This sharing of data is essential to meet our contractual obligations. The amount of information shared is very limited, highly restricted and all views of your details are logged on our system. No one can view your details without your permission.
Only limited personal information (please see below) is shared with a registered Verifier when a Reset Individual card is checked. This can only be done by a registered Verifier using the Reset website and/or when a Reset Individual Cardholder is logged on to a Mandatory Verifier Site using Reset Access self-service check-in systems.
Information shared with a Verifier when using the Reset system:
| Type of Information | Cardholder Report and Online Checks | Reset Access Log-on Records | Issue a Reset Access Job |
|---|---|---|---|
| Name | Yes | Yes | Yes |
| Home address | No | No | No |
| Email address | No | No | No |
| Contact numbers | No | Yes | No |
| Title | No | No | No |
| Date of birth | No | No | No |
| Age band | Yes | Yes | No |
| A photograph | Yes | No | No |
| Photographic proof of ID | No | No | No |
| Qualifications and accreditations that you hold | Yes | Yes | No |
| Your job title | Yes | Yes | No |
| Name of your employer | Yes | Yes | Yes |
| Their contact details | Yes | Yes | No |
Note: This and other personal information may be present on scanned certificates and as such, may be presented to verifiers when they are checking an individual profile and viewing personal certificates and accreditations.
A Reset Member Company profile can only be checked by a registered Verifier. This can be done either by email invitation, which you need to accept to share your details with the sender, or you control who has access to view your profile by issuing them with your unique Reset Member Company number.
Similarly, a registered individual Verifier can only view your Reset Individual profile if you share your Reset Individual Card number with them, meaning that you are always in control of sharing your personal information with Verifiers.
Data is only shared with the person checking the card, or in the case of Reset Access self-service check-in systems, the relevant site managers.
Reset Individual Cards are normally manufactured by Reset. As part of our Business Continuity Plan, there may be circumstances where we may need to use an external supplier. In these circumstances only the following personal information is shared with them: name, job title, photograph and where a company logo is printed your employer. This is the only information that is printed on the card. No other data is shared.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
How Long Will We Store Your Personal Information?
Your personal information is stored by Reset indefinitely unless you request us to remove your details. The information of past cardholders will not be used for marketing purposes but is retained to allow for easy future re-subscription without the need to send previously sent documents to Reset to be verified again. Please see below for further details on your rights.
The information used for creating log on reports produced when logging on to a Verifier site (name, photograph, employer, employer contact details, job title, age band, contact numbers and qualifications) are retained for a minimum of 18 years regardless of a request to be forgotten. This is for future reporting functions for Verifier sites to be able to meet their legal obligations to evidence that they had checked compliance and competence should the need arise.
Reset do not save any payment card details provided for transactions. If a further payment is needed, we will request your details again.
Registered Verifiers and Website Users
What Information Do We Collect About You?
The following personal information is collected:
- Full name
- Organisation name
- Email address
- A personal password
We will only ask for and collect information that is essential to meet our contractual obligations.
How Is Your Information Collected?
Your personal information is collected by the completion of an online form which you complete when registering as a Verifier.
How Will We Use the Information Collected?
We require this information to allow you to use our services and provide our service, and in particular for the following reasons:
- Internal record keeping.
- We need your email address to allow you to log in to our system.
- We need a personal password to allow you access to our system.
- We will use your log in information to keep an audit record of the cardholders and companies that you have verified through our system.
- With your consent, using the email address which you have provided we would occasionally like to send you our latest Connected Newsletter and Connected Magazine as well as information relating to new Reset products which would complement your existing subscriptions. We may also from time to time send you details of any developments, special offers, new opportunities for your business as well as industry specific advice and articles that we think may be of interest to you.
How We Use Cookies
A cookie is a small file which asks permission to be placed on your computer hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a more efficient and faster responding website, by enabling us to monitor which pages you find useful and which you do not. A cookie never gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may restrict you from taking full advantage of the website.
Who Will We Share Your Personal Information With?
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. With your consent we may use your personal information to send you promotional information about our registered partners which we think you may find interesting, however this contact will always be sent direct from Reset, not the third party.
Links to Other Websites
Our website may contain links to other websites (including articles) of interest. However, once you have used these links to leave our site, you should note that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website provider in question.
How Do We Secure Your Data?
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
How Long Will We Store Your Personal Information?
Your personal information is stored by Reset indefinitely unless you request us to remove your details. This is for future reporting functions for Verifier sites to be able to meet their legal obligations.
All Reset Users
What Are Your Rights in Relation to Your Personal Information?
You have the following rights based upon the lawful basis that processing your information is necessary to fulfil a contract.
Right to Access You have the right to request copies of the personal information we hold about you at any time.
Right to Rectification You have the right to request that we correct any inaccurate personal information we hold about you. Please contact us immediately if your details need amending.
Right to Data Portability You have the right to obtain a copy of your personal information in a legible and compatible format.
Right to Be Informed You have the right to be informed about the collection and use of your personal data.
Right to Restrict Processing You have the right to request that we restrict how we use your personal information.
Right to Erasure (Right to Be Forgotten) You have the right to request that we delete your personal information from our records. Please note that we will not be able to delete the information that is required to meet legal obligations relating to proving competency. All other information not required for the obligation can be deleted.
Right to Object You have the right to request at any time that we do not process or continue to process your personal information for Reset direct marketing purposes.
How Can I Exercise My Rights?
You can exercise all of your rights by contacting us on any of the contact details below.
How Do I Lodge a Complaint About the Use of My Personal Information?
You can lodge a complaint directly with Reset using any of the below contact details.
You also have the right to lodge a complaint directly with the regulating body the Information Commissioner's Office (ICO).
You can lodge a complaint with the ICO by visiting www.ico.org.uk/concerns/ or calling their helpline on 0303 123 1113.
Data Security Notice
People
- Staff are only provided with the personal data that they require to carry out their job.
- Staff are given data protection training as part of their induction and on a refresher basis which includes the proper procedures to use to identify an individual before disclosing any personal information, Reset's obligations under GDPR and the responsibilities of individual staff towards the protection of personal data.
Physical Security
- Personal data that is kept in a physical form is securely stored away out of plain sight when not in use.
- When any third parties, such as contractors, access the office space we ensure that all physical records containing personal data are secured out of sight.
- All visitors to Reset are required to sign in on arrival and sign out when leaving the premises, either by means of a Reset Individual Card for contractors or staff or by a signing in register for visitors.
Premises
- The premises are kept secure by allowing only authorised personnel to access the office space and this is managed by an access system and monitored by CCTV.
IT Security
- Any transmission of data or information is sent through a secure method, encrypted where required, and to an agreed destination email address or browser.
- Adequate firewalls and anti-virus software are utilised to monitor all incoming and outgoing files. Where necessary we will also encrypt / password protect files in line with the level of confidentiality required.
- Reset operates a firewall to protect its network and systems from unauthorised access.
- Reset implements antivirus software to detect and isolate computer viruses.
- Operating systems are set up to receive automatic updates which includes the latest patches and security updates as they are released to cover any known vulnerabilities.
- The Organisation's Server and computer network database system is regularly backed-up, with a copy securely stored off-site.
- Microsoft software programmes and other assets are securely held. Key codes and passwords are held in a separate secured location.
Contact Us
Reset Compliance Systems Ltd Unit 13 Excelsior Works Station Road Ecclesfield Sheffield S35 9YR
Telephone: 0114 240 0699
Email: hello@rcscard.co.uk
Data Protection Officer: Nicola Bennett
Email: nicola.bennett@rcscard.co.uk
