Your personal data will be processed by Race Excellence Ltd, in accordance with the any applicable law relating to the processing, privacy, and use of Personal Data, as applicable to you and/or the Services, including the Data Protection Act 1998, the General Data Protection Regulation (EU) 2016/679 and any subsequent UK data protection legislation and our Privacy Policy.
We will only process the data provided by you for the purposes stated, in this case to establish which of our professional health and education assessments you are eligible to purchase and use. Once we have evaluated the information provided and issued the corresponding ‘qualification code’, the detailed data will be deleted.
In order to comply with General Data Protection Requirements (GDPR) the following must be agreed.
Race Excellence Ltd confirms that nothing within our contract relieves the company of its own direct responsibilities under GDPR.
Race Excellenct Ltd can, with permission, collect and process statistics (provided by each company/business) in order to assist with the project or support requirements. Given some of the data may be contextual data , we confirm that the data subject will be notified that the data may be shared with, and processed by, third parties through the relevant Privacy Notice.
only act on written instructions from the data controller at any establishment
ensure that consultants processing the data are subject to a duty of confidence
take appropriate measures to ensure the security of processing
not use a sub processor without the prior written authorisation of the data controller at any establishment
assist any establishment in providing subject access and allowing data subjects to exercise their rights under the GDPR
assist any establishment in meeting their GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments
delete or return all personal data of any establishment at the end of the contract or dispose of data securely
submit to audits and inspections, provide any establishment with whatever information it needs to ensure we are both meeting obligations outlined in Article 28; and tell any establishment if we are asked to do something infringing the GDPR or other data protection law.
cooperate with supervisory authorities such as the ICO.