Data Protection Statement
Personal data is data which, by itself or with other data available to us, can be used to identify you.
We are Mainstream Group Limited, the data controller. This data protection statement sets out how we will use your personal data. You can contact us at Mainstream House, Bonham Drive,
Sittingbourne, Kent, ME10 3RY if we have any questions.
The types of personal data we collect and use
Whether or not you become a customer, we’ll use your personal data for the reasons set out below and if you do become a customer we’ll use it to manage the services that we provide to you. We’ll
collect most of the data we will use as part of your initial dealings with us, which will include for example:
If you use our services (either as a customer, employer, work seeker, worker or trainee) then we will also collect data both directly and indirectly during the course of providing services to you and
during the course of our business relationship with you.
The personal data we use may be about you as a personal and/or business customer and may include:
Monitoring of communications between us:
Subject to applicable laws, we’ll monitor, store and may record any calls, emails, text messages, social media messages and other communications between us, which relate to the services we provide and to the dealings between us. We’ll do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what’s been said. We may also monitor activities relating to the
dealings between us where necessary for these reasons and this is justified by our legitimate interests and/or our legal obligations.
The legal basis and purposes under which we will l process your personal data are:
This may be written, verbal or implied and will relate to all relevant services that we are providingbto you.
This will include, pre-contract activities relating to your enquiry to use or services and/or answering any questions you may have in relation to our services, which could include for example assisting you in deciding whether or not a service is appropriate or applicable to you and/or whether you are eligible to use that service.
This will include the management and performance of the services to be provided to you under the contract as well as updating, maintaining, processing and storing records relating to the services provided and the activities between us.
This may include, where you owe us monies, tracing your whereabouts and recovering debt.
For good governance, accounting, and managing and auditing of our business operations;
To search at credit reference agencies if you are over 18 and apply for credit;
To monitor emails, calls, other communications, and activities between us;
For market research, analysis and developing statistics; and
To send you marketing communications that we believe are relevant to the services we provide to you and which we believe you will be interested in.
When you exercise your rights under data protection law and make requests;
For compliance with legal and regulatory requirements and related disclosures;
For establishment and defence of legal rights;
For activities relating to the prevention, detection and investigation of crime;
To verify your identity, make credit, fraud prevention and anti-money laundering checks; and
To monitor emails, calls, other communications, and activities relating to the dealings between us.
For example, where you ask us to disclose your personal data to other people or organisations such as a prospective employer/engager.
To send you marketing communications where we’ve asked for your consent to do so.
You are free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you.
Sharing of your personal data
Subject to applicable data protection law we may share your personal data with:
It may sometimes be necessary to transfer your personal data outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be
certified with an ‘international framework’ of protection.
Automated decision making and processing
Automated decision making involves processing your personal data without human intervention to evaluate your personal situation such as your economic position, personal preferences, interests or behaviour, for instance in relation to data such as training date anniversaries, certification expiry dates, feedback about training courses, licences and qualifications held, work patterns and location of workers respective to work vacancies and requirements.. We may do this to decide what marketing communications are suitable for you and to analyse statistics. All this activity is on the
basis of our legitimate interests, to protect our business, and to develop and improve our services.
How long will we hold your personal data for?
Marketing - we will hold your data for a period of 6 years with a review every 3 years, you will have the opportunity to opt out or update or delete data at any point should you need to do so and details are set out in this policy as to how to do that.
Contracted Services - we will hold your data for 7 years in line with our regulatory requirements.
Your right to access your personal information
What is a Subject Access Request? This is your right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please email or
write to us at address at the bottom of this policy. We will respond to your request within one month of receipt of the request.
Your right to have your personal data corrected
We want to make sure your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by emailing or writing to the address at the
end of this policy.
Your right to objections to the processing of your personal data
It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is
if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims. If you wish to object to the processing of your data, please email or write to the address at the end of this policy.
Your right to data portability
It is also your right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another
controller without delay from the current controller if: the processing is based on consent or on a contract, and the processing is carried out by automated means. If you wish to make a data
portability request, please email or write to the address at the end of this policy.
Your right to be forgotten
You have the right to have personal data erased. This is also known as the ‘right to be forgotten’.
This right is not absolute and only applies in certain circumstances. You have the right to have your personal data erased only if one of the following applies;
Card Payments Taken:
Address to contact us
Mainstream Group Limited, Mainstream House, Bonham Drive, Sittingbourne, Kent, ME10 3RY