Last Updated on by
Who we are
We are Cycle Training Wales, a not-for-profit company limited by guarantee. Our company address is Unit 9 Gabalfa Workshops, Cardiff CF14 3AY. Our company number is 06430430.
Our website address is: https://www.cycletrainingwales.org.uk.
What personal data we collect and why we collect it
From time to time, we collect incidental information from the general public arising from receipt of emails, telephone messages, or other correspondence placed on our system. When that information is of a personal nature (e.g. CVs submitted for a job application), the relevant data is deleted as soon as the reason for retaining the data has become irrelevant.
We also retain a file of relevant information on each member of staff within Cycle Training Wales. For instance, this includes CVs, appraisal outcomes, DBS dates and numbers, signed contracts, etc. This information is retained in accordance with our Retention and Disposal Schedule. Confidential details are kept in a secure place.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Accessing website media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Using contact forms
We do not run any contact forms for general correspondence. If you want to contact us, you must telephone or email.
However, we use a newsletter service called MailChimp. If you sign up to are mailing list, the details you submit will be securely stored by MailChimp. Only Cycle Training Wales are able to access the newsletter mailing list. We use this email list to send marketing information about courses and products, or to tell you about content we think will be of interest. You are able to remove your email address at any time by clicking the unsubscribe link in your email correspondence.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use a plug-in called Slimstat on our website. This collects anonymized information such as what pages you visit and what browser you are using. None of the data collected is held by a third party. This plug-in does not collect information that would identify visitors to our website, such as their IP address.
For the purposes of running courses, we collect basic data for course participants. This includes:
- participant’s name
- participant’s health information if required for safety
- a record of consent granted by a parent/guardian
- participant’s contact details (only if required for invoicing or issuing with a formal certificate)
- participant’s training outcomes for monitoring purposes.
Our consent forms for school training explicitly request permission that names and training outcomes can be retained.
Who we share data with
We do not share data with other organizations. However, if you are signed up to our mailing list, your subscription details are held by MailChimp, who are a third party.
How long we retain data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
If you want to speak to us about any aspect of this, please contact the Data Controller:
Cycle Training Wales
Unit 9 Gabalfa Workshops
Telephone 02920 616783 / 07971 719626
How we protect your data
If you make a payment, this will be processed by Paypal, a highly reputable and widely trusted payment service. Our site is also encrypted with an SSL certificate so that information that you send can be submitted with confidence.
All data collected in relation to this site, such as information arising from signing up as a User, is password protected. We update security on this site on a regular basis as instructed by our hosting provider Siteground or the software provider WordPress.
If you are a signatory to our mailing list, the data is held on Mailchimp’s servers. You can read their privacy security policy here.
Other than that, we do not hold any data about you unless clearly indicated.
What data breach procedures we have in place
If we suspect that details we hold about you have been hacked in way, our first step will be to inform you of the breach. We will then follow instructions from our hosting provider to ensure that any breach related to the technology involved can be halted.