Fair processing notice: Organisations with whom we have a working relationship
Last updated: 28 March 2024
This fair processing notice applies to representatives of organisations with whom we have a working relationship including individual contractors, representatives of suppliers of goods and services, and representatives from organisations to which AAT provides a service.
The data we collect about you
- Your name and work contact details.
- Company/employment details like your organisation name and job title.
- Details relating to your business but not you personally.
In addition, for individual contractors we collect:
- where required, a declaration of interests which may include, for example, business or personal circumstances that could conflict with the services you provide for AAT
- payment information, including your bank and/or card details and details of your insurance coverage
- any other personal data shared on your CV, marking ability assessments or conflict of interest forms (including qualifications or special personal circumstances)
- where you’re a marker, information on your marking performance.
What we do with your data and on what grounds
When companies provide goods or services, or otherwise have a working relationship with AAT in a professional capacity, we will use the personal information for the following purposes.
| Purpose/activity | Lawful basis for processing including basis of legitimate interest |
|---|---|
| To maintain our working relationship and service contracts arrangements with your company (including when considering new potential suppliers). This may include monitoring of the service and levels of service provided to us. |
|
| General support, including to provide support, for example addressing enquiries and resolving issues including technical problems. |
|
| Assess and maintain the quality of data stored, including dealing with returned mail and bounced emails and performing analysis on the completeness and correctness of data. |
|
| Contractual supplier management, including to maintain ongoing communications and manage the work undertaken. |
|
| IT and system administration, including to administer internal systems including maintaining access rights, troubleshooting issues and maintaining databases and backups. |
|
| Where applicable, to provide services such as enquires and job postings via our website and to facilitate communications including to discuss opportunities for future working relationships. |
|
| Purpose/activity | Lawful basis for processing including basis of legitimate interest |
|---|---|
| Managing payment, including to process invoices and payments including card and direct debit payments. |
|
| Where you’re a marker or assessor, for quality control purposes, including to ensure that an appropriate level of quality and consistency is provided by training providers, and maintained throughout assessments and marking. |
|
You have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
Read more about your rights in the "What are your rights?" section of the Privacy policy.
Automated decision making
No decisions will be taken about you using solely automated means as a result of your working relationship with us.
Who we share your personal data with
We will only share data with your company (for example other representatives of your firm) in the course of our working relationship. We will not disclose your data to any other third parties unless we are required to do so by law.
If you are an independent contractor working through an agency, we will also share details with your agency.
If you’re a marker we may also share your details with external verifiers.
Our use of data processors
We use a third-party supplier of an IT system, based within the UK, to record details of suppliers and their representatives.
We also use Microsoft Office 365 to store email and files, hosted within the EEA. This third country transfer is based on the UK adequacy decision of EEA countries.
Where a third-party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under data protection legislation. This means that they cannot do anything with your personal data unless we have instructed them to do it. They will not share your personal data with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Where we get your data from
In general, you provide your personal data to us directly, when you communicate with us through various channels, such as our website, phone, email or face-to-face meetings with our representatives.
Other than directly from you, we may also receive personal data from other representatives of your company. If you are an independent contractor working through an agency, we may also receive details from your agency.
We may also seek references from other organisations that a supplier has previously engaged with. This would normally relate to business practices but may include personal data, for example, if an individual is a sole trader or partnership.
Other than directly from you, we may receive personal data from the following third-party sources:
- publicly available sources, such as returned post
- online payment processing service providers, such as BACS (if applicable)
- your company, employer or recruitment agency
- training providers or AAT Employer Scheme members (if applicable).
How long we keep your data
We will retain your data for the duration of our working relationship and for as long as you represent your company and thereafter for up to seven years from the termination of our relationship.
Where your engagement with us ends prior to the end of the contract we will retain your data for as long as required to ensure continuity and a smooth transition.
We will retain all email correspondence in live systems for up to one year and in archive systems for 2 years. Calls that are recorded and conversations conducted through the website live chat facility will be retained for up to two years.
We’ll retain information relating to complaints and disputes for up to seven years following the resolution of the complaint or dispute. This information may include data about the complainant and the subject of the complaint, and anyone else who is involved eg, witnesses, as well as the details of the complaint and the outcome.
Transferring your data overseas
We transfer your data overseas as detailed above with regards to data processors.
