List of active policies

Name Type User consent
Data Protection Policy Privacy policy Authenticated users
Anti-Discrimination Policy Other policy Authenticated users
Privacy Policy Privacy policy Authenticated users

Data Protection Policy

Summary

Full policy

Introduction

 

I5O Consulting Services needs to gather and use certain information about individuals. This can include customers, suppliers, business contacts, employees, and other people the organization has a relationship with or may need to contact.

This policy describes how this personal data will be collected, handled, and stored to meet the company’s data protection standards — and to comply with federal and state laws.

 

Why this policy exists

 

This data protection policy ensures I5O Consulting Services:

 

  • Complies with data protection laws and follows good practices
  • Protects the rights of staff, customers and partners
  • Is open about how it stores and processes individuals’ data
  • Protects itself from the risks of a data breach

 

Data Protection Law

 

The Data Protection Act 1998 describes how organizations — including I5O Consulting Services—must collect, handle and store personal information.

 

FERPA §§99.31. a.6 and 99.31.b.2 will govern work around higher education institution

These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

 

The Data Protection Act is underpinned by eight important principles. These say that personal data must:

  1. Be processed fairly and lawfully.
  2. Be obtained only for specific, lawful purposes.
  3. Be adequate, relevant and not excessive.
  4. Be accurate and kept up to date.
  5. Not be held for any longer than necessary.
  6. Processed in accordance with the rights of data subjects.
  7. Be protected in appropriate ways.
  8. Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection.

 

    • The head office of I5O Consulting Services.
    • All branches of I5O Consulting Services.
    • All staff and volunteers of I5O Consulting Services.
    • All contractors, suppliers and other people working on behalf of I5O Consulting Services.
    • It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 1998. This can include:
    • Names of individuals,
    • Postal addresses,
    • Email addresses,
    • Telephone numbers,
    • and any other information relating to individuals.

 

People, Risks and Responsibilities

 

Policy Scope

This policy applies to:

Data Protection Risks

This policy helps to protect I5O Consulting Services from some very real data security risks, including:

Breaches of confidentiality 

Failing to offer choice 

Reputational damage

Responsibilities

  • Everyone who works for or with I5O Consulting Services has some responsibility for ensuring data is collected, stored and handled appropriately.
  • Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.

 However, these people have key areas of responsibility:

 The board of directors is ultimately responsible for ensuring that I5O Consulting Services meets its legal obligations.

 The [data protection officer/data manager] is responsible for:

 

  • Keeping the board updated about data protection responsibilities, risks and issues.
  • Reviewing all data protection procedures and related policies, in line with an agreed schedule.
  • Arranging data protection training and advice for the people covered by this policy.
  • Handling data protection questions from staff and anyone else covered by this policy.
  • Dealing with requests from individuals to see the data I5O Consulting Services holds about them (also called ‘subject access requests’).
  • Checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data.  In particular, strong passwords must be used, and they should never be shared.
  • Personal data should not be disclosed to unauthorized people, either within the company or externally.

 

The [IT manager/data scientist] is responsible for:

 

  • Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
  • Performing regular checks and scans to ensure security hardware and software is functioning properly.
  • Evaluating any third-party services the company is considering using to store or process data. For instance, cloud computing services.

 

The [marketing manager] is responsible for:

 

  • Approving any data protection statements attached to communications such as emails and letters.
  • Addressing any data protection queries from journalists or media outlets like newspapers.
  • Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.

General Staff Guidelines

 

  • The only people able to access data covered by this policy should be those who need it for their work.
  • Data should not be shared informally. When access to confidential information is required, employees can request it from their line managers.
  • I5O Consulting Services will provide training to all employees to help them understand their responsibilities when handling data. Employees should keep all data secure, by taking sensible precautions and following the guidelines below.
  •  Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.
  • Employees should request help from their line manager or the data protection officer if they are unsure about any aspect of data protection.

 

Data Storage

 

  • These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or data controller.
  • When data is stored on paper, it should be kept in a secure place where unauthorized people cannot see it.
  • These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
  • When not required, the paper or files should be kept in a locked drawer or filing cabinet.
  • Employees should make sure paper, and printouts are not left where unauthorized people could see them, like on a printer.
  • Data printouts should be shredded and disposed of securely when no longer required.
  • When data is stored electronically, it must be protected from unauthorized access, accidental deletion and malicious hacking attempts:
  • Data should be protected by strong passwords that are changed regularly and never shared between employees.
  • If data is stored on removable media (like a CD or DVD), these should be kept locked away securely when not being used.
  • Data should only be stored on designated drives and servers and should only be uploaded to an approved cloud computing service.
  • Servers containing personal data should be sited in a secure location, away from general office space.
  • Data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures.
  • Data should never be saved directly to laptops or other mobile devices like tablets or smart phones.
  • All servers and computers containing data should be protected by approved security software and a firewall.

 

Data Use

 

  • Personal data is of no value to I5O Consulting Services unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption, or theft:
  • When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
  • Personal data should not be shared informally. It should never be sent by email, as this form of communication is not secure.
  • Data must be encrypted before being transferred electronically. The IT manager can explain how to send data to authorized external contacts.
  • Personal data should never be transferred outside of the European Economic Area.
  • Employees should not save copies of personal data to their own computers. Always access and update the central copy of any data.

 

Data Accuracy

 

  • The law requires I5O Consulting Services to take reasonable steps to ensure data is kept accurate and up to date.
  • The more important it is that the personal data is accurate, the greater the effort I5O Consulting Services should put into ensuring its accuracy.
  • It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
  • Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets.
  • Staff should take every opportunity to ensure data is updated. For instance, by confirming a customer’s details when they call.
  • I5O Consulting Services will make it easy for data subjects to update the information I5O Consulting Services holds about them. For instance, via the company website.
  • Data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it should be removed from the database.
  • It is the marketing manager’s responsibility to ensure marketing databases are checked against industry suppression files every six months.

Subject Access Requests

 

  • All individuals who are the subject of personal data held by I5O Consulting Services are entitled to:
  • Ask what information the company holds about them and why.
  • Ask how to gain access to it.
  • Be informed how to keep it up to date.
  • Be informed how the company is meeting its data protection obligations.

 

If an individual contacts the company requesting this information, this is called a subject access request.

Subject access requests from individuals should be made by email, addressed to the data controller at: i5oconsultants@outlook.com.

 

The data controller can supply a standard request form, although individuals do not have to use this. The data controller will aim to provide the relevant data within 14 days.

The data controller will always verify the identity of anyone making a subject access request before handing over any information.

 

Disclosing Data for Other Reasons

 

  • In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
  • Under these circumstances, I5O Consulting Services will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.

Back to top

Anti-Discrimination Policy

Summary

Full policy

__________________________________________________

ANTI-DISCRIMINATION POLICY

__________________________________________________

  

Purpose

I5O Consulting Services is committed to a work environment in which all individuals are treated with respect and dignity. Everyone has the right to work in a professional atmosphere that promotes equal employment opportunities and prohibits unlawful discriminatory practices, including harassment.  provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. I5O Consulting Services complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Responsibilities

I5O Consulting Services has developed this policy to ensure that all its employees can work in an environment free from unlawful harassment, discrimination, and retaliation. I5O Consulting Services will make every reasonable effort to ensure that all concerned are familiar with these policies and are aware that any complaint in violation of such policies will be investigated and resolved appropriately.

Any employee who has questions or concerns about these policies should talk with the director of human resources or a member of the personnel practices committee.

These policies should not, and may not, be used as a basis for excluding or separating individuals of a particular gender, or any other protected characteristic, from participating in business or work-related social activities or discussions. In other words, no one should make the mistake of engaging in discrimination or exclusion to avoid allegations of harassment. The law and the policies of I5O Consulting Services] prohibit disparate treatment because of sex or any other protected characteristic, with regard to terms, conditions, privileges and perquisites of employment. The prohibitions against harassment, discrimination and retaliation are intended to complement and further those policies, not to form the basis of an exception to them.

Individuals and Conduct Covered

These policies apply to all applicants and employees, whether related to conduct engaged in by fellow employees or by someone not directly connected to [Company Name] (e.g., an outside vendor, consultant, or customer).

Conduct prohibited by these policies is unacceptable in the workplace and in any work-related setting outside the workplace, such as during business trips, business meetings and business-related social events.

 

Definitions

Equal employment opportunity

It is the policy of I5O Consulting Services to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, sex, sexual orientation, gender identity or expression, age, disability, marital status, citizenship, national origin, genetic information, or any other characteristic protected by law. I5O Consulting Services prohibits any such discrimination or harassment.

Retaliation

I5O Consulting Services encourages reporting of all perceived incidents of discrimination or harassment. It is the policy of [C I5O Consulting Services] to promptly and thoroughly investigate such reports. I5O Consulting Services prohibits retaliation against any individual who reports discrimination or harassment or participates in an investigation of such reports.

Sexual harassment

Sexual harassment constitutes discrimination and is illegal under federal, state and local laws. For the purposes of this policy, “sexual harassment” is defined, as in the Equal Employment Opportunity Commission Guidelines, as unwelcome sexual advances, requests for sexual favors and other verbal or physical conduct of a sexual nature when, for example: a) submission to such conduct is made either explicitly or implicitly a term or condition of an individual’s employment, b) submission to or rejection of such conduct by an individual is used as the basis for employment decisions affecting such individual, or c) such conduct has the purpose or effect of unreasonably interfering with an individual’s work performance or creating an intimidating, hostile or offensive working environment.

Title VII of the Civil Rights Act of 1964 recognizes two types of sexual harassment: a) quid pro quo and b) hostile work environment. Sexual harassment may include a range of subtle and not-so-subtle behaviors and may involve individuals of the same or different gender. Depending on the circumstances, these behaviors may include unwanted sexual advances or requests for sexual favors; sexual jokes and innuendo; verbal abuse of a sexual nature; commentary about an individual’s body, sexual prowess or sexual deficiencies; leering, whistling or touching; insulting or obscene comments or gestures; display in the workplace of sexually suggestive objects or pictures; and other physical, verbal or visual conduct of a sexual nature.

Harassment

Harassment on the basis of any other protected characteristic is also strictly prohibited. Under this policy, harassment is verbal, written or physical conduct that denigrates or shows hostility or aversion toward an individual because of his or her race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, marital status, citizenship, genetic information, or any other characteristic protected by law, or that of his or her relatives, friends or associates, and that: a) has the purpose or effect of creating an intimidating, hostile or offensive work environment, b) has the purpose or effect of unreasonably interfering with an individual’s work performance, or c) otherwise adversely affects an individual’s employment opportunities.

Harassing conduct includes epithets, slurs or negative stereotyping; threatening, intimidating or hostile acts; denigrating jokes; and written or graphic material that denigrates or shows hostility or aversion toward an individual or group that is placed on walls or elsewhere on the employer’s premises or circulated in the workplace, on company time or using company equipment by e-mail, phone (including voice messages), text messages, social networking sites or other means.

 

Procedures

I5O Consulting Services encourages reporting of all perceived incidents of discrimination, harassment, or retaliation, regardless of the offender’s identity or position. Individuals who believe that they have been the victim of such conduct should discuss their concerns with their immediate supervisor, any member of the personnel practices committee, human resources or any ombudsman. See the complaint procedure described below.

In addition, I5O Consulting Services encourages individuals who believe they are being subjected to such conduct to promptly advise the offender that his or her behavior is unwelcome and to request that it be discontinued. Often this action alone will resolve the problem. I5O Consulting Services recognizes, however, that an individual may prefer to pursue the matter through complaint procedures.

Complaint Procedure

Individuals who believe they have been the victims of conduct prohibited by this policy or believe they have witnessed such conduct should discuss their concerns with their immediate supervisor, human resources, any member of the personnel practices committee or any ombudsman.

I5O Consulting Services encourages the prompt reporting of complaints or concerns so that rapid and constructive action can be taken before relationships become irreparably strained. Therefore, while no fixed reporting period has been established, early reporting and intervention have proven to be the most effective method of resolving actual or perceived incidents of harassment.

Any reported allegations of harassment, discrimination or retaliation will be investigated promptly. The investigation may include individual interviews with the parties involved and, where necessary, with individuals who may have observed the alleged conduct or may have other relevant knowledge.

I5O Consulting Services will maintain confidentiality throughout the investigatory process to the extent consistent with adequate investigation and appropriate corrective action.

Retaliation against an individual for reporting harassment or discrimination or for participating in an investigation of a claim of harassment or discrimination is a serious violation of this policy and, like harassment or discrimination itself, will be subject to disciplinary action. Acts of retaliation should be reported immediately and will be promptly investigated and addressed.

Misconduct constituting harassment, discrimination or retaliation will be dealt with appropriately. Responsive action may include, for example, training, referral to counseling or disciplinary action such as a warning, reprimand, withholding of a promotion or pay increase, reassignment, temporary suspension without pay, or termination, as I5O Consulting Services believes appropriate under the circumstances.

If a party to a complaint does not agree with its resolution, that party may appeal to I5O Consulting Services’ executive director or the chief operating officer. False and malicious complaints of harassment, discrimination, or retaliation (as opposed to complaints that, even if erroneous, are made in good faith) may be the subject of appropriate disciplinary action. 

 


Back to top

Privacy Policy

Summary

Full policy

 


PRIVACY POLICY


Purpose

The purpose of this policy is to define the I5O Consulting Services Privacy and Data Protection Policy. The policy applies to all I5O Consulting Services data and information which stores learner and instructor data on various platforms.

 

Policy Statements

∙                       Before or at the time of collecting personal information, I5O Consulting Services will identify the purposes for which information is being collected.

∙                       I5O Consulting Services will collect and use of personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless I5O Consulting Services obtain the consent of the individual concerned or as required by law.

∙                       I5O Consulting Services will only retain personal information as long as necessary for the fulfillment of those purposes.

∙                       I5O Consulting Services will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.

∙                       Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up to date.

∙                       I5O Consulting Services will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.

∙                       I5O Consulting Services will make readily available to customers information about our policies and practices relating to the management of personal information.

 

 

Record Release

You may at any time request your educational records by completing the record release form that is located on I5O website, www.i5oconsulting.com.

 

 

I5O Consulting Services is committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.


 


Back to top