Indigo Business Services Limited is registered in the UK (4255867). We deliver training workshops, educational products and consultancy services for business use (our products and services). We predominantly operate within the B2B and B2G markets worldwide. We are committed to respecting the personal information you supply to us.
Indigo Business Services Limited is Cyber Essentials Certified - obtaining annual certification (last certification 30 August 2023).
This Privacy Notice refers to personal data, this is defined as information concerning any living person (a natural person) that is not already in the public domain. We are providing this statement to be transparent about how we collect, store and process an individual’s and organisational data. We want you to understand your enhanced rights and our increased accountability when we process and store your information.
We act as a Data Controller when personal data is provided by the individual; given as a referral; purchased through a third party or is public information that we have researched. Where the data is provided by an employer, we will act as Data Processor if specifically requested by them. This data will be held on our systems, these are protected by firewalls, secure passwords and encryption. The information we collect is for use in a business-to-business context, and unless provided by you, we will not hold any home addresses or non-business information, unless specifically requested to.
Our head office is based in Kingston Upon Thames (UK). Our finance office is based in Ely (UK).
Address Indigo Business Services Limited, Unit 2, The Factory, 2 Acre Road, Kingston Upon Thames, KT2 6EF, United Kingdom
This Privacy Notice will advise:
- Your rights regarding your data.
- The information we collect.
- Why we collect it.
- What we do not collect or store.
- How we collect the data.
- Security and performance.
- Cookies and our website.
- How we use your data.
- Our trainers and other organisations we work with.
- Credit card security.
- Openness principle.
- Making a complaint.
At any point whilst we are in possession of or processing your personal data, subject to acceptable proof of identification, you have the following rights:
1.1 Right to restriction of processing - You have a right to restrict the way we process your data. You can opt-out of any or all forms of communication at any time, on our emails or by emailing us with your instruction – firstname.lastname@example.org
1.2 Right of access - You have the right to request a copy of the information that we hold about you. At your request, we can confirm what information we hold about you and how it is processed. We will accept the following forms of ID when information on your personal data is requested:
- A copy of your driving licence or passport with confirmation of your business address. If we are dissatisfied with the quality, further information may be sought before personal data can be released. This information will be held on file along with your request for the information.
- All requests should be made to email@example.com or by writing to us at the address below.
- In the event that we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
1.3 Right of rectification - You have a right to correct data that we hold about you that is inaccurate or incomplete. Please email us to change this information – firstname.lastname@example.org
1.4 Right to be forgotten - In certain circumstances you can ask for the data we hold about you to be erased from our records, this will include contact information, opt-out requests, previous communications and evidence of workshops attended, financial records will be kept for legal purposes. This will not prevent us from repurchasing your contact data. Financial records are stored on a limited access, secure system. Please email if you would like us to action this instruction - email@example.com. To prevent us repurchasing your contact information it is more effective for you to opt-out of any or all forms of communication. This will mean your information remains stored on our database but marked with a suppression. You can do this at any time on our marketing emails or by emailing us with your opt-out instruction – firstname.lastname@example.org
1.5 Right of portability - You have the right to have the data we hold about you transferred to another organisation. Please email us to request this – email@example.com
1.6 Right to object - You have the right to object to certain types of processing such as direct marketing. You can opt-out of any or all forms of communication at any time on our marketing emails or by emailing us with your instruction – firstname.lastname@example.org
1.7 Right to object to automated processing, including profiling - We profile your data to contact you with personalised and targeted services. We use two third-party services, Google Analytics and Act-On, to collect details of visitor behaviour patterns, including records of the online content you access or visit, and the products attended or enquired about. We merge this with our central database, we do this using cookies. You can stop cookies being installed on your computer. More information on how to do this can be found at ‘allaboutcookies.org’ (external site): https://allaboutcookies.org/how-to-clear-cookies
The information we collect and store about you and your business encompasses all the details we hold about you. It includes sales transactions and will be combined with third-party information we have obtained about you from public sources and our own suppliers such as credit reference agencies and list brokers.
We do not sell, rent or give your information to any other organisation for them to use it to sell or market to you. Other organisations will receive your information when they provide a service for us, which may benefit you (e.g. our licence holders to record your workshop attendance; for a trainer to contact you regarding what you’ve purchased or are attending; or a mailing house to send you a brochure – a full list is available on request). We only provide them with the information that they need to be able to provide the service, not sell access to your records held with us.
We collect the following information (each may have varying degrees of data):
- Name, title, company name, company address, company turnover and number of employees, industry type.
- Contact information including email address, phone number, Twitter and LinkedIn URLs.
- Reasonable adjustment and dietary requirement information will be stored and passed to third parties to ensure we follow your instructions and make you as comfortable as possible. These third parties include (but not limited to) trainers, venues, material providers and licence holders. This data is not used for any other purposes.
- A record of events and products enquired about, purchased or attended.
- Copies of contracts and business correspondence between us.
- Other information that you enter on forms or surveys - before, during or after our events, on this website or on our partner websites.
- Information about your activity on our websites and emails (using cookies).
- A record of any communication or activity with us, on our events or whilst on our website.
We collect the information needed to be able to provide you with the products and services purchased and promotional marketing correspondence. We do not sell, rent or give your information to any other organisation for them to use to sell or market to you. Coincidentally there may be times when your information could be contained in data that we have been given (when you have been referred), purchased from a third-party list broker, or received from your organisation so that we can fulfil contractual agreements.
The information we collect will be relevant to the purposes for which it is to be used:
- Where legally required – For reporting on financial and legal obligations where required by UK and International law.
- To fulfil and record contractual agreements with you and/or your employer – To respond to enquiries, supply requested information, deliver our products and services: pre-, during and post-event.
- To measure the effectiveness of, and develop new products and services – Allowing us to ensure what we are offering is suitable for you and the current marketplace. We will do this through Legitimate Interest.
- To advise and inform you of our training workshops and educational services – Those that are relevant to you in your job. Our products and services are proven to help improve the lifelong business, management and leadership skills of individuals. This is the basis that we will promote our products and services to you (Legitimate Interest). All marketing communication provides a means to unsubscribe.
- To provide evidence of attendance/learning – To reissue certificates or letters confirming attendance where required and necessary.
- To ensure we suppress you from contact – When you’ve requested not to receive information from us, or our information is no longer relevant, or are no longer employed by your organisation.
- If you are employed by us or providing services to us – We will collect, process and store this information as a part of our relationship and any contractual agreements we have in place.
We will do our utmost to ensure that such data will be accurate, complete and kept up-to-date. If we have the wrong information for you please let us know and we will correct it. Please email us to change this information – email@example.com
We do not need, collect or store sensitive information that includes age, sexuality, religious or spiritual information. Such information will be immediately destroyed if it is received. Reasonable adjustment and dietary requirement information will be stored and passed to third parties to ensure we follow your instructions and make you as comfortable as possible. These third parties include (but not limited to) trainers, venues, material providers and licence holders. This data is not used for any other purposes.
5.1 When you contact us - When you contact us (by phone, email, letter, through a website or third-party) we will create a record for you in our database. We will also store information about your enquiry/contact and all future correspondence between us will be saved. This information may be combined with other information we may hold about you (using cookies). Our teams may contact you via phone, email, electronic document or letter. You can opt-out of any or all forms of communication at any time or email us with your instruction – firstname.lastname@example.org
5.2 When you buy from us - When you purchase any of our products or services we will record the financial elements of the sale onto our accountancy software Quickbooks. There will be identifiable information (contact name, telephone and email; company name; finance address; delegate names, what purchased and the amounts paid) collected, processed and stored to be able to legally keep these financial records, this is in addition to the records created on our database. This information will be used to send invoices, reminders and financial statements. It will be shared with our third-party management accountant and when required by legislative bodies (e.g. HMRC). This information is held securely with limited access and is not used for marketing purposes.
There are third-party service providers and licence holders that we will pass your details to. Please see ‘Our trainers and organisations we work with.’
5.3 Our website - When you visit our website we use two third-party services, Google Analytics and Act-On, to collect standard internet log information, details of visitor behaviour patterns, form and survey completions. We also collect information regarding which pages users access or visit using cookies. This information helps us to ensure we are providing the most relevant information to you. You can stop cookies being installed on your computer at any time. More information on how to do this can be found at ‘allaboutcookies.org’: https://allaboutcookies.org/how-to-clear-cookies (external site)
Our Web servers collect the domain names of visitors to our sites. This information is aggregated to determine number of visits, average time spent, pages viewed, etc. We use this information to measure site usage, as well as to improve the content and value of our site.
Our website is developed and hosted by Revolution Software. Personal information is collected on the site and held in our database when you enquire, book a workshop or work with us as an accredited trainer. This information is then transferred to our main database. We do not store any payment information on the website.
Credit/Debit card information is collected and stored by our payment partner. We do not hold any credit/debit card information on our website or database. If credit/debit card information is taken in hard copy this information is entered into our PDQ machine and database, then destroyed.
5.4 When you complete a form or survey - We use a third party provider, Act-On, to deliver our forms and surveys. We gather statistics around form completion and clicks using industry standard technologies including clear gifs to help us monitor and improve the ways we communicate. For more information, please see Act-On’s Privacy Notice (external site). Act-On is ISO27001 Certified (internationally recognised standard for managing information security).
This information will be electronically stored with personally identifiable information. We use this information to contact and market to you under Legitimate Interest. To prevent further contact you can unsubscribe from marketing emails at any time using the link on the email.
We sometimes share the information provided on forms and surveys in our marketing. When the information is shared or used collectively for marketing and statistical purposes, it will be anonymised.
5.5 Our blog - WordPress - We use a third-party service, WordPress.com, to publish our blog. These sites are hosted at WordPress.com, which is run by Automattic Inc. We use Act-On to collect information about users' activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it (using cookies). WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic's privacy notice: https://automattic.com/privacy/
5.8 Purchasing data - We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data. We may combine this data with information we already have about you. This helps us to de-dupe, update, expand and analyse our records, identify new customers, and provide products and services that may be of interest to you using Legitimate Interest. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. We record the initial source of your data and additional updates. This information is available on request.
5.9 When we research your information - We often use the internet and business directories to research organisations and their people. It should be noted that current data protection legislation does not apply to information already in the public domain such as Companies House data. When we find this information we will record it and use it to market to you under Legitimate Interest. You still have the same rights regarding your data and can unsubscribe from marketing emails at any time. We record the initial source of your data and additional updates. This information is available on request.
5.10 enewsletter, email marketing, web activity, surveys and forms - We use a third-party provider, Act-On, to deliver our enewsletters, email marketing, web activity, surveys and forms. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve the ways we communicate. For more information, please see Act-On’s privacy notice. Act-On is ISO27001 Certified (internationally recognised standard for managing information security).
5.11 Pre-, during and post-workshops and events - If you are booked to attend one of our workshops or events we will record your information. We will also record your attendance or non-attendance to our events. If this has been booked by your organisation or a third-party, this attendance information will be passed to them.
5.11.1 Online workshops, meetings and webinars - We use a number of third-party platforms to deliver online workshops, meetings and webinars. Any information collected, processed or stored by these third-party platforms shall be limited to the purpose of providing and operating the services for Indigo Business Services Limited. Where an indigo Platform is used, this will be a paid for, fully secure platform.
The full list of platforms used include:
- Microsoft Teams delivery plattform – (when installed on the users IT) - this platform collects, process and store event-based information. https://privacy.microsoft.com/en-gb/privacystatement
- Cisco Webex - data privacy information – this platform collects, process and store event-based information. https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/cisco-webex-meetings-privacy-data-sheet.pdf
- Customers’ own learning platforms – we often deliver using a platform that is bespoke to or specified by the client (your organisation). We have limited access to these systems and do not transfer any information from them to our own databases. The systems will only be used by our employees and client approved third parties. We recommend contacting your manager or local HR team for more information if this is applicable to you.
- Online workbooks and materials – we and our licence holders use a number of third-party online hosting platforms to provide online workbooks and training materials. These providers all comply with GDPR regulations. Delegates will be asked to provide their personal information to register and download their materials. The providers will take the responsibility as data processors and host their own privacy statements. Indigo are not able to access the information given to these providers.
5.12 Before and after workshops and events - We collect information on our delegate journey before and after workshops. This information will be electronically stored with personally identifiable information. This information will be shared with your trainer to ensure we meet your personal and organisational objectives. The information may also be shared with the organisation paying for the product or service. When the information is shared or used collectively for marketing and statistical purposes, it will be anonymised.
5.13 Workshop evaluation forms - At the end of every workshop or event we will request that you complete a workshop evaluation form. This information will help us to measure the effectiveness of our trainers, the training materials and improvements required to our products. This information will also be provided to the purchasing organisation.
The completed paper forms will be entered into our database, scanned and securely stored on our servers. The physical copies will then be destroyed.
5.14 You’ve been referred to us - We collect referrals verbally and on our workshop evaluation forms. When you’ve been referred we will contact you by email or phone and advise who has referred you, what they attended and what they thought you would be interested in. To prevent further contact you can unsubscribe at any time using the link on our emails or by contacting us – email@example.com
5.15 At public exhibitions and events - We often attend public exhibitions and events where we may have a physical presence or sponsorship package. Your details will be collected, processed and sorted. We will use this information to answer any queries you had or to market to you with Legitimate Interest. To prevent further contact you can unsubscribe at any time using the link on our emails or by contacting us.
5.16 Data collected through third-parties - We work with third-parties to promote our products and services. By providing your details to them they are obliged to pass them to us to answer any queries you had or to market to you with Legitimate Interest. To prevent further contact you can unsubscribe at any time using the link on our emails or by contacting us.
We use Revolution Software to help maintain the security and performance of our websites. To deliver this service it processes the IP addresses of visitors to the websites.
Our databases and third-party IT providers are all industry standard and provide high-levels of encrypted security. We use passwords to access systems, servers and any electronic devices used. Our database is password and location controlled. We have the ability to revoke access should the need arise to any systems that contain personal information.
Our IT equipment is firewall and password protected, running up-to-date virus software.
Our Web servers collect the domain names of visitors to our sites. This information is aggregated to determine number of visits, average time spent, pages viewed, etc. We use this information to measure site usage, as well as to improve the content and value of our site.
8.1 Disclosure - We may on occasions pass your personal information to third parties exclusively to process work on our behalf. We require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and UK Legislation. We do not sell, rent or give your information to any other organisation for them to market their own products and services. However, we may disclose your personal information to meet legal obligations, regulations or valid governmental request. We may also enforce our Terms and Conditions, including investigating potential violations of our Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of Indigo Business Services Limited, our clients and/or the wider community.
8.2 Retention - We will process personal data during the duration of any contract and will continue to store only the personal data needed for 10 years after our last contact with you. This is to meet any legal obligations and historical requests from you. After 10 years any personal data not being used to contact you under contractual obligation or used under legitimate interest to market to you will be deleted.
We will keep opt-out information indefinitely (unless you ‘Request to be forgotten’). This will prevent us from buying your data in from another source or marketing to you because we’ve deleted your information. We will need to retain minimal contact information (name, job title, company name, postal address, email address, phone number(s)) to ensure we do not contact you. We will also retain any contractual information we hold legal obligations and historical requests from you. We will delete all other information 10 years after our last contact with you.
If you have attended one of our workshops we will keep this information, with minimal contact information indefinitely (unless you advise us otherwise). This is so that we can identify you and reissue attendance certificates at you or your organisation’s request.
Employee records will be held for six years after termination of employment. Records for those candidates who have applied for positions with us, having been unsuccessful or having declined a position, will be held for six months. It will then be destroyed.
8.3 Data storage -
Indigo’s database is located and stored in London (North and West). The database provider builds and serves each instance from multiple geographically diverse data centres to avoid single points of failure in our infrastructure. This design supports continuous availability. At any given time, the instance is actively served from one location with transactions replicated in near real-time across two or more availability zones in completely redundant, separate locations. There are regular site switches between the locations and servers within the EU for maintenance, compliance and disaster recovery purposes.
Our marketing database and email marketing platform stores data on EU servers (based in Ireland). Data is not transferred across servers.
Our office server is located in Richmond, UK and protected by electric and key security. Server files are encrypted and backed up within the UK.
Other business servers:
Microsoft Sharepoint and Teams data is processed in UK data centres.
Zoom Video Communications processes data in EU data centres, delegates are not required to register to use this platform.
Office 365 email is processed in EU data centres.
Online materials (used for online/blended workshops ONLY):
Indigo workshop materials and evaluations for all online workshops - are hosted on our marketing database and email marketing platform.
Edward de Bono Limited workbooks - are hosted by Wix Limited (https://www.wix.com/about/privacy). User's personal information (first name, last name, email address provided) is controlled by Wix.com Ltd. in Israel, which the European Commission considers as a country offering an adequate level of protection for the Personal Information of E.U. Member State residents. If delegates are in Europe, the U.K., or Switzerland, when Wix transfer your Personal Information to a location outside of Europe, they will make sure that (i) there is a level of protection deemed adequate by the European Commission or (ii) that the relevant Standard Contractual Clauses are in place (i.e., the applicable module of the Standard Contractual Clauses for the transfer of personal data to third countries pursuant to Regulation (E.U.) 2016/679 of the European Parliament and of the Council from June 4, 2021, as available here, and the ICO’s International Data Transfer Addendum to the E.U. Commission Standard Contractual Clauses version B1.0, in force from 21 March 2022, as it is revised under Section 18 of its Mandatory Clauses).
Think on your Feet® International workbooks - are hosted by Kortext (https://www.kortext.com/privacy-policy/). User's personal information (first name, last name, email address provided) is controlled by Kortext UK and is stored on their own and Azures’, secure servers which are located within the European Economic Area (EEA). Kortext do not transfer to or store information in the USA. Azure database is held on secure servers, which are located within the European Economic Area (EEA) (UK South and France Central). Azure do not transfer to or store information in the USA. Data in Azure Storage is encrypted and decrypted transparently using 256-bit AES encryption, and is FIPS 140-2 compliant. Kortext group company is located in Canada may have access to all servers from time to time to undertake development and maintenance of the site; Canada is a country which has been deemed ‘safe’ by the European Commission for the transfer of personal data. If delegates are based outside the EEA, information may be transferred and/or stored outside the EEA in order to provide you with services.
Other suppliers who may process data:
Our supplier databases are worldwide, with information securely stored and encrypted. We use suppliers (courier companies) to send materials to a venue, organisation or individual/venues to host events (located throughout the world) – dependent on delivery/client location – these organisations have servers hosted in the EU/USA. The information that they are given would be personal data, it is minimal but could include name, job title, company, telephone and business address (so that we can get the materials to them/so they know who to expect for security purposes). This is where information could be processed outside of the UK, EEA or USA dependent on the location we are sending to/delivering. Where suppliers use US data storage, we require that providers reference their Binding Corporate Rules, Privacy Shield certification, and the European Commission’s model clauses, legalising transfers of EU personal data outside of the EU.
We work with other individuals, third-parties and contractors to deliver our products, services and marketing activities. We only provide them with the information they require to be able to fulfil their contract with us. These partners include:
- Our service suppliers (e.g. IT providers, mailing houses, venues, shipping companies, management accountants, licence holders, etc.) who are necessary to fulfil a contract we have with you or who supply us with marketing fulfilment services. In order for them to work with us we command the same stringent data security as us.
- Our trainers and expert consultants who have other business interests. Should you request a consultation or workshop it will be necessary to pass your details to the chosen partner. We will do this with your permission. In order for them to work with us we command the same stringent data security as us.
- Licence holders (when accrediting as a trainer). As a part of continuing quality assurance and registration of your right to deliver their copyright and content you will enter into a contract with that organisation. It will be necessary for us to provide contact and accreditation outcome information to them to fulfil the requirements of your accreditation. This will mean that both parties (us and them) will collect, process and store your information. We command the same stringent data security as us, however in this case the liability for your data is passed to them.
Any third-party organisations that we work with are not permitted to contact you directly, unless this has been agreed with you. Should this happen please inform us immediately.
9.1 Licensed workshops - When you purchase or attend one of our licenced workshops your data may be passed to the licence owner. This will only be used by them to ensure that Indigo Business Services Limited is representing their brand correctly, adhering to licensing requirements and offering the service their product requires. In order for them to work with us we command the same stringent data security as us.
We profile your data to contact you with personalised and targeted services. We use two third-party services, Google Analytics and Act-On, to collect details of visitor behaviour patterns, which pages users access or visit, and the products attended or enquired about. We do this using cookies. This information helps us to ensure we are providing the most relevant information to you. You can stop cookies being installed on your computer at any time. More information on how to do this can be found at ‘allaboutcookies.org’: https://allaboutcookies.org/how-to-clear-cookies (external site)
Credit/debit card information is collected and stored by our payment partner (Barclays). We do not hold any credit/debit card information on our website or database. If credit/debit card information is taken in hard copy this information is entered into our PDQ machine, then securely shredded. We do not store your credit/debit card number. Copies of receipts and payment confirmations are securely held in our finance system (Quickbooks) and with the processing company (Barclays).
We want our customers and prospective customers to feel comfortable with the way we collect, store and process their data. As a business we have the following Openness Principle for our prospects, customers, employees and partners. We will be open about:
- What personal data we are collecting.
- How we use and profile personal data.
- The way personal data is shared.
- The way personal data is secured.
- Your rights.
In the event that you wish to make a complaint about how your personal data is being processed by us or our partners, you have the right to complain to Indigo Business Services Limited’s Managing Director. If you do not get a response within 30 days you can complain to the Information Commissioner’s Office.
The details for each of these contacts are:
The Managing Director (DP), Indigo Business Services Limited, Unit 2, The Factory, 2 Acre Road, Kingston Upon Thames, KT2 6EF, United Kingdom Telephone +44 (0)20 3836 8640 or email firstname.lastname@example.org
ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom Telephone +44 (0)303 123 1113 or online