Customer privacy and our core beliefs
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) replaces the Data Protection Regulation (Directive 95/46/EC) from 25th May 2018. The Regulation aims to harmonise data protection legislation across the EU member states, enhancing the privacy rights for individuals.
ONCORE is, and has always been committed to protecting the privacy of its customers. We will only use the information that we collect about you lawfully and in a manner you have consented to. We collect information about you to process your order and also to provide you with the best possible services. We do not pass your information to third parties without first gaining your explicit consent.
About us and who controls your data
ONCORE ePD Limited is the owner and operator of this website. We collect and process your personal data. The data controller is ONCORE ePD Limited. Our contact details are set out below.
ONCORE ePD Limited
Telephone: 0121663 1971
ONCORE ePD websites:
Private Limited Company Registered in England & Wales number 12534644
Our lawful basis for collecting and processing your personal data
We only collect and process personal data with a sound lawful basis to do so. We collect and process data under the following lawful bases:
Consent: where you, as an individual have given clear consent to us in order to process your personal data for a specific purpose.
Contract: the processing is necessary for a contract we have with you, the customer, or because you have asked us to take specific steps before entering into a contract.
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect you, the individual’s personal data which overrides those legitimate interests.
Personal data we collect, and why we collect and process it
We may need to collect the following information from you in order to process your order, notify you of the status of your order, and in the provision of our services to you. It may be used for email marketing where you have given clear consent to receive this marketing. The information we collect will only be that required to provide you with the services you have requested, or in the fulfilment of the sales contract you are entering into with us. Additional information, such as date of birth and telephone number may be collected in order to be used for verifying your identity if we need to discuss private issues relating to your contract with us.
Date of birth
Area of work
Address (work or home) including postcode
Contact telephone number(s)
Credit or debit card details
There may be occasions when we need further information from you in the provision of an additional service, but you can be assured it will be treated in the same confidential and secure manner as any other data we collect.
Personal information third parties collect, and why they collect and process it
We use a number of third parties in the running of ONCORE ePD and in our provision of our services to you. We satisfy ourselves that these third parties meet at least the same data protection standards that ONCORE ePD expect and adhere to for both data collection, processing and storage. In some cases we have entered into an agreement with these third parties, in other cases we use their services as required. All these third parties have clear privacy policies that confirm their adherence to the GDPR or equivalent, and are freely accessible on their websites. Those that have servers that are not based in the EU conform to the EU-US Privacy Shield. Below is a list of the primary third parties that we use in a provision of a service to you.
• G Suite – email & cloud software provider
• Google Analytics – anonymous user data provider
• WP Engine – secure website hosting
• Arck Interactive LLC – secure VLE hosting
• Thinkific Inc – learning platform
• MailChimp – mailing list management
• Cognito Forms – integrated web forms
• WooCommerce – shopping cart/ecommerce
• Stripe – secure online payment system
• pCloud, Dropbox, Google Drive and Spider Oak – online data storage solutions (encrypted)
Data retention and our policy
We will retain and process your personal data for no longer than is necessary to provide you with a service, to protect your rights, where we have a legitimate interest and as required by law. We retain your personal data in accordance with the agreed legal bases as stated above, and in accordance with any legal obligation we may be subject to.
We use ‘Google Analytics’ to anonymously track the patterns of behaviour of visitors to our site. This helps us improve the way our website works for visitors.
Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our site.
Security of personal information
We ensure that any locally stored personal data is password protected and where practical, encrypted. All reasonable steps are taken to ensure the physical security of any hardware. All backup personal data stored on and off site is password protected and/or encrypted.
When you enter credit and debit card information on the ONCORE web site we use secure servers to ensure that all details are encrypted at your browser before they are sent to our third party data processors. All ONCORE websites use https secure connections, this is indicated by a green padlock in the address bar, so that your information is encrypted before being sent over the internet.
You should be aware that email correspondence is not always secure and you should take all reasonable steps not to send sensitive data using this method of communication. As an example, never send credit or debit card details via email.
Virtual Learning Environment (VLE)
The conditions and regulations contained in this privacy notice apply to both the ONCORE home website and the VLE website. However there are additional items that candidates who are using the VLE should be aware of (when referring to the VLE it also includes the Thinkific learning centre platform).
By enrolling onto a course and logging on to the VLE website, you agree to share your name, personally selected profile details, discussion forum posts and other contributions to the course, with other members of the course, tutors, moderators, and any other parties deemed appropriate or necessary by ONCORE ePD Limited under the above legal bases.
Your profile icon/avatar and name may be visible to persons not logged on to the VLE website or not enrolled onto modules. You are responsible for creating your profile and altering your privacy settings to the level that which you require, and we do not accept any responsibility for any personal profile information, or other information, being shared with or beyond the enrolled members of your course as you have the choice on what to share and how to share it.
You are responsible for the security of your account login details. You can improve security by:
• Changing your password on first accessing the VLE website
• Not sharing your login details with any other party
• Restricting browser settings so that passwords are not automatically entered
• Restricting access to your computer to prevent unauthorised
• Logging out of the VLE website every time you complete a session
When enrolled on a course with ONCORE, you agree to maintain full confidentiality with respect to matters discussed and disclosed by any candidate(s) and/or the tutor(s). You should not discuss confidential or contentious issues with any other party, in a manner which discloses any other person’s or candidate’s identity.
Any tutor content (presentations, written material, forum content or other contributing material) is the intellectual property of the course tutor and/or ONCORE ePD Limited, and if it is used in any future work by the candidate then it must be credited to that tutor and/or ONCORE ePD Limited and referenced correctly. Failure to do so may be seen as an act of plagiarism or failure to comply with the intellectual property rights of the author(s).
Know your rights under the GDPR
You have rights under the GDPR, and it is important you are aware of them. In essence they are:
1. Your right to be informed about the collection and use of your personal data.
2. Your right to access your personal data held by us.
3. Your right to have inaccurate personal data rectified, or completed if it is incomplete.
4. Your right to have your personal data held by us erased.
5. Your right to request the restriction or suppression of your personal data.
6. Your right to data portability.
7. Your right to object to the processing of your personal data in certain circumstances.
8. Your rights in relation to automated decision making and profiling.
Further information on your rights can be found on the Information Commissioner’s Office website: https://ico.org.uk/
Minor changes and addition to third party service providers and RCVS Code of Professional Conduct statement.
Clause added to VLE section regarding intellectual property.
Minor edits to allow for Limited company and change in a service provider.