Privacy Notice

Last revision date: 24 May 2023


Moralbox (“we”, “us”, or “our”) provides a cloud-based training management system where businesses can input, manage, and analyse employee details and training records through a training matrix. This Privacy Notice explains how we collect, use, and protect your personal data when you use our services.

Data Controller is the data controller for the personal data processed through our platform. We determine the purposes and means of processing your personal data.

Contact Information

For any privacy-specific concerns or inquiries, you can reach us at:

  • Email: [email protected]
  • Address: Hope Street Xchange, Sunderland, SR1 3QD
  • Phone: 0191 580 8086

Types of Data Collected

We collect and process the following personal data:

  • Employee Information: Names, dates of birth, National Insurance numbers, UTR Numbers, contact numbers, email addresses, home addresses, job titles, department/manager, professional memberships, emergency contact details, start dates and employment status.
  • Training Data: Training history, qualifications, skills assessment results, scheduled training sessions, toolbox talk attendance, medical records, CPD event records.

We process this personal data for the following purposes:

  • To provide our training management services, as agreed in our Terms of Service. The legal basis for this processing is the performance of a contract (Article 6(1)(b) GDPR).
  • To improve and customise our services, based on our legitimate interest in providing efficiently tailored services (Article 6(1)(f) GDPR).
  • To comply with legal obligations, such as regulatory requirements pertaining to training records (Article 6(1)(c) GDPR).

Data Security and Information Management System

To protect your personal data, we have implemented a comprehensive Information Management System (IMS) that encompasses organisational, physical, and technical controls. These measures are designed to secure data from unauthorised access, alteration, disclosure, or destruction. Our security practices include, but are not limited to:

  • Encryption of data in transit and at rest.
  • Regular security assessments and audits performed by internal and external experts.
  • Strict access controls and authentication measures.
  • Employee training on data protection and security best practices.

We are committed to continually improving our data security processes and systems to ensure the highest level of protection.

Data Recipients

We may share your personal data with:

  • Service Providers: Third-party companies that provide data processing services to us (e.g., cloud hosting providers), who will process data only as instructed by us.
  • Regulatory Authorities: Where required by law or to protect our legal rights.

Data Transfer

Personal data may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It will also be processed by staff operating outside the EEA who work for us or for one of our suppliers. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.

Your Rights

Under the GDPR, you have rights including:

  • Access: You have the right to request copies of your personal data.
  • Rectification: You can request that we correct any information you believe is inaccurate.
  • Erasure: You can request that we erase your personal data, under certain conditions.
  • Restriction of Processing: You can request the restriction of processing of your personal data, under certain conditions.
  • Data Portability: You have the right to request that we transfer the data we have collected to another organisation, or directly to you, under certain conditions.

To exercise any of these rights, please contact us using the contact details provided above.

Changes to This Privacy Notice

We may update this Privacy Notice from time to time. We will notify you of any changes by posting the new Privacy Notice on this page. You are advised to review this Privacy Notice periodically for any changes.

Effective Date

This Privacy Notice was updated on and is effective as of 24/05/2023.