GDPR and Data Protection
For GDPR and Data protection reasons, my360plus follows strict security procedures in the storage and disclosure of personal data, to prevent unauthorised access. This is in accordance with data protection legislation in the UK, EU and elsewhere.
How we manage feedback and personal data
If you are a subject (Participant) completing a my360plus assessment, we will process personal data from you and your Observers, in order to create a report.
If you are undertaking a my360plus assessment with your employer, then, by submitting this information you grant us the right to share this information with your employer.
We do not sell, rent or exchange your personal information with any other third party for any reason.
The full detail is available as a downloadable document here: GDPR statement
My360plus is owned by the Forton Group Ltd, registered with the ICO under registration reference Z6898165
Registered Office: College Farm, Main Street, Willoughby, Rugby, Warwickshire, CV23 8BH, United Kingdom
For all GDPR enquiries contact (‘info at my360plus dot com’) marked
We support both the spirit and letter of the GDPR.
The Forton Group Ltd is registered with the ICO under registration reference Z6898165; see https://ico.org.uk/ for details about ICO.
DATA held for the purposes of delivering my360plus services
Our lawful basis for holding data is for the purposes of enquiries, education, and training, and for the my360plus service.
Enquiries: Information provision.
We provide information in response to enquiries from organisations or members of the public using the following data:
- Job title
- Address (if printed material requested)
Education and training – we hold the following student data
- Job title
- Address (if printed material requested)
Specifically, for Chartered Management Institute (CMI) educational requirements, we may additionally hold the following data
- Date of Birth
- Professional body registrant or membership number (e.g. GDC)
Specifically, for International Coach Federation (ICF) educational and accreditation requirements, we may pass relevant data outside the EU (to the UK and USA).
Users of the Forton Group online learning management system (LMS) are registered on the ‘Full Partner’ LMS. Their name and email data (accessible via password) will be held outside the EU (UK and USA). LMS users control their own passwords, so that they can use the LMS system.
Educational data must be held for up to three years, so that record keeping and verification may be used to achieve professional qualifications.
The my360plus online survey system collects three types of data:
- Customer administration data for dashboard access
- Participant data
- Observer data
The my360plus Legacy System
In August 2018, The Forton Group Ltd bought the my360plus service and reviewed the underpinning software system. In November 2018 an upgrade was launched. This includes the removal of the need to ask for gender and date of birth details. At the time of writing (February 2019), it is expected that the transfer to the upgraded system will happen by the 1st April 2019.
Until that point the current system will collect gender details for the purpose of the emails sent to observers (to refer to the participant by their personal pronoun) and their date of birth. Until this new system can be put in place, we advise participants to use a nominal date of birth, such as 01-01-1900.
GDPR and data protection control and removal
Administration and Participants control their username and email address under password, so that they can access the dashboard (Administrators), their subscription (Participants) and reports.
- Administrators can be removed at any time and should be removed on change of role
- Data from enquiries or information provision can be removed at any time.
- Participant personal data can be removed 1 year after completion of the annual subscription, or renewed, on request.
- Student data can be removed after 3 years.
GDPR and data protection storage and sharing
We have documented what personal data we hold, where it came from, who we share it with and what we do with it.
We store data through third party suppliers in these ways:
- Mailing systems: Lifeboat marketing and Outlook
- Dropbox secure file storage system
- Learning Management Systems (Full Partner)
- Live Virtual Classroom Service (Zoom)
- Conference Calling service (Powwownow)
We have written agreements with suppliers to secure your data. We have compliance processes in the event of a security breach. This includes the security of personal data processed by others on our behalf that is transferred outside the European Economic Area (e.g. cloud storage).
Right of access & right to object
You can access the data/ information we hold on you by providing
- a valid email address
- proof of name
- sent to the contact details ‘info at my360plus dot com’
We will respond within 14 days; part of our process is to check the name/email given.
Current Registered Students, Administrators and Participants can update their own data, using their Username and Password.
You have the right to object to our holding data.
GDPR and data protection privacy notice
- The Lead Data Protection Officer and Controller is Helen Caton-Hughes, Managing Director.
- We train all Staff, Faculty Members, Partners and Associates in our policies and in the GDPR requirements, in order to provide the best possible service using the minimum personal data.
- Our non-EU regional Directors also receive training in the GDPR and data protection requirements.
- Your right to rectification If your data is incorrect, we will update it within 14 days of notice.
- We will contact you annually to confirm your data is correct and that (in the case of information provision) you wish to remain on our database.
- For students, we will contact you at the end of 3 years from the start date of your education programme to check whether you wish to remain on the database.
We make all reasonable efforts to dispose of data safely.
Your right to restrict access
You have a right to expect us to restrict access to your data for the purposes you choose, so that you can maintain optimum privacy.
We offer the following restrictions:
- Registered Participant
- Psychometric tools – User, Observer or Rater
- Corporate client
- my360plus reports, for individuals and teams
- Other educational materials or courses (video, audio, written)
Leadership • Coaching & Mentoring • Psychometric tools (e.g. my360plus) • Accredited qualification programmes • ELearning Student
GDPR and data protection: Legitimate Interest Assessment and Statement
The Forton Group provides research, education, leadership development and coaching services. We operate through a range of brands and companies, for the purposes of individual leadership and management development, and for team development:
- The Forton Group Limited
- The Leadership Coach Limited
- Dental Coaching Academy Limited
- Professional Leadership Coaching
- Dental Education Centre
- Igniting Excellence in leadership
What is Forton’s “Legitimate Interest”?
The Forton Group is an educational organisation which specialises in leadership development and coaching, so that organisations are more successful and leaders and managers feel more fulfilled. The International Coach Federation and the (UK) Chartered Management Institute accredits the Forton Group for the purpose of awarding professional qualifications. It registers my360plus participants; training course participants (‘students’), so that they can learn and develop professionally, through in-person and virtual (digital) methods, receiving feedback reports, accessing reading, audio and visual materials.
These are the definitions we use to describe who is registered on the system, and by whom
- A Participant – by their employer for the purpose of undertaking a self-assessment and receiving online 360 degree feedback from observers.
- An Observer – by their employer, or by a colleague, for the purpose of giving online 360 degree feedback to participants.
- An Administrator – registered with the permission of their employer, so that they can administer the my360plus dashboard on behalf of their employer.
- A Partner is a customer of my360plus, for the purpose of acting as supplier to an end-user client of the my360plus service.
- A Partner may also be an Administrator for the purpose of managing the my360plus dashboard.
- A Student is someone who registers for some educational material themselves, or by their employer for the purpose of accessing the LMS.
Participants, Observers, Partners, Students and Administrators are registered via email, websites, the my360plus system and the Forton Learning Management System (LMS), so that they can access and use the system.
GDPR and data protection privacy notice
For all GDPR enquiries contact email@example.com
We inform customers and partners who register clients or staff members for the purpose of using the my360plus services of the following statement:
“For development purposes (using the my360plus system) we will keep participant and observer records for a minimum of one year (the standard my360plus subscription term) and after that for the purpose of renewing the subscription at the request of the Customer or Partner. We keep the minimum possible data. After this point, personal data is removed and remaining data used for the purpose of anonymous verification of the my360plus benchmarking data.”
We inform individual or corporate customers who train staff members of the following statement:
“For educational purposes (leadership development and/or coaching) we will keep student records for a minimum of three years and after that for the purposes of providing proof of attendance/completion to the student (e.g. for attendance dates/lost certificates/letters etc) or at the request of ICF/CMI or other accrediting bodies. We supply the minimum possible data. Students can opt out at any time, on the understanding that the Forton Group will be unable to provide attendance evidence once the student has opted out.”
Why data processing is necessary to deliver the service
Personal data is necessary to:
- Prepare the report. E.g. email instructions, reminders or development goals to Participants and/or Observers.
- Maintain the dashboard records, so that Administrators can track progress.
- Communicate between the Partner and/or Customer and my360plus, so that any issues are addressed.
- Email any written educational material, logistics information (e.g. date/time of event, location, access passwords etc)
- Use Username and Passwords, in order to to access student-only learning materials
- Keep records in order to produce certificates and inform any relevant accrediting bodies
Forton balances this need against the individual’s interests, rights and freedoms, in order to provide the services, as follows:
- Keep minimum data necessary (usually name, email, phone number, and address if printed materials are sent by post), in order to use the relevant service.
- Keep any additional data only if required by an accrediting or professional body (e.g. date of birth (CMI) or professional registrant number (GDC)
- Students/Participants/Observers/Administrators can opt out at any time, on the understanding that the Forton Group will be unable to provide materials or evidence once the person has opted out.
GDPR and data protection consent
Consent is not a pre-condition of a service. However, withholding or removal of consent does have practical implications. EG the Forton Group will be unable to provide logistical information, participant reports, educational services or attendance evidence once a relevant person has opted out.