Data protection policy
Centre Polices Version 2.1, December 2016
Data Protection Policy
Introduction
The Centre is fully committed to compliance with the requirements of the Data Protection Act 1998 (“the
Act”), which came into force on the 1 st March 2000. Therefore follow procedures that aim to ensure that all
employees, elected members, contractors, agents, consultants, partners or other servants of the centre who
have access to any personal data held by or on behalf of the centre, are fully aware of and abide by their
duties and responsibilities under the Act.
Statement of policy
In order to operate efficiently, the centre will collect and use information about people with whom it works.
These may include members of the public, current, past and prospective employees, clients and customers,
and suppliers. In addition, it may be required by law to collect and use information in order to comply with
the requirements of central government. This personal information must be handled and dealt with properly,
however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by
any other means, and there are safeguards within the Act to ensure this.
The centre regards the lawful and correct treatment of personal information as very important to its successful
operations and to maintaining confidence between the centre and those with whom it carries out business.
The centre will ensure that it treats personal information lawfully and correctly.
To this end the centre fully endorses and adheres to the Principles of Data Protection as set out in the Data
Protection Act 1998.
The principles of data protection
The Act stipulates that anyone processing personal data must comply with Eight Principles of good practice.
These Principles are legally enforceable.
The Principles require that personal information:
1. Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met;
2. Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
3. Shall be adequate, relevant and not excess ive in relation to the purpose or purposes for which it is processed;
4. Shall be accurate and where necessary, kept up to date;
5. Shall not be kept for longer than is necessary for that purpose or those purposes;
6. Shall be processed in accordance with the rights of data subjects under the Act;
7. Shall be kept secure i.e. protected by an appropriate degree of security;
8. Shall not be transferred to a country or territory outside the European Economic Area, unless that
country or territory ensures an adequate level of data protection.
The Act provides conditions for the processing of any personal data. It also makes a distinction between
personal data and “sensitive” personal data
.
Personal data is defined as, data relating to a living individual who can be identified from:
• That data;
•That data and other information which is in the possession of, or is likely to come into the possession of the data controller and includes an expression of opinion about the individual and any indication of the intentions of the data controller, or any other person in respect of the individual.
Sensitive personal data is defined as personal data consisting of information as to:
• Racial or ethnic origin;
• Political opinion;
• Religious or other beliefs;
• Trade union membership;
• Physical or mental health or condition;
• Sexual life;
•Criminal proceedings or convictions.
Handling of personal/sensitive information
The centre will, through appropriate management and the use of strict criteria and controls:
• Observe fully conditions regarding the fair collection and use of personal information;
• Meet its legal obligations to specify the purpose for which information is used;
• Collect and process appropriate information and only to the extent that it is needed to fulfil operational
needs or to comply with any legal requirements;
• Ensure the quality of information used;
• Apply strict checks to determine the length of time information is held;
• Take appropriate technical and organisational security measures to safeguard personal information;
• Ensure that personal information is not transferred abroad without suitable sa
feguards;
• Ensure that the rights of people about whom the information is held can be fully exercised under the Act.
These include:
• The right to be informed that processing is being undertaken;
• The right of access to one’s personal information within the statutory 40 days;
• The right to prevent processing in certain circumstances;
• The right to correct, rectify, block or erase information regarded as wrong information.
In addition, the centre will ensure that:
• There is someone with specific responsibility for data protection in the organisation;
• Everyone managing and handling personal information understands that they are contractually responsible
for following good data protection practice;
• Everyone managing and handling personal information is appropriately trained to do so;
• Everyone managing and handling personal information is appropriately supervised;
• Anyone wanting to make enquiries about handling personal information, whether a me
mber of staff or a member of the public, knows what to do;
• Queries about handling personal information are promptly and courteously dealt with;
• Methods of handling personal information are regularly assessed and evaluated;
• Performance with handling personal information is regularly assessed and evaluated;
• Data sharing is carried out under a written agreement, setting out the scope and limits of the sharing. Any
disclosure of personal data will be in compliance with approved procedures.
All elected members are to be made fully aware of this policy and of their duties and responsibilities under
the Act. All managers and staff within the centre directorates will take steps to ensure that personal data is kept secure
at all times against unauthorised or unlawful loss or disclosure and in particular will ensure that:
• Paper files and other records or documents containing personal/sensitive data are kept in a secure
environment;
• Personal data held on computers and computer systems is protected by the use of secure passwords,
which where possible have forced changes periodically;
• Individual passwords should be such that they are not easily compromised.
All contractors, consultants, partners or other servants or agents must:
• Ensure that they and all of their staff who have access to personal data held or processed for or on behalf of us, are aware of this policy and are fully trained in and are aware of their duties and responsibilities under the Act. Any breach of any provision of the Act will be deemed as being a breach of any contract between an individual, company, partner or firm;
• Allow data protection audits of data held on its behalf (if requested);
• Indemnify against any prosecutions, claims, proceedings, actions or payments of compensation or damages, without limitation.
All contractors who are users of personal information supplied by the centre will be required to confirm that they will abide by the requirements of the Act with regard to information supplied by the centre.
Implementation
The centre will have appointed a Corporate Information Officer. Designated officers have also been identified in all directorates. These officers will be responsible for ensuring that the Policy is implemented. Implementation will be led and monitored by the Information Officer. The Corporate Information Officer will also have overall responsibility for:
• The provision of cascade data protection training, for staff within the centre.
• For the development of best practice guidelines.
• For carrying out compliance checks to ensure adherence, throughout the authority, with the Data Protection Act.
Notification to the Information Commissioner
The Information Commissioner maintains a public register of data controllers. The centre is registered as such.
The Data Protection Act 1998 requires every data controller who is processing personal data, to notify and renew their notification, on an annual basis. Failure to do so is a criminal offence.
To this end the designated officers will be responsible for notifying and updating the Information Officer of the processing of personal data, within their directorate.
The Information Officer will review the Data Protection Register with designated officers annually, prior to notification to the Information Commissioner.
Any changes to the register must be notified to the Information Commissioner, within 28 days.
To this end, any changes made between reviews will be brought to the attention of the Information Officer immediately.
By becoming a ProTrainings Centre, all Centres hereby confirm to adhere in line with this policy.
In addition, you consent to information being shared with Training Qualifications UK
Sampling
All assessors will be sampled over a defined period of time, including peripatetic assessors and those based at satellite centres. Internal verification will not be viewed as an ‘end process’, interim (formative) and summative decisions will be included in the sampling. New and less experienced assessors will be sampled at a minimum of a quarterly basis.
Samples will be made from every candidate category or group, e.g. age and gender, new starters, mid-term and learners who have been working with our ProTrainings instructors for some time.
Standardising Assessment Practice
Standarisation meetings will be held with the full team, this will include all assessors, the IV and senior management. The meetings will help to develop a supportive, non-threatening environment where assessors are able to share issues and concerns in order to ensure each assessor makes valid assessment
decisions.
The meetings will focus on areas such as revisions to standards where appropriate, problems with generating evidence, the validity and sufficiency of evidence, the different approaches by assessors and candidate progress. The minutes from all meetings will be distributed to attendees and all action points monitored to ensure implementation.
Developing and supporting assessors
All assessors will be provided with an induction programme and issued with their own copy of the standards. They will be allocated a suitable number of candidates and provided with information about their location and any particular assessment requirements they may have. All assessments methods used by the assessors will be monitored and regular support meetings will be held to identify training, occupational or professional development needs.
Privacy Policy
This privacy policy sets out how the Centre uses and protects any information that you give the Centre when you use ProTrainings website ww.profaw.co.uk
The Centre is committed to ensuring that your privacy is protected. Should we ask learners or instructors to provide certain information by which you can be identified, be assured that it will only be used in accordance with this privacy statement.
The Centre may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
What We Collect
ProTrainings reserve the right to collect the following information:
• Name and job title
• Contact information including email address
• Demographic information such as postcode, preferences and interests
• Date of birth, addresses and contract information
• Other information relevant to customer purchases, qualifications and/or offers
Any information collected will be used in line with the Equal Opportunities Policy.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
• Internal record keeping
• Certification purposes
• We may use the information to improve our products and services
• We may periodically send promotional emails about new products, special offers or other information which
we think you may find interesting using the email address which you have provided
• You will receive a weekly video update for the course you have taken, for which you can opt out at any time through your own student login
• From time to time, we may also use your information to contact you to notify you of new courses, or to alert you when your training is due for renewal
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
How we use cookies
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its
operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about
you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
• Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
• If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to your designated instructor or ProTrainings contact ([email protected]).
• We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
• You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please email the Centre owner.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
([email protected])
Data Protection Policy
Introduction
The Centre is fully committed to compliance with the requirements of the Data Protection Act 1998 (“the
Act”), which came into force on the 1 st March 2000. Therefore follow procedures that aim to ensure that all
employees, elected members, contractors, agents, consultants, partners or other servants of the centre who
have access to any personal data held by or on behalf of the centre, are fully aware of and abide by their
duties and responsibilities under the Act.
Statement of policy
In order to operate efficiently, the centre will collect and use information about people with whom it works.
These may include members of the public, current, past and prospective employees, clients and customers,
and suppliers. In addition, it may be required by law to collect and use information in order to comply with
the requirements of central government. This personal information must be handled and dealt with properly,
however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by
any other means, and there are safeguards within the Act to ensure this.
The centre regards the lawful and correct treatment of personal information as very important to its successful
operations and to maintaining confidence between the centre and those with whom it carries out business.
The centre will ensure that it treats personal information lawfully and correctly.
To this end the centre fully endorses and adheres to the Principles of Data Protection as set out in the Data
Protection Act 1998.
The principles of data protection
The Act stipulates that anyone processing personal data must comply with Eight Principles of good practice.
These Principles are legally enforceable.
The Principles require that personal information:
1. Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met;
2. Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
3. Shall be adequate, relevant and not excess ive in relation to the purpose or purposes for which it is processed;
4. Shall be accurate and where necessary, kept up to date;
5. Shall not be kept for longer than is necessary for that purpose or those purposes;
6. Shall be processed in accordance with the rights of data subjects under the Act;
7. Shall be kept secure i.e. protected by an appropriate degree of security;
8. Shall not be transferred to a country or territory outside the European Economic Area, unless that
country or territory ensures an adequate level of data protection.
The Act provides conditions for the processing of any personal data. It also makes a distinction between
personal data and “sensitive” personal data
.
Personal data is defined as, data relating to a living individual who can be identified from:
• That data;
•That data and other information which is in the possession of, or is likely to come into the possession of the data controller and includes an expression of opinion about the individual and any indication of the intentions of the data controller, or any other person in respect of the individual.
Sensitive personal data is defined as personal data consisting of information as to:
• Racial or ethnic origin;
• Political opinion;
• Religious or other beliefs;
• Trade union membership;
• Physical or mental health or condition;
• Sexual life;
•Criminal proceedings or convictions.
Handling of personal/sensitive information
The centre will, through appropriate management and the use of strict criteria and controls:
• Observe fully conditions regarding the fair collection and use of personal information;
• Meet its legal obligations to specify the purpose for which information is used;
• Collect and process appropriate information and only to the extent that it is needed to fulfil operational
needs or to comply with any legal requirements;
• Ensure the quality of information used;
• Apply strict checks to determine the length of time information is held;
• Take appropriate technical and organisational security measures to safeguard personal information;
• Ensure that personal information is not transferred abroad without suitable sa
feguards;
• Ensure that the rights of people about whom the information is held can be fully exercised under the Act.
These include:
• The right to be informed that processing is being undertaken;
• The right of access to one’s personal information within the statutory 40 days;
• The right to prevent processing in certain circumstances;
• The right to correct, rectify, block or erase information regarded as wrong information.
In addition, the centre will ensure that:
• There is someone with specific responsibility for data protection in the organisation;
• Everyone managing and handling personal information understands that they are contractually responsible
for following good data protection practice;
• Everyone managing and handling personal information is appropriately trained to do so;
• Everyone managing and handling personal information is appropriately supervised;
• Anyone wanting to make enquiries about handling personal information, whether a me
mber of staff or a member of the public, knows what to do;
• Queries about handling personal information are promptly and courteously dealt with;
• Methods of handling personal information are regularly assessed and evaluated;
• Performance with handling personal information is regularly assessed and evaluated;
• Data sharing is carried out under a written agreement, setting out the scope and limits of the sharing. Any
disclosure of personal data will be in compliance with approved procedures.
All elected members are to be made fully aware of this policy and of their duties and responsibilities under
the Act. All managers and staff within the centre directorates will take steps to ensure that personal data is kept secure
at all times against unauthorised or unlawful loss or disclosure and in particular will ensure that:
• Paper files and other records or documents containing personal/sensitive data are kept in a secure
environment;
• Personal data held on computers and computer systems is protected by the use of secure passwords,
which where possible have forced changes periodically;
• Individual passwords should be such that they are not easily compromised.
All contractors, consultants, partners or other servants or agents must:
• Ensure that they and all of their staff who have access to personal data held or processed for or on behalf of us, are aware of this policy and are fully trained in and are aware of their duties and responsibilities under the Act. Any breach of any provision of the Act will be deemed as being a breach of any contract between an individual, company, partner or firm;
• Allow data protection audits of data held on its behalf (if requested);
• Indemnify against any prosecutions, claims, proceedings, actions or payments of compensation or damages, without limitation.
All contractors who are users of personal information supplied by the centre will be required to confirm that they will abide by the requirements of the Act with regard to information supplied by the centre.
Implementation
The centre will have appointed a Corporate Information Officer. Designated officers have also been identified in all directorates. These officers will be responsible for ensuring that the Policy is implemented. Implementation will be led and monitored by the Information Officer. The Corporate Information Officer will also have overall responsibility for:
• The provision of cascade data protection training, for staff within the centre.
• For the development of best practice guidelines.
• For carrying out compliance checks to ensure adherence, throughout the authority, with the Data Protection Act.
Notification to the Information Commissioner
The Information Commissioner maintains a public register of data controllers. The centre is registered as such.
The Data Protection Act 1998 requires every data controller who is processing personal data, to notify and renew their notification, on an annual basis. Failure to do so is a criminal offence.
To this end the designated officers will be responsible for notifying and updating the Information Officer of the processing of personal data, within their directorate.
The Information Officer will review the Data Protection Register with designated officers annually, prior to notification to the Information Commissioner.
Any changes to the register must be notified to the Information Commissioner, within 28 days.
To this end, any changes made between reviews will be brought to the attention of the Information Officer immediately.
By becoming a ProTrainings Centre, all Centres hereby confirm to adhere in line with this policy.
In addition, you consent to information being shared with Training Qualifications UK
Sampling
All assessors will be sampled over a defined period of time, including peripatetic assessors and those based at satellite centres. Internal verification will not be viewed as an ‘end process’, interim (formative) and summative decisions will be included in the sampling. New and less experienced assessors will be sampled at a minimum of a quarterly basis.
Samples will be made from every candidate category or group, e.g. age and gender, new starters, mid-term and learners who have been working with our ProTrainings instructors for some time.
Standardising Assessment Practice
Standarisation meetings will be held with the full team, this will include all assessors, the IV and senior management. The meetings will help to develop a supportive, non-threatening environment where assessors are able to share issues and concerns in order to ensure each assessor makes valid assessment
decisions.
The meetings will focus on areas such as revisions to standards where appropriate, problems with generating evidence, the validity and sufficiency of evidence, the different approaches by assessors and candidate progress. The minutes from all meetings will be distributed to attendees and all action points monitored to ensure implementation.
Developing and supporting assessors
All assessors will be provided with an induction programme and issued with their own copy of the standards. They will be allocated a suitable number of candidates and provided with information about their location and any particular assessment requirements they may have. All assessments methods used by the assessors will be monitored and regular support meetings will be held to identify training, occupational or professional development needs.
Privacy Policy
This privacy policy sets out how the Centre uses and protects any information that you give the Centre when you use ProTrainings website ww.profaw.co.uk
The Centre is committed to ensuring that your privacy is protected. Should we ask learners or instructors to provide certain information by which you can be identified, be assured that it will only be used in accordance with this privacy statement.
The Centre may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
What We Collect
ProTrainings reserve the right to collect the following information:
• Name and job title
• Contact information including email address
• Demographic information such as postcode, preferences and interests
• Date of birth, addresses and contract information
• Other information relevant to customer purchases, qualifications and/or offers
Any information collected will be used in line with the Equal Opportunities Policy.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
• Internal record keeping
• Certification purposes
• We may use the information to improve our products and services
• We may periodically send promotional emails about new products, special offers or other information which
we think you may find interesting using the email address which you have provided
• You will receive a weekly video update for the course you have taken, for which you can opt out at any time through your own student login
• From time to time, we may also use your information to contact you to notify you of new courses, or to alert you when your training is due for renewal
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
How we use cookies
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its
operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about
you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
• Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
• If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to your designated instructor or ProTrainings contact ([email protected]).
• We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
• You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please email the Centre owner.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
([email protected])