Data Protection and Usage Policy

The Organisation holds and processes information about employees, learners, and other data subjects for academic, administrative and commercial purposes. When handling such information, the Organisation, and all staff or others who process or use any personal information, must comply with the Data Protection Principles which are set out in the Data Protection Act 1998 (the Act). In summary these state that personal data shall:

  • Be processed fairly and lawfully.
  • Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with the purpose.
  • Be adequate, relevant and not excessive for the purpose.
  • Be accurate and up-to-date.
  • Not be kept for longer than necessary for the purpose.
  • Be processed in accordance with the data subject’s rights.
  • Be kept safe from unauthorised processing, and accidental loss, damage or destruction.
  • Not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data, except in specified circumstances.

Definitions

  • “Data controller” further information about Organisation data controllers is available from the Data Protection Officer.
  • “Staff”, “learners” and “other data subjects” may include past, present and potential members of those groups.
  • “Other data subjects” and “third parties” may include contractors, suppliers, contacts, referees, friends or family members.
  • “Processing” refers to any action involving personal information, including obtaining, viewing, copying, amending, adding, deleting, extracting, storing, disclosing or destroying information.

Notification of data held

The Organisation shall notify all staff and learners and other relevant data subjects of the types of data held and processed by the Organisation concerning them, and the reasons for which it is processed. The information which is currently held by the Organisation and the purposes for which it is processed are set out in the Data Protection Register entry. When processing for a new or different purpose is introduced the individuals affected by that change will be informed and the Data Protection Register entry will be amended.

Staff responsibilities

All staff shall;

  • Ensure that all personal information which they provide to the Organisation in connection with their employment is accurate and up-to-date.
  • Inform the Organisation of any changes to information, for example, changes of address.
  • Check the information which the Organisation shall make available from time to time, in written or automated form, and inform the Organisation of any errors or, where appropriate, follow procedures for up-dating entries on computer forms. The Organisation shall not be held responsible for errors of which it has not been informed.

When staff hold or process information about learners, colleagues or other data subjects (for example, learners’ course work, pastoral files or personal details), they should comply with the Data Protection Guidelines.

Staff shall ensure:

  • That all personal information is kept securely.
  • That personal information is not disclosed either orally or in writing, accidentally or otherwise to any unauthorised third party. Unauthorised disclosure may be a disciplinary matter, and may be considered gross misconduct in some cases.

Learner responsibilities

All learners shall:

  • Ensure that all personal information which they provide to the Organisation is accurate and up-to-date.
  • Keep usernames / passwords and any resources shared in the undertaking of their qualification confidential.
  • Check the information which the Organisation shall make available from time to time, in written or automated form, and inform the Organisation of any errors or, where appropriate, follow procedures for up-dating entries on computer forms. The Organisation shall not be held responsible for errors of which it has not been informed.

Rights to access information

Staff, learners and other data subjects in the Organisation has the right to access any personal data that is being kept about them either on computer or in structured and accessible manual files. Any person may exercise this right by submitting a request in writing to the appropriate designated data controller.

The Organisation will reserve the right to make a charge of £10 for each official Subject Access Request under the Act.

The Organisation aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 40 days unless there is good reason for delay. In such cases, the reason for the delay will be explained in writing by the designated data controller to the data subject making the request.

The data controller and the designated data controllers

The Managing Director is ultimately responsible for implementation. Responsibility for day-to-day matters will be delegated to the Centre Manager as designated data controller. Information and advice about the holding and processing of personal information is available from the Data Protection Officer.

Assessment marks certification

Learners shall be entitled to information about their marks for assessments, however this may take longer than other information to provide. EDGEWORKS (“the Organisation”) may withhold enrolment, awards, certificates, accreditation or references in the event that monies are due to the Organisation.

Retention of data

The Organisation will keep different types of information for differing lengths of time, depending on legal, academic and operational requirements. These requirements are described in the Organisation’s Records Retention Schedule.

Compliance

Compliance with the Act is the responsibility of all learners and members of staff. Any deliberate or reckless breach of this Policy may lead to disciplinary, and where appropriate, legal proceedings. Any questions or concerns about the interpretation or operation of this policy should be taken up with the Data Protection Officer.

Any individual, who considers that the policy has not been followed in respect of personal data about him or herself, should raise the matter with the designated data controller initially. If the matter is not resolved it should be referred to the staff grievance or student complaints procedure.

Care-Academy key features - Content


Quality

All of our e-learning content is designed to exceed minimum standards giving you absolute confidence in the quality of training provided to employees. It is written by industry respected Subject Matter Experts and accredited by nationally recognised Awarding Bodies including Skillsfirst, NCFE and City & Guilds.

 

Learner Guarantee

We guarantee that any learner who completes our learning and assessment will be ‘fit-for-work’ and will meet the learning outcomes applicable to their course or qualification. In the unlikely event of an issue being raised, we will provide access to further training from within our portfolio at no extra cost. This means we share the risk of achieving 100% compliance with you.

 

Updates

We update our content in line with changes to legislation at no cost to you the client. Therefore you can rest assured that our content will always reflect industry best practice.

 

Structured Learner Pathway

We offer a fully integrated pathway from induction, specialist course and mandatory refresher training through to fully accredited qualifications. This means your learner's can quickly progress from new employee through to qualified worker with the minimum support. This reduces your cost of ongoing support and frees up your training personnel to provide higher value training interventions.