Educating Beyond The Classroom

Educating Beyond The Classroom

Educating Beyond The Classroom

DATA PROTECTION POLICY

Introduction

Glass & Fenestration Training Solutions Ltd needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements and health and safety, for example. It is also necessary to process information so that staff can be recruited and paid, courses organised and legal obligations to funding bodies and government complied with. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other persons unlawfully. Glass & Fenestration Training Solutions is committed to uphold the Data Protection Principles which are set out in the Data Protection Act 1998, and the GDPR 2018 Key Changes. In summary, these state that personal data shall:

  • Be obtained and processed fairly and lawfully and shall not be processed unless certain conditions are met.
  • Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose
  • Be adequate, relevant and not excessive for those purposes.
  • Be accurate and kept up to date
  • Not be kept longer than is necessary for that purpose
  • Be processed in accordance with the data subject’s rights
  • Be kept safe from unauthorised access, accidental loss or destruction
  • Not be transferred to a county outside the European Economic Area, unless the country has equivalent levels of protection for personal data.
  • Be available on request by the owner of said date in a compact, legible, electronic form (Data Portability GDRP 2018)

Glass & Fenestration Training Solutions and all staff or others who process or use any personal information must ensure that they follow these principles at all times. In order to ensure that this happens, the following Data Protection Policy has been developed.

Status of the Policy

This policy does not form any part of the formal contract of employment, but it is a condition for staff who deal with personal information at any time. Any failures to follow the policy can therefore result in disciplinary proceedings

Any member of staff, who considers that the policy had not been followed in respect of personal data about themselves, should raise the matter with the designated data co-ordinator initially. If the matter is not resolved it should be raised as a formal grievance. This in no way affects any statutory remedies available to that individual.

Notification of Data Held and Processed

All staff and learners are entitled to

  • Know what information Glass & Fenestration Training Solutions holds and processes about them and why
  • Know how to gain access to their information and are entitled to an electronic copy of their data upon request.
  • Know how to keep it up to date
  • Know what Glass & Fenestration Training Solutions is doing to comply with its obligations under the 1998 Data Protection Act and the GDRP key changes of 2018

Responsibilities of Glass & Fenestration Training Solutions Ltd Staff

The Centre Co-ordinator will ensure that all staff have a regular opportunity to check that any information they have provided to Glass & Fenestration Training Solutions Ltd, in connection with their employment, is accurate and up to date.

Glass & Fenestration Training Solutions Ltd will ensure that the Training Provider is always working in compliance with the Data Protection Act 1998.  If and when, as part of their duties, staff collect information about other people (ie about learner’s course work, opinions about ability, references to other academic institutions, or details of personal circumstances), they must comply with the guidelines for staff.

Data Security

Glass & Fenestration Training Solutions Ltd is responsible for ensuring that:

  • Any personal data which they hold is kept securely
  • Personal information is not disclosed either orally, in writing or accidentally or otherwise to any unauthorised third party

Personal information should be:

  • Kept in a locked drawer; or
  • In a locked filing cabinet; or
  • If it is computerised, be password protected; or
  • Kept only on a disk which is stored securely

In the event of a data security breach significant enough in nature to compromise the rights and freedoms of an individual/s, GFTS are obliged to report the incident within a 72 hour window to the correct persons (Customers, Staff, Authorities)

Student Obligations

Students will be given the opportunity, to check that all personal data provided to Mount Training Solutions Ltd is accurate). They will be asked that changes of address etc are notified to the Assessor or Glass & Fenestration Training Solutions Ltd direct. 

Right to Access Information

Staff, students and other users of Glass & Fenestration Training Solutions Ltd have the right to access any personal data that is being kept about them either on computer or in certain files. Any person who wishes to exercise this right should contact the Centre Coordinator

Subject Consent

In many cases, Glass & Fenestration Training Solutions Ltd can only process personal date with the consent of the individual. In some cases, if the data is sensitive, express consent must be obtained. Agreement to Glass & Fenestration Training Solutions Ltd processing some specified classes of personal data is a condition of acceptance of a student onto any course, and a condition of employment for staff. This includes information about previous criminal convictions.

Privacy by Design

GFTS understands the importance of augmenting our data protection facilities over time, and we have been careful to ensure that as far as reasonably possible we have complied with data protection legislation since the company was formed. GFTS shall maintain this attitude of adjusting our practices as necessary to protect yours and our data in the modern day.

Retention of Data

Glass & Fenestration Training Solutions will keep some forms of information. Because of storage problems, information about students cannot be kept indefinitely, unless there are specific requests to do so. In general, information about students will be kept for a maximum of seven years after they leave the Course. This will include:

  • Name and Address, and
  • All other information collected on Learning Agreement and Class Registers
  • Academic achievements, including marks for coursework

Glass & Fenestration Training Solutions will need to keep information about staff. In general, all information will be kept for a minimum of seven years after a member of staff leaves the Company. Some information however will be kept for much longer. This will include information necessary in respect of pensions, taxation, potential or current disputes or litigation regarding the employment, and information required for job references.

Right to be forgotten

GFTS maintains the ‘Right to be forgotten’ or ‘Data Erasure’ principle at the core of our data protection policies. This grants the  person the right to request that their data be destroyed, and to cease further dissemination of such data, at any time. Subject to the conditions of erasure outlined in article 17 of GDRP 2018, this right is limited to only such data that is no longer relevant to its original purposes, and in the event that you have withdrawn your consent for us to hold such information.

GFTS must also consider the greater public interest in the availability of this data before complying with your decision to be forgotten.

Conclusion

Compliance with the 1998 Data Protection Act, and subsequent GDRP 2018 Act, is the responsibility of all members of Glass & Fenestration Training Solutions Ltd.. Any deliberate breach of the Data Protection Policy may lead to disciplinary action being taken, or access to the Glass & Fenestration facilities being withdrawn, or even a criminal prosecution. Any questions or concerns about the interpretation or operation of this policy should be taken up with the centre co-ordinator.

Staff Guidelines for Data Protection

  1. All staff will process data about students on a regular basis, on induction and throughout the assessment period. Glass & Fenestration will ensure through registration procedures, that all students give their consent to this sort of processing, and are notified of the categories of processing, as required by the 1998 Act. The information that staff deal with on a day-to-day basis will be standard and will cover categories such as:
  • General personal details such as name and address,
  • Details about class attendance, coursework marks and grades and associated comments
  • Notes of personal supervision, including matter about behaviour and discipline.
  1. Information about a student’s physical or mental health; sexual life; political or religious views; trade union membership or ethnicity or race is sensitive and can only be collected and processed with the students consent. If staff need to record this information, they should use Glass & Fenestration Training Solutions standard paperwork. 
  1. All staff have a duty to make sure that they comply with the data protection principles, which are set out in this policy. In particular. Staff must ensure that records are:
  • Accurate
  • Up-to-date
  • Fair
  • Kept and disposed of safely, and in accordance with the Glass & Fenestration Training Solutions policy
  1. The Centre Coordinator is the only authorised to hold or process data that is:
  • Not standard data; or
  • Sensitive data

The only exception to this will be if a non-authorised staff member is satisfied that the processing of the data is necessary:

  • In the best interests of the student or staff member, or a third person, or Glass & Fenestration Training Solutions
  • : and
  • He or she has either informed the authorised person of this, or has been unable to do so and processing is urgent and necessary in all the circumstances.

This should only happen in very limited circumstances. eg A student is injured and unconscious, but in need of medical attention, and a staff tutor tells the hospital that the student is pregnant or a Jehovah’s witness.

  1. The Centre Coordinator and designated Data Protection officer will be responsible for ensuring that all data is kept securely.
  2. Staff must not disclose personal data to any student unless for normal academic or pastoral purposes.
  3. Staff shall not disclose personal data

DATA PROTECTION AND SUBJECT ACCESS OVERVIEW

Glass & Fenestration Training Solutions Ltd collects information about students and staff for various administrative, academic and health and safety reasons.

In order for Glass & Fenestration Training Solutions Ltd to operate efficiently, this information is processed and shared with Local and National Government Bodies. Both the College and these particular bodies are registered under the Data Protection Act of 1998 and subsequent GDRP 2018 Legislation and comply with the Act in all dealings with personal data. We never sell personal information or share it with third parties that are not directly related to the funding of Glass & Fenestration Training Solutions Ltd, unless we are required to for legal reasons.

It is essential that both staff and students give written consent to this process by the signing of a learning agreement or contract.

Your Information – our commitment

If we hold information about you, we assure you that we are processing it fairly and lawfully.

Your rights

  • You have the right to ask to see the information that we keep about you (called Subject Access).
  • We will supply the information within forty days of your request and payment, or give you a reason if we cannot do so.

Our rights

  • We will ask you for proof of identity before we give you the information.

Using and disclosing information

  • We will only use or disclose information about you in accordance with your signed agreement, unless we are required to do otherwise for legal reasons.

Information quality

  • We will make sure that the information about you is accurate and up to date when we collect or use it. You can help us with this by keeping us informed of any changes to the information we hold about you.

Information security

  • We will keep information about you secure.
  • We will protect your information against unauthorised change, damage, loss or theft.

Keeping information

  • We will hold information about you only for as long as the law says. After this, we will dispose of it securely and properly.

Openness

  • We will tell you what kinds of information we hold and what we do with it.

Access and correctness

  • Whenever possible, we will let you see the information we hold about you and correct it if it is wrong.

In general

  • We will comply with the Data Protection Act 1998 and any subsequent legislation (e.g. GDRP 2018) on information handling and privacy.

Our commitment

  • We will only collect information that is necessary for what we do.
  • Be fair in the way we collect information about you.
  • Tell you what we intend to do with the information about you.
  • Where practicable, collect information directly from you.
  • If we collect information about you from someone else, make sure you know that we have done this whenever possible.

The Eight Data Protection principles

  1. Personal data must be processed fairly and lawfully
  2. Personal data must be obtained only for one or more specified and lawful purposes, and not be further processed in any manner incompatible with that or those purposes.
  3. Personal data must be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data must be accurate and, where necessary, kept up to date.
  5. Personal data processed for any purpose or purposes must not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data must be processed in accordance with the rights of the data subjects under the Act.
  7. Appropriate security must be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data must not be transferred to a country or territory outside the EEA, European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

If you require further information regarding the Data Protection Act 1998, GDRP 2018, the Human Rights Act 1998 or the Freedom of Information Act 2000, please contact:

Information Commissioner                  Enquiry/Information Line: 01625 545 745

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Glass & Fenestration Training Solutions Ltd
The Old Chair Works 593 Thornton Road,
Thornton, Bradford, West Yorkshire, BD13 3NW

Contact: Centre Coordinator 01274 962126

Educating Beyond The Classroom