GDPR Policy
Objectives
The objectives of this policy are
- To comply with The General Data Protection Regulation (GDPR) (EU)
2016/679.
- To process personal data safely, and in line with current requirements
iii. To ensure consistency across the business in relation to how and why
individuals are contacted
- To provide transparency to individuals about the data we hold relating to
them, and allow them the opportunity to have certain aspects removed
where necessary.
Personal Details
PERSONAL DETAI LS HELD BY THE CENTRE
Below is a list of the personal details we currently hold on all registered
students.
Full name, including prefix and middle names where applicable
Previous surname (where applicable)
Date of Birth
Address
Contact telephone number
Registration number with awarding organisation (if applicable)
If you feel personally feel that you have restricted learning abilities
Emergency contact and telephone number
Medical conditions, medication or allergies, including GP name and
contact number
Disabilities
Learning difficulties
We also ask for permissions for the following:
If you are happy for photographs/videos to be taken and used as evidence
or for training purposes
If you are happy for photographs/videos to be taken and used for
advertising by our business only (no third parties or advertising rights sold)
If you are happy for your details to be stored and monitored for
registration, certification and quality assurance purposes
If you are happy to be contacted during or after your course to review your
experience.
This information allows us to ensure our learners are registered on a suitable
qualification that meets their career objectives, and allows them to learn in a
way that enables achievement and a supportive learning environment.
PERSONAL DETAI LS WHI CH MAY BE SHARED
For the purpose of certification for regulated qualifications, we have to share
some of the personal details we hold about learners with our Awarding
Organisations. Below is a list of the details we may share, and with whom.
Information shared in all cases:
Full name, including prefix and middle names where applicable
Previous surname (where applicable)
Date of Birth
Address
Contact telephone number
Registration number with awarding organisation (if applicable)
Information shared in some cases, and always in agreement with the individual
prior to sharing:
If you feel personally feel that you have restricted learning abilities
Medical conditions, medication or allergies, including GP name and
contact number
Disabilities
Learning difficulties
Highest and current qualifications, preferred learning style and abilities
with core educational tasks
Career plans
Who we share information with:
Awarding organisations are regulated bodies that approve centres to offer their qualifications after a strict approval process. These are government recognized bodies and qualifications.
These organisations use your information for the purpose of certification, and qualification regulation only. These bodies have their own GDPR policies.
Funding companies – where application has been completed by the learner, as the learners own decision, and as an external and separate application to the centre. When a learner applies for funding options to help with part or their entire course costs, it may be necessary to send information regarding the learners progress and achievements to the funding source.
Accreditation bodies are other industry related bodies that have approved our own qualification content, and they may use your information differently, depending on the service they offer. We are less likely to need to share your personal information with these companies. On occasion, we may need to confirm your position on a training programme with us. Please refer to their own GDPR statements for how they may process your information
VTCT www.vtct.org.uk +44 (0) 23 8068 4500
BEAUTY GUILD www.beautyguild.com 01332 224830
Both of which are GDPR compliant.
Obtaining consent
We will always explicitly ask you on more than one occasion to give consent for
us to store your data.
If you do not give us consent to storing your data, we may not be able to
continue with the service offered, due to the nature of our record keeping
requirements.
ASKI NG FOR CONSENT
We will ask you to consent to us storing your data during the following activities:
Enrolling onto a training program
Being put onto a specific mailing list including
o Latest training course dates
o Waiting lists for specific courses
o Updates to our terms, conditions and any accreditation/approval
changes
REMOVI NG YOUR CONSENT
As a company, we want you to be happy with the information processes we
adopt. We will ensure the following:
You have an easy opt out of mailing lists
You are able to request a copy of the personal information we hold on you
Please be aware that we are not able to delete your information and remove it
from our centre records if you have enrolled and started any training program
with us, even if you have only attended an induction. For our own insurance and
responsibilities to our awarding/accrediting and funding organisations, we must
store all relevant information for 7 years.
Please see ‘Storing information’ for details on which information is considered
relevant.
Storing information
To maintain our processes within awarding organization and accrediting bodies requirements, we must keep ‘relevant’ records of learners for up to 7 years, depending on the type of information.
The information considered relevant, and their storage time is listed below.
Kept for 7 years
Information Storage requirements
Full name, including prefix and middle names
where applicable
Previous surname (where applicable)
Date of Birth
Address
Contact telephone number
Registration number with awarding organisaton
(if applicable)
Duration of the course
If you feel personally feel that you have
restricted learning abilities
Emergency contact and telephone number
Medical conditions, medication or allergies,
including GP name and contact number
Disabilities
Highest and current qualifications,
Preferred learning style and abilities with core
educational tasks
Career plans
Learning difficulties Duration of course, or
7 years if reasonable adjustments were applied
to assessment
All information supplied to us is stored online using a safe and GDPR compliant system.
All online storage is password protected, with appropriate levels of log in for other staff directly affected by the information.
Data is not saved on individual computers, and access is limited to the Data
Controller, or appointed staff who have a direct need for information to be able
to complete their task safely and to regulated standards.
Any technology used to access the information is protected by trusted anti-virus
and malware software appropriate to the equipment.
Data Controller
The company does not exceed the level of data to contract a role specific Data
Controller, however, as a measure of good practice, ETS have registered with
the Information Commissioners Office.
The current registered Data Controller/s is/are:
Katie Newman- Havering Beauty Academy 01708472727 or info@havering-beauty-academy.com
Other roles within the organisation that may have access to your records:
Tutor/assessor
Internal Quality Assurer
Centre Management
Learning Support Co-ordinator
RESPONSI BI LI TI ES
The data controller is responsible for the following:
Processing personal data in line with current legislation
Processing data in a safe and secure fashion
Ensuring as far as practical that passwords for systems storing data
remain secure
Organising and allocating passwords and appropriate access levels to
others involved in the use of data
Editing and removing data in line with timescales, client requirements and
consent
Reporting a breach within 72 hours of the occurrence
Evaluating, authenticating, approving and supplying copies of requested
data
Changes to your data
If you would like to make changes to the data we hold on you, please contact
the Data Controller on admin@essextrainingsolutions.com
You will need to state which pieces of data you would like to change and give
reason or possibly evidence for the change. Please note, this will not mean that
previous data is removed.
Requesting a copy of your data
if you would like a copy of the data we hold on you, please contact the Data
Controller, and request a full copy of your data record.
We aim to respond in 3-5 working days.