GDPR Policy

Objectives

 

The objectives of this policy are

  1. To comply with The General Data Protection Regulation (GDPR) (EU)

2016/679.

  1. To process personal data safely, and in line with current requirements

iii. To ensure consistency across the business in relation to how and why

individuals are contacted

  1. To provide transparency to individuals about the data we hold relating to

 

them, and allow them the opportunity to have certain aspects removed

where necessary.

 

Personal Details

 

PERSONAL DETAI LS HELD BY THE CENTRE

 

Below is a list of the personal details we currently hold on all registered

students.

 

• Full name, including prefix and middle names where applicable

• Previous surname (where applicable)

• Date of Birth

• Address

• Contact telephone number

• Email

• Registration number with awarding organisation (if applicable)

• If you feel personally feel that you have restricted learning abilities

• Emergency contact and telephone number

• Medical conditions, medication or allergies, including GP name and

contact number

• Disabilities

• Learning difficulties

 

 

We also ask for permissions for the following:

• If you are happy for photographs/videos to be taken and used as evidence

or for training purposes

• If you are happy for photographs/videos to be taken and used for

advertising by our business only (no third parties or advertising rights sold)

• If you are happy for your details to be stored and monitored for

registration, certification and quality assurance purposes

• If you are happy to be contacted during or after your course to review your

experience.

 

This information allows us to ensure our learners are registered on a suitable

qualification that meets their career objectives, and allows them to learn in a

way that enables achievement and a supportive learning environment.

 

PERSONAL DETAI LS WHI CH MAY BE SHARED

 

For the purpose of certification for regulated qualifications, we have to share

some of the personal details we hold about learners with our Awarding

Organisations. Below is a list of the details we may share, and with whom.

 

Information shared in all cases:

• Full name, including prefix and middle names where applicable

• Previous surname (where applicable)

• Date of Birth

• Address

• Contact telephone number

• Email

• Registration number with awarding organisation (if applicable)

 

Information shared in some cases, and always in agreement with the individual

prior to sharing:

 

• If you feel personally feel that you have restricted learning abilities

• Medical conditions, medication or allergies, including GP name and

contact number

• Disabilities

• Learning difficulties

• Highest and current qualifications, preferred learning style and abilities

with core educational tasks

• Career plans

 

Who we share information with:

 

Awarding organisations are regulated bodies that approve centres to offer their qualifications after a strict approval process. These are government recognized bodies and qualifications.

These organisations use your information for the purpose of certification, and qualification regulation only. These bodies have their own GDPR policies.

 

Funding companies – where application has been completed by the learner, as the learners own decision, and as an external and separate application to the centre. When a learner applies for funding options to help with part or their entire course costs, it may be necessary to send information regarding the learners progress and achievements to the funding source.

 

Accreditation bodies are other industry related bodies that have approved our own qualification content, and they may use your information differently, depending on the service they offer. We are less likely to need to share your personal information with these companies. On occasion, we may need to confirm your position on a training programme with us. Please refer to their own GDPR statements for how they may process your information

 

VTCT www.vtct.org.uk +44 (0) 23 8068 4500

BEAUTY GUILD www.beautyguild.com 01332 224830

 

Both of which are GDPR compliant.

 

Obtaining consent

 

We will always explicitly ask you on more than one occasion to give consent for

us to store your data.

 

If you do not give us consent to storing your data, we may not be able to

continue with the service offered, due to the nature of our record keeping

requirements.

 

ASKI NG FOR CONSENT

We will ask you to consent to us storing your data during the following activities:

 

• Enrolling onto a training program

• Being put onto a specific mailing list including

o Latest training course dates

o Waiting lists for specific courses

o Updates to our terms, conditions and any accreditation/approval

changes

 

REMOVI NG YOUR CONSENT

As a company, we want you to be happy with the information processes we

adopt. We will ensure the following:

 

• You have an easy opt out of mailing lists

• You are able to request a copy of the personal information we hold on you

Please be aware that we are not able to delete your information and remove it

from our centre records if you have enrolled and started any training program

with us, even if you have only attended an induction. For our own insurance and

responsibilities to our awarding/accrediting and funding organisations, we must

store all relevant information for 7 years.

Please see ‘Storing information’ for details on which information is considered

relevant.

 

 

Storing information

 

To maintain our processes within awarding organization and accrediting bodies requirements, we must keep ‘relevant’ records of learners for up to 7 years, depending on the type of information.

 

The information considered relevant, and their storage time is listed below.

 

Kept for 7 years

 

 

Information  Storage requirements

Full name, including prefix and middle names

where applicable

Previous surname (where applicable)

Date of Birth

Address

Contact telephone number

Email

Registration number with awarding organisaton

(if applicable)

 

Duration of the course

 

 

If you feel personally feel that you have

restricted learning abilities

Emergency contact and telephone number

Medical conditions, medication or allergies,

including GP name and contact number

Disabilities

Highest and current qualifications,

Preferred learning style and abilities with core

educational tasks

Career plans

 

Learning difficulties Duration of course, or

7 years if reasonable adjustments were applied

to assessment

 

 

 

 

 

 

 

All information supplied to us is stored online using a safe and GDPR compliant system.

All online storage is password protected, with appropriate levels of log in for other staff directly affected by the information.

 

Data is not saved on individual computers, and access is limited to the Data

Controller, or appointed staff who have a direct need for information to be able

to complete their task safely and to regulated standards.

 

Any technology used to access the information is protected by trusted anti-virus

and malware software appropriate to the equipment.

 

 

Data Controller

The company does not exceed the level of data to contract a role specific Data

Controller, however, as a measure of good practice, ETS have registered with

the Information Commissioners Office.

 

The current registered Data Controller/s is/are:

 

Katie Newman- Havering Beauty Academy 01708472727 or info@havering-beauty-academy.com

Other roles within the organisation that may have access to your records:

• Tutor/assessor

• Internal Quality Assurer

• Centre Management

• Learning Support Co-ordinator

RESPONSI BI LI TI ES

The data controller is responsible for the following:

 

• Processing personal data in line with current legislation

• Processing data in a safe and secure fashion

Ensuring as far as practical that passwords for systems storing data

remain secure

• Organising and allocating passwords and appropriate access levels to

others involved in the use of data

• Editing and removing data in line with timescales, client requirements and

consent

• Reporting a breach within 72 hours of the occurrence

• Evaluating, authenticating, approving and supplying copies of requested

data

 

Changes to your data

If you would like to make changes to the data we hold on you, please contact

the Data Controller on admin@essextrainingsolutions.com

You will need to state which pieces of data you would like to change and give

reason or possibly evidence for the change. Please note, this will not mean that

previous data is removed.

 

Requesting a copy of your data

if you would like a copy of the data we hold on you, please contact the Data

Controller, and request a full copy of your data record.

We aim to respond in 3-5 working days.