Data Protection Policy
1.1 The goal of the data protection policy is to depict the legal data protection aspects in one summarising document. It can also be used as the basis for statutory data protection inspections, e.g. by the customer within the scope of commissioned processing. This is not only to ensure compliance with the European General Data Protection Regulation (GDPR) but also to provide proof of compliance.
1.2 The General Data Protection Regulation (GDPR) is a regulation, which requires any business that processes data belonging to UK & EU citizens to protect it and not misuse it. As a responsible business, LIMT aims to robustly implement the requirements of the GDPR. Part of meeting the obligation of meeting the obligations of GDPR is the production and implementation of this policy.
1.3 LIMT is committed to the rules of data protection and abiding by eight data protection principles. These are the principles that must be satisfied when obtaining, handling, processing, moving and the storage of personal data.
1.4 As an LIMT approved training centre, LIMT must collect and process information as required by ITC First awarding body and its regulators. LIMT is therefore considered the Data Processor and its course learners and employees the Data Subjects.
The 8 Data Protection Principles
Data must be obtained and processed fairly and lawfully.
Data must be obtained for a specified and lawful purpose.
Data must be adequate, relevant and not excessive for its collection purpose. Data must be accurate and kept up to date.
Data must not be kept for longer than is necessary for its purpose.
Data must be processed in accordance with the Data Subject’s rights.
Data must be kept safe from unauthorised access, accidental loss or destruction. Data must not be transferred to a country outside the European Economic Area.
Data Subjects Rights
Under the GDPR individuals have rights associated with their data, described below:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing The right to data portability The right to object
Rights in relation to automated decision making and profiling
For the benefit of this policy a child is classed as a young person under the age of 16. Children must have parental (or an individual in loco-parentis) consent for awarding bodies to collect and process their data. Awarding bodies will maintain evidence of consent using our learner registration process.
4. Data Collection
4.1 LIMT acts on behalf awarding bodies, by gathering and submitting learner data securely via the awarding bodies website and/or registered post. LIMT have a legally binding Centre Agreement, which confirms that LIMT publishes and implement a Data Protection Policy (this document).
Children’s Personal Data
4.2 LIMT collects data as part of the booking and registration process required for qualification delivery. LIMT collects and retains data as part of its LIMT administrative tasks.
4.3 to:
When individuals provide their data LIMT the data is submitted to awarding bodies and is used
Attribute qualification credit to learners
Produce commemorative certificates
Produce CPD certificates
Receive information pertinent to qualifications
Enable awarding bodies to contact us at request (
a) b) c) d) e)
Monitor awarding bodies qualifications to ensure equality and inclusivity
Learners data will only be used for the legitimate purposes described above. Any changes to
f)
the ways in which learner data is used will be communicated to those individuals affected.
4.4
5. Data Storage
LIMT will ensure that:
Data is held securely such as password protected computer, locked cabinets/drawers, encrypted, computers have appropriate virus/data protection software appropriate to the business.
Course registrations (which includes, name, address, contact details, ethnicity, signature) are removed from sight and access of other course learners immediately after completion.
Data is not disclosed or shared verbally or in writing to any unauthorised party.
LIMT will download course learner data to their part of the awarding bodies website and promptly submit all documentation to awarding bodies. Data submitted will only be viewable via individual unique User log on and password LIMT and awarding bodies.
LIMT] will not share their log on and passwords with any unauthorised individuals or companies.
Data Retention
LIMT will retain any data in accordance with awarding bodies retention periods, currently 3 years.
LIMT will review its necessity to retain data once it has been submitted and accepted by awarding bodies.
Data Destruction
LIMT will ensure it destroys data in a confidential manner i.e. shredding of paper documents, deletion/pseudonymisation of digital records from computer systems.
LIMT will ensure it does not retain data longer than is required for the purpose of the qualification.
Subject Access
a)Data will be provided in accordance with the subject’s Rights of Access under the GDPR.
Breaches of Data Protection
Breaches or suspected breaches should be reported to Admin LIMT who will make the necessary investigations and provide a response to the informant within 3 weeks [15 working days] of receipt.
Any party who has provided personal data to LIMT has the right to request what information is
8.2 (a) Access request may be made in writing by letter or email to the LIMT Manager who will discuss the request with the data subject.
b) Breaches may also be raised with AO first by contacting their office either via email, telephone or in writing