Data Protection Policy

Introduction

RADD Training Limited holds and processes information about learners, corporate clients, and other data subjects for administrative, approval and commercial purposes.  When handling such information, RADD Training Limited and all colleagues who process or use any personal information, must comply with the Data Protection Principles which are set out in the Data Protection Act 2018 (DPA 2018) and the UK General Data Protection Regulation (UK GDPR).  In summary these state that personal data shall:

  • be processed fairly and lawfully,
  • be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with the purpose,
  • be adequate, relevant and not excessive for the purpose
  • be accurate and up-to-date,
  • not be kept for longer than necessary for the purpose,
  • be processed in accordance with the data subject’s rights,
  • be kept safe from unauthorised processing, and accidental loss, damage or destruction,
  • not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data, except in specified circumstances.

Notification of Data Held and Processed

Learners

This policy provides notification to learners of why we hold their data, how it is processed and third party’s with whom RADD Training Limited will share their data and why.

In engaging RADD Training Limited to provide training, each learner is agreeing to RADD Training Limited storing and processing their personal data in accordance with the information set out in this policy.

RADD Training Limited will hold learner’s personal data solely in order to identify them for the purpose of obtaining their certification(s).  This includes but may not be limited to:

  • The awarding of certifications.
  • The provision of certificates for awards gained.
  • To provide relevant information to awarding bodies for the awards being studied for.
  • For accounting/billing purposes.
  • To identify the learner.
  • In order to identify reasons why learning or examination adjustments should be made.

For the same reason RADD Training Limited will also share their data with awarding bodies in order to:

  • undertake administration in relation to the learner’s registered qualification.
  • provide RADD Training Limited with a certificate for the learner.
  • contact the learner directly regarding assessment or quality assurance purposes for the qualification they are registered on, or for the purpose of investigations into suspected malpractice. This includes the learner’s personal telephone number.
  • disclose to awarding bodies’ regulators or sector skills bodies where so required.
  • administer requests for Reasonable Adjustments and Special Considerations.
  • carry out statistical analysis and monitor equal opportunities (anonymised)

It should be noted that in some instances it may be necessary to hold medical information relating to a learner (e.g., in the instance where special considerations or examination adjustments are required).

Staff

Personal information is held in order to provide a safe working environment and to administer their employment.  This includes, but may not be limited to:

  • Accounting and Payroll
  • For the purposes of contacting them both during work hours and in an emergency or business continuity circumstance.
  • Where a member of staff has a medical condition that requires the company to provide special consideration, facilities or assistance, RADD Training Limited will hold appropriate medical information.

This policy forms part of each employee’s or contractor’s terms and conditions of employment/engagement.

Further Information

Further information about the way such data is securely stored and more about the regulations that are complied with can be found in the RADD Training Limited Documentation retention and secure storage policy document which should be referred to in conjunction with this document.

Responsibilities

In order to allow RADD Training Limited to comply with DPA 2018 and UK GDPR,

All people on which information is held (including learners) shall:

  • ensure that all personal information which they provide to RADD Training Limited is accurate and up-to-date;
  • inform RADD Training Limited of any changes to information, for example, changes of address;
  • check the information which RADD Training Limited shall make available from time to time, in written or automated form, and inform RADD Training Limited of any errors or, where appropriate, follow procedures for up-dating entries on computer forms. RADD Training Limited shall not be held responsible for errors of which it has not been informed.

Staff shall ensure that:

  • All personal information is kept securely;
  • personal information is not disclosed either orally or in writing, accidentally or otherwise to any unauthorised third party. Unauthorised disclosure may be a disciplinary matter, and may be considered gross misconduct in some cases.

When colleagues supervise learners doing work which involves the processing of personal information, they must ensure that those students are aware of the Data Protection Principles, in particular, the requirement to obtain the data subject’s consent where appropriate.

Rights to Access Information

Data subjects,  which DPA 2018/UK GDPR define as..

The identified or identifiable living individual to whom personal data relates.

..and as such includes learners, staff and any other individuals we may hold personal data on.

Under DPA 2018/UK GDPR data subjects have the right to access any personal data that is being kept about them either on computer or in structured and accessible manual files.  Any person may exercise this right by submitting a request in writing to RADD Training Limited

RADD Training Limited will make a charge of £10 for each official Subject Access Request under the Act.

RADD Training Limited aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 30 days unless there is good reason for delay.  In such cases, the reason for the delay will be explained in writing by the Information Security Officer to the data subject making the request.

It should be noted that the response to a Subject Access Request will not include data that is held as part of our data backups.  For further information on this topic please see the RADD Training Limited Documentation retention and secure storage policy document.

Subject Consent

RADD Training Limitedwill ask ifyou have any medical conditions or additional support needs that may affect your contribution to this course or access to fair assessment.  RADD Training Limited will only use such information to protect the health and safety of the individual or as required by Awarding Bodies when special considerations are applied to assessment in the field of education. We will require consent either written or verbally to retain such data.

The Data Controller and the Designated Data Controllers

RADD Training Limited is the data controller under the Act, and is ultimately responsible for implementation.

Retention of Data

RADD Training Limited and associated awarding bodies will keep different types of information for differing lengths of time, depending on legal, awarding or approving body and operational requirements. Further information on this subject can be found in the RADD Training Limited Documentation retention and secure storage policy document.

Compliance

Compliance with the Act is the responsibility of all learners and members of staff.  Any deliberate or reckless breach of this Policy may lead to disciplinary, and where appropriate, legal proceedings. Any individual, who considers that the policy has not been followed in respect of personal data about him or herself, should raise the matter with RADD Training.