Skip to Main Content

GENERAL DATA PROTECTION DATA (GDPR)

SEPTEMBER 2020

GENERAL DATA PROTECTION REGULATION (GDPR) PRIVACY POLICY – PERSONAL DATA

This policy is designed to inform learners, parents and carers, employees, employers/companies and relevant external agencies how we gather and process personal information in accordance with this Privacy Policy and in compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) and any equivalent legislation amending, supplementing or replacing this Regulation.

Midland Group Training Services Limited (MGTS) is registered with the Information Commissioner’s Office (ICO) – Registration Number Z5234041.

We are committed to ensuring that your privacy is protected and are transparent about how we collect and use your personal data. This Policy provides you with the necessary information regarding your rights and our obligations and explains how we collect, process and store your personal data and who we share this data with.

PERSONAL DATA

Information that we collect

MGTS collects, holds and processes your personal data to meet our legal, statutory and contractual obligations in providing you with our services. We only collect personal data for specified, explicit and legitimate purposes.

Personal data will be collected for the following purposes; Application, Recruitment, Registration and Learning Programme processes.

How we process personal data

General Principles

MGTS will process information in accordance with the Data Protection Act and its own Data Protection Policy. To comply with the law, information about individuals and companies must be collected and used fairly, stored safely and securely, be adequate, relevant and not excessive, be kept accurate and up to date, held only as long as is necessary and not disclosed to any third party unlawfully.

The information provided is shared with the Education and Skills Funding Agency (ESFA), on behalf of the Secretary of State for the Department of Education (DfE). Learners’ personal information will be used by the DfE, the ESFA (an executive agency of the DfE) and any successor bodies to these organisations and is used by the DfE to exercise its functions and to meet its statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009 and to create and maintain a unique learner number (ULN) and a personal learning record (PLR). The information will be securely destroyed after it is no longer required for these purposes. The information may be shared with third parties for education, training, employment and well-being related purposes, including for research.
This will only take place where the law allows it and the sharing is in compliance with data protection legislation. Further information about the use of and access to data are available at https://www.gov.uk/publications/esfa-privacy-notice.
MGTS’s Data Protection Policy is also available on request.

Retention

We only retain your data for as long as is necessary and for the purpose(s) specified in this Policy. Our policy is to keep personal data for a specified period in which time it will be securely destroyed, or for as long as is required in order to carry out a particular purpose, meet a particular obligation or for as long as is required in order to carry out a particular purpose, meet a particular purpose, meet a particular obligation and/or meet regulatory and statutory requirements. Data will usually be retained for a period of 6 years, unless legal or statutory requirements require us to extend this period. All data processors, including staff, or acting on our behalf only process your data in accordance with instructions from us and comply fully with this Privacy Policy, the data protection laws and any other appropriate confidentiality and security measures.

Keeping your information safe and secure

MGTS is committed to keeping all personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed. All information is stored safely and securely.

Internal databases

A significant amount of learner data is held on our internal database system, which has a significant number of inbuilt features to control access. In addition to being able to specify what actions internal users can perform, we also restrict them to subdivisions of the database using Sites, Funding Organisations and Main Users and fields which contain personal information are restricted to only the necessary users.

The website

MGTS’s Website and its hosts take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users. Our website complies to all UK national laws and requirements for user privacy.

Cookie Policy

Our website uses cookies to improve your experience when visiting our website. Cookies are small files which asks permission to be placed on your computer/device. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual and tracks, saves and stores information about your interactions with and usage of the website. This allows the website, through its server to provide you with a tailored experience within the website. Our website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer/device. This complies with legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer/device.

Google Analytics

Our website uses Google Analytics tracking software to monitor activity to better understand how you use it and how to improve our service to you. The cookies used to deliver Google Analytics are used to store information, such as what time your current visit occurred, whether you have been to the site before and what site referred you to the web page. These cookies contain no personally identifiable information, but they will use your computer’s IP address to know from where in the world you are accessing the Internet. Google stores the information collected by these cookies on their servers and Google may transfer this information to third parties where required to do so by law, or where such third-parties process the information on Google’s behalf. Further information is provided on this link – http://www.google.com/analytics/learn/privacy.html parties where required to do so by law, or where such third-parties process the information on Google’s behalf.

Links to other websites

Our website may contain links to other websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.

Social Media Platforms

We participate with social media platforms subject to their privacy policies. Our website may use social sharing buttons which help share web content directly from web pages to social media platforms. The social media platform may track and save your request to share a web page through your social media platform account.

Subject Access Requests

Individuals have the right to make a subject access request in relation to their personal data and can ask for confirmation that their data is being processed and access the data. MGTS may ask for proof of identification before the request can be processed. MGTS reserves the right to make a reasonable charge for the information where a request is manifestly unfounded or excessive, particularly if it is repetitive. MGTS will endeavour to respond within the one month specified by law.

Your Rights

Individuals have a number of other rights in relation to their personal data and how it is collected, processed and shared. The GDPR includes the following rights for individuals:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to restrict processing
  • the right to data portability
  • the right to object

Data Security

MGTS takes the security of personal data seriously. We have internal policies and controls in place to protect personal data against loss, alteration, destruction, misuse or disclosure and ensures relevant access control. Where we engage third parties to process personal data on our behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. Some of these measures have been mentioned above, but this also includes:

  • email and website encryption
  • Firewall protection
  • Network protection
  • Full antivirus protection

CCTV

Learners should be aware that MGTS premises are protected by a Closed-Circuit Television system which is continuously recording activity at specific locations on the site. CCTV is regularly monitored and randomly checked by key staff members. Surveillance is conducted primarily for the purpose of deterrence and detection of any criminal act, which may include, but is not limited to theft, vandalism, but is not limited to theft, vandalism, criminal damage, public disorder, breaking and entry and fraudulent activity. It also aims to ensure the safety and security of learners, staff, visitors and their property.

  • Pursuant to the above objective, learners should be aware that any activity witnessed or recorded may be used by MGTS and may result in disciplinary action or passed to the relevant authorities to investigate possible criminal activity.
  • CCTV footage is stored for a limited duration only, currently linked to a maximum data allowance, which usually dates back no more than three weeks.

If there were to be a breach of personal data that poses a risk to the rights and freedoms of individuals, MGTS will report it to the Information Commissioner’s Office (ICO) within 72 hours of discovery. We will record all data breaches regardless of their effect.

Learners should refer to MGTS’s Privacy Policy and the MGTS Data Protection Policy for further guidance and detail.

David Bridgens
Chief Executive
Reviewed: September 2020