DATA PROTECTION POLICY

Similar documents
The current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions.

Data Protection Policy

Tourettes Action Data Protection Policy

Queen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE

Data Protection Policy for the Grimsby Institute of Further & Higher Education

DATA PROTECTION POLICY

VMS Software Ltd- Data Protection Privacy Policy

Nissa Consultancy Ltd Data Protection Policy

EDWARDS COMMERCIAL CLEANING SERVICES LTD and EDWARDS COMMERCIAL CLEANING (NORTH) LTD Data Protection Policy for Employees, Workers and Consultants

Data protection (GDPR) policy

Data Protection Policy & Procedures

Data Protection Policy

RAW MARKETING DATA PROTECTION POLICY

DATA PROTECTION POLICY

Data Protection Policy

GDPR P4 Privacy Policy Statement & Guidance for Employees and External Providers

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

SHENLEY BROOK END SCHOOL

General Optical Council. Data Protection Policy

Data Protection Policy

Data Protection Policy

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS

UoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.

DATA PROTECTION POLICY

POLICY ON INFORMATION, SECURITY & DATA PROTECTION

St Mark s Church of England Academy Data Protection Policy

This personal information must be dealt with properly, with appropriate safeguards in place to ensure the rights and freedoms of data subjects.

Data Protection Policy

UK Research and Innovation (UKRI) Data Protection Policy

Data Protection Policy

DATA PROTECTION POLICY 2016

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )

DATA PROTECTION POLICY

DATA PROTECTION POLICY 2018

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents

LIFE STYLE CARE PLC. Privacy Statement for Employees. August 2018

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

POLICY. Data Breach Notification Policy. Version Version 1.0. Equality Impact Assessment Status. Date approved 23 rd May 2018

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

European Data Privacy Paula Barrett 21/07/05

Data Protection. Policy

Data Protection Policy

Brasenose College Data Protection Policy Statement v1.2

Security of Personal Data Policy and Guidelines

General Personal Data Protection Policy

DATA PROTECTION POLICY

BROOKS PERSONAL TRAINING

Data Protection Policy

LPC Law Recruitment Privacy Notice

Stolle Europe Introduction Important information and who we are Controller and contact information Complaints

Data Protection Policy and Handbook. Scottish Information Commissioner

P Drive_GDPR_Data Protection Policy_May18_V1. Skills Direct Ltd ( the Company ) Data protection. Date: 21 st May Version: Version 1.

The template uses the terms students / pupils to refer to the children or young people at the institution.

St Michael s CE Primary School Data Protection Policy

Data Protection Policy

LAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems

APPLICATION FORM SCAFFOLDING LTD POSITION APPLIED FOR PERSONAL DETAILS NEXT OF KIN DRIVING LICENCE DETAILS YES YES. T Offence code. Date.

Data Protection Policy.

Data Management and Protection Policy

Union Employees Privacy Statement

CHANNING SCHOOL DATA PROTECTION POLICY

We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.

Scottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY

Baptist Union of Scotland DATA PROTECTION POLICY

Job applicant privacy notice (compliant with the General Data Protection Regulations (GDPR)

DATA PROTECTION POLICY

Data Protection Policy

EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY

PRIVACY NOTICE FOR JOB APPLICANTS

NEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY. Adopted: 20 June 2018 To be reviewed: June 2021

Data Protection/ Information Security Policy

DATA PROTECTION POLICY

GDPR Policy of Lovedaycare Nursery

DATED: 25/05/2018 GDPR PRIVACY NOTICE FOR HOPES & DREAMS LTD FOR EMPLOYEES, CHILDREN ATTENDING A GROUP NURSERY AND THEIR PARENTS

Section a What this Policy is for Policy Statement. 2. Why this policy is important... 3

SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]

APCC Policy Statement

UK SCHOOL TRIPS PRIVACY POLICY

GENERAL DATA PROTECTION REGULATION Guidance Notes

What personal details do we hold

DATED. 14 th MAY 2018 GDPR PRIVACY NOTICE FOR TRUSTEES, EMPLOYEES, VISITORS, STUDENTS, CHILDREN ATTENDING

It is our policy to provide employment equality to all, irrespective of:

GDPR Privacy notice for Students

Parent / Carer Privacy Notice

Project Title. Project Number. Privacy Impact Assessment

Policy Name: Version: Last Reviewed: Next Reviewed:

THE GENERAL DATA PROTECTION REGULATION (GDPR) A GUIDE FOR CONGREGATIONS

EQUALITY AND DIVERSITY POLICY

GENERAL DATA PROTECTION REGULATION.

Introduction. Welcome to the OAG Aviation Group privacy notice.

Data Protection Policy

DATA PROTECTION POLICY

Data Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General

THE COMPETITION AND CONSUMER PROTECTION COMMISSION JOB APPLICANT PRIVACY NOTICE 1. INTRODUCTION... 2

Swansea University Recruitment Privacy Policy

Data Protection Policy. UK Policy May 2018

LEICESTER HIGH SCHOOL DATA PROTECTION POLICY

Ark Schools Data Protection & Freedom of Information Policy

GROUP DATA PROTECTION POLICY

Transcription:

Title: Data Protection Policy Ref:CP005 Version:2 Approval Body: Corporation via Audit & Risk Committee Date:24th March 2015 Review Date: 24th March 2018 Lead Person: Director, Institutional Effectiveness Equality Impact Assessment: to be completed Version: Reviewer/Approval Review Notes 1. October 2012 SMT/Policy Group 2. 24 March 2015 Data Protection Review Group/ Audit & Risk Committee Full review DATA PROTECTION POLICY Introduction Activate Learning needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and health and safety, for example. It also needs to process information so that staff can be recruited and paid, courses organised and legal obligations to funding bodies and government complied with. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this, Activate Learning must comply with the Data Protection Principles, which are set out in the Data Protection Act 1998. Policy Statement Activate Learning group is committed to and is required in law to comply with the principles of the Data Protection Act. Purpose The purpose of this policy is to ensure that all staff adhere to and are compliant with the requirements of the Data Protection Act. Failure to adhere to this policy, whether regarding another staff member, student or a third party, will be regarded as potential misconduct and may result in disciplinary proceedings being brought. Scope This policy will apply to all employees, students and customers of Activate Learning who process personal data 1

Data Protection Principles Schedule 1 to the Data Protection Act lists the data protection principles in the following terms: 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless: (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. 4. Personal data shall be accurate and, where necessary, kept up to date. 5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 6. Personal data shall be processed in accordance with the rights of data subjects under this Act. 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Data Security All Employees must ensure that: any personal data which they hold because of their job is kept securely personal data is not disclosed either orally or in writing, intentionally or otherwise to any unauthorised third party Personal information in the form of manual records should be: kept in a locked filing cabinet; or locked drawer; or other secure area Personal information in the form of computerised records should be: password protected on the Activate Learning network/intranet; or in an area of the Activate Learning network/intranet where access is limited; or kept only on a data storage device (such as CD-ROM or portable data stick) which itself encrypted and secure 2

Personal Data This refers to data which relate to a living individual who can be identified (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. Personal Employee Data The Group will ensure that all personal data likely to arise in the employer/employee relationship, from recruitment through to retention and beyond, is kept in accordance with the Data Protection Act 1998. The Group will ensure through the recruitment and Human Resources procedures that all staff give their consent to this sort of processing of personal data, as required by the 1998 Act. Personal Student Data The Group will ensure that all personal data likely to arise in the student journey from enquiry, application, enrolment, during the course and beyond, is kept in accordance with the Data Protection Act 1998. The Group will ensure through the application and enrolment procedures, that all students give their consent to this sort of processing, and are notified of the categories of processing as required by the 1998 Act. Responsibilities The Data Controller is responsible for monitoring and reviewing the Data Protection Policy ensuring people are aware of the procedures and processes in relation to the policy. Notification of Data Held and Processed All staff, students and other users are entitled to: know what information Activate Learning holds and processes about them and why; know how to gain access to it; know how to keep it up to date; know what Activate Learning is doing to comply with its obligations under the 1998 Act. Activate Learning has made a standard form of notification available to all staff, students and other relevant users. This states all the types of data Activate Learning holds and processes about them, and the reasons for which it is processed. This is contained in the Subject Access request procedures document. Publication of Information Information that is already in the public domain is exempt from the 1998 Act. It is Activate Learning s policy to make as much information public as possible. The Freedom of Information Act 2000 also gives you the right to ask any public body for all the information they have on any subject you choose unless an exemption in the Act legitimately applies. Requests must be made in writing and Activate Learning 3

has 20 working days in which to respond. In order to comply with this act Activate Learning has a Freedom of Information Publication Scheme available its website. However, in addition to this certain personal data will be available to the public for inspection: Names of governors Register of interests of Governing Body members and senior staff with significant financial responsibilities Lists of key staff Any individual who has good reason for wishing details in these lists or categories to remain confidential should contact the Data Protection Officer. Definitions Staff: employed directly or indirectly including non-paid volunteer workers (including work and outside work hours). Students: engaged in a learning agreement including full, part time, community, distance, on-line and workplace students. Data: means information which: (a) is being processed by means of equipment operating automatically in response to instructions given for that purpose, (b) is recorded with the intention that it should be processed by means of such equipment, (c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system, (d) does not fall within paragraph (a), (b) or (c) but forms part of an accessible record Personal data is information about a living individual, who is identifiable by the information, or who could be identified by the information combined with other data. Sensitive personal data - includes information relating to age, marital status, race, colour, nationality, disability, political opinions, religion or beliefs, trade union membership, sexual orientation, gender, gender identity, health and criminal convictions. The Data-Controller is a person with official responsibility for collecting, storing and processing legally acquired data. Organisations can be the person in this context and Activate Learning is identified as the Data Controller on the data protection registration certificate. A Data Protection Officer is appointed to oversee the co-ordination of. The Group Director of Institutional Effectiveness holds the role of Data Protection Officer for Activate Learning. A Data Processor is an external person or organisation who processes information on behalf of the Data-Controller. Group refers to all divisions, including colleges, within the Group. 4

References The Data Protection Act 1998 ICO Website (www.ico.org.uk) Data Protection training presentation ICO Data Protection FAQs Freedom of Information statement (www.activatelearning.ac.uk/al-freedom-of-information) Data Protection guidance on the use of student data Use of Employees Personal Data Statement - available in the staff contract Data Retention Schedule Data Sharing agreement Freedom of Information Procedures Social Media Policy Information Technology Systems and Network Security Policy Subject Access Request Form The use of Closed Circuit Television procedures 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback