General Data Protection Regulation (GDPR) 2018 Privacy Notice
Contents
- Who we are, what we do
- What we don’t do
- Protection of Data and Information
- We collect personal information
- Personal information we collect and use
- How and why will we use personal information
- Sharing of personal data
- Transfer of Data
- Personal Data and Information
- Lawful Basis
- Letting us know if your personal information is incorrect
- What if you want us to stop using your personal information?
- Individuals can ask us to restrict the use of their personal information
- How to complain
- Learner personal data which maybe held by us and or at an Approved Centre on our behalf
- Personal Data of Teachers, Assessors and Internal Verifiers (Employees of Approved Centre) which maybe held by us and or Approved Centre on our behalf
1. Who we are, what we do
GTEC Training Limited (GTEC) specialises in the provision of Electrical, Renewable, DEA, OFTEC and training along with specifically tailored training programs, as well as offering IT solutions and many other bespoke services within the building service industry Note: In this notice the use of; we, our, us is to be read as meaning GTEC.
To comply with qualification regulatory or accreditation requirements and for our own legitimate business interests we collect and retain personal data and information relating to the managed learning programme or qualification for which learners have applied for and been registered to undertake.
We also collect and retain personal data relating to those persons who have taught, examined, assessed or quality assured the learning and qualification processes.
We collect and retain personal data and information on the people we employ.
3. Protection of Data and Information
We are committed to providing the highest standards of protecting personal data and information in accordance with the requirements of the GDPR.
This privacy notice sets out how we use and protect any data and information that is provided to us via an Application Form or qualification examination and assessment documentation and or results or where provided by the learner directly.
Any personal data provided to us will only be used by us in accordance with this privacy notice and Data Privacy Law.
We may change this notice from time to time by updating this page.
We advise checking that page from time to time to review any changes we may have made. We are a Data Controller in accordance with the GDPR.
Our manager responsible for GDPR compliance can be contacted at info@gtec.co.uk
We will hold personal data and information securely and only designated staff will have access to it.
We will not retain personal data where it is no longer needed by us, at which time it will be securely destroyed. The personal data retention periods are set out in the tables below. We will securely destroy personal data in accordance with the data retention periods as soon as is practicable after the data retention period has expired.
Personal data will be stored securely either in paper or electronic formats by us.
Paper records containing personal data and information is securely stored in suitable facilities within the offices of GTEC Training Ltd.
Electronic records containing personal data and information will be securely stored in the UK either on:
- The GTEC database
4. We collect personal information
- When you give it to us directly
For example, personal information that you give to us when you communicate with us by email, phone or letter. - When it is available publicly
Your personal information may be available to us from external publicly available sources. For example, depending on your privacy settings for social media services, we may access information from those accounts or services or from registration or licensing bodies e.g. Gas Safe Register (GSR). - When you visit our website
In general, we may combine personal information from these different sources set out in a-c above, for the purposes set out in this Notice.
When you visit our website, we automatically collect the following types of personal information:- Technical information, including the internet protocol (IP) address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.
- Information about your visit to the websites, including the uniform resource locator (URL) clickstream to, through and from the website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks) and methods used to browse away from the page.
We collect and use your personal information by using cookies on our website.
5. Personal information we collect and use
We may collect, store and otherwise process the following personal information:
- Learner name and contact details including postal address, telephone number, email address and emergency contact details and, where applicable;
- Learner date of birth and gender;
- Learner image (photograph)
- Learner financial information, such as bank details and or credit and or debit card details;
- Information about your computer and or mobile device and your visits to and use of our website, including, for example, your IP address and geographical location;
- Unique learner identifiers and or unique learner numbers;
- National insurance number;
- Details of learner qualifications and or experience;
- Documents containing evidence of learner identity, including for example passport, driving licence, UK Home Office Work Permit;
- Sensitive personal data of learners, including for example relating to health, learning ability, ethnic grouping;
- Teacher, examiner, assessor or verifier of qualifications, name, gender, contact details including postal address, telephone number, email address, national insurance number, Curriculum Vitae, qualifications and experience.
We may process special categories of data.
The EU General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about learner health, ethnicity and religious beliefs.
In certain situations, GTEC may collect and or use these special categories of data (for example, information on learners medical conditions so that we can make arrangements for reasonable adjustments and or special considerations). We will only process these special categories of data if there is a valid reason for doing so and where the GDPR allows.
6. How and why will we use personal information
Personal information, however provided to us, will be used for the purposes specified in this Notice. In particular, we may use personal information:
- to register you as a learner and allow you to take examinations and assessments;
- for examination and assessment administration purposes;
- to conduct examinations and assessments;
- to issue examination and assessment results and certificates;
- to carry out any reviews or appeals;
- to otherwise provide you with services, products or information you have requested;
- to provide further information about our work, services or activities (where necessary, only where you have provided your consent to receive such information);
- to answer your questions or requests and communicate with you in general;
- to analyse and improve our work, services, activities, products or information (including our website), or for our internal records;
- to keep our facilities safe and secure;
- to run and or administer the activities of GTEC, including our website, and ensure that content is presented in the most effective manner for you and for your device;
- to audit and or administer our accounts;
- to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering);
- for the prevention of fraud or misuse of services;
- for the establishment, defence and or enforcement of legal claims;
- to keep a record of personnel whom has carried out teaching, examination, assessment and or verification of qualifications
- to share on our website, on our social media, in the trade press, and through other promotional channels. For instance, we aim to take photos and/or videos of candidates to share in this way and may also request information such as your social media handles and business website addresses – for instance, so that we can “tag” you and/or your business in any photos/videos we share on social media. How much of this information you share with us is your choice. We may also invite you to take part in one or more case studies, which would involve a discussion with a GTEC staff member or someone from our PR team. In this instance, we would also request a photograph of you to accompany the story on publication, as well as a phone number and/or email address. Anything written would be made available to you to check before publication. We will not do any of this without your express permission
7. Sharing of personal data
The organisations with which we share personal data with or may provide or permit access to personal data include but is not limited to:
- Learning Records Service (LRS)
LRS is the organisation which issues Unique Learner Number (ULN) to learners when registering with an approved centre to take a regulated qualification. LRS also maintains a record of the regulated qualifications held by learners - Registration Bodies:
Gas Safe Register – Gas utilisation qualifications Oftec – Oil utilisation qualifications - UK Government Departments
Department for Education (DfE)
Department for Environment Food and Rural Affairs (Defra) Department for Business, Energy & Industrial Strategy (BEIS) - Law Enforcement Agencies
Police
Health and Safety Executive Crown Prosecution Service The Courts
Her Majesty’s Revenue and Customs (HMRC) - Others
Employers
Local Authorities
8. Transfer of Data
The transfer of paper based personal data and information between our Awarding bodies and us takes place using the postal system i.e. Royal Mail or private courier service using standard or registered postage.
The transfer of electronic data and information between our Awarding Bodies and us is by either electronic mail or a secure share filing system.
Personal data and information may be shared with the organisations listed in the ‘Data Shared With’ column in the tables below.
Personal data will not be shared with, sold to or used by any other organisations or for any other purpose than for which it was provided.
Our compliance manager can advise you of the personal data we hold about you, receive requests to rectify any incorrect personal data about you or request that we erase your personal information. The erasure of your personal information may be subject to contractual or legal restrictions and we may not be able to comply with this request. Where we are unable to comply with a request to erase your personal information we will provide you the reason why we are unable to do so.
9. Personal Data and Information
The GDPR requires us to rely on one or more lawful bases to use your personal information. We consider the grounds listed below to be relevant:
- Where you have provided your consent for us to use your personal information in a certain way (for example, we may ask for your consent to collect special categories of your personal information so that you may sit an exam with reasonable adjustments and/or special considerations).
- Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal information with regulatory bodies which govern our work and services).
- Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, to provide you with a certified award after sitting an examination).
- Where there is a legitimate interest in us doing so.
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights as an individual).
In broad terms, our “legitimate interests” means the interests of running of GTEC as a commercial entity and ensuring that appropriate levels of certified awards are granted to learners in line with our standards.
When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and on your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
10. Lawful Basis
The lawful basis for us collecting holding personal data and information is either one of a legitimate interest, a contract between us or we have a legal duty to collect and retain the data.
1.1 Learner personal data which maybe held by us (Table 1)
The purpose of us keeping learner personal data and the legal basis for doing so for an unlimited time is to enable:
- Learners to claim a replacement for lost or damaged training and or qualification certificates issued by an awarding body. Ours and learner legitimate interest.
- Learners to seek confirmation of the certificates which have been issued to them by us. Ours and learner legitimate interest.
- Us to issue a replacement managed learning programme or qualification certificate to a learner. Ours and learner legitimate interest.
- Us to keep a permanent record of persons to whom we have issued a managed learning programme or qualification certificate. Ours and learner legitimate interest.
- Us to keep a permanent record of persons, who have taught, examined and or assessed learners registered for our managed learning programmes and or qualifications. Ours and learner legitimate interest.
- Us to keep a permanent record of persons who have conducted internal and or external quality assurance of our managed learning programmes and or qualifications. Ours and learner legitimate interest.
- Us to assist an investigation to an incident or complaint or where there is pending litigation.
- Us to keep a record of the means of the verification used to confirm the identity of the learner at the time of application for a managed learning programme or qualification. Ours and learner legitimate interest.
- Us to remind individuals of any pending expiry of qualifications. Ours and learner legitimate interest.
The purpose of us keeping learner personal data and the legal basis for doing so for a limited time is to enable us:
- Where required contractedly or legally to provide data to:
- Awarding Bodies
- Qualification Regulators
- Registration Bodies
- Industry Bodies
- Members of the public with a legitimate interest
- UK Government Departments
- Law Enforcement Agencies. Legitimate interest.
1.2 Personal Data of Teachers, Assessors and Internal Verifiers which maybe held by us (Table 2)
The purpose of us keeping personal data and the legal basis for doing so of Teachers, Assessors and Internal Verifiers for an unlimited time is to enable:
- Us to keep a permanent record of persons, who have taught, examined and or assessed learners registered for our managed learning programmes and or qualifications.
Legitimate interest.
- Us to keep a permanent record of persons who have conducted internal and or external quality assurance of our managed learning programmes and or qualifications.
Legitimate interest.
The purpose of us keeping personal data and the legal basis for doing so of Teachers, Assessors and Internal Verifiers for a limited time is to enable:
- Us to remind individuals of any pending expiry of qualifications. Our legitimate interest.
- Us where required to contractedly or legally provide data to:
- Qualification Regulators
- Registration Bodies
- Government Departments
- Law Enforcement Agencies. Legitimate interest.
12. What if you want us to stop using your personal information?
Individuals have the right to object to our use of their personal data, or to ask us to delete, remove, or stop using personal data if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’, or the ‘right to be forgotten’.
There may be legal or other official reasons why we need to keep or use personal data. But please tell us if you think that we should not be using it.
We may sometimes be able to restrict the use of personal data. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share personal data in other ways while it is restricted.
13. Individuals can ask us to restrict the use of their personal information
Individuals can ask us to restrict the use of their personal information if:
- It is not accurate.
- It has been used unlawfully but do not want us to delete it.
- It is not relevant any more, but you want us to keep it for use in legal claims.
- You have already requested that we stop using your data but you are waiting for us to tell you if we are allowed to keep on using it.
If you want to object to how we use personal data, or request that we delete it or restrict how we use it or, please contact us.
14. How to complain
Please let us know if you are dissatisfied with how we have used your personal data. You can contact us by email or post at the address published in the Contact Us section of the website.
If you remain dissatisfied with our response to you, you have the right to make a complaint to the Information Commissioner’s Office. https://ico.org.uk/