This policy statement is effective immediately for all users, provided that the enhanced date protection rights include within the policy required under the EU General Data Protection Regulations (GDPR) come into effect on May 25, 2018.
Personal data relates to any information about a natural person that makes you identifiable which may include but is not limited to:
- Names and contact information i.e. email addresses and telephone numbers
- Personal information such as date of birth, national insurance number
- Educational information (including qualifications, grades, learning needs)
- Characteristics such as gender, ethnicity, nationality
- Financial information such as bank details
- Information about personal preferences and interests
- Company information, financial and staff details)
- Website usage data
- Staff contract information
Sensitive personal data refers to the above but includes genetic data and biometric data for example:
- Medical conditions
- Religious, philosophical beliefs and political opinions
- Racial or ethnic origin
- Biometric data
For GDPR purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed. The data controller is Aspire Achieve Advance Limited, Aspire House Sitwell Street, Derby, DE1 2JT
The data protection officer is Lee Marples, Commercial Director who can be contacted at the above address or on firstname.lastname@example.org
A “data processor” is a person or organisation which processes personal data for the controller.
Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
We collect a range of personal information about you in a variety of ways. This could be, but not limited to, the use of forms, paper or electronic from our websites, when you sign up to receive our newsletters, register for information or engage in the services that we offer. If you are progressing your career through 3aaa Apprenticeships we may need to collect additional personal information from you in order to secure funding or satisfy legal or governmental scheme requirements. Further information on the requirements for Apprenticeships can found within the Apprenticeship Funding and Performance Management Rules ( https://www.gov.uk/government/publications/apprenticeship-funding-and-performance-management-rules-2017-to-2018)
We also collect personal information from you when you communicate with us for any reason.
In addition, we will automatically collect information from you when you visit our websites i.e. sending an enquiry, signing up for an event, filing in a survey or giving feedback. Website usage information is collected using cookies.
We may record and store telephone conversation you may have with us for the purposes of quality improvement, staff training and or to prevent/detect crime. You will always be notified if your call is being recorded.
If you chose to provide us with your information this processing of personal data is based on consent.
Some of the information provided by you will be used by the Education and Skills Funding Agency (‘ESFA’) in order to fulfil its statutory duties and functions, issue/verify your Unique Learner Number (ULN) in order to maintain your Personal Learning Record. The ESFA may share your ULN and Personal Learning Record with other education related organisations, Further details of how your information is processed and shared can be found at https://www.gov.uk/government/publications/lrs-privacy-notices
We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit so we can understand how you use our site and serve you content based on preferences you have specified. For more information visit www.aboutcookies.org or www.allaboutcookies.org
We use Google Analytics to store information about how visitors use our website so that may make improvements and give visitors a better user experience.
We use LinkedIn, Facebook and Twitter advertising services and as such there are tracking codes installed on our website so that we can manage the effectiveness of these campaigns. We do not store any personal data within this type of tracking.
The information that we collect and store relating to you is primarily used to enable us to provide our services to you. In addition we may use the information for the following purposes:
- to provide you with information you request form us
- to administer an account you create or use on our websites
- to respond to your specific requests, communications or enquiries in an efficient manner
- to provide you with updates on 3aaa or its products and services
- in order to meet contractual requirements with you
- to notify you of any changes to the websites, our services such as improvements or changes
If you do not want us to use your data for any marketing purposes you will have the opportunity to withhold your consent to this when you provide your details to us. Should you wish to withdraw your consent for such purposes please contact email@example.com
For Business to Business Clients and Contacts our lawful reason for processing your personal information will be “legitimate interests”. Under “legitimate interests” we can process your personal information if: we have a genuine and legitimate reason and we are not harming any of your rights and interests.
For Business to Consumer Clients and Contacts our lawful reason for processing your personal information will be “A contract with the individual” eg to supply goods and services you have requested, or to fulfil obligations under an employment contract or an Apprenticeship Agreement. This also includes steps taken at your request before entering into a contract.
Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the Services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the Services and we have contracts in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We collect information on our website to process your enquiry, deal with your event registration, give advice based on survey data and improve our services. If you agree, we will also use this information to share updates with you about our services which we believe may be of interest to you.
We will not share your information for marketing purposes with companies so that they may offer you their products and services.
We may disclosure your personal information to any company within our group, third parties that we contract to provide services on our behalf or where third party funding is required within Apprenticeships. In addition we may be required to provide information to government agencies, where required by the Apprenticeship and any third part that purchases all or substantially all of our assets and business.
In accordance with legal and regulatory requirements we may be required to disclose your personal information to any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary in order to comply with our obligations or otherwise to protect our rights or the rights of any third party.
As part of the services offered to you through this website, the information which you give to us may be transferred to countries outside the European Union (“EU”). For example, some of our third-party providers may be located outside of the EU. Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy. By submitting your personal data, you’re agreeing to this transfer, storing or processing.
If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.
When you give us personal information, we take steps to make sure that it’s treated securely. Any personal information you supply to us is stored within secure servers. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
Non-sensitive details (your email address etc.) are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of extra information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and cut fraud and credit risk.
We would like to send you information about our services which may be of interest to you. If you have consented to receive marketing, you may opt out at any point as set out below.
You have a right at any time to stop us from contacting you for marketing purposes. To opt out please email: firstname.lastname@example.org
Marketing: We will hold your data for a period of 6 years with a review every 3 years. You will have the opportunity to opt out or update or delete data at any point should you need to do so and details are set out in this policy as to how to do that.
Contracted Services: We will hold your data for 7 years in line with our regulatory requirements.
This is your right to request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please email or write to us at the following address: Date Protection Officer, Aspire Achieve Advance Limited, Aspire House, Sitwell Street, Derby DE1 2JT. We will respond to your request within one month of receipt of the request.
We want to make sure your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by emailing email@example.com or writing to the above address.
It is your right to lodge an objection to the processing of your personal data if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims.
It is also your right to receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
(a) The processing is based on consent or on a contract, and
(b) The processing is carried out by automated means.
Should you wish for us to completely delete all information that we hold about you for:
Email: firstname.lastname@example.org, or
In Writing to: Date Protection Officer, Aspire Achieve Advance Limited, Aspire House, Sitwell Street, Derby, DE1 2JT.
The organisation is dedicated to being compliant with the Act and, from 25 May 2018, the GDPR. Individuals, any member of staff, applicant or a student wishing to report concerns should, in the first instance, contact the Data Protection Officer who will aim to resolve any issue:
Data Protection Officer
If the individual, member of staff or student feels the complaint has not been dealt with to their satisfaction, he/she can formally complain to the Registrar.
Information Commissioner’s Office
Tel: 0303 123 1113