Salford and Trafford Engineering Group Training Association Limited (“STEGTA”) are committed to ensuring that your privacy is protected. This Privacy Notice describes how we use the personal information that we collect from you or that you provide and is effective immediately for all users.
From time to time you will be asked to tell us personal information about yourself (e.g. name and email address etc.) in order to become a learner or a customer, to use STEGTA systems and services and so on. At the point of collecting the information we aim to clearly explain what it is going to be used for and who we may share it with. Unless required or permitted by law, we will always ask you before we use it for any other reason. We would only use it for marketing with your prior consent.
Any sensitive personal information will never be supplied to anyone outside STEGTA without first obtaining your consent, unless required or permitted by law. We comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), including removing your personal information from our systems when it is no longer required and ensuring that all personal information supplied is held securely.
Whenever you provide such personal information, we will treat that information in accordance with this notice, current legislation, our Data Protection Registration (Registration Number: Z5595570) and ISO 27001 accreditation.
Individuals whose personal information STEGTA holds have certain rights under the law. More information can be found on the Information Commissioner’s website https://ico.org.uk/.
HOW STEGTA USES YOUR INFORMATION
The information will be used for purposes relating to education, training, employment, general advice services, well-being and research and non-sensitive personal information about you may be shared by STEGTA with other organisations, for example the Local Authority. We do not share your information for purposes that are incompatible, such as product marketing without your consent.
Sensitive personal information you provide (eg. disability or ethnicity) may be used by STEGTA for the purposes of equality of opportunity, support for your studies and to minimise risk. It may also be used anonymously for statistical purposes. STEGTA will ask your permission before sharing sensitive information with other organisations, unless the sharing is permitted by law and necessary.
HOW GOVERNMENT DEPARTMENTS USE YOUR INFORMATION
We pass information to government agencies to meet funding requirements as required by law. STEGTA is a Data Processor for the Education and Skills Funding Agency (ESFA). This means that STEGTA will pass most of the personal information and some of the sensitive information you provide to the ESFA and the Department for Education (DfE).
The information is used for the exercise of functions of these government departments and to meet statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009. It is also used to create and maintain a unique learner number (ULN) and a Personal Learning Record (PLR).
The information provided may be shared with other organisations for purposes of administration, provision of services and the provision of career and other guidance and statistical and research purposes, relating to education, training, employment and well-being. This will only take place where the sharing is in compliance with the Data Protection Legislation.
You may be contacted after you have completed your programme of learning to establish whether you have entered employment or gone onto further training or education.
You may be contacted by the English European Social Fund (ESF) Managing Authority, or its agents, to carry out research and evaluation to inform the effectiveness of the programme.
Further information about use of and access to your personal data, and details of organisations with whom the data is regularly shared are available at: https://www.gov.uk/government/publications/esfa-privacy-notice
THE LEGAL BASIS FOR COLLECTING THE INFORMATION
The information is collected because it is necessary for your enrolment as a learner, to manage your progress on your course or is required by law. You must provide it in order to enrol with STEGTA.
INFORMATION THAT WE OBTAIN FROM THIRD PARTY SOURCES
We may receive personal information about you from third party sources (such as your employer if they enrol you on a course, or agencies if you apply for study or employment, but only where we believe that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. We collect only the minimum amount of information required from these third parties to enable us to provide the requested service or process any application you send to us (for example, your educational or employment history). We only use the information we receive from these third parties as set out in this Privacy Notice.
Subject Access Request
Under the General Data Protection Regulations (GDPR) you have the right to make a subject access request (SAR) and to obtain copies of records and files relating to you held by STEGTA.
If you wish to make a SAR then please email email@example.com details of the information you require.
STEGTA has a month to reply to you unless your request is complex or there are a number of requests, in which case the deadline can be extended by a further two months, but STEGTA will contact you within a month of receipt of the SAR, explaining why an extension is necessary.
There is ordinarily no charge for making a SAR.
Right to Erasure
The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
- When does the right to erasure apply?
The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances:
Under the GDPR, this right is not limited to processing that causes unwarranted and substantial damage or distress. However, if the processing does cause damage or distress, this is likely to make the case for erasure stronger.
- When can STEGTA refuse to comply with a request for erasure?
We can refuse to comply with a request for erasure where the personal data is processed for the following reasons:
- to comply with a legal obligation;
- for the performance of a task carried out in the public interest or in the exercise of official authority;
- for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
- for the establishment, exercise or defence of legal claims.
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability
The right to data portability only applies, where a relevant request is made by you to STEGTA, were we will facilitate your request as soon as possible, and in no longer than one month.
HOW WE KEEP YOUR DATA SECURE
We will never give or sell your data to anyone else, nor will we make use of it except as described above.
Storing and retaining your personal data
Your data is stored on our secure server, which is properly protected by the use of firewalls and other data security systems. Further, access to your data is restricted, with access to learner data restricted.
Where we have given you (or where you have chosen) a password so that you can access certain parts of our sites and portals, you are responsible for keeping these passwords confidential.
Please note that the transmission of information via the internet (including email) is not completely secure and therefore, although we endeavor to protect the personal information you provide to us, we cannot guarantee the security of data sent to us electronically and the transmission of such data is therefore entirely at your own risk. We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business or statutory need to process your personal information, we will either delete or anonymise it.
Website and Cookies
This section applies to anyone accessing STEGTA’s website:
A cookie is a small file, typically of letters and numbers, downloaded on to your device (e.g. your PC) when you access STEGTA’s website. Cookies allow the website to recognise your device and so distinguish between the different users that access the site.
To find out more about cookies and what cookies might be stored on your device, visit aboutcookies.org.uk or allaboutcookies.org
During the course of your study you may be asked to use third party websites or services or access linked content (eg. Youtube) which may collect personal data about you. That site’s own privacy notice will explain to you how they use your data.
Overall responsibility for ensuring compliance with the General Data Protection Regulation within STEGTA lies with the Board of Directors, supported by the Chief Executive as the designated Data Protection Officer who deals with the day-to-day matters.
If you have any questions about Data Protection at STEGTA, please contact:
Data Protection Officer
4th Floor Duckworth House
Lancastrian Office Centre
Changes to Privacy Notice
We reserve the right to update this Privacy Notice at any time to take account of changes in our business and legal requirements. We will place updates on our website. Please refer to the ‘last updated’ date at the bottom of this Privacy Notice to see when it was last revised.
Last Updated: 5/6/18