This document explains what we do with the personal information you provide us.
From time to time you will be asked to tell us personal information about yourself (e.g. name and email address etc.) in order to become a learner or a customer, to use Training 2000 systems and services and so on. At the point of collecting the information we aim to clearly explain what it is going to be used for and who we may share it with. Unless required or permitted by law, we will always ask you before we use it for any other reason. We would only use it for marketing with your prior consent.
Any sensitive personal information will never be supplied to anyone outside Training 2000 without first obtaining your consent, unless required or permitted by law. We comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), including removing your personal information from our systems when it is no longer required and ensuring that all personal information supplied is held securely.
Whenever you provide such personal information, we will treat that information in accordance with this statement, current legislation and our Data Protection Registration (Registration Number: Z8105915). We also aim to meet current best practice.
Individuals whose personal information Training 2000 holds have certain rights under the law. More information can be found on the Information Commissioner’s website.
Application and Enrolment
This section explains how Training 2000 uses the personal information that you give us during the enquiry, application and enrolment process.
How Training 2000 uses your information
Training 2000 uses information you provided on your application form or contact/ booking form, as well as any supporting documents, references or records from interviews obtained as part of the admissions or booking process. We also collect and use information you provide during enrolment, including information about any disabilities or long-term health conditions you inform us about. As you progress through your course, we will collect and use a variety of other information to assist you with your studies, maintain records about your studies and achievements, finance and about your use of the facilities and services that we offer. Most of this information is usually collected from you directly during your time at Training 2000.
The information we collect may include the following:
- contact information including email address
- demographic information such as postcode, preferences and interests
- information about your qualifications, skills and experience
- other information relevant to customer surveys and/or offers.
Training 2000 may share non-sensitive personal information about you with other organisations, for example the Local Authority (see below), for these purposes. We do not share your information for purposes that are incompatible, such as product marketing without your consent.
Sensitive personal information you provide (e.g. disability or ethnicity) may be used by Training 2000 for the purposes of equality of opportunity, support for your studies and to minimise risk. It may also be used anonymously for statistical purposes. Training 2000 will ask your permission before sharing sensitive information with other organisations, unless the sharing is permitted by law and necessary.
How government departments use your information
We pass information to government agencies to meet funding requirements as required by law. Training 2000 is a Data Processor for the Education and Skills Funding Agency (ESFA). This means that Training 2000 will pass most of the personal information and some of the sensitive information you provide to
the ESFA and the Department for Education (DfE). The information is used for the exercise of functions of these government departments and to meet statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009. It is also used to create and maintain a unique learner number (ULN) and a Personal Learning Record (PLR).
The information provided may be shared with other organisations for purposes of administration, provision of services and the provision of career and other guidance and statistical and research purposes, relating to education, training, employment and well-being. This will only take place where the sharing is in compliance with the Data Protection Legislation.
You may be contacted after you have completed your programme of learning to establish whether you have entered employment or gone onto further training or education.
You may be contacted by the English European Social Fund (ESF) Managing Authority, or its agents, to carry out research and evaluation to inform the effectiveness of the programme.
Further information about use of and access to your personal data, and details of organisations with whom the data is regularly shared are available at: ESFA Privacy notice May 2018
The legal basis for collecting the information
Most of the information on the form is collected because it is necessary for your enrolment as a learner, to manage your progress on your course or is required by law. You must provide it in order to enrol at Training 2000.
Parents, carers and guardians
Under the GDPR (General Data Protection Regulation), young people aged 13 and over can decide for themselves and give consent for the processing of their personal information. Parental consent is not required. There may be exceptions in regards of learners with severe learning difficulties and those who are otherwise unable to decide for themselves.
Training 2000 has found that it is very beneficial to the young person’s progress as a learner if Training 2000 is able to engage with the parents (or guardian/carer) of learners aged under 18. Therefore it is very important that we have the parents’ details recorded on our systems.
When a learner is in Further Education, parents/carers/guardians (or any other third party) are not automatically entitled to the learner’s information. We can only release information about our learners if we have their consent for this recorded on Training 2000 system. Learners can also inform Training 2000 later on who we may discuss with their learning matters with. Learners may withdraw their consent the same way which they gave it.
In general, we can only share information if we have the person’s consent, or there is a particular piece of legislation or agreement allowing us to share it without consent.
Participation in Learning: Sharing information with Local Authorities
This section applies to:
- 16 and 17 year olds
- Vulnerable 18 year olds (‘vulnerable’ is defined locally by individual Local Authorities)
- 18-25 year olds with an Education Health Care Plan (EHCP)
- in the local authority (LA) of Lancashire.
The Education and Skills Act 2008 (the Act) places duties on LA’s to promote the effective participation in education or training of all 16 and 17 year olds resident in their area, and to make arrangements to identify young people resident in their area who are not participating. It is part of the LA’s duties to secure sufficient suitable education and training provision for all 16-19 year olds, and to encourage, enable and assist young people to participate in learning.
Under the Act, it is Training 2000’s duty to provide relevant information about their learners to the LA of each learner’s residence, when requested to do so, and notify local LAs when a young person leaves learning at Training 2000. All educational institutions are required to share information with LAs as part of their duty under the Act.
Section 72 of the Act provides the legal basis for sharing information between LAs and educational institutions. Link to relevant section is referenced here: Educational institutions: duty to provide information
When you give us your information we will use your details to inform the LA where you live about the learning that you are participating in so that they are able to report monthly to the Department of Education and deliver their duties listed above.
Please note that some of the services for young people provided by the LA to fulfil their duties are provided by commissioned external contractors and organisations and they are required to use the same security standards as the LA.
If you wish to opt out of the sharing of your basic details for this purpose, or wish to see information held by Training 2000 about you for this purpose, please contact us at firstname.lastname@example.org.
Subject Access Request:
Under the General Data Protection Regulations (GDPR) you have the right to make a subject access request (SAR) and to obtain copies of records and files relating to you held by Training 2000. If you wish to make a SAR then please complete our SAR form or email email@example.com details of the information you require. Training 2000 has a month to reply to you unless your request is complex or there are a number of requests, in which case the deadline can be extended by a further two months, but Training 2000 will contact you within a month of receipt of the SAR, explaining why an extension is necessary. There is ordinarily no charge for making a SAR.
Right to erasure
The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
When does the right to erasure apply?
The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances:
Under the GDPR, this right is not limited to processing that causes unwarranted and substantial damage or distress. However, if the processing does cause damage or distress, this is likely to make the case for erasure stronger.
When can Training 2000 refuse to comply with a request for erasure?
We can refuse to comply with a request for erasure where the personal data is processed for the following reasons:
- to comply with a legal obligation;
- for the performance of a task carried out in the public interest or in the exercise of official authority;
- for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
- for the establishment, exercise or defence of legal claims.
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability
The right to data portability only applies:
- Where a relevant request is made by you to Training 2000 we will facilitate your request as soon as possible, and in no longer than one month.
How Long We Keep Your Data
We will only keep your personal data for so long as is required to fulfil the purpose(s) for which it was collected unless there are other legal requirements or it is necessary for us to keep it for our own business continuity.
If you want more details about our specific retention periods, please contact our Data Protection Team at firstname.lastname@example.org.
Learner files will be destroyed in line with funding body requirements (currently the ESFA, an executive agency of the Department for Education (DfE)), their Privacy Notice can be found here ESFA privacy notice.
How We Keep Your Data Secure:
We will never give or sell your data to anyone else, nor will we make use of it except as described above. Your data is stored on our secure server, which is properly protected by the use of firewalls and other data security systems. Further, access to your data is restricted, with access to learner data restricted.
Websites and Cookies
This section applies to anyone accessing the Training 2000 website:
A cookie is a small file, typically of letters and numbers, downloaded on to your device (e.g. your PC) when you access Training 2000 website. Cookies allow the website to recognise your device and so distinguish between the different users that access the site.
Session cookies will remember your selections as you browse the site. These cookies are for the browsing session and not stored long term. No personal information is collected by these cookies.
Google Analytics cookies help us to make the website better for you by providing us with user statistics, for example: which pages are the most visited; how a user navigates the site. No personal information is collected by these cookies.
During the course of your study you may be asked to use third party websites or services or access linked content (eg. Youtube) which may collect personal data about you. That site’s own privacy notice will explain you how they use your data.
Training 2000 is a data controller under the Data Protection Act and the Board of Trustees is ultimately responsible for implementation. The designated data controller who is appointed to ensure compliance with the Act is the Director of Business and Educational Standards; and appointed to deal with day-to-day matters are the Head of IT and Special Projects and the Business Assurance Manager.
If you have any questions about Data Protection at Training 2000, please contact:
Data Protection Team
Furthergate Business Park
Lancashire, BB1 3BD
If you have a data protection concern that cannot or has not been resolved by Training 2000, you have the right to raise it with the Information Commissioner’s Office.
October 2018 | PR/GN71.03