This policy has been developed to ensure Fencing and Construction Training Ltd (FaCT) compliance with the Data Protection Act (1998) which came into force on 1 March 2000. The focus of the Act is on protecting personal data, which is information from which an individual can be identified. This includes data that is stored as hard copies and/or on computer systems, including emails.
This policy outlines how FaCT in practice complies with the principles of the Act.
1. FaCT collects the minimum amount of personal data required for the purposes of processing with the consent of the individual who is made aware as to the purpose(s) of the data collection.
In the case of data deemed to be sensitive (e.g. gender, ethnic origin) FaCT must request and process certain data for equal opportunities monitoring purposes as specified in the relevant codes of practice and accreditation criteria laid down by the Regulators (SFA, Ofqual, SQA, Lantra & CITB).
FaCT are also asked to indicate whether a candidate has a ‘additional need’ so that awarding bodies can make contact with the training provider to consider what reasonable adjustments might be made to ensure equality of opportunity for that particular candidate.
Records of reasonable adjustments are retained and made available to the regulatory authorities for monitoring purposes only.
2. FaCT processes the data only for the purposes for which it was obtained:
- registration and certification of trainees and candidates
- registration for the CITB touch screen test
- to enable access to funding support from the SFA (or other organisations), either directly or indirectly
- to provide support and advice on training requirements and refresher training or card renewals
FaCT keeps under review the data that is collected and the purpose for which this data is collected.
3. FaCT collects the minimum amount of data with regards to individual learners/candidates.
FaCT requires a limited amount of information so that if in the future learner/candidate was to request a replacement certificate or card, that the record is sufficient from which to identify the individual. Information required is as follows:
- Name
- Date of birth
- Address
- Contact number
- Email address (if available)
- Employer
- National Insurance Number
- Gender (for equal opportunities monitoring purposes)
- Ethnicity (for equal opportunities monitoring purposes)
Where it is deemed necessary to collect other information this is held securely, used only for the specified purpose that it is collected and for the minimum period of time required for the specified purpose.
4. In order to ensure that personal data processed for any purpose or purposes is kept for no longer than is necessary, FaCT keep under review the length of time data is kept for, ensuring that any data that is stored is for a specific purpose and does not keep data ‘just in case’. Regular archiving of data and when the data is no longer required disposal/deletion of the data ensures that data is not kept beyond the time deemed necessary.
FaCT regularly reviews and cleanse it’s database in line with recommendations, in most cases records are deleted/destroyed, in a controlled manner (see point 7), after 7 years.
5. FaCT ensures that clients are aware of the purposes of processing data supplied by them. This includes data processed about training activities, qualification registration, progression and certification, funding applications and skills card applications.
6. FaCT Data Protection Policy is distributed to all staff and made available to its customers via its website www.fctrain.co.uk. Additionally, computer systems that store personal data are secure and password protected, making them available only to those staff that need to use them. Where documentation contains personal data this is kept secure and when no longer required deleted and hard copies shredded.
7. FaCT is registered with the Information Commissioners Office (ICO) The registration number is ZA039947. Scotland has it’s own Information Commissioners office.
8. Any data collected in order to process payments for training received is managed, controlled and deleted in accordance with the Payment Card Industry Data Security Standards (PCI DSS).No data relating to card transactions is stored electronically. (Merchant No. 520334507426591)
9. FaCT will obtain permission from candidates to hold their data, by way of completing a registration at the beginning of all training activities or at enrolment onto funding or qualification programmes.
10. Clients can make a request in writing, to obtain a copy of the data held on them. This request will be verified and dealt with within 28 working days.
11. FaCT does not to transfer data to any other party, except where agreed by the candidate for
- funding support
- qualification registration and certification
- CITB testing
FaCT will review this policy annually and update as required.
Timothy Drew
Managing Director
Fencing and Construction Training Ltd.