GENERAL DATA PROTECTION DATA (GDPR)
Midland Group Training Services Limited (MGTS) is registered with the Information Commissioner’s Office (ICO) – Registration Number Z5234041.
We are committed to ensuring that your privacy is protected and are transparent about how we collect and use your personal data. This Policy provides you with the necessary information regarding your rights and our obligations and explains how we collect, process and store your personal data and who we share this data with.
Information that we collect
MGTS collects, holds and processes your personal data to meet our legal, statutory and contractual obligations in providing you with our services. We only collect personal data for specified, explicit and legitimate purposes.
Personal data will be collected for the following purposes; Application, Recruitment, Registration and Learning Programme processes.
How we process personal data
MGTS will process information in accordance with the Data Protection Act and its own Data Protection Policy. To comply with the law, information about individuals and companies must be collected and used fairly, stored safely and securely, be adequate, relevant and not excessive, be kept accurate and up to date, held only as long as is necessary and not disclosed to any third party unlawfully.
The information provided is shared with the Education and Skills Funding Agency (ESFA), on behalf of the Secretary of State for the Department of Education (DfE). Learners’ personal information will be used by the DfE, the ESFA (an executive agency of the DfE) and any successor bodies to these organisations and is used by the DfE to exercise its functions and to meet its statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009 and to create and maintain a unique learner number (ULN) and a personal learning record (PLR). The information will be securely destroyed after it is no longer required for these purposes. The information may be shared with third parties for education, training, employment and well-being related purposes, including for research.
This will only take place where the law allows it and the sharing is in compliance with data protection legislation. Further information about the use of and access to data are available at https://www.gov.uk/publications/esfa-privacy-notice.
MGTS’s Data Protection Policy is also available on request.
Keeping your information safe and secure
MGTS is committed to keeping all personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed. All information is stored safely and securely.
A significant amount of learner data is held on our internal database system, which has a significant number of inbuilt features to control access. In addition to being able to specify what actions internal users can perform, we also restrict them to subdivisions of the database using Sites, Funding Organisations and Main Users and fields which contain personal information are restricted to only the necessary users.
MGTS’s Website and its hosts take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users. Our website complies to all UK national laws and requirements for user privacy.
Our website uses Google Analytics tracking software to monitor activity to better understand how you use it and how to improve our service to you. The cookies used to deliver Google Analytics are used to store information, such as what time your current visit occurred, whether you have been to the site before and what site referred you to the web page. These cookies contain no personally identifiable information, but they will use your computer’s IP address to know from where in the world you are accessing the Internet. Google stores the information collected by these cookies on their servers and Google may transfer this information to third parties where required to do so by law, or where such third-parties process the information on Google’s behalf. Further information is provided on this link – http://www.google.com/analytics/learn/privacy.html parties where required to do so by law, or where such third-parties process the information on Google’s behalf.
Links to other websites
Our website may contain links to other websites of interest. However, you should note that we do not have any control over these other websites. Once you have used any of these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites and such sites are not governed by this privacy statement.
Social Media Platforms
We participate with social media platforms subject to their privacy policies. Our website may use social sharing buttons which help share web content directly from web pages to social media platforms. The social media platform may track and save your request to share a web page through your social media platform account.
Subject Access Requests
Individuals have the right to make a subject access request in relation to their personal data and can ask for confirmation that their data is being processed and access the data. MGTS may ask for proof of identification before the request can be processed. MGTS reserves the right to make a reasonable charge for the information where a request is manifestly unfounded or excessive, particularly if it is repetitive. MGTS will endeavour to respond within the one month specified by law.
Individuals have a number of other rights in relation to their personal data and how it is collected, processed and shared. The GDPR includes the following rights for individuals:
- the right to be informed
- the right of access
- the right to rectification
- the right to restrict processing
- the right to data portability
- the right to object
MGTS takes the security of personal data seriously. We have internal policies and controls in place to protect personal data against loss, alteration, destruction, misuse or disclosure and ensures relevant access control. Where we engage third parties to process personal data on our behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. Some of these measures have been mentioned above, but this also includes:
- email and website encryption
- Firewall protection
- Network protection
- Full antivirus protection
Learners should be aware that MGTS premises are protected by a Closed-Circuit Television system which is continuously recording activity at specific locations on the site. CCTV is regularly monitored and randomly checked by key staff members. Surveillance is conducted primarily for the purpose of deterrence and detection of any criminal act, which may include, but is not limited to theft, vandalism, but is not limited to theft, vandalism, criminal damage, public disorder, breaking and entry and fraudulent activity. It also aims to ensure the safety and security of learners, staff, visitors and their property.
- Pursuant to the above objective, learners should be aware that any activity witnessed or recorded may be used by MGTS and may result in disciplinary action or passed to the relevant authorities to investigate possible criminal activity.
- CCTV footage is stored for a limited duration only, currently linked to a maximum data allowance, which usually dates back no more than three weeks.
If there were to be a breach of personal data that poses a risk to the rights and freedoms of individuals, MGTS will report it to the Information Commissioner’s Office (ICO) within 72 hours of discovery. We will record all data breaches regardless of their effect.
Reviewed: September 2020