Interventions Consulting will only use your personal information for purposes which support the programmes of learning we offer. This includes: claiming funding, obtaining certificates, creating accounts on supporting software packages, and any other elements linked with the learning being delivered. We will not pass on or use your personal information for any activity that is not linked with your programme of learning. Our full privacy statement provides further information on this and is as follows:
What personal information do we collect from people?
We operate a ‘privacy by design’ policy, and will only ask you for the minimum information required to deliver a service to you. When registering on one of our sites you may be asked to provide some of the details listed below:
- Personal information: this may include your name, date of birth, email address, first language, employer details, phone numbers, previous qualifications and experience, your photograph and signature
- Credentials: these are details for logging in to something. For example, secure website login details
- Customers: as a customer we need to collect both contact and billing information from you which allows us to meet our contractual obligations with you. If we invoice you, we’ll collect an invoice address, email address for your finance function and purchase order numbers, where applicable
- Enquiries: to allow us to provide you with further information about our services, we need to collect contact information from you
When do we collect information?
We collect information from you when you fill out an enrolment form or enter information onto one of our sites. We also collect information automatically when you log into one of our sites (including location information) and complete training and/or an assessment on one of our sites. If you contact us, we may also keep a record of that correspondence.
Do we use 'cookies'?
How do we use your information?
We may use the information we collect from you in the following ways:
- To identify your assessment records when completing online tests, either as part of recruitment & selection processes or employer assessments at our customer’s sites.
- To identify your training records, evaluate progress and provide evidence of learning when undertaking one of our training courses.
- To provide a record of communications with those responsible for training you, their managers and our Head Office.
- To provide technical support when accessing our Learning Management Systems.
- To create licence agreements, invoices and other contractual documentation as part of providing services to our customers.
- To follow up after correspondence (email or phone enquiries).
- To personalise your experience and to allow us to deliver the type of content and information in which you are most interested.
- To allow us to better service you in responding to your customer service requests.
- To send periodic emails regarding our services.
Information marked with an asterisk (*) is or could include "special" personal information. Under data protection laws, "special" personal information (also known as sensitive personal data) includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information for uniquely identifying a person, information concerning health, and information concerning a person's sex life or sexual orientation. This information is particularly sensitive and we will therefore only process this information where absolutely necessary; we will ensure it is only seen by those who have to see it; and will keep it secure. By law we are required to have a policy document outlining how we protect such information and how long the information is held for. Our policy document on this information is reviewed on a regular basis.
How long do we retain your data?
We will retain different types of information for differing lengths of time, depending on legal, regulatory and operational requirements as detailed below:
- Where personal data is necessary in order for us to identify test results when assessments are completed on our online assessment platforms, all data collected and processed may be held for a maximum of 2 years from the date of their creation, after which time data will be deleted.
- Where personal data is necessary in order for us to identify learner training records, provide technical support, evaluate progress and provide evidence of learning when undertaking an online training course on our LMS (with the exception of Apprenticeships), all data collected and processed will be held for 3 years from the date of course completion, after which time data will be deleted.
- Where personal data of Apprentices is necessary, we will process this information for the duration of the Apprentice’s training with us and in line with the document retention periods as defined by the Education and Skills Funding Agency (ESFA) and European Social Fund (ESF) who fund Apprenticeships. ESFA funding rules stipulate that records are retained for 6 years after an Apprenticeship is completed with us. The retention period stipulated by ESF Funding is also dependent on when training is completed; any learners receiving training between 1st August 2014 and 31st July 2020 will require information to be retained until at least 31st December 2030.
- Where personal data is necessary in order for us to create licence agreements or other contractual documentation as part of providing services to our customers, all data collected and processed will be held for a period of 6 years from the end of the contract term.
- Enquiries: When you contact us with an enquiry, we may retain this data for up to 1 year, after which time data will be deleted.
- Customers: We are required by UK tax law to keep basic personal data relating to financial transactions (name, address, contact details) for a minimum of 6 years from the data of final invoice, after which time all records will be destroyed in line with our data retention policy; which includes the deletion of electronic records from our systems and the shredding of paper based records.
How do we protect your information?
We take the handling of your personal data very seriously. All our websites have a valid SSL certificate. This means when you enter your personal details on one of our sites, there is a secure connection between your computer and our website. You can be certain our website is served over SSL when you see the padlock in the corner of the web address bar. Our laptops are also encrypted and password protected and where possible two factor authentication is used.
Do we share your data with third parties?
We do not sell any of your information. To enable us to provide a service to you, we do need to share your information with some third parties as described below;
- Contracted delivery partners: We may disclose information about you to our contracted delivery partners who need the information. We require all employees and contracted partners to follow this privacy notice.
- Third party vendors: To provide a service to you, we share your information with third party vendors. We have broken down these vendors to categories below:
- Learning Management System software
- Time tracking software
- Web hosting
- Cloud storage
- Communication tools including our email provider
- Accounting software
- Qualification Awarding Bodies
- The Education and Skills Funding Agency (ESFA)
- Other organisations whose involvement is mandatory in the provision of Apprenticeship programmes
- End Point Assessment Organisations
- Training Provider partners who we sub-contract apprenticeships through
- As required by law: we may disclose information about you in response to a court order, or other governmental request.
- Interventions Consulting may be required to share personal information of Apprentices with partners for Prevent purposes, where sharing of information will be central to providing the best support to vulnerable individuals.
- In such situations, only the information required to have the desired outcome will be shared, and only to those partners with whom it is necessary to share it to achieve the objective.
- The participants each rely upon the lawful basis for processing set out in Article 6(1)(e) GDPR: the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Section 8 of the Data Protection Act 2018 provides that Article 6(1)(e) includes processing of personal data that is necessary for the exercise of a function conferred on a person by an enactment or rule of law. It is necessary for the LA sites to process personal data for the exercise of their Channel functions under section 36 CTSA. Section 8 of the DPA 2018 also provides that Article 6(1)(e) GDPR includes processing of personal data that is necessary for the exercise of a function of the Crown, a Minster of the Crown or a government department. It is necessary for the Local Authority to process personal data relating to Channel for the purposes of these functions.
What would happen if there was a Data Breach?
If a data breach were to occur, we would follow this procedure:
- Notify the affected parties as soon as possible.
- Fix the issue that lead to the breach.
- Produce a post-mortem of the incident detailing:
- What went wrong.
- What we did to fix it.
- How we are going to protect against something similar happening in the future.
Your rights - Under data protection rules, you have rights in relation to your information. You have the right to request from us access to your own personal information.
Additionally, you have the right to request from us:
- That any inaccurate information we hold about you is corrected;
- That information about you is deleted in certain circumstances;
- That we stop using your personal information for certain purposes;
- That your information is provided to you in a portable format;
Due to the nature of our relationship with you and our reasons for processing your personal information, in some cases we may not be able to comply with your request in relation to the rights listed above, which are limited to certain defined circumstances. However, we will tell you if that is the case and explain why.
If you make a request, we will aim to respond to you within 10 working days and never more than 1 month from the date your request is received. We will never charge you a fee for dealing with your request.
If you are unhappy with how we are using your personal information please contact our Head Office. If we cannot resolve your complaint, you have the right to complain to the Information Commissioner's Office, which is the statutory regulator for data protection matters. The Information Commission can be contacted at https://ico.org.uk/make-a-complaint/.
If you have any questions about this Privacy Notice, would like any further information or wish to discuss any of the above further, please do not hesitate to contact us at our Office.
Data Controller: Sarah Abenbrook
Tel: 0113 4931943
125 Main Street