Codes of Practice and Privacy Notices

GDPRU Privacy Notices

Student Privacy Notice
Website Usage Privacy Notice
Employee Privacy Notice

This Policy should be read in conjunction with other Data Management and Information Governance Policies and related Codes of Practice (CoPs) including:
Information and Data Governance Framework (IDGF)
Data Protection Policy (DPP)
GDPR & Data Processing Policy & Practice (GDPR)
Information Security Policy (ISP)
Codes of Practice D1 > D14
Privacy Notices
Student Privacy Notice
Website Usage Privacy Notice
Employee Privacy Notice

PRIVACY NOTICE FOR STUDENTS

This Privacy Notice (Notice) explains how SB Skills Solutions processes the personal data of our students and prospective students and your rights in relation to the personal data we hold. We hope and expect that our relationship with students will continue once they leave us, and our privacy notice aimed at destination leavers is included here. For the purposes of any applicable data protection laws in England and Wales, including the Data Protection Act 2018 (DPA) and the General Data Protection Regulation 2016/679 (GDPR), SB Skills Solutions is the data controller of your personal data. SB Skills Solutions has appointed a Data Protection Officer and assistant, who can be contacted – see below. For more information about the Company’s data protection policies please refer to our Data Protection Policy and GDPR & Data Processing Policy Statement and Codes of Practice.

Collection of Personal Data

SB Skills Solutions collects your personal data from the following sources:
from you, typically when you:
⦁ interact with us before joining as a student, for example when you provide your contact details for open day events or when you apply to study with us; or enrol as a student with us, as part of the student registration process;
⦁ complete our surveys and feedback forms;
⦁ interact with us during your time as a student with us, including in communications you have with SB Skills Solutions; or
⦁ visit our website, including when you register or use our online payment portals or store.
from third parties such as:
⦁ institutions such as your school, Company or employers when they provide a reference for you;
⦁ other institutions involved in joint and exchange programmes you are undertaking or applying to undertake;
⦁ our contractors and service providers who perform services on our behalf;

Categories of Personal Data Collected:

We collect the following categories of personal data:

Identification and Contact Details -

⦁ biographical information such as your name, title, date of birth, age and gender;
⦁ your image and likeness (as captured in a photograph or on CCTV);
⦁ your contact details including address, email address and phone number;
⦁ information that evidences periods of residency (such as utility bills, proof of mortgage and travel) or financial circumstances (such as benefits);
⦁ information that evidences your family relationships (such as a birth, adoption, marriage or civil partnership certificate);
⦁ national insurance number (or other tax identification number) and your passport number or national identity card details, country of domicile and your nationality. We will also allocate you a unique student number and username;
⦁ where appropriate, diversity and background information that you provide to us.

Student Training and Academic Data -

⦁ the courses you have completed, dates of study, examination results and attendance record. We will also keep records relating to assessments of your work, details of examinations taken, your predicted and actual examination grades, disciplinary and other information in your student record;
⦁ information relating to your education and employment history, the school(s), Companies you have attended and places where you have worked;
⦁ information about your family or personal circumstances (including welfare information), and interests, for example where this is relevant to the assessment of your suitability to receive a place on a course or in order to provide you with appropriate pastoral care and welfare support;
⦁ records of communications sent to you by us or received from you;
⦁ records of your attendance at training, mentoring or events (including participation in online events);

Online and Transactional -

⦁ details of your IP address, browser type and operating system when you visit our website or inhouse systems;
⦁ details of financial transactions e.g. for courses, products and services we have provided.
We may also collect the following special categories of personal data where it is necessary for the purposes set out in this Notice (please also see the section on Special categories of personal data for details about how we process this data):
⦁ information concerning your health and medical conditions (e.g. disability
needs);
⦁ certain criminal convictions (please see the section on Criminal convictions under the Special categories of personal data) or criminal acts caught on our CCTV cameras; and
⦁ information about your racial or ethnic origin; religion or similar beliefs; and sexual orientation.

Processing Basis, Use and Sharing of Data –

We will process your personal data either in ways you have consented to, or because it is otherwise necessary for a lawful purpose.

Contractual

As part of the contractual relationship between you and SB Skills Solutions. In this respect we use your personal data for the following purposes:
⦁ administration of your application to SB Skills Solutions including to evaluate your suitability/eligibility for enrolment and to determine any support requirements/arrangements to enable you to study with us;
⦁ enrolment, registration and administration of your studies including the requirements of any learner evaluation surveys;
⦁ production of student photo ID cards and administration of security;
⦁ academic learner progress assessment;
⦁ administration of complaints and appeals, disciplinary hearings etc.;
⦁ administration of all related learning activities;
⦁ other support services such as the Careers Service;
⦁ consideration and granting of awards (including the publication of awards and marks and inclusion in pass lists made available);
⦁ processing and recovery of any accounts and fees;
⦁ administration of employment contracts where you are employed by SB Skills Solutions. If you are employed by SB Skills Solutions, we will provide you with a separate privacy notice explaining how we use your personal data as an employer;
⦁ administration of placements with partner institutions, employers or organisations;
⦁ administration of SB Skills Solutions regulations, codes of practice and policies;
⦁ organisation of events and services (including where applicable after you leave and the provision of products/services that you have requested.
As part of this process, we will expect to share your personal data with:
⦁ our agents and sub-contractors (including providers of other support services) where they need to receive the information in order to perform the services or provide the products, we have agreed to provide to you;
⦁ partner institutions, employers and other bodies involved in the delivery of a course or programme;
⦁ external examiners and provider assessment organisations; and
⦁ relevant professional bodies where a programme of study leads to a qualification recognised by that body;

Other Legitimate

Your personal data will also be processed because it is necessary for the Company’s legitimate interests or the legitimate interests of a third party. This will always be weighed against your rights, interests and expectations.
Examples of where we process data for purposes that fall under legitimate interests include:
⦁ administration of the Company’s ongoing relationship with you in ways which are necessary to provide your chosen course and welfare;
⦁ sharing your information with: professional and industrial bodies wishing to communicate with students about career opportunities and membership of their body. Normally the Company will forward you information on behalf of the relevant organisation; and prospective employers or other organisations who request a reference for you;
⦁ the recording of audio/images during workshops as part of the Company’s teaching provisions and for subsequent use in teaching materials;
⦁ the recording of audio/images on Company grounds for use in our official materials to promote the Company and its work, thereby furthering its mission and strategic goals. These materials may include the website, social media channels, the Company intranet, in press releases and mailings, on event posters, on TV screens on campus or in magazines or prospectuses. We rely on our legitimate interests to do this where it would not be necessary, appropriate or practicable to obtain your specific consent: for example, we may seek specific consent for prominent or impactful uses;
⦁ analysing our recruitment and marketing activities in order to determine their effectiveness and our future strategies;
⦁ marketing the Company and its goods, services, events and resources by post, telephone and electronic means (but without prejudice to your rights under the legislation that regulates the sending of marketing communications by electronic means); and
⦁ organising events (for example events for incoming students).
⦁ we will also analyse student personal data in order to improve the student experience for current and future cohorts, enhance the effectiveness of the Company’s learning, teaching and assessment activities, support the design and delivery of programmes and modules, and to further understand our community in order to improve engagement, access, and diversity and support students better. Where we use personal data for these purposes, we will ensure that any published information is anonymised. Results will be presented as aggregate data, even if the underlying calculations depend upon matching data at individual level.
⦁ our agents and contractors where they require your personal data to perform the services outlined above;

As well as the organisations mentioned above, we may in specific circumstances need to share your personal data with third parties who have made legitimate requests under data protection or freedom of information law; the police and other law enforcement agencies; local authorities; the Home Office, British overseas consulates; other international and national governmental and regulatory bodies; HMRC and the Company’s external auditors; and any contracting authorities or organisations.

Consent:

Your personal data will also be processed by the Company where we have your consent. Examples where consent would be sought or given may include where specific services have been requested or applied for from the Company (for example, where an applicant or student has requested help from the Company regarding support) or where the law or some other protocol requires that the Company obtains your consent. We will also ask for your consent before we submit your details to the Disclosure and Barring Service if we require evidence of whether you have any criminal convictions (see the section on Criminal convictions below). Where applicable, consent will always be specific and informed on your part, and the consequences of consenting or not, or of withdrawing consent, will be made clear.

Special Categories of Personal Data

In addition to the above, the Company may process types of personal data that the law considers to fall into a special category (such as race, religion, health, sexual life) or criminal records information. This will be under the following circumstances:
⦁ Where you have provided your explicit consent. Examples might include where it is required in connection with particular programmes of study or prior to certain placements, or with welfare or special needs; or for the assessment and provision of services to disabled students.

⦁ Where such processing is necessary for the establishment, exercise or defence of legal claims (including sharing with the Company’s insurers and legal advisers) or the prevention or detection of crime (for example, detecting criminal actions through the use of CCTV or reporting allegations to the police);

⦁ Where it is necessary for statistical or research purposes; for example, for researching the diversity of our students and to help widen participation. Please note that use of your personal information in this way will be subject to appropriate safeguards including the pseudonymisation of personal information where this is possible. In all cases we will evaluate the benefits of our use of your personal information in this way against the possible impact on your rights and freedoms and any damage or distress you are likely to be caused as a result of such processing and will not use this research or analysis in any way that will result in a direct decision or measure affecting you personally. If it is lawfully and ethically appropriate to do so, we may also seek your explicit consent to use your data in this way.

⦁ To comply with the Company’s legal obligations such as: to assist the police or other law enforcement agencies or local authorities; where it is in your vital interests to do so and you are incapable of giving consent, for example to inform your specified emergency contact, the NHS or emergency services in the event of your illness or other emergency; for the purposes of learning analytics we may analyse special categories data under the legal basis of statistics or as is necessary for reasons of substantial public interest such as equality of opportunity. Where these legal bases do not apply, we will always seek your explicit consent in order to process your data.

Criminal Convictions

You will be asked to provide the Company with details of criminal convictions where your course, or a project you volunteer or are employed to undertake requires a DBS check. A DBS check will only be conducted under the lawful process provided for by law. We will only use the criminal convictions data for the purpose it was collected and it will only be retained for a limited period (see the section on How long is my personal information retained for?).

Your rights under the Data Protection Legislation

Under data protection legislation you have the following rights:
⦁ To obtain access to, and copies of, the personal data we hold about you.
⦁ To require that we cease processing your personal data if the processing is causing you damage or distress;
⦁ To require us not to send you marketing communications.
⦁ To request that we erase your personal data;
⦁ To request that we restrict our data processing activities in relation to your personal data;
⦁ To receive from us the personal data we hold about you, which you have provided to us, in a reasonable format specified by you, including for the purpose of transmitting that personal data to another data controller; and
⦁ To require us to correct the personal data we hold about you if it is incorrect. Please note that the above rights are not absolute, and requests may be refused where exceptions apply. If you have any questions about these rights or how your personal data is used by us, you should contact the Company DPO.

How long is my personal information retained for?

After you leave the Company, some student data (including some personal data) will be retained as a permanent archival record for research and legal purposes. Your data is otherwise retained in accordance with the Company’s Retention Schedule.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us:
By email: info@sbskills.co.uk

WEBSITE USEAGE PRIVACY NOTICE

S B Skills Solutions Ltd operates the https://sbskills.co.uk/ website (the “Service”).
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use this Service and the choices you have associated with that data.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Privacy Notices for Students and Staff.
Service
Service is the https://sbskills.co.uk/ website operated by S B Skills Solutions Ltd
Personal Data
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies
Cookies are small pieces of data stored on your device (computer or mobile device).
Data Controller
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.
For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.
Data Processors (or Service Providers)
Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.
We may use the services of various Service Providers in order to process your data more effectively.
Data Subject (or User)
Data Subject is any living individual who is using our Service and is the subject of Personal Data.

Information Collection And Use
We collect several different types of information for various purposes to provide and improve our Service to you.
Personal Data
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally, identifiable information may include, but is not limited to:
⦁ Email address
⦁ First name and last name
⦁ Phone number
⦁ Address, State, Province, ZIP/Postal code, City
⦁ Cookies and Usage Data
We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Usage Data
We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Location Data
We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customize our Service.
You can enable or disable location services when you use our Service at any time, through your device settings.
Tracking Cookies Data
We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
Session Cookies. We use Session Cookies to operate our Service.
Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
Security Cookies. We use Security Cookies for security purposes.

Use of Data
S B Skills Solutions Ltd uses the collected data for various purposes:
⦁ To provide and maintain our Service
⦁ To notify you about changes to our Service
⦁ To allow you to participate in interactive features of our Service when you choose to do so
⦁ To provide customer support
⦁ To gather analysis or valuable information so that we can improve our Service
⦁ To monitor the usage of our Service
⦁ To detect, prevent and address technical issues
⦁ To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information

Legal Basis for Processing Personal Data
Under General Data Protection Regulation (GDPR)
If you are from the European Economic Area (EEA), SB Skills Solutions Ltd legal basis for collecting and using the personal information described in this Privacy Policy depends on the Data we collect and the specific context in which we collect it.
S B Skills Solutions Ltd may process your Personal Data because:
⦁ We need to perform a contract with you
⦁ You have given us permission to do so
⦁ The processing is in our legitimate interests and it’s not overridden by your rights
⦁ To comply with the law

Retention of Data
S B Skills Solutions Ltd will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
S B Skills Solutions Ltd will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Transfer Of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to United Kingdom and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
S B Skills Solutions Ltd will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure Of Data
Disclosure for Law Enforcement – Under certain circumstances, S B Skills Solutions Ltd may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Legal Requirements – S B Skills Solutions Ltd may disclose your Personal Data in the good faith belief that such action is necessary to:
⦁ To comply with a legal obligation
⦁ To protect and defend the rights or property of S B Skills Solutions Ltd To prevent or investigate possible wrongdoing in connection with the Service
⦁ To protect the personal safety of users of the Service or the public
⦁ To protect against legal liability

Security Of Data
The security of your data is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Your Data Protection Rights Under General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. S B Skills Solutions Ltd aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data, we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
The right to access, update or to delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data.
The right of restriction. You have the right to request that we restrict the processing of your personal information.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where S B Skills Solutions Ltd relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Service Providers
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Analytics
We may use third-party Service Providers to monitor and analyse the use of our Service.
Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/

Behavioural Remarketing
SB Skills Solutions Ltd uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.
Google AdWords
Google AdWords remarketing service is provided by Google Inc.
You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page.
Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/
Facebook
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950
To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings.
For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation
Links To Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children’s Privacy
Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes To This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact us:
By email: info@sbskills.co.uk

PRIVACY NOTICE FOR EMPLOYEES

We may have to collect and use information about people who work for us and with whom we work or train. This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means.
We regard the lawful and correct treatment of personal information as especially important to our successful operation and to maintaining confidence with staff and students. We will ensure that we treat personal information lawfully and correctly.
To this end we fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).
This employee policy applies to the processing of personal data in manual and electronic records kept by us in connection with our human resources and training/service functions as described below. It also covers our response to any data breach and other rights under the GDPR.
This policy applies to the personal data of job applicants, existing and former employees, apprentices, volunteers, placement students, workers and self-employed contractors. These are referred to in this policy as relevant individuals.

Definitions
“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.
“Special categories of personal data” is data which relates to an individual’s health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).
“Criminal offence data” is data which relates to an individual’s criminal convictions and offences.
“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Protection Principles
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
⦁ processing will be fair, lawful and transparent;
⦁ data be collected for specific, explicit, and legitimate purposes;
⦁ data collected will be adequate, relevant and limited to what is necessary for the purposes of processing;
⦁ data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay;
⦁ data is not kept for longer than is necessary for its given purpose;
⦁ data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures;
⦁ we will comply with the relevant GDPR procedures for international transferring of personal data;

Types of Data Held
We keep several categories of personal data on our employees and students in order to carry out effective and efficient processes. We keep this data in a personnel file relating to each employee and we also hold the data within our computer systems, for example, our holiday booking system.
Specifically, we hold the following types of data:
⦁ personal details such as name, address, phone numbers;
⦁ information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter, references from former employers, details on your education and employment history etc.;
⦁ details relating to pay administration such as National Insurance numbers, bank account details and tax codes;
⦁ medical or health information;
⦁ information relating to your employment with us, including:
⦁ job title and job descriptions
⦁ your salary
⦁ your wider terms and conditions of employment
⦁ details of formal and informal proceedings involving you such as letters of concern, disciplinary and grievance proceedings, your annual leave records, appraisal and performance information
⦁ internal and external training modules undertaken
All of the above information is required for our processing activities. More information on those processing activities is included in our Data Control and GDPR policies and codes of conduct.

Employee Rights
You have the following rights in relation to the personal data we hold on you:
⦁ the right to be informed about the data we hold on you and what we do with it;
⦁ the right of access to the data we hold on you. More information on this can be found in the section headed “Access to Data” below and in our separate policy on Subject Access Requests”;
⦁ the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
⦁ the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
⦁ the right to restrict the processing of the data;
⦁ the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
⦁ the right to object to the inclusion of any information;
⦁ the right to regulate any automated decision-making and profiling of personal data.

Responsibilities
In order to protect the personal data of relevant individuals, those within our business who must process data as part of their role have been made aware of our policies on data protection and information security.
We have also appointed employees with responsibility for reviewing and auditing our data protection systems.

Lawful basis of Processing
We acknowledge that processing may be only be carried out where a lawful basis for that processing exists and we have assigned a lawful basis against each processing activity.
Where no other lawful basis applies, we may seek to rely on the employee’s consent in order to process data.
However, we recognise the high standard attached to its use. We understand that consent must be freely given, specific, informed and unambiguous. Where consent is to be sought, we will do so on a specific and individual basis where appropriate. Employees will be given clear instructions on the desired processing activity, informed of the consequences of their consent and of their clear right to withdraw consent at any time.

Access to Data
As stated above, employees have a right to access the personal data that we hold on them. To exercise this right, employees should make a Subject Access Request. We will comply with the request without delay, and within one month unless, in accordance with legislation, we decide that an extension is required. Those who make a request will be kept fully informed of any decision to extend the time limit.
No charge will be made for complying with a request unless the request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies to be provided to parties other than the employee making the request. In these circumstances, a reasonable charge will be applied.
Further information on making a subject access request is contained in our Subject Access Request policy.

Data Disclosures
The Company may be required to disclose certain data/information to any person. The circumstances leading to such disclosures include:
⦁ any employee benefits operated by third parties;
⦁ disabled individuals – whether any reasonable adjustments are required to assist them at work;
⦁ individuals’ health data – to comply with health and safety or occupational health obligations towards the employee;
⦁ for Statutory Sick Pay purposes;
⦁ HR management and administration – to consider how an individual’s health affects his or her ability to do their job;
⦁ the smooth operation of any employee insurance policies or pension plans;
⦁ to assist law enforcement or a relevant authority to prevent or detect crime or prosecute offenders or to assess or collect any tax or duty.
These kinds of disclosures will only be made when strictly necessary for the purpose.
Data Security
All our employees are aware that hard copy personal information should be kept in a locked filing cabinet, drawer, or safe.
Employees are aware of their roles and responsibilities when their role involves the processing of data.
All employees are instructed to store files or written information of a confidential nature in a secure manner so that are only accessed by people who have a need and a right to access them and to ensure that screen locks are implemented on all PCs, laptops etc when unattended.
No files or written information of a confidential nature are to be left where they can be read by unauthorised people.
Where data is computerised, it should be coded, encrypted or password protected both on a local hard drive and on a network drive that is regularly backed up. If a copy is kept on removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.
Employees must always use the passwords provided to access the computer system and not abuse them by passing them on to people who should not have them.
Personal data relating to employees should not be kept or transported on laptops, USB sticks, or similar devices, unless prior authorisation has been received. Where personal data is recorded on any such device it should be protected by:
⦁ ensuring that data is recorded on such devices only where absolutely necessary.
⦁ using an encrypted system — a folder should be created to store the files that need extra protection and all files created or moved to this folder should be automatically encrypted.
⦁ ensuring that laptops or USB drives are not left where they can be stolen.
Failure to follow the Company’s rules on data security may be dealt with via the Company’s disciplinary procedure. Appropriate sanctions include dismissal with or without notice dependent on the severity of the failure.

Third Party Processing
Where we engage third parties to process data on our behalf, we will ensure, via a data processing agreement with the third party, that the third party takes such measures in order to maintain the Company’s commitment to protecting data.

International Data Transfers
The Company does not transfer personal data to any recipients outside of the EEA.

Requirement to Notify Breaches
All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach.
More information on breach notification is available in our Breach Notification policy.

Training
New employees must read and understand the policies on data protection as part of their induction.
All employees receive training covering basic information about confidentiality, data protection and the actions to take upon identifying a potential data breach.
The nominated data controller/auditors/protection officers for the Company are trained appropriately in their roles under the GDPR e.g. DPO & SIRO, Compliance Manager, SMT and HODs.
All employees who need to use the computer system are trained to protect individuals’ private data, to ensure data security, and to understand the consequences to them as individuals and the Company of any potential lapses and breaches of the Company’s policies and procedures.

Records
The Company keeps records of its processing activities including the purpose for the processing and retention periods in its HR Data Record. These records will be kept up to date so that they reflect current processing activities.

Funding Manager – Philippa Plumpton
Mobile: 07931162978
Email: Philippa@sbskills.co.uk
Lead Data Protection Officer

Compliance Manager – Steve Maddocks
Mobile: 076468862443
Email: steve@sbskills.co.uk
Data Protection Officer

Neil Beaumont, Director
Mobile : 07710632662
Email: neil@sbskills.co.uk

Finance Manager & IT Administrator
Phil Badley
Mobile: 07775615078
E-mail: philbadley@sbskills.co.uk