• Home
  • Apprenticeships
  • More
    • Home
    • Apprenticeships
  • Home
  • Apprenticeships

Data Protection Policy

POLICY STATEMENT


This document is the Privacy and Data Protection Policy (the Policy) which applies to the treatment of Personal Data and Sensitive Personal Data.

​

Unless the context otherwise requires all words in the singular shall include the plural and shall inlcude the singular.  A reference to one gender shall inlcude a reference to the other genders and any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description definition, phrase or term preceding those terms.  A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality) and that person’s personal representatives, successors and permitted assigns.


This document is a statement of the data protection policy adopted by Everything Apprenticeships (a trading name of Rubitek Solutions Limited) (the Company, Our, Us or We) registered in England with registered number 11316065. All employees or agents of the company must be familiar with and apply this policy, and seek further advice if in doubt as to its application or otherwise when required. This policy applies to treatment of personal data and sensitive personal data.


1.  DEFINITIONS

​

  • Cookies mean small files (and not biscuits) stored on a Users computer and / or other device.
  • Data means Personal Data and / or Sensitive Personal Data.
  • Data Protection Legislation and GDPR means the Data Protection Act 1998 and, from the 25th May 2018, the General Data Protection Regulation 2016/679, in addition to any other applicable laws relating to the processing of Personal Data and privacy.
  • Personal Data means any data relating to a living individual who can be identified from that data (or from that data and other information in our possession) which includes direct and indirect identification and identification by all means reasonably likely to be used. Personal data can therefore be factual (such as a name, address or date of birth) or it can be an opinion. It can also mean location data and online identifiers such as cookies and IP addresses). Such personal information must be dealt with properly however it is collected, recorded and used – whether on paper, electronically, or by other means.
  • Policy means this Data Protection Policy.
  • Representative means any employee, agent, contractor or other representative of Everything Apprenticeships who is required to process and / or handle Data on behalf of the Company.
  • Rubitek means Rubitek Solutions Limited, a company registered in England and Wales under Company number 11316065 whose registered office is at Harborough Innovation Centre, Wellington Way, Leicester Road, Market Harborough, Leicestershire LE16 7WB.
  • Sensitive Personal Data means information about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition, or about the admission of any offence committed or alleged to have been committed by that person. Sensitive personal data can only be processed under strict conditions. Under the GDPR, sensitive personal data will be redefined as Special Categories of Data.
  • Special Categories of Data will include genetic and biometric data but will not extend to the commissioning of any committed or alleged offence (these will be given separate protections).

​

2.  SCOPE

​

​This Policy is a statement of the Privacy and Data Protection Policy adopted by Everything Apprenticeships (EA). All Representatives of EA must be familiar with and apply this Policy and seek further advice if in doubt as to its application or otherwise when required. This Policy applies to treatment of all Data.


3.  POLICY OBJECTIVES


​During the course of its normal activities, EA will collect, store and process personal information about its current, past and prospective learners, employers, staff, representatives, customers, suppliers and other third-parties, such information to include (but not necessarily be limited to) names, contact details and, in some circumstances, financial details.  This Policy recognises the need to treat such Personal Data in an appropriate, fair, lawful and transparent manner, in accordance with prevailing UK and other relevant international data protection laws including the GDPR.  EA regards the lawful and correct treatment of Data as important to the achievement of its objectives, to the success of its operations and to maintaining the confidence of the individuals and organisations it deals with.  EA will ensure it treats such Data fairly, lawfully and transparently. To this end EA fully endorses and agrees to adhere to the 8 Data Protection Principles, as set out in the Data Protection Act 1998 (the Act) and equivalent principles laid out in the GDPR.  EA and its Representatives will adhere to these principles when obtaining, handling, processing, transporting and storing personal data.


4.  POLICY PRINCIPLES

​

The principles that EA must abide by require that Data shall be:

​

  • processed fairly, lawfully and transparently and, in particular, shall not be processed unless specific conditions (as set out in the law) are met;
  • obtained only for one or more specified, explicit and legitimate purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;
  • adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
  • accurate and, where necessary, kept up to date;
  • processed in accordance with the rights of data subjects under the Act;
  • subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;


and shall not be:


  • kept for longer than is necessary for that purpose or those purposes;
  • transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

​

EA must comply with the accountability requirement in article 5(2) of the GDPR and will demonstrate compliance with the above principles.  In addition, EA will, through appropriate management, strict application of criteria and controls, comply with the principles of data protection by design and default. This will include ensuring that the Company:​

​

  • observes fully the conditions regarding the fair and transparent collection and use of information. This means that the data subject (i.e. the individual to whom the personal data relates) must be told who the data controller is (in this case, EA), the purpose for which the data is to be processed, and the identities of anyone to whom the data may be disclosed or transferred. For personal data to be processed fairly, lawfully and transparently, certain conditions have to be met. These may include, among other things, requirements that the data subject has consented to the processing, or that the processing is necessary for the legitimate interest of the data controller or the party to whom the data is disclosed. When sensitive personal data is being processed, more than one condition must be met. In most cases the data subject’s explicit consent to the processing of sensitive personal data will be required, although there are other conditions which may lawfully be used;
  • meets its legal obligations to specify the purposes for which information is used. This means that personal data will not be collected for one purpose and then used for another. If it becomes necessary to change the purpose for which the data is processed, the data subject will be informed of the new purpose before any processing occurs;
  • collects and processes appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements. Any data which is not necessary for the relevant purpose will not be collected in the first place;
  • ensures the quality and accuracy of information used. Information which is incorrect or misleading is not accurate and steps will therefore be taken to check the accuracy of any personal data at the point of collection and at regular intervals afterwards. Inaccurate or out of date data will be destroyed or rectified at the earliest opportunity;
  • applies strict checks to determine the length of time information is held. Data will be destroyed or erased from Company systems when it is no longer required;
  • ensures that data is processed in accordance with data subjects’ rights under the Act and other prevailing data protection legislation. These include: the right to be informed that processing is being undertaken, the right of access to one’s personal information, the right to prevent processing in certain circumstances and the right to correct, rectify, block or erase information which is regarded as wrong information;
  • puts in place appropriate technical and organisational security measures to safeguard personal data from the point of collection to the point of destruction;
  • ensures that personal information is not transferred abroad without suitable safeguards in accordance with the Act and other prevailing data protection legislation;
  • treats people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information; and
  • sets out clear procedures for responding to requests for information from third-parties. When dealing with enquiries from third-parties, EA will take steps before disclosing any personal information held by it to ensure that this is done in accordance with permissive provisions in the legislation or applicable exemptions. In particular EA will: check the identity of the person making the enquiry and whether they are legally entitled to receive the information they have requested; require that the third party put their request in writing so the third party’s identity and entitlement to the information may be verified; refer requests to the Data Protection Officer for assistance in difficult situations; and where providing information to a third party, do so in accordance with the law.


In addition, EA will ensure that:​

​

  • there is always someone with specific responsibility for and knowledge of data protection who will act as the internal and external point of contact, handle complaints from data subjects and report to the business on data protection risk;
  • everyone handling personal information understands that they are contractually responsible for following good data protection practice;
  • everyone handling personal information is appropriately trained to do so and that this training is refreshed at suitable intervals;
  • everyone handling personal information is appropriately supervised;
  • anybody wanting to make enquiries about handling personal information knows what to do and who to refer enquiries to;
  • queries about handling personal information are promptly and courteously dealt with;
  • methods of handling personal information are clearly described;
  • a regular review and audit is made of the way personal information is held, managed and used, including where new categories of personal data are processed or where processing takes place or if processing is deemed to present a risk to the rights and freedoms of individuals;
  • appropriate records of processing records are maintained;
  • methods of handling personal information are regularly assessed and evaluated, particularly if new processing takes place or if processing is deemed to present a risk to the rights and freedoms of individuals;
  • performance with handling personal information is regularly assessed and evaluated;
  • breaches of personal data are promptly assessed, contained and mitigated;
  • breaches of personal data are reported to the ICO and data subjects where necessary; and
  • a breach of the rules and procedures identified in this policy by a member of staff may lead to disciplinary action being taken.

​

5.  IT SECURITY


Online tools and websites hosted by EA (including its hosting partners) are password-protected for limited access only by identified individuals via secure internet connection (SSL encryption and security log in to ensure high security levels).  Server hosting infrastructure and Terms and Conditions can be provided upon request.

​

6.  RIGHT TO ACCESS PERSONAL INFORMATION

​

Under the UK Data Protection Act 1998 and other European Data Protection laws data subjects have a right to request a copy of the personal data EA holds about them, or to request that it be updated, corrected or removed (in which case EA will address such requests promptly).  EA will update personal information as requested by the data subject.


7.  UPDATES

​

This Policy is version 1 and was created on 27th July 2024.  Responsibility for updating and dissemination of this Policy rests with the Data Protection Officer as registered with the ICO.  To search the ICO website for Rubitek’s registration details please visit www.ico.org.uk/ESDWebPages/Search.


This policy is approved by the Directors  on 27th July 2024.

Copyright © 2024 everythingapprenticeships.com - All Rights Reserved.

  • Complaints Policy
  • Data Protection Policy

This website uses cookies.

We use cookies to analyse website traffic and optimise your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept