Data Protection Policy Statement
Learning World is committed to a policy of protecting the rights and privacy of individuals, including learners, staff and all others that we work with, in accordance with the Data Protection Act. Learning World needs to process certain information about the learners, staff and other individuals it has dealings with, for administrative purposes e.g. to recruit and pay staff, to administer courses and training, to record training progress, to book Health and Safety tests, and to comply with our legal obligations to funding bodies and government. To comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed to any third party unlawfully.
The policy applies to all staff within the company. Any breach of the Data Protection Act 1998 or the company Data Protection Policy is considered to be an offence and in that event, Learning World disciplinary procedures will apply. As a matter of good practice individuals working with the company who have access to personal information will be expected to have read and comply with this policy.
Data Protection Strategy
To ensure that the Data Protection Policy is delivered and achieved a number of strategies are maintained. These strategies will be reviewed annually by our Senior Management Team.
- We will ensure that all personal data held is maintained securely and safely and that information is not disclosed to any unauthorised third parties.
- We will ensure that all data held is accessible only by those who need it and that all data held in a computerised format is password protected and that manual records are not left where they can be left where they can be accessed by unauthorised personnel. Manual records that are no longer required are to be disposed of as confidential waste or shredded.
- We will ensure that personal data is not disclosed to unauthorised third parties and that caution will be exercised when including personal data within reports or listings.
- We will not use personal data for direct marketing purposes or provide data to third parties. If data is to be entered onto third party databases for legislative or funding requirements, permission will be requested from individuals prior to doing so.
Responsibilities under the Data Protection Act
- Learning World is the data controller under the Act.
- A Data Protection Officer has been appointed who is responsible for day-to-day data protection matters and for developing specific guidance notes on data protection issues for members of the Company.
- The Senior Management Team and all those in managerial or supervisory roles are responsible for developing and encouraging good information handling practice within their teams.
- Compliance with data protection legislation is the responsibility of all members of the Company who process personal information.
- Members of the Company are responsible for ensuring that any personal data supplied to the Company are accurate and up-to-date.
Principles of data protection outlined in the Data Protection Act
Anyone processing personal data must comply with the eight enforceable principles of good practice. These state that data must be:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate
- Not kept longer than necessary
- Processed in accordance with the data subject's rights
- Secure
- Not transferred to countries without adequate protection.
