Blueprint Education and Training Services

Blueprint Education and Training Services Ltd

Policy OP4

Data Protection Policy

Originating date: / November 2003
Version number: / 2
Last revised: / April 2006/kt
Author: / JanetCowie

C:\Documents and Settings\Kim Taylor\My Documents\Blueprint\policies\Data Protection.doc

Blueprint Education and Training Services Ltd

Policy OP4

Contents

Introduction

General use of personal data

Consent

Data security

Rights of access to information

The Data Controller and Designated Data Protection Officer.

Blueprint Education and Training Services Ltd

IT and Data Management Policy

Introduction

Blueprint Education and Training Services Limited is committed to protecting the rights of individuals to privacy with regard to the processing of personal data .

Blueprint Education and Training Services Limited needs to keep certain information about its employees, learners, customers, suppliers and other users for the normal and proper conduct of academic and business operations. For example, it is necessary to monitor performance, achievements, and health and safety. In addition, information is used so that staff can be recruited and paid, courses organised and legal obligations to funding bodies and government complied with.

To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this, we must comply with the data protection principles which are set out in the Data Protection Act 1998. In summary, these state that personal data shall:

• Be obtained and processed fairly and lawfully and shall not be processed unless certain conditions are met.
• Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with the purpose.
• Be adequate, relevant and not excessive for those purposes.
• Be accurate and kept up-to-date.
• Not be kept for longer than is necessary for the purpose.
• Be processed in accordance with the data subjects writes.
• Be kept safe from unauthorised access, accidental loss or destruction.
• Not be transferred to a country outside the European economic area, unless the country has equivalent levels of protection for personal data.

Blueprint Education and Training Services Limited and all staff or others who process or use any personal information must ensure that they follow these principles at all times.

If you have a query regarding the accuracy of your personal data then your query will be dealt with fairly and impartially.

General use of personal data

Blueprint Education and Training Services Limited holds data on: prospective, current and former students; prospective, current and former staff; other business and academic contacts; and other individuals interested in the organisation.

This personal data is held in a variety of formats, electronic and manual. The processing of personal data is subject to the rules laid down under the Data Protection Act 1998. Your personal data will be used only for proper purposes that are considered by us to be for your benefit.

• For students this will include (but not be restricted to) monitoring academic performance, statistical reporting, awarding qualifications and the provision of general academic and business services.
• For staff this will include (but not be restricted to) the conduct of normal business management and employment matters.
• For other individuals this will include (but not be restricted to) the normal conduct of academic and business relationships.

The protection of your personal data will be governed by the provisions of the Data Protection Act 1998. Access to your data will be restricted to those personnel to whom it is necessary for proper purposes.

Sensitive personal data is defined under the Act to include such matters as personal beliefs and health . If we hold Sensitive Personal Data about you then this will only be disclosed with your explicit consent or if required by law.

Blueprint Education and Training Services Limited will not sell your personal data to third parties. Your personal data will only be transferred to third parties where this is for proper purposes related to academic and business matters, for example where this is required by funding or professional bodies or where it is necessary for the delivery of services by third parties to you.

Consent

Blueprint Education and Training Services Limited seeks to use your personal data only for the purposes of legitimate interests and, where practicable, with your consent.

For students, it is a condition of acceptance onto courses that you consent to the processing your personal data. By enrolling, you signify your agreement.

For staff, it is a condition of employment that you consent to the processing of your personal data. By applying you signify your agreement .

For other individuals, the College may gather your data during the course of normal academic and business activities. It will be used only for legitimate interests.

Data security

All staff are responsible for ensuring that:

• Personal data which they hold is kept securely.
• Personal information is not disclosed either orally or in writing or accidentally or otherwise to any unauthorised third party.

Staff should note that unauthorised disclosure will usually be a disciplinary matter and may be considered gross misconduct in some cases.

Personal information should be:

• kept in a locked filing cabinet; or
• in a locked drawer; or
• if it is computerised, in a password protected file; or
• kept only on a floppy disk which is itself kept security.

Rights of access to information

Staff, students and other users of our organisation have the right to access personal data that is being kept about them either on computer or in certain files with the following provisos:

• Examination Results - You are entitled to know your examination marks but are not entitled to see your examination scripts

• Confidential References - You are not entitled to see references provided by the organisation on your behalf. You may be entitled to see references about you received by us, although this will depend on whether it compromises the privacy of a third party.

Any person who wishes to exercise this right should complete the Access to Information form and send or give it to the Data Protection Officer.

We will make a charge of £10 of each occasion that access is requested under the Act, although we shall also have the discretion to waive this.

We aim to comply with requests for access to personal information is quickly as possible but will ensure that it is provided within 21 days of receipt of payment of the fee unless there is a good reason for delay. In such cases, the reason for delay will be explained in writing to the data subject making the request.

The Data Controller and Designated Data Protection Officer.

Blueprint Education and Training Services Limited as a body corporate is the data controller under the Act, and is therefore ultimately responsible for implementation of the Act. However designated data protection officers will deal with day-to-day matters.

The data protection officer is KimTaylor.