GDPR

Dividing Line


it's Learning 365 collects and uses information about people with whom it communicates. This personal information must be dealt with properly and securely however it is collected, recorded and used – whether on paper, in a computer, or recorded on other material – and there are safeguards to ensure this in the Data Protection Act 1998. 

it's Learning 365 regards the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions, and to maintain confidence between those with whom it deals. 


To this end it's Learning 365 fully endorses and adheres to the Principles of Data Protection, as set out in the Data Protection Act 1998. 
 

Purpose 
The purpose of this policy is to ensure that the staff, volunteers and trustees of it's Learning 365 are clear about the purpose and principles of Data Protection and to ensure that it has guidelines and procedures in place which are consistently followed. 

Failure to adhere to the Data Protection Act 1998 is unlawful and could result in legal action being taken against it's Learning  365 or its staff, volunteers or trustees. 
 
Principles 
The Data Protection Act 1998 regulates the processing of information relating to living and identifiable individuals (data subjects). This includes the obtaining, holding, using or disclosing of such information, and covers computerized records as well as manual filing systems and card indexes. 

Data users must comply with the data protection principles of good practice which underpin the Act. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. 

To do this it's Learning 365 follows the eight Data Protection Principles outlined in the Data Protection Act 1998, which are summarized below ...

I. Personal data will be processed fairly and lawfully 
II. Data will only be collected and used for specified purposes 
III. Data will be adequate, relevant and not excessive 
IV. Data will be accurate and up to date 
V. Data will not be held any longer than necessary 
VI. Data subject’s rights will be respected 
VII. Data will be kept safe from unauthorized access, accidental loss or damage 
VIII. Data will not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data. 

The principles apply to “personal data” which is information held on computer or in manual filing systems from which they are identifiable. it's Learning 365's employees, volunteers and trustees who process or use any personal information in the course of their duties will ensure that these principles are followed at all times. 
 
Procedures 
The following procedures have been developed in order to ensure that it's Learning 365 meets its responsibilities in terms of Data Protection. For the purposes of these procedures data collected, stored and used by it's Learning 365 falls into two broad categories ...

1. it's Learning 365's internal data records; staff, volunteers and trustees 
2. it's Learning 365's external data records; members, customers, clients

it's Learning 365 as a body is a Data Controller under the Act, and is ultimately responsible for the policy’s implementation. 
 
Internal Data Records 
Purposes 
it's Learning 365 obtains personal data (including your name and email address) through our sign up form, and in some cases other documents from staff, volunteers and trustees. This data is stored and processed for the following purposes ...

  • Recruitment
  • Equal Opportunities monitoring
  • Volunteering opportunities
  • To distribute relevant organisational material e.g. meeting papers
  • Payroll

Accuracy 
it's Learning 365 will take reasonable steps to keep personal data up to date and accurate. Unless the organisation is specifically asked by an individual to destroy their details it will normally keep them on file for future reference. 

Storage 
Personal data is kept on a password-protected computer system. 

External Data Records 

Purposes 
it's Learning 365 obtains personal data (including names and email addresses)  from members/clients. This data is obtained, stored and processed solely to assist us in the efficient running of services. Personal details supplied are only used to send material that is potentially useful. Most of this information is stored on our database.

it's Learning 365 obtains personal data and information from clients and members in order to provide services. This data is stored and processed only for the purposes outlined in the agreement and service specification signed by the client/ member. 

Consent 
By completing the sign up form, you give it's Learning 365 to store and use your personal information, including your name, email address, school / educational institution and town. 

Personal data will not be passed on to anyone outside it's Learning 365 without explicit consent from the data owner unless there is a legal duty of disclosure under other legislation.   

Access 
Only the it's Learning 365's staff, volunteers and trustees will normally have access to personal data. All staff, volunteers and trustees are made aware of the Data Protection Policy and their obligation not to disclose personal data to anyone who is not supposed to have it. 

Information supplied is kept in on a secure electronic system and is only accessed by those individuals involved in the delivery of the service. 

Information will not be passed on to anyone outside it's Learning 365 without their explicit consent, excluding statutory bodies e.g. the Inland Revenue. 

Individuals will be supplied with a copy of any of their personal data held by the organisation if a request is made. 

Criminal Records Bureau 
it's Learning 365 will act in accordance with the DBS's code of practice. 

Copies of disclosures are kept for no longer than is required. In most cases this is no longer than 6 months in accordance with the CRB Code of Practice. There may be circumstance where it is deemed appropriate to exceed this limit e.g. in the case of disputes. 

Responsibilities of Staff, Volunteers and Trustees 
During the course of their duties with it's Learning 365, staff, volunteers and trustees will be dealing with information such as names and email addresses.  They may be told or overhear sensitive information while working for it's Learning 365.  The Data Protection Act (1988) gives specific guidance on how this information should be dealt with. In short to comply with the law, personal information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. Staff, paid or unpaid must abide by this policy. 

Compliance 
Compliance with the Act is the responsibility of all staff, paid or unpaid. it's Learning 365 will regard any unlawful breach of any provision of the Act by any staff, paid or unpaid, as a serious matter which will result in disciplinary action. Any employee who breaches this policy statement will be dealt with under the disciplinary procedure which may result in dismissal for gross misconduct. Any such breach could also lead to criminal prosecution. 

Retention of Data 
No documents will be stored for longer than is necessary. 

All documents containing personal data will be disposed of securely in accordance with the Data Protection principles.


Last modified: Friday, 13 May 2022, 9:49 AM