OUR PRIVACY POLICY

This policy applies to:

• The UK office of Can Qualifications Limited

• Its branches and regions

• All sessional workers operating on behalf of Can Qualifications Limited

It applies to paid staff and Associates.

Policy operational date: 1st February 2023- 31st January 2026

Policy prepared by Ann Gaffney - Director

Date approved by Directors: 1st February 2023

Policy review date: 31st January 2026

Purpose of policy 

The purpose of this policy is to enable Can Qualifications Limited to:

• comply with the law in respect of the data it holds about individuals

• follow good practice 

• protect Can Qualifications Limited’s associates, staff, and other individuals

• protect the organisation from the consequences of a breach of its responsibilities.

GDPR – from May 2018- can be located https://www.itgovernance.co.uk/data-protection-dpa-and-eu-data-protection-regulation (any amendments post Brexit will be reviewed and notified as they arise? 

This legislation replaces the Data Protection Act 1998

Personal data

Funded learners: We are at the end of our current contract but may have another in the future so the details required will be included then.

Commercial learners:

Basic information sent by employer or learner to the Office and this is used to open an e portfolio file once the agreements have been received. The initial details are then deleted from paper records or emails. Quals Direct have their own Privacy Notice and dispose of records after 7 years. 

Policy statement

Can Qualifications Limited will:

• Only share crucial information with Awarding Organisations such as personal data, in order for them to carry out administration connected to the qualifications undertaken and to provide Certification once achieved. 

• comply with both the law and good practice

• respect individuals’ rights

• be open and honest with individuals whose data is held

• provide training and support for staff and Associates who handle personal data, so that they can act confidently and consistently

 We are registered with the Office of the Information Commissioner as a Data Controller and we believe that we store records well. Personnel records are stored electronically, and access is limited to Ann Gaffney and the Administrator. Personal data is not shared orally or in writing to an unauthorised third part

Can Training Limited recognises that its first priority under the Data Protection Act is to avoid causing harm to individuals. In the main this means:

• keeping information securely in the right hands, and

• holding good quality information.

Secondly, the Act aims to ensure that the legitimate concerns of individuals about the ways in which their data may be used are taken into account. In addition to being open and transparent, Can Qualifications will seek to give individuals as much choice as is possible and reasonable over what data is held and how it is used.

Key risks

Can Training Limited has identified the following potential key risks, which this policy is designed to address:

• Breach of confidentiality (information being given out inappropriately) 

• Failure to offer choice about data use when appropriate 

• Breach of security by allowing unauthorised access 

• Delay in updating systems leading to personal data being not up to date.

• Harm to individuals if personal data is not up to date

• Failure to offer choices about use of contact details for staff and associates

• Vulnerable people are our customers work areas and their information must also be rigorously protected

Director: 

The Director recognises her overall responsibility for ensuring that Can Qualifications Limited complies with its legal obligations.

Data Protection Officer 

The registered person is Sarah Maher with the following responsibilities:

• Briefing the Director on Data Protection responsibilities

• Reviewing Data Protection and related policies

• Advising other staff on Data Protection issues

• Ensuring that Data Protection induction and training takes place

• Notification

• Handling subject access requests

• Approving unusual or controversial disclosures of personal data

Specific other staff 

The Administration Team may also see confidential information from time to time but wherever possible; this should be managed by the Data Protection Officer

Staff & Associates 

All staff and associates are required to read, understand, and accept any policies and procedures that relate to the personal data they may handle in the course of their work.

Enforcement 

Significant breaches of this policy will be handled under Can Qualifications Limited disciplinary procedures.

Scope 

Some of the things that are likely to be confidential, but may well not be subject to Data Protection, include:

• Information about the organisation (and its plans or finances, for example)

• Information about other organisations, since Data Protection only applies to information about individuals but GDPR is concerned with ALL information about EVERYONE

• Information which is not recorded either on paper or electronically.

• Information held on paper, but in a sufficiently unstructured way that it does not meet the definition of a “relevant filing system” in the Data Protection Act

Understanding of confidentiality

There will always be cases where the organisation feels it is right to break confidentiality, and there should be a procedure for deciding on a case-by-case basis whether this is appropriate. In the main, this will be where the individual feels that there is or could be a safeguarding issue. Staff are encouraged to pass on their concerns, and this would be managed by the Director. 

Communication with staff

Staff and Associates have a Contract of Employment and the Staff Handbook where they have been made aware of their confidentiality responsibilities.

Where anyone within Can Qualifications Limited feels that it would be appropriate to disclose information in a way contrary to the confidentiality policy, or where an official disclosure request is received, this will only be done with the authorisation of the Data Protection Officer. All such disclosures will be documented.