Introduction and General Principles

TTA has a responsibility under data protection legislation to provide individuals with information about how we process their personal data. We do this in a number of ways, one of which is the publication of privacy notices. When collecting personal data, the TTA will notify staff, students and other relevant parties of the nature of data that the TTA holds and processes about them, the reasons for which it is processed and how this can be changed.

Notification will take the form of Privacy Notices, Contracts, Learning Agreements and other relevant modes of communication.

This privacy notice has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018.

It provides details on what type of personal information we collect, how we use it and how we keep it secure.

In accordance with GDPR, the TTA values the rights of individuals when it comes to data protection and is committed to:

• Transparency in the use of personal information.

• Not retaining information for longer than necessary.

• Ensuring accuracy of information collected.

• Storing and processing the information in a secure manner.

• Taking appropriate measures in the event of a Data Breach and handling it accordingly.

Staff, students or other parties (e.g. contractors, consultants, partners, etc.) who process personal data collected in the name of the TTA must ensure that they follow the above Principles. Compliance with the GDPR is the responsibility of all staff, students and other parties who access TTA systems. A breach of this Policy may lead to disciplinary action and/or access to TTA facilities being withdrawn, contractual termination or criminal prosecution.

Any questions about the interpretation or operation of this policy should be raised with the TTA’s designated Data Protection Officer.

facilities being withdrawn, contractual termination or criminal prosecution.
Any questions about the interpretation or operation of this policy should be raised with the TTA’s designated Data Protection Officer.

Data Controller and Data Protection Officer (DPO)

Under the General Data Protection Regulations (GDPR) TTA is the data controller of personal information we collect about you.

Our address is: TTA,32-34, Mount Pleasant, Bilston, WV14 7LS

Our Data Protection Officer (DPO) is Martin Davis. If you have any questions about this policy or the ways in which we use your personal information, please contact our DPO using details provided below:

Martin Davis –Data Protection Officer

TTA, 32-34, Mount Pleasant, Bilston, WV14 7LS

Email: dpo@ttacic.co.uk

Your rights in relation to your personal data

Information

Individuals have the right to be made aware of how their personal data is being used. This should be documented and communicated in a Privacy Notice available at the point of data collection. Where you have the choice to determine how your personal data will be used, we will ask you for consent. Where you do not have a choice (for example, where we have a legal obligation to process the personal data), we will provide you with a privacy notice. A privacy notice is a verbal or written statement that explains how we use personal data.

Access

Individuals have the right to access their personal data so that they are aware of and can verify the lawfulness of the data processing, as well as correcting any inaccuracies in that data. If you require access to the personal data we hold about you, you have the right to ask for disclosure of information. You will need to do this in writing by contacting the TTA’s designated DPO.

Rectification

Individuals have the right to have personal data rectified where it is inaccurate or incomplete.

Erasure

Individuals have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.This is often called the ‘right to be forgotten’. This right is not absolute and only applies in specific circumstances. You can ask us to erase your personal data in any of the following circumstances:

• We no longer need the personal data for the purpose it was originally collected

• You withdraw your consent and there is no other legal basis for the processing

• You object to the processing and there are no overriding legitimate grounds for the processing

• The personal data have been unlawfully processed

• The personal data have to be erased for compliance with a legal obligation

• The personal data have been collected in relation to the offer of information

society services (information society services are online services such as banking or social media sites)

Restriction

Individuals have the right to ask us to temporarily stop processing their personal data in certain circumstances whilst such processing is reviewed. You can ask us to restrict the processing of your personal data in the following circumstances:

• You believe that the data is inaccurate and you want us to restrict processing until we determine whether it is indeed inaccurate

• The processing is unlawful and you want us to restrict processing rather than erase it.

• We no longer need the data for the purpose we originally collected it but you need it in order to establish, exercise or defend a legal claim

• You have objected to the processing and you want us to restrict processing until we determine whether our legitimate interests in processing the data override your objection.

Data Portability

Individuals have the right to obtain and reuse their personal data for their own
purposes across different services. It allows them to move, copy or transfer
personal data easily from one IT environment to another in a safe and secure way,without hindrance to usability. Note that this only applies:

• To personal data an individual has provided to a controller

• Where the processing is based on the individual’s consent or for the
performance of a contract, and when processing is carried out by automated means.

Object

Individuals have the right to object to:

• Processing based on legitimate interests or the performance of a task in the
public interest/exercise of official authority (including profiling)

• Direct marketing (including profiling)

• Processing for purposes of scientific/historical research and statistics.

Automated decisions / Profiling

Individuals have the right not to be subject to a decision made solely by automated means and to profiling (automated processing of personal data to evaluate certain things about an individual).

Withdraw consent

Where we process personal information based on your consent, you have the right
to withdraw this consent at any time. If you withdraw your consent, and we rely
on it to use your personal information, we may not be able to provide certain services. Please contact us in writing if you want to do this.

Data security

All TTA staff are responsible for ensuring that personal data that they hold on behalf of the TTA is (a) secure, and (b) is not disclosed to an unauthorised third party.

• Unauthorised disclosure will be a disciplinary matter, and may be considered gross misconduct.

• Personal information must be physically secure and, if it is computerised, it must be coded, encrypted or password protected or kept only on a medium that is stored securely.

• All personal data leaving the TTA’s secure network must be encrypted and password protected. The password must be shared with the recipient via an alternative means of communication.

• Due to the nature, legislative and/or contractual requirements regarding data, retention periods vary and are documented in the TTA’s Data register.

• The TTA does not store data outside of the European Economic Area.

Information collected via our website or associated services

Google Analytics

When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.

Site search

Search terms used on our website are collected and processed anonymously to help improve our website and search functionality. No user – specific data is collected by the TTA .

Site Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. Their purpose is to track visitor use of the website and to compile statistical reports on website activity. Like many websites, we also obtain certain types of information when your web browser accesses our website, or advertisements and other content served by or on behalf of TTA on other websites. This information is used to provide measurement services and target advertisements.
For further information visit www.aboutcookies.org or www.allaboutcookies.org.

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However in a few cases some of our website features may not function as a result.

Event registrations

When you register for, or attend, one of our events we will ask you to complete some basic information regarding your name, contact details, subject area(s) you are interested in studying and the level of study (full – time, undergraduate, apprenticeships or part – time). You may also be asked about your current situation, including school/TTA currently attending and likely year of entry. This data is collected to ensure we can provide you with the information that you may need to study with us, and improve the advice that we provide you with, as well as understand the geographic reach that we have as an educational provider. We will ask for your consent to contact you in the future.

Course enquiries and applications

When you enquire about or apply for a course, we will ask you for some basic information relating to your name, address, level of study and the subject areas you are interested in. You may also be asked to provide some information about where you are currently studying and when you are looking to join us, as well as how you heard about the TTA. This data is collected with the legitimate interests of providing you with the information you require about a course to help us provide you with the best possible service and for the TTA to make a judgement about your suitability for study.

Categories of personal information processed

The TTA collects and acquires information relating to students roughly categorized as:

• Personal Information (such as name, unique learner number, date of birth, address, telephone numbers).
• Characteristics (such as ethnicity, nationality, eligibility for free TTA meals).
• Attendance Information (such as classes attended, number of absences, absence reasons).
• Performance Information (such as assignment grades, examination marks, reports and references).
• Destination Information (such as University, employment, training &apprenticeships).
• Service Usage (such as internet history, print logs, browser cookies, library loans, study zone usage, cashless dining and printing purchases, trips & visits booking, membership card services).
• Health & Wellbeing / Medical Information (such as medical conditions, first aid records, accident reports, RIDDOR and related potential civil claims).
• Safeguarding of Young People & Vulnerable Adults (DBS check details for relevant work experience e.g. Health & Social Care and Early Years Education)
• Special Educational Needs Information (such as disabilities and learning difficulties, support needed, examination arrangements).
• Behavioural Information (such as concerns, warnings, suspensions and exclusions).
• Likeness/Biometric Information (such as identifiable CCTV images and ID card photos).

Why we collect and use information

• To comply with statutory legislation.
• To provide learning opportunities to existing students and applicants.
• To support teaching and learning, including the provision of adequate examination arrangements.
• To monitor and report on progress and engagement.
• To provide appropriate pastoral care.
• To provide appropriate student support services.
• To ensure safeguarding of staff and students.
• To assess the quality of our services.
• To engage with businesses and public sectors organisation in order to provide educational opportunities for our students.
• To comply with legislation regarding data sharing.
• To comply with relevant funding regulations.
• To comply with grant funding response requirements (such as LEP)

Legal basis for processing data

Processing of personal data is legal when one or more of the following conditions is met:
• It is necessary to fulfil a contract between the data subject and controller.
• It is a legal requirement.
• It is necessary to protect the vital interests of the data subject or other natural person.
• It is necessary for legitimate interests pursued by the controller except where the rights of the data subject override.
• The data subject has consented.
• Any reuse is compatible with the original purpose of collection, or effects archiving or statistical processing.

The TTA records the legal basis for processing different types of personal data on the TTA’s Data Register.

A number of legislative and regulatory requirement mandate our data collection. We collect and use information under the provisions of:
• The Education Act 1992.
• The Education Act 2002.
• The Education and Skills Act 2008.
• The Education (Fees and Awards) (England) Regulations 2007.
• The Education (Student Loans) Regulations 2007.
• The Disability Discrimination Act 1995.
• The Equality Act 2010.
• The Reporting of Injuries, Diseases, and Dangerous Occurrences Regulations (2013).
• The Children and Families Act 2014.
• The Safeguarding Vulnerable Groups Act 2006
• The Children and Social Work Act 2017

Whilst the majority of student information provided to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform students and other interested parties whether they are required to provide certain information or whether there is choice.

In addition, the TTA processes Sensitive/Special Categories of Information where:
• Consent has been given (Art. 9.1.a).
• Tasks are performed for reasons of public interest (Art. 9.1.g).

Data sharing

We sometimes need to share the personal information we process with other organisations. Where this is necessary we are required to comply with all aspects of the GDPR. What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with:

• family, associates and representatives of the person whose personal data we are processing
• professional advisers
• current, past or prospective employers
• educators and examining bodies
• trade, employer and professional organisations
• UCAS
• trade unions and staff associations
• voluntary and charitable organisations
• healthcare, social and welfare organisations
• suppliers
• funding organisations
• survey and research organisations
• persons making an enquiry or complaint
• careers service
• press and the media
• local and central government
• security organisations
• police forces, prison and probation services, courts and tribunals
• suppliers and service providers
When personal information is shared with any third party, this will be done only following the legal basis for processing detailed above and is documented in the TTA’s Data Register.

Making a complaint

Staff, students or other parties who believe that the Policy has not been followed in respect of their own personal data should first raise the matter in writing with the TTA ’s designated Data Protection Officer.
 

admin@ttacic.co.uk

 

Data Protection Officer (FAO Martin Davis)

Templegate Training Academy
32 – 34, Mount Pleasant
Bilston, WV14 7LS
If you are not satisfied with the way in which we process your personal data, we ask that you let us know so that we can try and put things right. If we are not able to resolve issues to your satisfaction, you can refer the matter to the Information Commissioner’s Office (ICO). The ICO can be contacted at:

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: Information Commissioner’s Office

Changes to our privacy policy

We keep our privacy notice under regular review to comply with legislative developments and the need for good practice and we will place any updates to this policy on our website.
The published policy will clearly indicate the version control and last review date.

Reviewed: June 2020