Skills Forward Privacy Statement
- Our role as a data controller
- What personal data do we process as a data controller?
- Why do we process personal data as a data controller?
- to monitor our users’ compliance with the Terms and Conditions of Use of our Platform;
- to notify you about the changes to the Terms and Conditions of Use of our Platform or this Privacy Statement;
- to improve and further develop our Platform and the services available via our Platform;
- to ask you to leave a review or take a survey;
- for research and statistical purposes;
- to keep our systems secure and to prevent fraud;
- to otherwise manage our relationship with the users of our Platform, including handling of enquiries and complaints; and
- to satisfy our legal obligations, for example in relation to regulatory, government and/or law enforcement bodies.
- What are the legal grounds on which we rely to process personal data as a data controller?
- where we need to perform or enforce our obligations under the Terms and Conditions of Use of our Platform, which create a contract between you and us;
- where it is necessary for our legitimate interests (or those of a third party, such as the organisation that granted you access to our Platform) and your interests and fundamental rights do not override those interests; and/or
- where we need to comply with a legal obligation.
- Our role as a data processor
- to create, activate, manage and support your account on our Platform;
- to provide technical support services to the users of the Platform, including handling any complaints that may arise;
- to provide the best and most effective learning experience, integrated with the requirements that granted you access to our Platform, and to help such organisation in the course administration;
- to enable in-Platform mail between our users; and
- to effectively operate our Platform, by enabling various features and functionalities and the storage and backup of all information uploaded by our users.
Please refer to the privacy notice of the organisation that granted you access to our Platform for further information about how such organisation may use the above information in its capacity as a data controller, as well as your rights in relation to your personal data.
- How long do we keep your personal information?
In relation to any personal data we process as a data processor on behalf of the organisation that granted you access to our Platform, we will only process such personal data for as long as we are instructed to do so by such organisation. This would normally be for the duration of our agreement with such organisation for the supply of Platform service, although we may need to retain some information after our agreement is terminated, for example records of any complaints or if longer retention of data is necessary in connection with legal disputes.
With respect to any personal data we process as a data controller, we will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you or the organisation that granted you access to our Platform.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
- Will we share your personal information?
We do not share, sell or rent your personal information to third parties for marketing purposes. However, in general, we may disclose your personal information to selected third parties in order to achieve the purposes set out in this Privacy Statement, including:
- companies within our group, including NCFE;
- our suppliers, for example, IT service providers such as website hosts or cloud storage providers;
- professional service providers such as accountants and lawyers;
- parties assisting us with research to monitor the impact/effectiveness of our products and services;
- the police, for example in sharing data in relation to malpractice cases linked to fraud;
- third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Statement;
- if we are under any legal or regulatory duty to do so; and/or
- to protect the rights, property or safety of NCFE, its personnel, users, visitors or others.
The personal data we collect from you may be transferred to, shared and/or otherwise processed by organisations or companies outside the United Kingdom or the European Economic Area (“EEA”). Where your personal data is transferred outside the UK or EEA, we will take steps to ensure that the recipient implements appropriate measures to protect your personal data (for example, by entering into EU Commission approved standard contractual clauses), as required under the applicable data protection laws.
- Security/storage of and access to your personal information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify the organisation that granted you access to our Platform, you and/or any applicable regulator of a breach where we are legally required to do so.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us.
- Your rights
Under certain circumstances, by law, you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information (often referred to as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.
- Request the transfer of your personal information to another party.
In respect of any personal data we process as a data processor on behalf of the organisation that granted you access to our Platform, if we receive an enquiry or request from you in respect of your personal data, we will need to notify the data controller about your enquiry or request and we will need to follow their instructions in this regard.
If you would like to exercise any of the above rights, please:
- email, call or write to us (see paragraph 7 below);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill). This is to allow us to verify your identity and prevent disclosure to unauthorised third parties; and
- let us know the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- How to contact us
Please let us know if you have any questions or concerns about this Privacy Statement or about the way in which we process your personal information by contacting us at the channels below. Please ask for / mark messages for the attention of the Quality Improvement, Risk and Compliance Team.
Email: email@example.com Telephone 0191 239 8000
Post: NCFE, Q6, Quorum Business Park, Benton Lane, Newcastle Upon Tyne, NE12 8BT
- Right to complain
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We keep our Privacy Statement under regular review.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
- Third-party links