Data and Information Security Protection Policy
Pier Training is committed to a policy of protecting the rights and privacy of individuals (includes employees, learners, customers and others) in accordance with the Data Protection Act and the new GDPR requirements (May 2018). The Company needs to process certain information about its employees, learners, customers and other individuals it has dealings with for administrative purposes (e.g. to recruit and pay staff, to administer programmes, to record progress, to agree awards, to collect fees, and to comply with legal obligations to funding bodies and government). In order to comply with updated legislation, Pier Training ensures that information held, either computerised or non-computerised data is collected and used fairly, stored safely and securely and not disclosed to any third party unlawfully, we will ensure the following:
(a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose
(b) Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations)
(d) Vital interests: the processing is necessary to protect someone’s life
(e) Public task: the processing is necessary for us to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law
(f) Legitimate interests: the processing is necessary for legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if we are a public authority processing data to perform your official tasks.)
When processing data about any of our employees, learners, customers and stakeholders we will, in accordance with ICO, ensure that information is:
a) processed lawfully, fairly and in a transparent manner in relation to individuals
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
All employees including field delivery staff, office staff, marketing and Management fully understand how to process data and how to keep data safe and secure
Subject access request:
Employees, learners, customers and others have a right of access to all data held and processed about themselves in accordance with the data protection act – this information will be provided within a month of the initial request- requests should be put in writing and made to the company Director / DPO – Mohammed Syed. These rights are the right of access to personal information held on computers, the right to compensation for inaccuracy or loss of data and the right to correction or erasure of inaccurate data.
All staff have the responsibility of maintaining data securely and accurately to limit disclosure to the right people and to keep the data subject informed. Staff will be informed of the policy and procedures to be implemented as part of their induction to the company and this will be regularly visited throughout the term of Employment at training sessions, standardisation meetings and Team Meetings. Any breach of the Data Protection Act 1998 or the Company’s Data Protection Policy is an offence, and, in that event, Pier Training disciplinary procedures may apply. All staff members have an obligation to report data protection breaches or contact the DPO if they have concerns of such a breach. This will allow the appropriate personnel to investigate further and take the appropriate steps to fix the issue in a timely manner.
As a matter of good practice, other agencies and individuals working with the Company, and who have access to personal information, will be expected to have read and comply with this policy.
All staff adhere to the provisions of this policy by on-going supervision, induction for new staff, staff handbook and external verification e.g- Awarding bodies, Ofqual, Ofsted.
Pier Training is on the register of data controllers with ICO Information Commissioners Office)