Who is the Data controller?
KYP Ltd : Anglo House, Worcester Rd, Stourport on Severn, D13 9AW
Data Protection Officer: Liz Bloomfiled
What personal information does the organisation collect and what lawful reasons do we have to collect and process it?
Type of data
What lawful reason do we have to collect and process it? – Name, date of birth, gender, residency, Details of previous educational history, qualifications, and employment. Details of learning difficulties or disabilities, or medical conditions.
We need this information to fulfil our public task of providing potential learners with the best information and guidance possible, and to match them with the most appropriate course offered by KYP. We also use this data to carry out our obligations to monitor and improve the way we carry out tasks as a training provider.
Contact details – address, phone numbers, emails – These details are needed to administer the enquiry/application process, part of our public task as a training provider. We will also contact you with information about other information which will be directly related to your enquiry or application. You will be given the opportunity to opt out of this at any stage. We will not send you any unrelated marketing information.
Record notes of interviews, any advice and guidance given and offers made, and your responses to offers. These details are needed in order to administer the enquiry/application process to enable us to provide the best possible advice and guidance in order to carry out our public task as a training provider.
Parent/Carers contact details –
For learners aged under 18 on 1st September at the start of the academic year of the course applied for, or those aged 18-25 with an Educational Health Care Plan, we strongly encourage applicants to provide details of parents/carers and to give us consent to share data with parents, including details of interviews, and offers made, so they can support applicants.
Why do we collect personal information? – We collect enquiry/application data to:
Administer your course enquiry/application.
Send you information and details of events, where they are related to your enquiry/application and we believe that they will be helpful.
You can opt out of these if they are not related directly to assisting you with your enquiry/application.
Provide you with the most appropriate advice and guidance, and to match you up with the course that best suits your needs
Assess and improve the quality of our services
Comply with the law in terms of data sharing and the Equality Act.
Special Category Data and Convictions – Under GDPR, certain types of data are termed “special category”. These include ethnicity, medical conditions and disabilities. Where these are collected on behalf of the DfE, ESFA or other government agencies, the reasons for processing under article 9 of the GDPR are explained in their privacy statements. Links to these are provided in this document. In addition, we need the data to carry out our obligations under social protection laws (GDPR article 9b) and where it is necessary for reasons of substantial public interest (GDPR article 9g). In certain cases it may be required to support your own vital interests (health, safety), or the vital interests of others. Where these reasons do not apply, we would seek your consent to collect and process the information.
Where do we obtain your personal data?
Most of the information above is collected directly from yourself via an application form. However some information such as previous qualifications or special needs may be collected from other organisations such as the DfE, the LRS, the Local Education Authority, your employer or your training provider.
How and where do we store data?
Data will be stored in a range of different places, including the learner information management systems, on paper, stored secure places, or on electronic documents within a secure network.
Why does the organisation need to process personal data?KYP needs to process data so we can provide you with the highest standards of education and training we are able to give, and to meet its legal obligations from government organisations including the DfE and ESFA. Where the organisation processes other special categories of personal data, such as information about ethnic origin, disability or health, this is done for the purposes of equal opportunities monitoring and monitor our service provision to improve our services to specific groups. We also use the data so we can personalise the provision to each learner to provide him or her with best possible opportunities to succeed. Any information that has been supplied under the lawful basis of “consent”, can be withdrawn at any time, by contacting the data protection officer. Contact details will not be used for marketing or survey purposes without your consent, which can be withdrawn at any time. However KYP will use the contact information to contact you in order to carry out our duties to you, for example to notify you of a change of course date, and also to obtain data where legally required, such as destination surveys.
Who has access to data?
Your information may be shared internally, including with any KYP staff who need the data to provide services to the learner. This will include special categories of data where appropriate. Where KYP engages non-statutory third parties to process personal data on its behalf, we require them to do so on the basis of written instructions, under a duty of confidentiality and they are obliged to implement appropriate technical and organisational measures to ensure the security of data in keeping with GDPR. Such third parties might include delivery partners. Where an employer has paid all or part of a learners’ fees, we will share information with them about course details, attendance and progress.
Do we process data outside the EEA?KYP will not transfer your data to countries outside the European Economic Area.
How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties. The Data Protection policy is available to view on our website, or can be obtained in a paper version by contacting our office.
For how long does the organisation keep data?All data collected and processed on behalf of the ESFA will be held for as long as we are legally required to do so, currently until at least 2030. Other data will be held as long as is necessary to fulfil our duty as a college. Any data provided by consent may be deleted on request. Details are available on the website, or from our office.
What rights do you have?
As a data subject, you have a number of rights.
Prevent processing for the process of direct marketing, although we will continue to contact where necessary in order to provide you learning – for example to notify you about a change of workshop or meeting. Also we need to contact you to obtain destination information as required by ESFA.
If you would like to exercise any of these rights, please contact the data protection officer at firstname.lastname@example.org or contact the office.
Who can I complain to?
If you believe that KYP has not complied with your data protection rights, please contact the Data Protection Officer in the first instance. If you are unhappy with the response, you have the right to contact the Information Commissioner by going to their website (ico.org.uk) or by ringing 0303 123 1113
What if I do not provide personal data?
Failure to provide data required to meet lawful obligations (except where consent is required) will result in us not being able to enrol you as a learner. Failure to provide other information (except that requiring consent), for example learning difficulty information, may result in KYP being unable to provide the standard of education and training that we wish to provide.
Glossary of Acronyms
Dfe – Department for Education
ESFA – Education and Skills Funding Agency
LRS – Learner Registration Service
LEA – Local Education Authority
GDPR – General Data Processing Regulations
Data Sharing Agreements
KYP will share data with government agencies such ESFA and LRS, as required by law. KYP will share data with the LEA as required by law, for students aged 16-18 on 1st September at the start of the academic year. It will also share information with the appropriate council and other statutory other agencies when required for safeguarding reasons. It will provide local district councils with information regarding enrolled courses when requested, lawful in the public interest. For students aged 16-18, it will provide information about enrolled courses to their previous schools to enable them to track destinations in the public interest. Where special category data is shared with organisations contracted by KYP to provide support to the student, the data will only be shared where it is used solely for that purpose. This is lawful in the public interest (GDPR article 9g). KYP will also share data with awarding organisations such as City and Guilds and Skills for Care in order for them to carry out their duties. The ESFA and LRS provide short privacy notices, provided below. We also provide a link to their full privacy notices, together with City and Guilds below. Links to the privacy notices of other organisations with whom we are required to share personal data, either by law, or in order to carry out our public task, e.g. awarding bodies, will be published on our website, or made available on request.
ESFA Privacy Notice
This privacy notice is issued by the Education and Skills Funding Agency (ESFA), on behalf of the Secretary of State for the Department of Education (DfE). It is to inform learners how their personal information will be used by the DfE, the ESFA (an executive agency of the DfE) and any successor bodies to these organisations. For the purposes of relevant data protection legislation, the DfE is the data controller for personal data processed by the ESFA. Your personal information is used by the DfE to exercise its functions and to meet its statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009 and to create and maintain a unique learner number (ULN) and a personal learning record (PLR). Your information will be securely destroyed after it is no longer required for these purposes. Your information may be shared with third parties for education, training, employment and wellbeing related purposes, including for research. This will only take place where the law allows it and the sharing is in compliance with data protection legislation. The English European Social Fund (ESF) Managing Authority (or agents acting on its behalf) may contact you in order for them to carry out research and evaluation to inform the effectiveness of training. You can agree to be contacted by agencies of the DfE or by the college for either surveys or research, or about courses or learning opportunities. You can choose your preferred method of contact, post, 6 phone or email, when you complete your enrolment form. Further information about use of and access to your personal data, details of organisations with whom the ESFA regularly share data, information about how long we retain your data, and how to change your consent to being contacted, please visit: https://www.gov.uk/government/publications/esfa-privacy-notice
LRS Data Sharing Agreement:
The information you supply will be used by the Skills Funding Agency, an executive agency of the Department for Education (DfE), to issue you with a Unique Learner Number (ULN), and to create your Personal Learning Record. For more information about how your information is processed and shared refer to the Extended Privacy Notice available on Gov.UK https://www.gov.uk/government/publications/learning-records-service-the-plr-for-learners-andparents Awarding Organisation Privacy Notice Links: City and Guilds www.cityandguilds.com/learner-policy.