Institute of Infrared Thermography



Institute of Infrared Thermography




GDPR

The General Data Protection Regulation (GDPR)

 

Privacy Notice (How Infrared Training Limited uses Student information)

The categories of student information that we collect, hold and share include:

  • Personal information (Name, address, contact information, company information)
  • Course information (Courses attended, assessment criteria and exam results)

Why we collect and use this information

We use the Student data:

  • to support student learning
  • to monitor and report on student progress
  • to provide appropriate support services
  • to assess the quality of our services
  • to comply with the law regarding data sharing

Storing student data

We hold student data for a minimum of 10 years using secure systems either electronically or in hard copy form

We routinely share student information with:

  • BINDT (Administrator of PCN examination)

On occasions Infrared Training Limited may share student information with approved associate companies purely for efficient contact and information provision for company products.

Data Protection

Key points

  • The General Data Protection Regulation comes into force on 25 May 2018.
  • Workers have legal right to access information that an employer may hold on them.
  • The Data Protection Act contains 8 principles that everyone responsible for using data has to follow.
  • All staff have a responsibility under the act to ensure that their activities comply with the Data Protection.
  • Data Protection applies when monitoring employee’s telephone calls, emails and CCTV.
  • Employees who feel the organisation has misused information or hasn’t kept it secure can contact the Information Commissioner’s Office.

The European Union’s GDPR (General Data Protection Regulation) comes into force in the UK on 25th May 2018. The GDPR will bring in stricter obligations that all employers must follow. The ICO (Information Commissioner’s Office) has published an overview of the regulation and has a checklist of 12 steps you can take to get ready.

For more information, go to the ICO website.

Until May 25 2018, The Data Protection Act 1998 still applies. The Data Protection Act is concerned with respecting the rights of individuals when processing their personal information. This can be achieved by being open and honest with employees about the use of information about them and by following good data handling procedures. The act is mandatory and all organisations that hold or process personal data must comply.

The Data Protection Act contains 8 principles:

  • personal data should be processed fairly and lawfully
  • data should be obtained only for one or more specified and lawful purposes
  • the data should be adequate, relevant and not excessive
  • it should be accurate and where necessary kept up to date
  • any data should not be kept for longer than necessary
  • personal data should be processed in accordance with the individuals rights under the act
  • data should be kept secure
  • personal data should not be transferred outside the European Economic Areas unless the country offers adequate data protection.

All staff have a responsibility under the Act to ensure that their activities comply with the Data Protection Principles. Line managers have responsibility for the type of personal data they collect and how they use it. Staff should not disclose personal data outside the organisation’s procedures, or use personal data held on others for their own purposes.

Workers have a legal right to access information that an employer may hold on them. This could include information regarding any grievances or disciplinary action, or information obtained through monitoring processes. Arrangements should be in place to deal with requests as a 40-day time limit is stipulated. Information can be withheld if releasing it would make it more difficult to detect crime or the information is about national security. If an employee feels the organisation has misused information or hasn’t kept it secure they can contact the Information Commissioner’s Office.

Monitoring employees – CCTV, telephone calls, emails

The Data Protection Act will apply if employers are monitoring employees; for example to detect crime or excessive private use of e-mails, internet use etc. However, the act requires that workers should be aware of the nature and reason for any monitoring.