Data Protection Policy
HFE stored information about staff, learners, suppliers and partners to enable it to operate as a successful provider of teaching and learning services and to meet its legal obligations.
In order to comply with the Data Protection Act 1998 (“the Act), information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this, HFE must comply with the principles of the Act.
In summary, the Principles state that personal data will:
■Be processed fairly and lawfully.
■Be obtained for specified and lawful purposes, and will not be processed in a manner incompatible with those purposes.
■Be adequate, relevant and not excessive for those purposes.
■Be accurate and up to date.
■Not be kept for longer than is necessary.
■Be processed in accordance with the rights of the person that the data is about.
■Be kept safe from unauthorised access, accidental loss or destruction.
■Not be transferred to a country outside the European Economic Area, unless the country has equivalent protection for personal data.
Compliance with the Act
Staff, learners or other parties (e.g. contractors, consultants, partners) who process personal data collected in the name of the Company must ensure that they follow the above Principles.
Compliance with the Act is the responsibility of all staff and learners who access Company systems. A breach of this Policy may lead to disciplinary action and/or access to Company facilities being withdrawn, or criminal prosecution.
Questions and concerns about the interpretation or operation of this policy should be taken up with the Company’s Directors.
Staff, learners or other parties who believe that the Policy has not been followed in respect of their own personal data or that of others should first raise the matter with the Company’s Directors. If the matter is not resolved it may then be raised as a formal complaint or grievance, in accordance with Company complaints procedures.
Access to Information: 1.Staff, learners and other persons about whom the Company holds data are entitled to: 2.Know what information the Company holds and processes about them and why? 3.Know how to gain access to it? 4.Know how to update it? 5.Know how the Company complies with the Act?
The Company will notify staff, learners and other relevant parties of the nature of data that the Company holds and processes about them, and the reasons for which it is processed upon requests.
Anyone wishing to formally exercise their right to access their information must do so in writing to the company’s registered address.
For all applications from customers and staff, the Company reserves the right to charge up to £15.00 for each occasion that formal access is requested, although the designated Data Controller has discretion to waive this charge on a case-by-case basis.
For applications from other parties, the Company may make an additional reasonable charge, as decided by the designated Data Controller, if this is required to cover administrative costs.
The Company aims to comply with requests for access to personal information within 21 working days of the date of receipt of the request by the designated Data Controller. If this timescale cannot be met, justification will be provided to the applicant in advance.
HFE is a Registered ‘Data controller’ with the Information Commissioners Office (Z2238970) and as such conforms to all standards of professional practice with matters of handling, protection and use.