List of active policies

Name Type User consent
Privacy Policy Privacy policy All users
Data Protection Privacy policy All users

Summary

This Privacy Statement describes what Phoenix Training Services (Midlands) Ltd (the Company) does with the personal information you provide it with. Occasionally you will be asked to give the Company personal information about yourself in order to become a learner or client, to use Company’s systems and services etc. It applies to information the Company collects about people who use or may use our services. This includes for example:

Individuals who request information from the Company

Visitors to the Company website

Individuals who undertake a course of study through the Company

Phoenix Training Alumni

Employers who purchase training from the Company

Employers who take a learner on work experience or placement, facilitate workplace visits or support the employability skills of our learners

Employers who employ an Apprentice

If you are asked to provide information to us, it will only be used in the ways described in this Privacy Statement. The Privacy Statement will be updated on occasion and the latest version is published on the Company’s website. If you have any questions about this statement, please contact our Data Protection Officer who will be happy to provide more detail.


Full policy

Why do we collect personal information?

Phoenix Training collects and processes personal data about members of the public who enquire about courses and services, learners and employers to effectively offer advice, manage learning programmes and to meet statutory obligations to the agencies who provide funding for these activities.  The company is committed to being clear and transparent about what data it collects, how it is used, and to meeting its data protection obligations.

We need to process data so we can provide you with the highest standards of education and training we are able to give, and to meet our legal obligations from government organisations including the DfE and ESFA.  Data regarding employment status and whether you or your parents are receiving benefits is required to assess your eligibility for government funded fees and financial support.

Where we processes other special categories of personal data, such as information about ethnic origin, disability or health, this is done for the purposes of equal opportunities monitoring.  This monitoring is performed by the Company and by the ESFA and DfE, and helps us to improve our services to specific groups.  We also use the data so we can personalise the provision to each learner to provide you with the best possible opportunities to succeed.

Contact details will not be used for marketing or survey purposes without your consent, which can be withdrawn at any time.   However, the Company will use your contact information to contact you in order to carry out our duties to you, for example to notify you of a change of course date, follow up on absences, and to obtain further information from you where required, such as your destination in the months after you have completed your course.



What personal information do we collect?

We collect the following personal data to provide education and training to our learners;

·         Details about you including your name, date of birth and gender

·         Contact details – including address, telephone numbers and email address

·         Details of your previous qualifications, educational history and employment status

·         Information about your nationality and residency, and previous address if applicable

·         Information about medical or health conditions, including whether or not you have a learning disability or difficulty, and if so whether you have an EHCP (Education Health Care Plan)

·         Ethnicity

·         Household information (this is collected only for the ESFA is not used by Phoenix Training)

·         Financial Information (bank details)

We collect data about unspent criminal convictions in order to protect vital interests of others and to carry out our duty to support those with a conviction.

We collect emergency contacts.  This information is optional for those aged 19 or over at the start of the academic year.

We collect information about use of our website, company and employee information, and information about personal preferences, interests and career aspirations in order to provide high quality advice and guidance on the range of services we offer.

We collect information about staff, including dates of employment, hours worked, posts, roles, salary, annual leave, absence, performance and professional development in order to manage contracts of employment and business operations.



How is this collected?

Most of the information about you and your learning programme is collected directly from you via an application or enrolment form. However, some information such as previous qualifications or information to support any special needs, may be collected from other organisations such as the DfE (Department for Education).

Information about staff is collected directly from individuals as well as from the observations of managers.

CCTV footage is collected at a number of our sites, and used in line with the Data Protection Policy.

Cookies and analytics services are used to collect information about visitors to our website.  Cookies do not provide us with access to an individuals’ computer, or any personal information about them.

Where information is collected for use with consent, this is very clearly shown as part of the process of asking for the information, and you will always be asked for your agreement to use the information for the specific intended purposes.



Where do we store data?

Data will be stored in a range of different places, including the learner information management system, on paper files in secure places, or on electronic documents within our secure network.

Learner information is stored within our Learner Records Management System, which is hosted by a 3rd party.  Our contractual arrangements with 3rd parties ensure that they meet the same standards for data security and protection.



How do we protect data?

We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by employees in the performance of their duties. The Data Protection policy is available to view on our website, or can be obtained in print by contacting our reception.

To prevent unauthorised disclosure or access to information, we have strong technical security safeguards in place, and provide staff with regular training and briefings to ensure that they follow our agreed processes.

If information is shared with another organisation (as discussed below), we will ensure that a robust information sharing agreement is in place.



Who has access to data?

Your information may be shared internally, including with any Phoenix Training  staff member who needs the data to provide services to you.  This will include special categories of data where appropriate.

Where we engage non-statutory third parties to process personal data on our behalf, we require them to do so on the basis of written instructions.  They are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

We will not lease, distribute or sell personal information to third parties unless we have permission or a legal requirement to do so.

Most of the information collected and processed in relation to the learning programmes we provide is shared on a regular basis with other Providers and Government Agencies to meet the requirements of funding contracts.  The Company is a data processor for the Education and Skills Funding Agency and for organisations who subcontract funding to us.  This means that the company will pass information to these organisations if they provide funding for your learning programme.

The information provided may be shared with other organisations for purposes of administration, the provision of career and other guidance and statistical and research purposes, relating to education, training, employment and well-being. This will only take place where the sharing is in compliance with the Data Protection Act 1998.



Do we process data outside of England or the European Economic Area (EEA)?

Part of the funding for your course may be coming from the European Social Fund (ESF).  This is not confirmed until after you have completed your course.  If your course is part funded by ESF, your data may be lawfully shared with them via the ESFA.  The Company will not transfer your data to countries outside the European Economic Area.



Do we use automated decision-making?

No.  None of our decisions are based solely on automated decision-making.  If you feel that a decision affecting you has been made unfairly on the basis of information you have provided, please contact the Data Protection Officer.



What if I do not provide personal data?

Failure to provide data required to meet the obligations set by our funding organisations will result in us not being able to enrol you as a learner. Failure to provide other information (except where we ask for your consent), for example learning difficulty information, may result in us being unable to provide the standard of service we would wish to provide.



What are my rights?

Phoenix Training will always ensure that your rights as an individual are protected in the way we operate our services.  You can:

·         Obtain a copy of the data we hold about you by making a request to us

·         Ask us to change incorrect or incomplete data

·         Ask us to delete or stop processing your data, for example where the data is no longer needed for the reason(s) it was collected

 

If you would like to request any of these services, please visit our website, contact our data protection officer or contact our centre reception for further information.



Complaints or Queries

If you have any questions about the Company’s collection and use of personal data please contact our Data Protection Officer. They will be happy to provide additional information if it is required.

If you believe that Phoenix Training has not complied with your data protection rights, you can complain to the Information Commissioner.



Changes to This Privacy Statement

We will keep this Privacy Statement under regular review and reserve the right to change it as necessary from time-to-time or if required by law. Any changes will be immediately posted on our website.

 

The Data controller

Phoenix Training Services (Midlands) Ltd Phoenix Wharf Bolton Street Birmingham B9 4HH

www.phoenixtraining.org/dataprotection



The Data Protection Officer

dataprotection@phoenixtraining.org



Summary

Data Protection Law controls what Phoenix Training Services (Midlands) Ltd does with the personal information provide by individuals who work for us, study with us or access services we provide.

Our Privacy Statement describes what we do with the personal information we are provided with. You may be asked to give us personal information to become a student, client or to use the services we offer.


Full policy

Privacy Notice

If you provide us with information, it will only be used in the ways described in our Privacy Statement.  Our statement will be updated from time to time and the latest version is always published here on the company website.

Phoenix Training Services (Midlands) Ltd is a Data Controller registered with the Information Commissioner’s Office (ICO) (Registration number Z2524147).

All written correspondence in relation to Data Protection should be addressed to:

Phoenix Training Services (Midlands) Ltd
Phoenix Wharf
Bolton Street
Birmingham
B9 4HH


The Data Protection Officer, appointed by the Board of Directors to provide independent assurance over the use of Information across the company can be contacted by e-mail at
dataprotection@phoenixtraining.org
Subject Access Requests
The General Data Protection Regulation (GDPR) 2016 and our Data Protection Policy, gives any individual the right to obtain confirmation that their data is being processed, and where this is the case, access to the personal data. The right of access to this information is referred to as Subject Access Request (SAR).
We will endeavour to provide access to personal data within one month of receipt of a subject access request. If a request is complex, an extension of up to a further two months may be requested from the individual making the request.
A copy of the information will be provided free of charge, however, a ‘reasonable fee’ may be charged if a request is unfounded or excessive, or where information is requested repeatedly.
Who can make a Subject Access Request?
Persons who are entitled to access personal data under this procedure are:
1. The individual (also known as the data subject).


2. A representative of the data subject who has written consent (e.g. solicitor; acourt appointed representative if the data subject could no longer manage his or her own affairs; a person with enduring Power of Attorney or quite simply anyone else the individual wants acting for them).


3. The parent or guardian of a child under 16 years of age: In cases where the child agrees, or it was in the child’s best interest for access to the data to be granted.
How can I make a Subject Access Request?
Please download a copy of the Subject Access Request Form and send it to dataprotection@phoenixtraining.org
Please note Phoenix Training Services (Midlands) Ltd will use reasonable means to verify the identity of the individual making the request, but may require individuals to visit one of our Training Centres in order to receive copies of information request responses.
Requests to delete personal data
One of the key principles which underpins UK Data Protection Law is the right of an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. This is also known as the right to be forgotten.
Individuals may have a right to have personal data erased and to prevent processing in specific circumstances such as:
Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.


When the individual withdraws consent.


When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.


The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
The personal data must be erased to comply with a legal obligation.
The personal data is processed in relation to the offer of information society services to a child

Please note that the right to erasure does not provide an absolute ‘right to be forgotten’. Under GDPR the Company can refuse to comply with a request for erasure where the personal data is processed for particular reasons.  This will always be explained to you if your request cannot be carried out by our Data Protection Officer.
How can I make a request to have my personal data deleted?
Please download a copy of the Request for Erasure of Data Form and send it to dataprotection@phoenixtraining.org.  Each request will be dealt with on a case by case basis.