Online Cookies/Privacy and GDPR Policy
As a Data Processor, Karen Blake Coaching Ltd also known as Karen Blake Academy (KBA) is committed to protecting and respecting the security and integrity of your personal data in line with GDPR (General Data Protection Regulation). We collect information only which we can justify as reasonable and justifiable for the provision and communication of KBC and KBA-related products and services as detailed on our marketing website.
The EU General Data Protection Regulation (GDPR) marks a step change for data protection and replaces the Data Protection Directive on 25 May 2018. GDPR simplifies and clarifies rules and strengthens citizens’ rights in relation to their personal data. The GDPR abolishes the single country data protection acts and combines the data protection for all EU member states. When the UK leaves the EU, it will become an approved country and GDPR will continue to form part of UK law.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in forms on our product websites. This includes information provided at the time of registering to use the Site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with the Site.
- If you contact us, we will keep a record of that correspondence.
- KBC and/or KBA may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to the Site and the resources that you access, including your IP address and internet browsing preferences.
- We do not store credit/debit card details.
IP Addresses and Cookies
We may collect information about your computer, including (where available) your IP address, operating system, and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.
Where we store your personal data
KBC and KBA will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the GDPR.
Your personal data is stored within the EU, will not be transferred outside the EU. Your learners’ and users’ data are kept securely on your own password-protected database and will not be used for any purpose other than the delivery of online learning through your KBA account.
Where you have been given (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Uses made from the information
KBC will use personal information only to provide you with services relating to the Site. Personal information will not be passed to third parties.
We use information held about you in the following ways:
- To ensure that content from the Site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
Retention of your information
The personal data that we collect shall be kept for no longer than is necessary for the purposes for which it is being processed. Should your KBA account remain unused for a period of two years, or you request removal of your personal data without KBA having legal grounds to object, then your personal information will be scheduled for deletion.
Data scheduled for deletion will be moved to a secure, encrypted ‘vault’ for no more than three years, before being permanently removed from all KBA servers and backups.
Disclosure of your information
KBC Data Protection Policy
Karen Blake Coaching Ltd is committed to keeping your personal and educational information safe. To achieve this, we take great care to tell you what information we capture, why we capture it, how it is stored and how long we keep it. We comply with both the Data Protection Act 2018 and the European Union General Data Protection Regulation 2016, which was enforced on 25 May 2018.
Six Principles of the Data Protection Act 2018
- processing must be lawful, transparent and fair;
- purposes of processing must be specified, explicit and legitimate;
- personal data must be adequate, relevant and not excessive;
- personal data must be accurate and kept up to date;
- personal data must be kept for no longer than is necessary; and
- personal data must be processed in a secure manner.
Karen Blake Coaching Ltd holds learner enrolment and achievement data for the purposes of administering, verifying and awarding credits and qualifications.
We only collect personal information that you give us when you enrol/submit work to us for assessment, internal quality assurance and registering with an awarding body.
THE INFORMATION WE COLLECT AND STORE
First and surname and Date of Birth
Address and postcode
ULN/ Karen Blake Coaching Ltd ID
Phone number and Email address
Specific identification numbers like a passport or driving licence and other identifiers like a personal learning number
Details of your assignments and achievements with us.
Details of any correspondence between you and Karen Blake Coaching Ltd.
KEEPING EMAIL SAFE
- We always consider whether the content of the email should be encrypted, or password protected.
- Where possible we verify email addresses
- We do not share your email address with other learners or third parties unless you give us consent to.
- We always check email addresses and content before sending an email.
FOR OTHER SECURITY WE:
- Shred all our confidential paper waste.
- Check the physical security of our premises.
- Keep all personal data locked securely when not being used.
- Ensure all doors are locked and windows shut when leaving the premises.
- Do not reuse excel spreadsheets that have contained personal data.
- Allow plenty of time to undertake work that involves personal data.
- Check all envelopes before sending letters/certificates to ensure they only contain what they should.
We comply with:
- The Data Protection Act 2018
- The European Union General Data Protection Regulation 2016
- The European Convention of Human Rights
- The UK Human Rights Act 2000
- PECR Regulations
- Inspire Regulations
- Freedom of Information Act
- Access to Information Regulations
For information on these regulations and for information in how to understand your information rights visit the Information Commissioner’s Office:
Karen Blake Coaching Ltd is registered with the ICO.
KEEPING ELECTRONIC RECORDS SAFE
For computer security we:
- Install a firewall and virus-checking our computers.
- Make sure that our operating systems are set up to receive automatic updates.
- Protect our computers by downloading the latest patches or security updates, which should cover vulnerabilities.
- Only allow our staff access to the information they need to do their job and don’t let them share passwords.
- Protect personal information held electronically that would cause damage or distress if it were lost or stolen.
- Take regular back-ups of the information on our computer system and keep it in a secure separate place and password protected.
- Securely remove all personal information before disposing of old computers.
- Have anti-spyware tools in place. Spyware is the generic name given to programmes that are designed to secretly monitor activities on computers.
Procedures for data breaches
- Report data breaches to the Centre Manager at the earliest opportunity.
- Complete required paperwork within 24 hours.
- The Centre Manager will investigate and decide a course of action according to ICO regulations. https://ico.org.uk/media/for-organisations/documents/1562/guidance_on_data_security_breach_management.pdf
- Review breach and identify and implement any action points.
We review our data protection, confidentiality and security practices continually and update our policies accordingly. We encourage learners to contact us with any concerns and we pride ourselves in learning from feedback on any mistakes we make. Through our Privacy Notices we make clear to learners that we will only pass personal information onto the Awarding Body and no one else. We also advise learners that they can contact us to remove their personal data from our systems once they have completed their learning with us.
SUBJECT ACCESS REQUESTS
The Data Protection Act gives you the right to apply for a copy of personal information held about you. This is called a subject access request, (SAR). You can, if you wish, appoint someone to apply for you, for example a member of your family.
To make a SAR please put your request in writing and email to email@example.com or firstname.lastname@example.org. Please provide your name, your organisation, the course you attended and the date (s) of the training.
The fee for providing this information is £10.
- Acknowledge receipt of your request within 10 working days.
How to recognise a subject access request.
- We will use the Subject Access Request Checklist provided by the ICO, using the following link:
Other people’s information contained in the proposed request.
If other people’s information is contained in the proposed request, we will follow the guidance issued by the ICO using the following link:
If you wish to discuss any data protection, information security or data access matter, please email us at: email@example.com
Awarding Body Privacy Policies:
Appendix One: The Learner Records Service
The Learner Records Service (May 2018) and can be found at: https://www.gov.uk/government/publications/lrs-privacy-notices/lrs-privacy-notice#privacy-notice-guidance-for-training-and-learning-providers
Data Management Process
- The designated Centre Manager for each Awarding Body is responsible for uploading information on learner entries for units/qualifications and learners results from the Assessors and Internal Verifiers. Timescales and deadlines for this may vary according to the course, customer requirements and timescales agreed in any Memorandum of Understanding.
- The learner enrolment form ensures that all the information required for registration with and certification from, the Awarding Body, is collected from the learner. This form is usually kept in the learner’s portfolio/workbook.
- This information is put onto the Centre’s database and a centre learner ID number is allocated. If required, to register the learner for a qualification, the learners ULN is accessed from the Learner Records Service (LRS).
- The Centre Manager registers all classes/individual learners with the Awarding Body using the format they provide and uploads this information via secure file transfer. The Awarding Body then issues a link to a “claim form” for each class.
- The results from the Assessor and Internal Verifier are also found in the learner’s portfolio/workbook. The Centre Manager completes and submits the Claim Form.
- All workbooks are stored in a locked cabinet.
- A Master Record is created, depending on awarding body requirements, for each year, with details of the learners who have achieved during that year. This is submitted, for example, to the Agored Cymru EQA prior to the annual EQA Visit and the EQA selects learners work to sample from this record.
- Assessors and IQA’s provide feedback throughout a learner’s workbook/portfolio and summative feedback at the end of the portfolio/workbook.
- Internal verification records not contained within the learner workbooks/portfolios will be kept for three years.