Busec holds and processes information about employees, associates, clients and other data subjects (for example contractors) for academic, administrative and commercial purposes. When handling such information Busec must comply with the Data Protection Principles that are set out in the General Data Protection Regulation (May 2018). The Head of Business Development & Marketing is responsible for ensuring personal data is controlled in line with this policy.
In summary Busec affirms that personal data will: –
- Be processed fairly and lawfully
- Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with the purpose
- Be adequate, relevant and not excessive for the purpose
- Be accurate and up to date
- Not be kept for longer than necessary for the purpose
- Be processed in accordance with the data subject’s rights
- Be kept safe from unauthorised processing and accidental loss damage or destruction
- Not to be transferred to a country outside the EU, unless that country has equivalent levels of protection for personal data except in specified circumstances.
The information that is currently held by Busec and the purposes for which it is processed are as follows: –
- Students’ name, address, telephone number and e-mail account for contact and awarding body record purposes
- Students’ company name and address for contact and marketing purposes
- Students’ CV, job description and organisation chart for awarding body registration and quality assurance purposes
- Students’ course work and assessment documentation for quality assurance and awarding body record purposes
All employees and associates of Busec shall ensure that: –
- all personal information they provide in connection with their employment or working relationship with Busec is accurate and up to date
- they inform Busec of any changes to that information
Busec ensures that all personal information is kept securely, personal information is not disclosed to any unauthorised third party, all data is kept securely. (Please see information in the appendix about data held and what it is used for). Paper files are kept in locked filing cabinets, information held on the IT database is password protected.
All students must ensure that: –
- all personal information they provide is accurate and up to date
- they inform Busec of any changes to that information.
Employees, associates, students and other data subjects have the right to access any personal data that is being kept about them. This right can be exercised by submitting a request in writing to the Busec Administration team. Busec aims to comply with requests for access to personal information as quickly as possible and within a maximum time of one month. Employees, associates and students also have the right to have personal data erased (right to be forgotten) and to prevent processing where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
Busec will keep students’ work on their own qualification to enable monitoring of quality by the awarding body, also students’ records for a minimum of three years, in accordance with CIPD requirements. Contact details will also be retained on the Busec Ltd database for the purpose of “keeping in touch”. If you wish to withdraw your consent to retain contact details you should put your request to do so in writing to the Busec admin team.
Compliance with the Regulation is the responsibility of all staff and associates. Any person who considers that the policy has not been followed in respect of personal data about him or herself should raise the matter with one of the Busec senior managers. If the matter is not resolved it should be referred to the complaints procedure.
This policy should be read in conjunction with the Busec confidentiality policy.
Busec is committed to ensuring the confidentiality of the information contained within student portfolios and the Busec database. All Busec employees and associates are bound by strict confidentiality rules and will not divulge the contents of any portfolio to a third party without the student’s prior approval.
The contents of your portfolio and personal details will only be viewed by the allocated Busec Adviser and Internal Verifier. The CIPD appointed External Verifier may also choose to sample your portfolio as part of the awarding body quality procedure.
To protect the confidentiality of your own contacts it is recommended that you remove names from any evidence you include in your portfolio. If any evidence is particularly sensitive or confidential arrangements can be made for it to be viewed at your workplace by the Adviser and IV if necessary.
Busec and its associates will hold all students’ work and personal information in a secure manner.
The information Busec holds:-
|PERSONAL DATA ||WHERE IT CAME FROM||WHO IT IS SHARED WITH||RETENTION PERIOD|
|Enquiries||The person enquiring and then captured on the Enquiry Form||Internal staff only||3 years|
|Students’ name, address, telephone number and e-mail address||Enquiry Form and/or Student application form||Awarding body registration records|
Recorded on invoice – accountant Associate
|All the time they are active & then 3 years|
|Students’ company name and address||Student application form||Recorded on invoice – accountant Associate||All the time they are active & then 3 years|
|Students’ CV and job description||The student via email Student application form||Awarding body for registration and quality assurance Associate||All the time they are active & then 3 years|
|Students’ course work and assessment documentation||Online course folders||Awarding body for quality assurance and qualification records Associate||All the time they are active & then 3 years|
|Associates name, address, telephone number and email address||From individual associate via email||Awarding body for centres’ compliance, recorded on invoice for accountant||All the time they are active & then 3 years|
|Associates CV/CPD Record||From individual via email||Awarding body for centres’ compliance||All the time they are active & then|
|Busec employees name address, telephone number, email address, NI number, bank account details||From individual completion of payroll data form||Personnel records, accountant/HMRC for payroll, pension provider||All the time they are employed and post- employment 3 years|
|Busec employee salary, bonuses, expenses||From payroll||Accountant/HMRC for payroll, pension provider||All the time they are employed and post- employment 6 years|
|Busec employee leave and sickness records, entries in office accident book||From individual and accident book||Accountant for payroll if SSP required (compliance with WTD and HSAW)||All the time they are employed and post- employment 3 years|
|Contractors name, address, telephone number, email address, bank account details||From individual via email||Personnel records, recorded on invoice for accountant||All the time they are active and then 3 years|