Interserve Learning & Employment (Services) Limited (ILE) is committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use personal information about you during and after your apprenticeship with us, in accordance with the General Data Protection Regulation (GDPR).
It applies to all apprentices who use our apprenticeship training services.
Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
The kind of information we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
There are “special categories” of more sensitive personal data which require a higher level of protection.
We may collect, store, and use the following categories of personal information about you:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
- Date of birth.
- Next of kin and emergency contact information.
- National Insurance number.
- Start date.
We may also collect, store and use the following “special categories” of more sensitive personal information:
- Information about your health, including any disability, medical condition
How we use your information
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you.
- Where we need to comply with a legal obligation
- Where it is necessary for our legitimate interest (or those of a third party) and your interest and fundamental rights do not override those interest.
- Where we need to process certain sensitive data or offer other course and learning opportunities with your consent
We may also use your personal information in the following situation, which are likely to be rare:
- Where we need to protect your interest (or someone else’s interest)
- Where it is needed in the public interest or for official purposes
Situations in which we will use your personal information
We need all the categories of information in the list above primarily to allow us to perform our contract with you [A] and to enable us to comply with legal obligations [B]. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties [C], provided your interests and fundamental rights do not override those interests. In limited circumstances, with your explicit written consent [D]. The situations in which we will process your personal information are listed below. We have indicated by [LETTER] the purpose or purposes for which we are processing or will process your personal information, as well as indicating which categories of data are involved.
- To plan, manage and deliver the apprenticeship training services to you [C]
- To enable ILE to comply with our legal obligations to the Skills Funding Agency (SFA), which is an agency of the Department for Education. [C]
- To enable ILE to comply with its duties contained in the apprentice agreement signed by you, your employer and ILE. [A] and/or [C]
- Checking you are legally entitled to work in the UK. [B]
- Checking prior learning and achievements contained in the Personal Learning Record (PLR). [D]
How we use particularly sensitive personal information
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit consent:
- To process your ethnic origin to enable us to comply with diversity reporting obligations we may have to your employer
- Where ILE cannot reasonably provide the support needed and delivery partners have been identified to ensure the qualification is delivered in the best way possible to you within the contract guidelines.
- Information about a disability may be requested to enable us to meet legal requirements under the Equality Act 2010.
- Where it is needed in the public interest, such as for equal opportunities monitoring, and in line with our data protection policy.
We may share your personal information with other organisations, being:
- our service providers who provide us with assistance in delivering the apprenticeship training services
- those who regulate our provision of the apprenticeship training services such as the Department for Education and Ofsted
We will share your personal information with the SFA. The information you supply will be used by the SFA to issue you with a Unique Learner Number (ULN), and to create your Personal Learning Record. For more information about how your personal information is processed and shared with the SFA refer to the Extended Privacy Notice available at: www.gov.uk/government/publications/learning-records-service-the-plr-for-learners-and-parents.
We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
We will not transfer your personal data outside of the European Economic Area (EEA).
People Appearing On CCTV
We operate CCTV systems to support the physical security of our premises. Areas covered by CCTV will be identified with signage.
CCTV footage is not shared with 3rd party organisations, with the exception of the Police where there is a need to support criminal investigations.
The CCTV systems which we have installed record footage to hard drive devices and are routinely overwritten with subsequent recordings. Where no incidents have occurred requiring longer retention, CCTV recordings are normally retained for a maximum of one month.
People Accessing Websites
We do not attempt to identify anyone who visits the website. Where website visitors use ‘contact us’ to ask a question, the following information will be recorded:
- email address
- telephone number
These details are stored in accordance with information security policy and only retained for a long as is necessary. Specific retention periods can vary depending on the nature of the comment or query. The information is not stored within the website.
Other Members of The Public
Where members of the general public contact us, for example, to make a complaint, their information will be stored in accordance with information security policies, will not be distributed to other third party organisations and will only be retained for as long as necessary. Where there is a need to share information with others, we will contact you for your consent.
Purpose and Legal Basis for Data Processing
To the extent that we hold and/or use any information about you, we do so on the basis that such processing is necessary for the exercise of a contract, consent and/or legitimate interests.
To the extent that, for the exercise of consent and/or legitimate interests, we hold and/or use any information about you which constitutes special category data (meaning information about you relating to your race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sex life; or sexual orientation), or data relating to criminal convictions, we do so on the basis that such processing is necessary for statutory purposes, for the protection of vital interests and for the safeguarding of children and of individuals at risk.
How long will you use my information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Automated decision making
We do not make decisions that would have a significant effect based solely on automated decision making processes.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from your information security team.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Rights of access, correction, erasure, and restriction
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Data portability, allows you to obtain and reuse your personal data for your own purposes across different services
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- Withdraw Consent In limited circumstances, where you have provided consent to the collection, processing or transfer of your personal information for a specific purpose, you have the right to withdraw your consent at a later date. Once we have received notification that you wish to withdraw your consent, we will cease processing your information for that specific purpose unless we have another legitimate or statutory basis for continuing to do so. You will be told if we are unable to cease processing your information and why.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us.
What We Need from You
Tell Us When Your Details Change
To assist us in ensuring the accuracy of your personal data, it is important that you tell us if your personal information changes.
Verification of Identity
We will need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to a person who has no right to receive it.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you have any queries or requests arising out of this Privacy Notice or if you have any concerns about the personal information we hold about you, please see contact details below.
If you are contacting us to access your personal information, please also state “Subject Access Request”.
You can contact our Data Protection Officer by:
- email: firstname.lastname@example.org
- Write to: Data Protection Officer, Interserve, 91 Waterloo Rd, Lambeth, London SE1 8RT
Information Commissioner’s Office (ICO)
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Change to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
This Privacy Notice was reviewed September 2019.