Data Use and Management Policy

Overview of our Privacy Policy

When you use our services, you trust us with your information. This Privacy Policy is meant to help you understand what data we collect, why we collect it and what we do with it. This is important. We hope you will take time to read it carefully.

As you use our services, we want you to be clear how we’re using information and the ways in which you can protect your privacy. Our Privacy Policy explains:

We collect information to provide better services to all of our users. We collect information in the following ways:

Transparency and Choice

People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. For example, you can review and control the information in your account and either change it or let us know if it is incorrect so we can change it.

Information Security

We work hard to protect all our data, users, staff and candidate files from unauthorised access or unauthorised alteration, disclosure or destruction of information that we hold. In particular:

Introduction

Each of the services and products provided by Blyde Welcome is for the continuance of our commercial business. We do collect, hold and manage data about individuals and organisations. We do this to provide a service to each person and organisation. We recognise our fundamental need to ensure that this information is accurate and secure. We go beyond the needs of any legislative requirements. The secure management of data is central to the way that we work.

None of the information provided is used beyond the needs of Blyde Welcome .

This policy sets out how we collect, store and manage data and who is responsible for this. It also sets out how you can request your data and how, if it is incorrect, you can ensure we get it right. This includes ensuring how we protect your data.

Why we have this policy

This policy ensures that we:

What services does this policy cover?

Data Protection Law

The General Data Protection Regulation (GDPR) of the European Union replaced the Data Protection Act 1998 in May 2018. It introduced an extensive data protection regime by imposing broad obligations on those who collect personal data, as well as conferring broad rights on individuals about whom data is collected. It covers both paper based and electronic information.

Our policy takes account of these changes. It provides additional protections to individuals and organisations. These include a clearer definition of:

Our policy meets, and goes beyond, these legal requirements.

Scope of our Data Use and Data Management Policy

This policy applies to Blyde Welcome and all our data controllers and data processors.
Its scope applies to all:

Purposes for which Data can be Used

Blyde Welcome cannot use this information for marketing to individuals and organisations by third parties.

Data Protection Risks

This policy helps to protect Blyde Welcome as the Data Controller, and its partners, as Data Processors, from some very real security risks, including:

Our Responsibilities

Every member of Blyde Welcome is aware of their data responsibilities, but some have additional responsibilities and accountabilities:

Data Storage

If in doubt about data storage, any questions should be addressed to the Head of Centre or in her absence one of the Assessors.

When data is stored on paper, and being processed, it should not be left unattended on a printer or desk where it could be viewed by unauthorised people. When it is not being used, data should be held in a locked cabinet or secure facility and not be accessible to unauthorised people. All printed data that is no longer required must be shredded or destroyed without leaving the office.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts. To meet these requirements:

Data Accuracy

For our operation, and in order to meet the requirements of the GDPR and DPA, Blyde Welcome and our staff, the certification, funding bodies and system users, must take reasonable steps to ensure that data is accurate and up to date.

Data requests by Individuals or Organisations
Any individuals or organisation is entitled to ask about data held about them by us.

They can:

Such a request for information is called a ‘subject access request’. All such requests must be forwarded to the Head of Centre. We will always verify the identity of a person making a subject access request before providing any information.