Everyone has rights with regard to how their personal information is handled. During the course of our activities it is necessary for us to collect, store and process personal data and we recognise the need to treat it in an appropriate and lawful manner.

As a business, and as an employer, the types of information that we may be required to handle include details of current, past and prospective customers, suppliers, current and prospective employees, workers, and other third parties who we engage to provide services for us, and/or do business with.

This data is subject to certain legal safeguards specified in the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018 in terms of the way personal data is kept and used.

This policy sets out our commitment to being transparent about how we collect, use and process personal data and our commitment to data protection, and the rights and obligations in relation to personal data.

If you consider that our provisions for complying with the Act have not been followed in respect of personal data about yourself or others you should initially raise the matter with us by emailing info@ontracklearning.co.uk. If you are not satisfied, you can make a complaint to the Information Commissioner’s Office https://ico.org.uk

Definition of Data Protection Terms

Data is information which is stored electronically, on a computer, or in certain secure paper-based filing systems.

A data subject is a living, identified (or identifiable) individual we hold personal data about.

Personal data is data we hold about a data subject. What makes it personal data is the fact that the data subject can be identified (directly or indirectly) from that data (or from that data and other information in our possession or available to us). Personal data can be factual (e.g. a name, address or date of birth) or it can be an opinion about the data subject, their actions and behaviour (such as
a performance appraisal).

Processing is a term used to describe what we do with the personal data. It applies to most activities that might be undertaken in respect of the data, such as: collecting, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, disclosing by transmission, dissemination or otherwise making it available, aligning or combining, restricting its use, erasing or
destroying it. Processing also includes transferring (or disclosing) personal data to third parties.

A data controller is the person(s) who, or organisations which, determine how and why personal data is processed. They have a responsibility to establish practices and policies in line with the Act.

We are the data controller of all personal data used in our business. Data users are those persons whose work involves processing personal data. Data users have a duty to protect the data they handle in accordance with this policy and any applicable data security
procedures.

Data processors means any person(s) or organisation that processes personal data on our behalf and on our instruction. Employees of data controllers are excluded from this definition, but it could include suppliers who handle personal data on our behalf.