1. Purpose
This policy aims to set out how our organisation protects personal data and ensures ongoing compliance with data protection laws. It is a set of principles, rules, and guidelines that informs our clients about our commitment to data protection.
2. Scope
This policy applies to all personal data in our organisation’s processes, including data from learners, educators, staff members, and other stakeholders.
3. Principles
We adhere to the data protection principles set out in the General Data Protection Regulation (GDPR). These principles require that personal data shall be:
- Processed lawfully, fairly, and transparently.
- Collected for specified, explicit, and legitimate purposes.
- Adequate, relevant, and limited to what is necessary.
- Accurate and kept up to date.
- Stored only as long as necessary.
- Processed in a manner that ensures appropriate security.
4. Rights of Individuals
We respect the rights of individuals under data protection law. These rights include the right to access, correct, erase, restrict, transfer, object to processing, and not to be subject to automated decision-making.
5. Data Security
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encryption, pseudonymisation, resilience of processing systems, and regular testing of effectiveness.
6. Breach Notification
In the event of a data breach, we will notify the relevant supervisory authority and affected individuals of our legal obligations.
7. Review
This policy will be reviewed annually to ensure it remains effective and compliant with current regulations.