Privacy Notices - Swindon Hub for Education website Privacy Notice
You need to be aware of this Privacy Notice if you are using the Swindon Hub for Education website for purchasing services or booking training courses.
- What is a Privacy Notice?
A Privacy Notice is a statement issued by an organisation which explains how personal and confidential data about individuals is collected, used and shared.
- Who is collecting and using your personal data?
Swindon Borough Council will act as a “Data Controller” for any personal data that you provide to us. We will ensure that the data given to us is processed in line with our Data Protection Act 2018 (DPA 18) and the EU General Data Protection Regulations. (GDPR)
To find out more about Swindon Borough Council’s data protection policies please contact our Data Protection Officer by e-mail at email@example.com or in writing to Data Protection Officer, Civic Offices, Euclid Street, Swindon, Wiltshire SN1 2JH.
- Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
- What personal data do we collect?
Swindon Borough Council collects a range of data about you. This includes your name, address and contact details.
On Swindon Hub for Education site, to create an account, you must provide your name, job title, place of employment and email address. User accounts are then linked to your place of employment (school, academy or other education setting).
If you are attending a training course booked through the Swindon Hub for Education, then you or your employer will need to submit your name, job role, place of work and an email address to secure your place.
We collect all data you provide, post or upload to the Swindon Hub for Education system and log usage data when you visit or access our service pages or content.
- How do we process your personal data?
Swindon Borough Council complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
- Why do we need your personal information?
We will need to use some information about you. Your data will be used to help you make purchases and view tailored content on the site. For example, your job role information will allow you to purchase relevant training courses.
If we have your consent to do so, we will contact you via email and messages posted through the site to keep you informed of changes and updates to the Swindon Hub for Education website and any purchases you have made.
We will also need your personal data to:
- deliver services and support to you
- manage those services we provide to you
- help investigate any worries or complaints you have about your services
- keep track of spending on services
- How the law allows us to use your information?
There are a number of legal, legitimate or lawful reasons why we need to collect and use your personal information.
Your data will be used to help you make purchases and view tailored content on the site. For example, your job role information will allow you to purchase relevant training courses.
Generally we collect and use personal information in circumstances where:
- you have entered into a contract with us
- it is necessary to perform our statutory duties
- it is necessary to protect someone in an emergency
- it is necessary for employment purposes
- it is necessary to deliver health or social care services
- it is to the benefit of society as a whole
- it is necessary to protect public health
We will never sell your personal information to anyone else.
- Who do we share your information with?
Your personal data is only visible and shared with Swindon Hub for Education System Administrators and is only used in relation to purchasing and site activities.
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement in place to make sure that the organisation complies with data protection law.
Sometimes we have a legal duty to provide personal information to other organisations. This is often because we need to give that data to courts, including:
- if we take a child into care
- if the court orders that we provide the information
- if someone is taken into care under mental health law
We may also share your personal information when we feel there is a good reason that is more important than protecting your privacy. This does not happen often, but we may share your information:
- in order to find and stop crime and fraud; or if there are serious risks to the public, our staff or to other professionals
- to protect a child
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
For all of these reasons the risk must be serious before we can decide to override your right to privacy.
If we are worried about your physical safety, or feel we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we will make sure that we record what information we share and our reasons for doing so. We will let you know what we have done and why, if we think it is safe to do so.
- How do we protect your information?
We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them.
Examples of our security include:
- encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code, or what is called a 'cypher'. The hidden information is said to then be 'encrypted'.
- pseudonymisation, meaning that we will use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours.
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
- How long do we keep your personal information?
Your information will be held for up to seven years after we have collected it.
- What you can do with your information?
The law gives you a number of rights to control what personal information is used by us and how it is used by us.
You can ask for access to the information we hold on you.
We would normally expect to share what we record about you with you whenever we assess your needs or provide you with services.
However, you also have the right to ask for a copy of all the information we have about you and the services you receive from us. When we receive a request from you in writing, we must give you access to everything we have recorded about you, however, we cannot let you see any parts of your records that contain:
- confidential information about other people
- data a professional thinks will cause serious harm to you or someone else’s physical or mental wellbeing
- information that may stop us from preventing or detecting a crime
This applies to personal information that is in both paper and electronic records. If you ask us, we will also let others see your record (except if one of the points above applies).
If you cannot ask for your records in writing, we will make sure there are other ways that you can.
If you have any queries about access to your information contact DataProtection@Swindon.gov.uk.
- Your right to complain
In the event that you wish to complain about the way that your personal data has been handled by Swindon Borough Council, you should write to the Data Protection Officer and clearly outline your case. Your complaint will then be investigated in accordance with our customer complaint procedure.
If you remain dissatisfied with the way your personal data has been handled, you have the right to complain to the Information Commissioner’s Office. You may refer the matter to the Information Commissioner’s Office whose contact details are below:
Information Commissioner’s Office
This website also contains information on data protection and your rights and remedies.
- What if you do not provide personal data?
You are under no statutory obligation to provide personal data to Swindon Borough Council, however if you do not provide the data, we may not be able to process your application properly or at all.
- How will we ensure compliance?
An annual audit will take place to check compliance.
- Main privacy notice
You are viewing the Privacy Notice required when using the Swindon Hub for Education website for purchasing services or booking training courses.