1. Your privacy is important to us, therefore this policy provides information about the personal information that we collect, and the ways in which we use that information in accordance with applicable data protection law, in particular the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
2. Please read this Policy carefully, as it contains important information about what information we collect, how and why we do so, how we process and protect this data after collection, your rights in relation to your personal data and how to contact us and / or the appropriate external authorities in the event that you wish to report a concern about the way in which we process your data.
3. Under the terms of the GDPR, FIT Education is considered the “controller” of data that individuals or companies provide us.
What Data We Collect
4. FIT Education may collect the following kinds of personal information:
- Information about your use of this website.
- Information that you provide using for the purpose of registering with the website.
- Information about transactions carried out over this website.
- Information that you provide for the purpose of subscribing to the website’s services.
- Any other information that you send to FIT Education.
How We Collect Data
5. FIT Education collect data by the following methods:
6. Data is either sent directly to us via means such as email and online services (e.g. Course registration) or collected automatically via our website (e.g. items such as IP address and browser type).
7. It is important for individuals undertaking our qualifications and / or accessing other services to know that certain elements of their personal data (e.g. name and date of birth) will typically need to be shared with partner organisations for us to deliver the relevant service. Similarly, members of staff at organisations that receive products and / or services from us may have their name and contact details shared with us by their employer.
8. Wherever personal information is shared with us by anyone other than the person whose information we are collecting (the “data subject”), it is the responsibility of the third party to ensure that the data subject is fully aware that their information will be shared with us and has provided their consent for this to happen prior to their information being shared. An example would be an organisation or employer ensuring that a learner or Apprentice has consented to their personal information being shared with us during their sign-up process.
10. We collect data in order to fulfil a variety of obligations, and we ensure that those sharing data with us are aware of what information is mandatory and what is optional in order for us to fulfil those different obligations.
10. Under the terms of the GDPR, we collect and process this data on one or more of the following bases:
11. Consent: for example, when you provide us with your email address and formally opt-in to receive marketing communications from us.
12. Contractual obligations: for example, in order to deliver contracted products and services to centres and / or individuals, we may use an individual’s personal information to contact them directly.
13. Legitimate interests: for example, in order to assist with complaints or appeals or to optimise your website experience.
14. Legal obligations: for example, to assist us and / or law enforcement agencies with fraud investigations.
Using your personal information
15. Under the terms of the GDPR, we collect and process this data on one or more of the following bases:
- Better administer this website.
- Personalise the website for you.
- Enable your access to and use of the website services.
- Publish information about you on the website.
- Send to you products that you purchase.
- Supply to you services that you purchase.
- Send you statements and invoices.
- Collect payments from you.
- Send yo marketing communications.
16. We may have a legitimate need to share your data with the following third parties:
17. Members of staff at a learner’s / Apprentice’s training provider or employer.
18. Our service providers (for example, companies that supply and / or host our IT services, our print service supplier and credit reference agencies).
19. Our partners (specifically, any Awarding Organisations with whom we offer joint or collaborative services).
20. Consultants and / or professional experts whose remit specifically requires access to personal data.
21. Law enforcement agencies, in the event that we are required to assist with legal proceedings.
22. Where FIT Education discloses your personal information to its agents or sub- contractors for these purposes, the agent or sub-contractor in question will be obligated to use that personal information in accordance with the terms of this privacy statement.
23. Disclosures of your personal information will only be made for the purpose of providing or improving our service to you.
24. FIT Education may disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise, or defend its legal rights.
Securing Your Data
25. FIT Education takes reasonable measures to prevent the loss, misuse or alteration of your personal information. Such measures are likely to include regular backups of our data, encryption of the data and secure password protection policies on all systems handling your personal information.
26. FIT Education store all the personal information you provide on its secure servers.
27. Information relating to electronic transactions entered into via this website will be protected by encryption technology.
28. To maximize the security of your payment related information, this data is not stored on FIT Educations servers and instead resides with our merchant and payment gateway service providers.
29. A cookie is a small piece of information sent from a website and is stored in a user’s web browser while they are browsing a particular website. When the user browses the same website in the future, that information is retrieved by the browser to inform the website of the user’s previous activity.
30. Cookies are typically deployed to improve the user’s browsing experience and are not viruses, spyware, or trojans that will cause damage to your computing equipment.
FIT Education may use the following types of cookies:
31. These cookies monitor how visitors use our website, which pages they visit and how long they spend on these pages. These cookies help us to improve the quality of information within our site and identify which pages users find most helpful, and those which they do not.
32. All information supplied by analytics cookies is anonymous, so we can only see which pages have been visited, and not by whom.
Third Party Cookies
33.These are cookies dropped via our site, but originate from other websites which we do not have direct control over. Most of the third party cookies the FIT Education website deploys will originate from social media websites like Facebook, You Tube or Twitter. If for example we embed a video on our website that is hosted on You Tube, when you click play on that video You Tube will drop a cookie on your machine to let you know that you have watched it. Alternatively, if you hit the ‘Like’ button on one of our pages, the relevant social media site will drop a cookie again on your machine to remind you that you have previously liked or shared this content throughout your social network.
34. We always try to ensure that we only ever allow cookies to be deployed through our site from trustworthy organisations and their websites. We never allow cookies to be used by third parties to try and market their products/services to you.
What If You Don’t Like Cookies?
35. If you don’t want to accept the cookies that by default our site deploys to the browsers of our visitors then you can simply turn these off in your web browser. The means by which you do this will differ from one browser to the next (Google Chrome, Internet Explorer, Safari etc.) but this is usually accomplished through the browser’s settings.
Links to Other Websites
Updating This Policy
40. You should check this page occasionally to ensure you are familiar with any changes.
41. This website contains links to other websites. FIT Education is not responsible for the privacy policies or practices of any third party.
42. The GDPR outlines various rights that a data subject has with regard to their personal data. Please see a summary below:
43. The “Right to be informed”: individuals must be made aware of how and why their personal data is collected. In providing the Policy, FIT Education meets this requirement
44. The “Right of access”: individuals can request access to copies of their personal data in order to verify that it is being processed in a lawful and correct way
45. The “Right to rectification”: individuals can request that inaccurate personal data is corrected (or completed if it is incomplete)
46. The “Right to erasure”: under certain circumstances, an individual can request that their personal data is deleted (e.g. if they wish to unsubscribe from receiving marketing communications and also have their contact details completely deleted from our systems. This would be possible provided there was no legitimate ongoing reason for us to retain their details)
47. The “Right to restrict process”: under certain circumstances an individual can request the suppression of their personal data (e.g. allowing us to continue holding their data, but pausing all processing of that data whilst they seek to verify that it is accurate and / or being processed lawfully)
48. The “Right to portability”: under certain circumstances, an individual can request that their personal data is electronically transferred from us to another data controller
49. The “Right to object”: under certain circumstances, an individual can object to the way in which their data is being processed (for example, if they believe that we do not have legitimate grounds for collecting and processing certain information about them). If the objection is upheld, we are required to stop processing that information
50. If you wish to exercise any of these rights or raise a data protection issue with us, please find the appropriate contact details below.
How long do we keep your data?
51. We retain data for as long as is required to fulfil our ongoing regulatory, quality assurance and / or legal obligations. For example, learner and achievement data will be retained beyond the end of a contract between us and the learner’s training provider in case it should be required during regulatory audits, complaint handling, appeals and / or legal proceedings.
52. Please refer to the next section of this Policy and the ‘How to contact us’ section if you feel that we are retaining your data for longer than necessary and wish to exercise your “Right to erasure”.
53. Where you have opted into marketing communications, please note that you can update your preferences or unsubscribe at any time.
Contact FIT Education
54. If you believe that your data protection rights may have been breached, you can lodge a formal complaint by contacting us as described below.
55. If you are unhappy with our response, please visit https://ico.org.uk/concerns to access more information about how to escalate your complaint to the Information Commissioner (if you are in the UK) or to your local data protection supervisory authority.
FIT Education, 3 St Georges Crescent, North Shields, Tyne and Wear, NE29 0JW