STARTING POINT COMMUNITY LEARNING PARTNERSHIP LIMITED
PRIVACY NOTICE 2020
At Starting point Community Learning Partnership we’re committed to protecting and respecting your privacy.
This Notice explains when and why we collect personal information about employees, volunteers and people signing up for courses and learning provided by Starting point, but usually funded by a third party, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Notice from time to time. The Data Protection Officer will alert you to any changes. Please consider these changes to ensure that you’re happy with them.
Any questions regarding this Notice and our privacy practices should be addressed to the Data Protection Officer. Alternatively, you may contact the Data Protection Officer by telephoning 0161 494 9947, emailing email@example.com, or writing to the Data Protection Officer, Starting point Community Learning Partnership,4 Woodley Precinct, Woodley, Stockport SK6 1RJ
WHO WE ARE
We are Starting point Community Learning Partnership a company limited by guarantee (no 07045667). The registered address of the company is, 4 Woodley Precinct, Woodley, Stockport SK6 1RJ
HOW DO WE COLLECT INFORMATION FROM YOU?
We obtain information about you when you apply for a post at Starting Point either as an employee, a volunteer or request a place on one of our training courses or learning sessions.
PRINCIPLES OF DATA PROCESSING
The Processing of your Personal data forms an important part of our learning services to you and in your employment with Starting Point, whichever is applicable . We appreciate the trust you place in us when providing us with your Personal data, and consider your privacy an essential part of the services we offer. In order to safeguard your Personal data while providing our services and employment, we adhere to the following five general principles.
FREEDOM OF CHOICE
Your Personal data belongs to you. We strive not to make any assumptions regarding your privacy preferences and aim to design our services so that you can choose whether or not to share your Personal data with us.
BALANCE OF INTERESTS
Where the Processing of your Personal data is necessary for the pursuit of a legitimate interest, and where this interest outweighs the need to protect your privacy, we may process certain Personal data without obtaining your express consent if so permitted by law. In certain other situations, we may also process your Personal data without your consent if so required in accordance with applicable law. For more information, see the “Consent” section below. Where your Personal data is processed for the public interest, we base that on the potential benefits to (including the safety of) our customers and the general public.
A recent example of this, is that we have shared emergency contact details for staff and learners with our full training team during the Coronavirus outbreak. This is to mitigate any risk of staff not being available as usual and to ensure we are able to keep learners, volunteers and staff safe. Once the outbreak is resolved we will return to a need to know process of data sharing amongst the training team.
Starting Point will only process its customers’ Personal data if it is adequate, relevant and necessary in relation to the purpose for which it has been gathered. We aim to anonymise your Personal data when a function or service can be achieved with anonymised data. If we combine anonymised or non-Personal data with your Personal data, it will be treated as Personal data for as long as it remains combined.
TRANSPARENCY AND SECURITY
Starting Point believes in being transparent about which Personal data we process and for which purposes. To us it is also vital to protect your Personal data since one of Starting Points ‘ core values are to protect what is important to you. On request, Starting Point will provide customers with further information regarding our Processing and protection of your Personal data.
It is Starting Points ‘ policy to comply with the applicable laws, rules and regulations governing privacy and data protection in the UK and European Union.
The Personal data which Starting Point collects about you will be used:
To provide you with a service, including to verify your eligibility for certain of our services.
To inform you of updates to, or changes in, services, including, but not limited to changes to our terms and conditions and policies;
To inform you of new services and events;
To evaluate and improve our offering to, and communication with customers;
To comply with legal requirements or lawful authority requests;
To inform you about our services and identify those that may be of interest to you;
To carry out market research; and
For analysis and customer profiling purposes (online and social included) done by ourselves and our chosen suppliers and partners.
Starting Point uses the following definitions:
“Data controller” means a natural or legal person, public authority, institution or any other body which alone or jointly with others determines the purposes and means of the Processing of Personal data. At Starting Point, this role sits with the organisations’ Programme Manager.
“Data processor” means a natural or legal person, public authority, institution or any other body which processes Personal data on behalf of the Data Controller. At Starting Point, this role can sit with any one of the organisations’ training team.
“Personal data” means all information relating to an identified or identifiable physical person (“registered”). An identifiable physical person is a person who can be identified, directly or indirectly.
“Processing” means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction.
“Sensitive Personal data” as Personal data that is likely to cause harm or particular concern to the data subject if disclosed. Examples of such data are: Specific Personal data categories (as defined below), credit card number and other financial information about the person registered, personal ID number and location details.
“Special categories of data” means Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the Processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
You may provide us with information about you or your family when accessing Starting Points ‘ services for example through our websites or direct contact (in this context, please note that phone calls may be recorded, with your consent, for quality assurance purposes). We may also obtain such data from Central and local Government, HMRC, DBS and other third parties. Such data (“Customer-provided personal data”) may include:
Your contact information (name, address, telephone number, email address, etc.);
Demographic information (age, marital status, household composition, etc.);
Criminal Records, HMRC, Health records
We are particularly careful and apply additional measures if and when collecting and Processing Sensitive Personal data, as required by applicable law. For avoidance of doubt, it is noted that applicable law may require other kind of data to also be treated as Sensitive Personal data.
Where reasonably practical or as required by applicable law, we will, in collecting or registering your Personal data, provide you with (i) specific information as to the purposes of the Processing of your Personal data, (ii) the identity of the Data Controller, (iii) the identities of any third parties to whom the data may be disclosed and (iv) other information which may be necessary to ensure that you are able to safeguard your rights.
Where reasonably practical or as required by applicable law, we will obtain your consent prior to collecting or using your Personal data. The request for your consent will be clear and specific and provide you with a reasonable basis with which to make your decision. We will never take your consent for granted. Instead, we will make sure that you can actively consent in a clear and transparent manner. Your consent is voluntary and may always be revoked, for example by terminating a particular service or contacting Starting point at the address indicated in the “Information and Access” section below. If you do not give your consent, it may not be possible to use our services or parts of services.
COLLECTION AND PROCESSING OF PERSONAL DATA WITHOUT CONSENT
The collection and use Third party data may be necessary in order for (i) Compliance with legislation (ii) Starting point service development, for example enhancements of Safeguarding, (iii) managing Starting Points ‘ duty of care and (iv) fulfilment of legal requirements. When collecting or using third party data for these purposes, and for similar legitimate interests pursued by Startpoint, we will generally not seek your consent unless this is deemed necessary in the individual case or required by applicable law.
THIRD PARTY APPLICATIONS
You may access applications and other services linked with Starting Point but provided by a third party, which may, for example Facebook, may require transmission of location data and other data to this third party. Starting Point is not responsible for the collection or use of Personal data in applications or services provided by a third party, and recommends that you carefully review applicable terms for (and any integrity policy related to) such applications or services before you use them. If you have questions concerning a certain third party’s use of your Personal data, please contact the third party directly.
For most Processing acts, you are able to terminate our use of your Personal data by updating your preferences, terminating a particular service, revoking your consent to the Processing by contacting Starting Point at the address indicated in the “Information and Access” section below or as otherwise instructed by us. However, and unless otherwise follows from applicable law, you may generally not opt out of the Processing of your Personal data:
We will only retain your Personal data for as long as it is necessary to fulfil the purposes outlined in this policy or the purposes of which you have otherwise been informed. This means that when you have consented to our Processing of your Personal data, we will retain the data for as long as the customer relationship lasts or until you withdraw your consent. If you have revoked your consent, we may nevertheless retain certain Personal data for the period required in order for us to meet our legal obligations and defend ourselves in legal disputes. If we have not received your consent for Processing, the data will only be retained to the extent we are permitted to do so by law.
When we process your Personal data, we strive to ensure that it is correct and up to date. We attempt to delete or correct Personal data that is incorrect or incomplete. For more information regarding your right to ensure the accuracy of your Personal data held by us, please see the “Information and Access” section below.
INFORMATION AND ACCESS
As stated in the “Notice” section above, we may provide you with specific information concerning our Processing of your Personal data when collecting or registering such data. Once per year you have the right to request, and receive free of charge, information on (i) what Personal data relating to you that we process, (ii) where the Personal data is collected, (iii) the purpose of the Processing, and (iv) the recipients or recipient categories with which the Personal data is shared. Requests for such information must be made in writing and be signed by you personally, and include information on the name, address and ideally the email address as well. You are also entitled to request that we correct, block or delete any incorrect information related to you. Requests should be sent to the legal entity stipulated in the end of this document. Your requests will be dealt with in a prompt and proper manner. Requests to delete Personal data will be subject to any applicable legal requirements. Where the applicable law provides for an administrative fee for complying with such a request, such a fee may be charged by Starting point.
Starting point has taken technical and organisational measures in order to protect your Personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of Processing.
DISCLOSURES TO THIRD PARTIES
Starting Point may share your Personal data:
As required by law, for example in connection with a safeguarding inquiry, dispute or other legal process or request
When we, in good faith, believe that disclosure is necessary in order to protect our rights, for example in order to investigate potential violations of our terms and conditions or to detect, prevent or disclose fraud or other security issues
With our service providers who work on our behalf in connection with the above uses, such as wireless service providers, companies that host or operate our website, send communications, perform data analytics, credit card processors, or system providers necessary to process, store, or manage credit card or financial information; and
With emergency services providers, such as law enforcement, and health care professionals, Social services, in order to deliver related services and legal obligations.
Starting Point, as the legal entity being the data controller of your Personal data will, as a general rule, only disclose your Personal data to a third party if it has received your consent to do so. However, if permitted by law we may share your Personal data without your consent, unless we consider your consent necessary in the individual case or your consent is required by law, in the following situations:
Situations in which disclosure is required by law; and
Situations in which disclosure is necessary for the purpose of a legitimate interest pursued by Starting point (for example in order to protect our legal rights, as described above).
DATA PROCESSING ON OUR BEHALF
We restrict access to your Personal data to Starting Points’ employees and suppliers who need to use the information in order to process it on our behalf, and who are contractually required to keep your Personal data secure and confidential. We aim to choose the option for data processing services that best safeguards the integrity of your Personal data towards any third party.
We will not sell or trade your Personal data with third parties, unless we have your consent to do so. We will not share your Personal data with third parties for their marketing purposes, unless we have received your consent for such disclosures. If you have provided such consent, but wish to stop receiving marketing materials from a third party, please contact that third party directly. We may provide you with information regarding new products, services, events or similar marketing activities. If you wish to unsubscribe to a particular e-mail newsletter or similar communication, please follow the instructions in the relevant communication.
WEBSITES AND COOKIES
THIRD-PARTY SERVICES AND APPS
As a result of legal requirements, we have to monitor how Starting Points works. This means that we collect data and share with third parties as required by law.
HOW YOU CAN ACCESS AND UPDATE YOUR INFORMATION
The accuracy of your information is important to us. If you change address, email address or telephone numbers, or any of the other information we hold is inaccurate or out of date, please write to:
Data Protection Officer,
Starting Point Community Learning Partnership’
4 Woodley Precinct, Woodley, Stockport
0161 494 9947
You have the right to ask for a copy of the information Starting Point holds about you.
REVIEW OF THIS NOTICE
We keep this Notice under regular review. This Notice was first produced in April 2018. It was last reviewed in March 2020, when all staff underwent refresher training in GDPR.