SW Training UK Ltd and affiliated companies
SW Training UK Ltd and affiliated companies interpretation is that it is reasonable to rely on Legitimate Interest as grounds for the processing of personal data for our marketing purposes, given:
- The very limited amount of personal information being processed;
- The fact that it is being used solely for the purposes of marketing to the business for which the individual works and not the individual him/ herself; or that the email contains information of how the individual can benefit from our funded courses.
- That the individuals concerned are people in business who would expect to be contacted for business communications.
- The Information Commissioners Office (ICO) makes it clear: “The legitimate interests can be your own interests…they can include commercial interests, individual interests or broader societal benefits.”
- That the individuals have applied for jobs with us or registered an interest in completing one of our programme.
The ICO also says that Legitimate Interest may be the most appropriate basis to use to process an individual’s data when:
- The processing is not required by law but is of a clear benefit to you or others;
- There’s a limited privacy impact on the individual;
- The individual should reasonably expect you to use their data in that way;
- You cannot, or do not want to bother them with disruptive consent requests when they are unlikely to object to the processing
We believe that all four of those criteria apply to SW Training UK Ltd and affiliated companies.
SW Training UK Ltd Opt Out/Unsubscribe Processes
- We have no interest or desire to persist in communicating with people who don’t wish to receive our communications and we will stop immediately.
- If anyone objects (opts-out/unsubscribes) to any of our communications or to the storing and using of his/her personal data, then we will stop sending communications and will ensure that their personal data is removed from our database if they wish.
- Every email we send has an ‘Unsubscribe’ link in it and if that link is clicked we will cease all future electronic communication with that individual.
Legitimate Interest Assessment (LIA) – May 2018
Identify and establish legitimate interest
Why do you want to process the data –what are you trying to achieve?
We want to send marketing and educational material by email to people who have requested something from us in the past and not previously objected to receiving marketing material from us.
We believe that:
- the information we are processing is limited
- the material we are sending is relevant and beneficial to both the business and the individuals and offers them routes to funded qualifications where they would otherwise have to pay
- that the individuals concerned are people in business or that have registered an interest in our services who would expect to be contacted.
- these contacts have previously been contacted and have not requested not to be contacted by us.
- means that there is a genuine legitimate interest here.
Who benefits from the processing?
SW Training UK Ltd and affiliate companies will benefit if people do business with us, however the contact will benefit also by receiving funded qualifications that they would otherwise have to pay for.
Are there any wider public benefits to the processing?
Yes. The purpose of the direct marketing is to make sales to grow and maintain our business, to preserve and to generate jobs, profits and tax. The businesses and individuals benefit by having funded services and also giving job seekers a route into employment and higher qualification’s making them more employable or getting a promotion. This reduces employment and increases the skilled workforce, this has benefits to all concerned.
How important are those benefits?
Critically important. If we can’t market in this way then there is a genuine threat to jobs and to the sustainability of the business.
What would the impact be if you couldn’t go ahead?
We would see a marked decline in sales which would likely lead to job losses and, potentially, an existential threat to the business.
Would our use of the data be unethical or unlawful in any way?
No. Any one that does not want to receive our communications and opts out will be removed from out database and will no longer receive communication.
Carry out a necessity test.
Is this a reasonable way to go about it?
Yes. For many of the people the only data we hold for them is their email address so using, say, postal communications may not be possible anyway. Also, these people are used to receiving these types of communication from us and there is always an ‘unsubscribe’button/link on every piece of communication sent. Our plan is, therefore, entirely proportionate.
Is there another less intrusive way to achieve the same result?
No, we don’t believe there is.
Conduct a balancing test
What is the nature of our relationship with the individual?
All these people have willingly provided their contact details to receive information on products and services provided by SW Training UK Ltd and affiliated companies in the past, either via webforms or at exhibitions/trade shows. Many have purchased things from us. They are business owners or individuals that have expressed an interest in our programmes and all our communications are related to what they have previously requested.
Would people expect us to use their data in this way?
Yes. We have been communicating in this way for over 13 years. In most cases, the individuals have given us their data so that we can send them information and offers of exactly this type.
Might the data subject object or find the processing intrusive?
No, we don’t believe so. But anyone who wishes to opt-out of receiving communication from us only has to tell us or click the ‘unsubscribe’link which is on every communication. If/when they do so we will stop sending them communications and, if they wish, remove them from our database.
What is the possible impact on the individual?
We don’t believe there are any negative impacts on the individual beyond an additional email in their inbox.
The fact that the data is being used solely for the purposes of marketing to the business or to the individual that has sought courses from us and that the information we hold is very limited and that the individuals concerned are people in business or those wishing to get a qualification from us then they would expect to be contacted for these reasons hence reducing the impact even further. We believe that our communication will have a positive impact on the business and the individual.
Can we adopt any safeguards to minimise the impact?
If anyone does opt out then we will also offer then the opportunity to be removed completely from our database.
SW Training UK Ltd is the data controller of your personal data.
SW Training UK Ltd is committed to protecting and respecting your privacy and will comply with all applicable data protection laws in all our dealings with your personal data.
We may collect and process the following data about you:
- Information about you, such as your name, your business name, telephone number and email address;
- Additional information that is provided by you filling in forms on our websites or at exhibitions/events, say. This includes information provided at the time of registering to use our site, subscribing to our services, posting material, or requesting further services or information;
- If you contact us, we may keep a record of that correspondence;
- We may also ask you to complete surveys from time to time that we use for research purposes, although you do not have to respond to them;
- Details of transactions you carry out through our site and of the fulfilment of your orders;
- Details of your visits to our websites and emails received including, but not limited to, traffic data, location data, web logs and other communication data, whether this is required for our own billing purposes or otherwise.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to prevent fraudulent access to our member-only areas.
The main purposes of the cookies we use are:
- Session – to allow the user to navigate our sites more easily; for example you don’t have to login in as a new user every time.
- Analytics – to improve the user experience of the site by providing statistics on how the site is used.
- Authentication – this enables us to identify you and therefore where appropriate, personalise information for you.
How to refuse and delete cookies
You can refuse to accept all or some cookies by modifying settings within your browser – for help on how to do this visit www.aboutcookies.org.uk
You may also delete all cookies on your browser – click help on your browser or visit www.aboutcookies.org.uk
Please remember that if you block the session cookies you may be unable to access certain parts of our websites.
Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom and the European Economic Area (“EEA”). We will take all steps reasonably necessary to ensure that any personal data transferred outside the UK or the EEA is treated securely and in accordance with the applicable data protection laws.
We will store all information about you on secure servers.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Legal basis to process your personal data
Under the applicable data protection laws (GDPR) we need a lawful basis to collect and use your personal data. The law allows for six lawful basis to process people’s personal data, and one of them allows personal data to be legally collected and used if it is necessary for a legitimate interest of the organisation – as long as it is fair and balanced and does not unduly impact the rights of individuals.
We have assessed our business interests in carrying out marketing activities and we have carefully considered the impact the collection and use of personal data could potentially have on individuals’ rights.
Our databases contain primarily business data, which is used to help, and promote to, businesses and individuals looking for courses in the UK and such activities are unlikely to affect the fundamental rights and freedoms of individuals concerned. We have therefore concluded that the most appropriate lawful ground for the processing of your personal data is our legitimate interests.
In the event you request any goods and/or services from us, we will rely on our contractual relationship to process your personal data to provide such goods and/or services to you.
In certain circumstances we may also rely on a specific consent provided by you for the processing of your personal data.
You have the right to object to this processing if you wish and if you do so we will remove your data from all our systems and cease all communication with you. If you wish to make that happen just send an email to: firstname.lastname@example.org
Uses made of your information
We process personal information for certain legitimate business purposes, which include some or all of the following:
To educate you and/or to share with you techniques, strategies and insights that are designed to help you improve your business and/or to become more successful;
To inform you of funded opportunities arising and courses and qualifications that you have previously shown an interest in;
To update our records and generally maintain your accounts/membership with us;
To carry out our obligations arising from any contracts entered into between you and us;
To allow you to participate in interactive features of our service, when you choose to do so;
To notify you about any changes to our service.
To identify and prevent fraud;
To enhance the security of our network and information systems;
To better understand how people interact with our websites;
To communicate with you about offers, products, services and other information that we believe may be helpful to you and your business;
To determine the effectiveness of our promotional campaigns and marketing.
To enhance, modify, personalise or otherwise improve our services communications for the benefit of you and our customers;
Whenever we process data we will ensure that we always keep your personal data rights in high regard and take full account of these rights.
When contacting you for the above purposes we may do so by phone, post, email or other electronic means, unless you tell us otherwise.
None of your personal details will ever be passed to any third parties or shared with companies or people outside of SW and our associated businesses.
We will only retain your personal data for as long as we believe it is up-to-date. We verify our data periodically and if we learn that you are no longer involved with a business that is in our database, we will remove your data from our records.
If you want us to remove your data from our records then we will do so. All you have to do is ask. You can do so by sending an email to: email@example.com
You have the right to:
- Request to see the personal data we hold about you. This includes the right to obtain confirmation as to whether or not we process any of your personal data. There may be a charge to provide this as set out under applicable law;
- Request that we correct any inaccuracies in the personal data that we hold on you;
- If you wish you can request to have your personally identifiable data deleted from our database and/or to stop receiving communications from us;
- Request that we do not process your personal data for marketing purposes;
- Object to our processing of your personal data if we are relying on legitimate interest as the lawful ground for processing;
If you wish to talk to us about any of the above please drop us an email at firstname.lastname@example.org
If you have any concerns or complaints about our activities, you can contact us on email@example.com or you can call 0121 713 1661 during normal office hours.
Although this website only aims to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this site.
SW Training UK Ltd cannot and does not guarantee or verify the contents of any externally linked website. You therefore click on external links at your own risk and SW cannot be held liable for any damages or implications caused by visiting any external links on this site.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. SW will never ask for personal or sensitive information through social media platforms and we encourage users wishing to discuss sensitive details to contact us through our primary communication channels i.e telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Privacy Notice (How we use Learner information)
The categories of Learner information that we collect, hold and share include:
Personal Information (PI) such as name, address and Unique Learner number
Sensitive Personal Information (SP) such as ethnicity, disability information, relevant medical information, additional learning support needs, free school meal eligibility, safeguarding records, disciplinary information, unspent criminal convictions and financial information
Attendance information (AI) such as registers
Tutorial Records (TR) such as progress, behaviour and agreed targets
Why we collect and use this information
We use the Learner data:
to support learning and monitor progress
to provide appropriate pastoral care, bursary support and / or educational support
to assess the quality of our services
to fulfil our obligations with statutory organisations
The lawful basis on which we use this information
We collect and use Learner information underthe following lawful basis:
Personal Information: Contract and Public Task (GDPR Article 6a and 6e)
Sensitive Personal Information: Public Task (GDPR Article 6e and Article 9g)
And Vital Interests (GDPR Article 6 and Article 9c)
Attendance Information: Public Task (GDPR Article 6e)
Tutorial Records: Legitimate interests (GDPR Article 6f)
Collecting Learner information
Whilst the majority of personal information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you have a choice in providing your personal information.
Storing Learner data
Learner data, as a standard, will be held for a period of 6 years from the end of the academic year in which you studied. Any variation that is required under our funding contract will be detailed in our Document Retention Strategy.
Who we share Learner information with
We routinely, to fulfil statutory data collections, share Learner information with:
- our Local Authority
- Education and Skills Funding Agency
- the Department for Education (DfE)
- Office for Students (HE)
- National Offender Management Services (prison based learners)
- National Apprenticeship Services
- Internal and external auditors
- Awarding Organisations
Why we share Learner information
We share Learners’ data with the above organisations on a statutory basis. This data sharing underpins our further and higher education funding, educational attainment policy & monitoring and financial assurance processes.
We do not share information about our Learners with anyone else without your consent unless the law and our policies allow us to do so.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the ILR) go https://www.gov.uk/government/publications/ilr-guides-and-templates-for-2017-to-2018
The Individualised Learner Record (ILR)
The ILR is owned and managed by the Department for Education and contains information about Learners in further and higher education colleges in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our Learners to the DfE as part of statutory data collections such as the monthly ILR returns. The law that allows this is the Education (Information About Individual Learners) (England) Regulations 2013.
The department may share information about our Learners from the ILR with third parties who promote the education or well-being of young people and adults in England by:
- conducting research or analysis
- producing statistics
- providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested: and
- the arrangements in place to store and handle the data
To be granted access to Learner information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the department has provided Learner information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-Learner-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe
Requesting access to your personal data
Under data protection legislation, parents and Learners have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the Group Director: Finance and Administration Systems who is the College’s Data Protection Officer
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact:
Group Director: Finance and Administration Systems who is the College’s Data Protection Officer