PRIVACY POLICY

Overview
1. DMR Training & Consultancy Ltd (DMR) processes personal information about learners, employers, members of staff and suppliers in order to deliver qualifications and training programmes. DMR processes personal information so that members of staff can be recruited and paid, training and assessment delivery planned and delivered, learners and their parents/carers/guardians and employers kept informed of progress, qualifications completed, and to comply with legal obligations to funding and commissioning bodies and lead training providers.
2. DMR is a data controller for all personal data collected with its registered office address being 87-89 Church Street, Leigh, Greater Manchester, WN7 1AZ. This means that DMR is responsible for deciding what data it collects and how it holds and uses personal data.
3. This privacy policy has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018.
4. This policy should be read in conjunction with the Data Protection Policy.
5. DMR takes the protection of personal information very seriously. DMR aims to explain clearly what information is going to be used for and who it may share the information with. Unless required or permitted by law, DMR will always ask data subjects before it uses personal data information for any other reason.
6. DMR will only use personal data information given to it for marketing purposes with prior consent.
7. Personal data will never be supplied to anyone outside DMR without first obtaining consent, unless required or permitted by law.
8. DMR will keep the personal data it processes to the minimum required to carry out each task, remove personal information from its systems when it is no longer required, and ensure that all personal information supplied is held securely.
9. This policy will be continuously reviewed against new technologies, business practices, legislation and regulatory changes and the evolving business needs of DMR and the work undertaken by DMR.
10. DMR is registered with the Information Commissioners Office, the UK’s Data Protection Authority.
Collecting and processing data
1. DMR processes data that is essential for operational business use, to enable the monitoring of selected protected characteristics and to ensure that members of staff get paid. Some data is classed as mandatory and some as voluntary. DMR will inform individuals and organisations at the point of collection whether they are required to provide certain information to DMR or if they have a choice in this.
2. The personal data collected is used by DMR to give information in relation to its services, to process and respond to queries received from individuals, organisations or other relevant stakeholders, to contact individuals or organisations regarding their interest/query and to send marketing communications.
3. DMR will communicate to data subjects what personal data is being processed, why their personal data is being processed, on what lawful basis their personal data is being processed, with whom their personal data will be shared and why, how and for how long their personal data will be stored, how they can exercise their rights over their personal data and whom to contact if they have any questions or concerns.
4. For learners, communication could be via a training programme application form, handbook or induction pack, for members of staff, it could be when they apply for a role or accept a contract, and for employers, it could be via the completion of survey questionnaires.
5. DMR will collect members of staff and learners’ personal details including name, address, date of birth, National Insurance number, residency information, e-mail address, dates of attendance, examination/test results, ethnicity, health information, next-of-kin/emergency contact details, information about support needs, gender, employer details and criminal conviction information. This list is not exhaustive.
6. DMR will also collect information about employers who purchase training from DMR, employers who provide work experience placements and other individuals and organisations who request information from DMR.
7. DMR does not collect personal data except when there is a legitimate business requirement or when such information is provided on a voluntary basis.
8. Sensitive personal information provided (e.g. disability or ethnicity) may be used by DMR for the purposes of monitoring equality of opportunities. It may also be used anonymously for statistical purposes.
9. Any special category personal information will never be supplied to anyone outside the DMR without first obtaining consent, unless required or permitted by law.
10. If an individual or organisation is a current user or customer of DMR, then opting out of promotional e-mails will not stop all communication from DMR. Learners or employers who are customers of DMR will receive certain information where DMR has a constitutional or contractual requirement to send such information.
11. Learners may be contacted after they have completed their qualification or programme of learning to establish whether they have entered employment or gone onto further training or education. Some legacy learners may be contacted by the European Social Fund (ESF) Managing Authority, or its agents, to carry out research and evaluation to inform the effectiveness of a training programme. Information may be shared with the ESF for this purpose.
12. DMR may ask learners and employers to complete feedback surveys or case studies. Participation will be voluntary.
13. DMR may undertake statistical analysis of user behaviour and characteristics to measure interest in and the use of various sections of the DMR website. The personal data held by DMR may also be used on an aggregate basis without any personal identifiers to provide third parties with information and to help DMR develop new services and products, improve the features and content of the DMR website or other marketing material, and to provide stakeholders and lead training providers with aggregate information about DMR’s service delivery, website users and their usage patterns in relation to services and/or the website.
14. Individuals and organisations who are no longer customers of DMR can choose to opt in or out of further contact with DMR.
15. DMR may receive data through networking (e.g. business cards, event registrations) and add these details, if relevant, onto its customer relationship management or other data management system. DMR may on occasion purchase ‘opt-in’ data (lists from reputable providers) for promotional campaigns.
16. DMR may use third party provided tools to manage its social media interactions. If individuals and organisations send DMR a private or direct message via social media the message may be stored. Like other personal data, these direct messages will not be shared with any other organisations.
DATA RETENTION
1. The personal data collected is stored in DMR’s customer relationship management system and other appropriate data management systems, both paper-based and electronic formats.
2. Personally identifiable information will not be disclosed to any third party except if permission has first been obtained from the users. The data will not be transferred to any agency located outside the EU.
3. All documents containing personal data will be disposed of securely. In general, information about learners will be kept for a period of 6 years after they complete or leave their training programme or qualification.
4. Personal data for learners previously funded by the European Social Fund will need to be retained until at least 31 December 2034.
5. DMR may need to keep information about members of staff for longer periods of time. In general, all information will be kept for 6 years after a member of staff leaves DMR. Some information however will be kept for much longer. This will include information necessary in respect of pensions, taxation, potential or current disputes or litigation regarding the employment, and information required for job references.
Data sharing
1. DMR will share information internally to enable it to manage and administer qualification and training programme delivery effectively.
2. DMR may also share the personal information that it receives with the following organisations (or types of organisation) for the following purposes: –
  
  If learners are undertaking a qualification or training programme that receives public funding, DMR will share personal information with the following organisations, as appropriate: –
  1. The Education and Skills Funding Agency (ESFA), Ofsted, Greater Manchester Combined Authority, Greater London Authority and/or the European Social Fund (ESF) – if the qualification is publicly funded;
  2. The Learner Records Service – to create and or maintain a Personal Learning Record (PLR);
  3. Zoom – to virtually meet with learners to deliver on-line learning and for training and assessment purposes;
  4. Awarding organisations – to register, assess and certificate learners for accredited training programmes and qualifications;
  5. Parents/carers/guardians – if learners are aged 16 or 17 to share information including attendance, punctuality and progress unless a learner specifically withdraws consent for DMR to do so;
  6. Employers – to share learner information including attendance, punctuality and progress;
  7. Lead training providers – for learners where DMR delivers qualifications, training and assessment as a subcontractor under a legal contract agreement to share personal data information such as name, address, date of birth, gender, nationality, parent/guardian contact names, telephone number, e-mail address, support needs, education history, qualifications, ethnic origin, employment history, attendance data and other relevant information;
  8. For safeguarding related purposes to fulfil DMR’s safeguarding duty;
  9. Public sector agencies (e.g. police, social services) for the prevention or detection of crime and the capture or prosecution of offenders.
Privacy Rights
1. Data Protection law provides the following rights for individuals: –
  1. The right to be informed;
  2. The right of access;
  3. The right to rectification;
  4. The right to erase;
  5. The right to restrict processing;
  6. The right to data portability;
  7. The right to object;
  8. Rights in relation to automated decision making and profiling.
2. Individuals and organisations have the right to ask DMR what personal information about them DMR is holding and to have access to a copy of their personal information.
3. Individuals and organisations have the right, in certain circumstances, to ask DMR to review and explain its legitimate interests to them and the right where DMR’s use of personal information is carried out for the purposes of an agreement with DMR and is carried out by automated means, to ask DMR to provide them with a copy of their personal information in a structured, commonly used, machine-readable format.
4. Individuals may ask DMR at any time for information about any personal data DMR holds about them, or they may request that DMR corrects or deletes that information.
5. DMR will pass on any personal data changes to any third parties who need to change their records and will let the individual know this has been done.
6. Where individuals ask DMR not to contact them again or to delete information DMR may need to retain limited information to respect those wishes.
7. Where DMR is relying on consent as a condition for processing personal data individuals may revoke their consent to the processing of their data by contacting the DMR Data Protection Officer.
8. When individuals and organisations make a request to access or review their personal data, DMR will request them to verify their identity before the request can be fulfilled.
9. DMR may disclose personal information in circumstances where it has reason to believe that disclosing this information is reasonably necessary to comply with the law or DMR has another legal basis to do so.
10. Individuals and organisations wishing to exercise these rights should send a letter marked “Data Protection” to The Data Protection Manager, DMR Training & Consultancy Ltd, 87-89 Church Street, Leigh, Greater Manchester, WN7 1AZ. DMR will endeavour to respond to the request within a reasonable period and in any event within one month.
11. Individuals and organisations having further concerns about how DMR uses personal data, have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the data protection authority for the United Kingdom at https://ico.org.uk/concerns/ or write to them at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Cookies
1. Non-personal information and data may be automatically collected through the standard operation of DMR’s web servers, and by the use of cookies technology and/or Internet Protocol (“IP”) address tracking. Non-personal identification information might include the browser used by individuals, the type of computer, the operating systems, the internet service providers and other similar information.
2. Cookies are small data files websites store on a device to improve the user experience by enabling that website to ‘remember’ them, either for the duration of the visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’).
3. Cookies can let a user navigate between pages efficiently, storing preferences, and generally improving the experience of a website. Cookies make the interaction between the user and the website faster and easier. If a website doesn’t use cookies, it will think the user is a new visitor every time they move to a new page on the site – for example, when entering login details and move to another page it won’t recognise them and it won’t be able to keep the user logged in.
4. The DMR web server automatically gathers information about the top viewed and visited pages and links on DMR’s website, top entry and exit points, number of form completions, time spent on pages, top downloads, top keywords used offsite to lead customers to our website, IP address, information collected via cookies, the areas visited on the website, the links selected from within the website to other external websites and device event information such as system activity, crashes, hardware settings, browser type etc.
5. Most browsers are set to accept cookies. The browser can be set to refuse cookies or to alert individuals and organisations when cookies are being sent. The information thus collected enables DMR to develop and customise its services better to meet customer needs and preferences, and to bring to their attention possible services.
6. It is possible to block some or all cookies, or even to delete cookies that have already been set; but the user might lose some functions of the website. The user can remove cookies by going into the browsers control panel/preferences.
Security
1. DMR uses reasonable measures to safeguard personally identifiable information. The implemented measures will be appropriate to the type of information maintained and will comply with all relevant legislation governing protection of personal information. Measures are implemented to preserve the confidentiality, integrity and availability of the personal information. DMR has put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
2. DMR limits access to personal data to only those members of staff who have a legitimate business need to have access to that data. The members of staff will process personal data in accordance with DMR’s instructions. They will be subject to a duty of confidentiality and due care with respect to handling the personal data.
3. DMR has put in place procedures to deal with any suspected data security breach and will notify individuals and organisations and any applicable regulator of a suspected breach where DMR is legally required to do so. DMR’s employees are trained on data security and information protection. Relevant areas of DMRs website will employ Secure Socket Layer (“SSL”) encryption technology to enhance data privacy and help prevent loss, misuse, or alteration of the information collected and retained.
4. DMR will monitor the use of DMR’s computers by learners. This is because DMR has legal obligations to protect learners and has a legitimate interest in making sure learners are using DMR’s computer equipment correctly and that learners are not looking at any inappropriate content.
Review
1. This Privacy Policy will be reviewed at least annually.
  
  • Implementation date: May 2018
  • Last review date: September 2024.

Helping people succeed in life

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

PRIVACY POLICY

Overview

Collecting and processing data

Data sharing

Privacy Rights

Cookies

Review

NEWSLETTER