TalentEd (“the Charity”) collects, stores and processes information about our staff and tutors, our partners and beneficiaries as part of our day to day activities, helping to provide effective and efficient support services.
TalentEd is committed to protecting and preserving the privacy of visitors when using our websites or communicating electronically with us. This policy covers the use of personally identifiable information that is collected in this way.
This policy will be reviewed regularly and may be updated from time to time. Any changes to our Policy will be displayed on our web site.
TalentEd is committed to safeguarding your personal information. Whenever you provide such information, we will use and store your information in line with both the TalentEd Data Protection Policy and all laws concerning the protection of personal information, including the Data Protection Act 1998, the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) 2016.
Why we process data
Where you voluntarily choose to give us your personal details, the personal data you provide to TalentEd will be used exclusively for providing you with the information or
TalentEd expects that the following uses fall within that category of its “legitimate interests”:
- For the purposes of client, staff, tutor, customer and beneficiary selection;
- To provide education services and monitoring of students’ progress and educational needs;
- Maintaining relationships with our client, staff, tutor, customer and beneficiary community, including direct marketing or fundraising activity;
- For the purposes of donor due diligence, and to confirm the identity of prospective donors and their background and relevant interests;
- For the purposes of management planning and forecasting, research and statistical analysis, including that imposed or provided for by law (such as tax, diversity or gender pay gap analysis);
- To enable relevant authorities and funders to monitor the Charity’s performance and to intervene or assist with incidents as appropriate;
- To give and receive information and references about past, current and prospective client, tutors, staff, customers and beneficiaries, including relating to outstanding fees or payment history;
- To enable clients, tutors, staff, customers and beneficiaries to take part in national or other assessments, and to publish the results of the Charity’s achievements.
- To safeguard welfare and provide appropriate pastoral care;
- To monitor (as appropriate) use of the Charity’s IT and communications systems in accordance with the Charity’s IT use and data collection policy;
- To make use of photographic images of client, staff, customer and beneficiaries in Charity’s publications, website and (where appropriate) on the Charity’s social
- For security purposes;
- To carry out or cooperate with any Charity Commission or external complaints, disciplinary or investigation process; and
- Where otherwise reasonably necessary for the Charity’s purposes, including to obtain appropriate professional advice and insurance for the Charity.
In addition, the Charity will on occasion need to process special category personal data (concerning health, ethnicity, religion, biometrics or sexual life) or criminal records information (such as when carrying out DBS checks) in accordance with rights or duties imposed on it by law, including about safeguarding and employment, or from time to time by explicit consent where required. These reasons will include:
- To safeguard our staff and beneficiaries welfare and provide appropriate pastoral (and where necessary, medical) care, and to take appropriate action in the event
of an emergency, incident or accident, including by disclosing details of an individual’s medical condition or other relevant information where it is in the individual’s interests to do so: for example for medical advice, for social protection, safeguarding, and cooperation with police or social services, for insurance purposes or those who need to be made aware of dietary or medical needs;
- To provide educational services in the context of any special educational needs of a student;
- To provide spiritual education in the context of any religious beliefs;
- In connection with employment of its staff, for example DBS checks, welfare, union membership or pension plans;
- As part of any Charity or external complaints, disciplinary or investigation process that involves such data, for example if there are SEN, health or safeguarding
- For legal and regulatory purposes (for example child protection, diversity monitoring and health and safety) and to comply with its legal obligations and duties of care.
Types of personal data processed by the Charity
These will include by way of example:
- names, addresses, telephone numbers, e-mail addresses and other contact details;
- bank details and other financial information, e.g. for client billing, invoicing and paying salaries;
- past, present and prospective client, customer, staff and beneficiaries’ records (including information about any special needs);
- personnel files, including in connection with academics, employment or safeguarding;
- where appropriate, information about individuals’ health and welfare, and contact details for their next of kin;
- references given or received by the Charity about students;
- correspondence with and concerning client, customer, staff and beneficiaries’ past and present; and
- images of individuals engaged in the Charity’s activities, and images captured by the Charity in accordance with the Charity’s policy on taking, storing and using images of children and vulnerable individuals.
How the Charity collects data
Generally, the Charity receives personal data from the individual directly. This may be via a form, or in the ordinary course of interaction or communication.
However, in some cases personal data will be supplied the data will be supplied by third parties; or collected from publicly available resources.
Who has access to the personal data and who the Charity shares it with
Occasionally, the Charity will need to share personal information relating to its community with third parties, such as:
- professional advisers (e.g. lawyers, insurers, PR advisers and accountants);
- government authorities (e.g. HMRC, DfE, police or a local authority);
- Fundraisers (e.g. Big Lottery, Children in Need); and
- appropriate regulatory bodies e.g. Charity Commission or the Information Commissioner.
For the most part, personal data collected by the Charity will remain within the Charity and will be processed by appropriate individuals only in accordance with access protocols (i.e. on a ‘need to know’ basis).
Finally, in accordance with Data Protection Law, some of the Charity’s processing activity is carried out on its behalf by third parties, such as IT systems, web developers or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with the Charity’s specific directions.
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. While we strive to keep the information that you supply secure, please be aware that the Internet is not a fully secure medium. We use secure servers for collecting sensitive information.
How long we keep personal data
The Charity will retain personal data securely and only in line with how long it is necessary to keep for a legitimate and lawful reason. Typically, the legal recommendation for how long to keep ordinary personnel files is up to 7 years following departure from the Charity or its programmes. However, incident reports and safeguarding files will need to be kept much longer, in accordance with specific legal requirements.
A limited and reasonable amount of information will be kept for archiving purposes, for example; and even where you have requested we no longer keep in touch with you, we will need to keep a record of the fact in order to fulfil your wishes (called a “suppression record”).
Keeping in touch and supporting the Charity
The TalentEd will use the contact details of staff, tutors, clients and beneficiaries to keep them updated about the activities of the Charity and events of interest, including by sending updates and newsletters, by email and by post. Unless the relevant individual objects, the Charity will also:
- Share personal data, as appropriate, with organisations set up to help establish and maintain relationships with the Charity’s network;
- Contact our networks by post and email in order to promote and raise funds for the Charity.
Should you wish to limit or object to any such use, or would like further information about them, please contact the Data Protection Officer on email@example.com. You always have the right to withdraw consent, where given, or otherwise object to direct marketing or fundraising.
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device; for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
These pieces of information are used to improve services for you through, for example:
- enabling a service to recognise your device so you don’t have to give the same information several times during one task;
- recognising that you may already have given a username and password, so you don’t need to do it for every web page requested;
- measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast.
Cookies do not contain any personal information about you and cannot be used to identify an individual user. If you choose not to accept the cookie, this will not affect your access to most of facilities available on our website.
All computers have the ability to decline cookies. You can easily decline or remove cookies from your computer using the settings within the Internet Options section in your browser control panel.
Rights of access
Individuals have various rights under Data Protection Law to access and understand personal data about them held by the Charity, and in some cases ask for it to be erased or amended or have it transferred to others, or for the Charity to stop processing it – but subject to certain exemptions and limitations.
Any individual wishing to access or amend their personal data or wishing it to be transferred to another person or organisation, or who has some other objection to how their personal data is used, should put their request in writing to the relevant person.
The Charity will endeavour to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time-limits.
The Charity will be better able to respond quickly to smaller, targeted requests for information. If the request for information is manifestly excessive or similar to previous requests, the Charity may ask you to reconsider, or require a proportionate fee (but only where Data Protection Law allows it).
Right of removal
Under the DPA, an individual has limited right to request personal data is erased. For example, where processing causes unwarranted and substantial damage or distress. Under GDPR, the right to be forgotten enables an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
If you wish to have data erased a request should be submitted in writing to the Data Protection Officer at firstname.lastname@example.org. Where records are removed, the Charity shall retain basic information in the form to demonstrate a record of its suppression requests.
Requests that cannot be fulfilled
You should be aware that the right of access is limited to your own personal data, and certain data is exempt from the right of access. This will include information which
identifies other individuals, or information which is subject to legal privilege.
You may have heard of the “right to be forgotten”. However, we will sometimes have compelling reasons to refuse specific requests to amend, delete or stop processing your personal data: for example, a legal requirement, or where it falls within a legitimate interest identified in this Privacy Notice. All such requests will be considered on their own merits.