1.1 Who we are
Transcend is a transformational awarding organisation regulated in England by Ofqual. This status enables us to engage, educate and empower people though globally recognised solutions. Our products and services are uniquely designed to drive sustainable value through industry participation, performance and professionalisation.
We operate with integrity in the achievement of our vision. In doing so, we inspire trust and operate with transparency, complying with all relevant legislation and regulation.
1.2 Our scope and responsibilities
This Notice is published to enable our compliance with legal, regulatory and ethical duties. In doing so, we protect the privacy and security of your personal data. This Notice is reviewed and updated in line with our standard review cycle.
>
Responsibilities of committees |
Responsibilities of staff |
||
Transcend Governing Body |
Policy oversight |
Transcend Chief Executive Officer |
Policy development and deployment |
Transcend Strategy and Standards Committee |
Policy management |
Transcend Chief Technology Officer |
Data Protection Officer |
Violations to this Notice should be communicated to the Transcend Service Team. Allegations and reports of data breach will be managed without bias and corrective action will be taken in accordance with GDPR to prevent, mitigate, or manage any adverse effects to individuals’ rights and freedom.
1.3 Our duty to data protection and privacy
The General Data Protection Regulation 2018 outlines how organisations process personal data, which includes the collection, handling, sharing, secure storing and disposal of personal information. This Notice outlines how will we adhere to each of the six GDPR principles. When processing your personal data we ensure that all necessary safeguards are integrated in to our processes and we act in accordance with the six data protection principles:
- Lawfulness, fairness and transparency – your data will be processed lawfully, fairly and transparently
- Purpose limitation - your data will be collected for specified, explicit and legitimate purposes
- Data minimisation - your data will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Accuracy - your data will be accurate and, where necessary kept up to date
- Storage limitation - your data will be kept for no longer than is necessary.
- Integrity and confidentiality - your data will be processed in a manner that ensures appropriate security.
We are required to collect and process certain personal data in support of our objective as an awarding organisation. This can include our learners, recognised centres, their workforce, our partners, external quality assurers, consultants, job applicants and other individuals that we have a relationship with, will have a relationship with or may have a need to contact (“data subjects”).
This Notice contains important information about your personal rights to privacy and the data we collect. Please read it carefully to understand how we use your personal information. The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services or your interaction with us may be impaired and we may not be able to provide the solution you desire without this information. For example, you will be unable to take an assessment or receive a product should we be unable to obtain your personal information in preparation for this.
GDPR also stipulates a Data Protection Officer must be appointed to ensure Transcend adheres to the highest standards of data protection. Transcend has appointed the Head of ΙΤ to the role of Data Protection Officer.
1.4 Your rights
We determine the means for processing and at the time of the processing itself we act with integrity and transparency. In doing this, we recognise your rights, which include:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object to processing
- rights in relation to automated decision making and profiling.
You can exercise your rights, including the handling of Data Subject Access Requests (DSAR) and report any cases relating to the processing of your personal data to our Data Protection Officer.
1.5 Processing your personal data under the lawful conditions
The GDPR requires us to rely on one or more lawful conditions to use your personal information. We consider the grounds listed below to be relevant:
- We will only process your personal data after we have obtained your consent.
- Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, to provide you with a certificate after successful course completion).
- Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal information with regulatory bodies which govern our work and services).
- Where necessary so that we can protect the vital interests of the data subject or of another person
- Where necessary so that we can perform a public task in order to act in the public interest or exercise our official authority
- Where there is a legitimate interest in us doing so and only in cases where our actions do not over-ride the rights and freedoms of the affected individual, and in particular a child.
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights as an individual).
In broad terms, our “legitimate interests” means the interests of running of our awarding organisation as a commercial entity and ensuring that appropriate levels of certified awards are granted to candidates in line with our standards.
When we process your personal information to achieve such legitimate interests, we consider and assess any potential impact on you (both positive and negative), and on your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
1.6 Personal data - how we collect your information
We collect personal information when we receive it from you directly. This may include the personal information that you give to us when you communicate with us by email, phone, letter or submission of information.
We collect personal information when we obtain it indirectly from an organisation. This may include your registration information shared by a recognised centre after you have registered on a course in relation to a product provided by Transcend.
We collect personal information when your information is available publicly. This may include social media accounts.
We collect personal information when you visit our website, including:
- Technical information, including the internet protocol (IP) address used to connect your device to the internet
- Information about your visit to the website, including the uniform resource locator (URL)
- Browser version, pages of our Service that you visit
- The time and date of your visit, the time spent on those pages, and other statistics.
Security
We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
We collect personal information when you visit our premises. This may include, for example, where CCTV is used on our premises or in the instances when you are required to ‘sign-in’ at the reception desk.
Links to Other Sites
Our Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
1.7 Service Providers
We may employ third-party companies and individuals due to the following reasons:
- To facilitate our Service;
- To provide the Service on our behalf;
- To perform Service-related services; or
- To assist us in analysing how our Service is used.
We want to inform our Service users that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
We collect and use your personal information by using cookies on our website. Please read the Transcend Website Cookie Policy for further information.
Personal data – what information we process
Data protection law is all about protecting your personal data, which constitutes the information that identifies a person as a data subject. This will vary based on the nature of your relationship with Transcend. Examples of personal data that we collect includes:
- Your name and contact details (postal address, telephone number, email address and emergency contact details, where applicable)
- Your date of birth, gender and nationality
- Your identification number (this may include photographs)
- Your financial information (bank/credit/debit card details)
- Your online identifier for computer or mobile device (information on your IP address, cookies, geographical location)
- Your learner identifier (learner registration number, Unique Learner Number)
- Details on medical/health information (reasonable adjustments/special considerations, data of sickness or absence)
Personal data - Special Categories
Data protection law is all about protecting personal data, which constitutes the information that identifies a person as a data subject. A document, file or image, which could be used to identify a person or could be used in combination with other information to identify them, constitutes personal data. This applies even if the information doesn’t include the individual’s name.
There are special categories of personal information, which are classed as sensitive and therefore worthy of more protection. This may include, for example, information about personal data concerning health, racial or ethnic origin, sexual orientation, political opinions, philosophical or religious beliefs, trade union membership, biometric/genetic data.
In specific instances, we may be required to process this type of information for reasonable adjustments, special considerations and/or statistical purposes in response to data requests from our regulators. We will only process these special categories of data for the stated purpose with lawfulness, integrity and transparency.
As part of our standard process for conducting relevant Criminal Records Bureau (CRB) checks we are required to process criminal offence data, which may include criminal activity, allegations, investigations, and proceedings. This will be processed with extra protection and only in relation to the specified lawful condition.
Personal Information of children
In cases where we need to process children’s personal information, we will not do so without their consent where we require it or, where required, the consent of a parent/ guardian. We will always have in place appropriate safeguards to ensure that children’s personal information is stored safely and securely.
Personal data - how we use your information
Your personal information, however lawfully it is obtained, will be used for the purposes specified in this Notice in order to support our business function. We may use your data for one of the followings:
- to register you as a learner in order to take part in learning and assessment
- to conduct assessment
- to issue product results and certificates
- to carry out surveys, reviews, appeals or investigations
- to provide you with services, products or solutions, or to provide you with the information on these services, products or solutions
- to communicate as necessary with relevant third parties
- to provide further information about our relevant products, where necessary
- to manage relationships with our technical partners, suppliers, industry representatives, partners and regulators
- to audit and/or administer our accounts
- to analyse trends and conduct self-assessment
- to satisfy legal obligations
- for the prevention of fraud or misuse of services
- for the establishment, defence and/or enforcement of legal claims
- to notify you about changes to our services
- to communicate with you, for example, in response to enquiries and/or requests
We are committed to meeting the highest standards of data protection in order to provide the best service to our contacts. We will tell our contacts exactly how we will use and store their data, not use it for any purpose other than the ones we have consent for and take all reasonable steps to ensure their data is stored and transferred securely.
Tailored Records
We may also analyse your personal information to create a tailored record of your interests and preferences based on the information available to Transcend, which you or the recognised centre to which you are registered have provided. This allows us to ensure communications are relevant and timely, to contact you in the most appropriate and relevant way. If you would prefer us not to use your personal information for this purpose, please contact: services@transcendawards.com
Supporter research
We may also analyse your personal information to create a record of your interests and preferences. This allows us to ensure communications are relevant and timely, to contact you in the most appropriate and relevant way and in general to provide you with an improved user experience. It also helps us to understand the background of our supporters, so that we can make appropriate requests to those who may be willing and able to give more than they already do, enabling us to raise funds and help beneficiaries sooner and more cost-effectively. If you would prefer us not to use your personal information for supporter research, please let us know by contacting the data controller via services@transcendawards.com
Communications for marketing/promotional purposes
We may use your contact details to provide you with information about our work, events, services and/or activities which we consider may be of interest to you (for example, about other certified awards we offer or training/learning providers we work with).
Where we do this via email, SMS or telephone (where you are registered with the Telephone Preference Service), we will not do so without your prior consent (unless allowed to do so via applicable law).
Where you have provided us with your consent previously but do not wish to be contacted by us about our work, events, services and/or activities in the future, please let us know by email at services@transcendawards.com .
Payments
When you use our secure online payment function you will be directed to a specialist payment services provider who will receive your financial information to process the transaction. We will not directly store your financial details as needed for these transactions. We will provide your personal information to the payment services provider only to the extent necessary for the purpose of processing your payment.
Sharing your personal information
We do not share, sell or rent your personal information to third parties for marketing purposes. However, in general we may disclose your personal information to selected third parties in order to achieve the purposes set out in this Notice. These parties may include (but are not limited to):
- recognised centres that act as our training providers/learning providers
- individual assessors
- educational authorities such as Department for Education, HESA, UCAS, ESFA and the Learning Records Service
- local authorities and other public bodies responsible for education
- other educational establishments/prospective employers (for example if a reference is sought)
- suppliers and sub-contractors for the performance of any contract we enter into with them (IT service providers such as website hosts or cloud storage providers)
- parties assisting us with research to monitor the impact/effectiveness of our work, events, services and activities
- authorities such as the police when sharing data in relation to malpractice cases linked to fraud
- regulatory bodies who govern our work, such as Ofqual
- professional service providers such as accountants and lawyers
In particular, we reserve the right to disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we will disclose your personal information to the (prospective) seller or buyer of such business or assets
- if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets
- if we are under any legal or regulatory duty to do so
- to protect the rights, property or safety of Transcend, its personnel, users, visitors or others.
Please note that any third parties’ use of your personal data will be governed by their own privacy policies and give rise to separate obligations under applicable data.
Transferring your data to third countries or international organisations
As a UK-based organisation that operates internationally we are required to adhere by the UK and EU GDPR legislation. There may be instances where we use partners, agencies and/or suppliers to process personal information on our behalf, and as such your personal information will be transferred to a location outside the UK and the European Economic Area (EEA), for example the United States.
Some countries outside of the UK and EEA may have a lower standard of data protection, including lower security requirements and fewer rights for individuals. Where your personal data is transferred and/or processed in a country outside the UK and EEA, which does not offer an equivalent standard of protection to the EEA, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards. This may involve an International Data Transfer agreement as stipulated by the GDPR and is designed to protect your personal data.
Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure. Once we have received your personal information, we use strict procedures and secure technical measures to try and prevent unauthorised access.
Retaining your personal information
In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove your personal information from our records seven years after the date it was collected. However, we will remove your data from our records at the relevant time if:
- your personal information is no longer required in connection with such purpose(s),
- we are no longer lawfully entitled to process it or
- you validly exercise your right of erasure.
If you request to receive no further contact from us, we may keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.
Exercising your rights
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing or fundraising purposes or to unsubscribe from our email list at any time. You also have the following rights:
- Right of access – you can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.
- Right of erasure – at your request we will delete your personal information from our records as far as we are required to do so. In many cases we would propose to suppress further communications with you, rather than delete it.
- Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/up to date.
- Right to restrict processing – you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.
- Right to object – you have the right to object to processing where we are (i) processing your personal information based on our legitimate interests, (ii) using your personal information for direct marketing or (iii) using your information for statistical purposes.
- Right to data portability – to the extent required by the GDPR, where we are processing your personal information (that you have provided to us) either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact, and in either case we are processing using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you – or another service provider – in a machine-readable format.
- Rights related to automated decision-making – you have the right not to be subject to a decision based solely on automated processing of your personal information, which produces legal or similarly significant effects on you, unless such a decision (i) is necessary to enter into/perform a contract between you and us/another organisation; (ii) is authorised by EU or Member State law to which Transcend is subject (as long as that law offers you sufficient protection); or (iii) is based on your explicit consent.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you contact us. We encourage you to raise any concerns or complaints you have about the way we use your personal information by contacting us.
Escalation
You are further entitled to make a complaint to the Information Commissioner’s Office – www.ico.org.uk. For further information on how to exercise this right, please contact us using the details below. Please let us know if you have any questions or concerns about this notice or about the way in which we process your personal information by contacting us at the channels below.
Email: security@transcendawards.com
Telephone: 01953 438499
Post: Transcend Awards Limited, Robin Park Arena, Robin Park, Wigan, England, WN5 OUH