This Privacy Policy sets out how Hagleys Group Ltd uses and protects any information that you give Hagleys Group Ltd when you use this website.
Hagleys Group Ltd is committed to ensuring that your privacy is protected in line with the recent change to legislation associated with the General Data Protection Regulation.
Should we ask you to provide certain information by which you can be identified when using this website; you can then be assured that it will only be used in accordance with this privacy statement and in line with GDPR legislation.
Hagleys Group Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
What we collect
We may collect the following information:
- name and title
- contact information including email address
- demographic information such as postcode, preferences and interests
- other information relevant to customer surveys and/or offers.
We will ask you for your permission to contact you. If you give us permission, we will use email to communicate items that we feel may be of interest to you, including education industry and company information, updates and offers. If you do not wish to receive these communications, you will be given the opportunity to unsubscribe, by clicking on the unsubscribe link at the bottom of each email.
What we do with the information we gather:
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
Internal record keeping
We may use the information to improve our products and services.
We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
How we use Cookies
A cookie is a small non-executable text file that is placed on your computer when you browse a website. Our website uses two kinds of cookies; first party ’session cookies’ which retain information for the duration of your visit, for example if you’re completing more than one form you only need to provide your information once; and first party ‘persistent cookies’ which remain on your computer after your visit and help us monitor what parts of the site you visit so that we can keep improving our website in accordance with your preferences. Our cookies don’t hold any personal or confidential information about you. Most browsers are set to automatically accept cookies.
Links to other websites
This site contains links to other websites. Hagleys Group Ltd is not responsible for the privacy practices or the content of these other websites. Visitors should check the privacy policy statements of these other websites to understand their policies. It is the responsibility of the user to keep their personal information private and confidential.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
- whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
- if you have agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at hr@hagleys.com
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the address below. We will promptly correct any information found to be incorrect.
General Data Protection Regulation (GDPR)
At Hagleys Group Ltd, we recognise that the privacy and security of your data are of paramount importance to you, and rest assured that it is to us as well. In addition to complying with applicable EU and national data privacy and protection laws, we have furthered our commitment to the EU data protection regime by investing in hosting facilities within the UK. However, due to the nature of our global platform, personal data may be transmitted and processed within data facilities located outside of the EEA. Hagleys Group Ltd utilises the European Commission’s Standard Contractual Clauses (also known as “model clauses”) as a lawful method to transfer personal data outside the EEA. By incorporating these model clauses into our Data Processing Addendum (“DPA”), both data controllers (our EU-based customers) and data processors are contractually obligated to certain technical and organisational safeguards relating to the privacy and fundamental rights of data subjects (our EU-based customers’ end users).
Our Commitment
Hagleys Group Ltd is committed to the protection of all personal and sensitive data for which it holds responsibility as the Data Controller and the handling of such data in line with the data protection principles and the Data Protection Act (DPA).
The legal bases for processing data are as follows –
(a) Consent: the student/centre has given clear consent for Hagleys Group Ltd to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for the centre contract or student placement contract.
(c) Legal obligation: the processing is necessary for Hagleys Group Ltd to comply with the law (not including contractual obligations)
The Designated Safeguarding Team members of staff are responsible for data protection. However all must treat all student and centre information in a confidential manner and follow the guidelines as set out in this document.
Hagleys Group Ltd is also committed to ensuring that its staff are aware of data protection policies, legal requirements and adequate training is provided to them.
The requirements of this policy are mandatory for all staff employed by the Hagleys Group Ltd and any third party contracted to provide services within the awarding organisation.
Notification
Our data processing activities will be registered with the Information Commissioner’s Office (ICO) as required of a recognised Data Controller. Details are available from the
Changes to the type of data processing activities being undertaken shall be notified to the ICO and details amended in the register.
Breaches of personal or sensitive data shall be notified within 72 hours to the individual(s) concerned and the ICO.
Personal and Sensitive Data
All data within Hagleys Group Ltd’s control shall be identified as personal, sensitive or both to ensure that it is handled in compliance with legal requirements and access to it does not breach the rights of the individuals to whom it relates.
The definitions of personal and sensitive data shall be as those published by the ICO for guidance:
https://ico.org.uk/for-organisations/guide-to-data-protection/keydefinitions/
The principles of the Data Protection Act shall be applied to all data processed:
- ensure that data is fairly and lawfully processed
- process data only for limited purposes
- ensure that all data processed is adequate, relevant and not excessive
- ensure that data processed is accurate
- not keep data longer than is necessary
- process the data in accordance with the data subject’s rights
- ensure that data is secure
- ensure that data is not transferred to other countries without adequate protection.
Data Security
In order to assure the protection of all data being processed and inform decisions on processing activities, we shall undertake an assessment of the associated risks of proposed processing and equally the impact on an individual’s privacy in holding data related to them.
Risk and impact assessments shall be conducted in accordance with guidance given by the ICO:
- https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/
- https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/
- https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2014/02/privacyimpact-assessments-code-published/
Security of data shall be achieved through the implementation of proportionate physical and technical measures. Nominated staff shall be responsible for the effectiveness of the controls implemented and reporting of their performance.
The security arrangements of any organisation with which data is shared shall also be considered and where required these organisations shall provide evidence of the competence in the security of shared data.
Data Access Requests (Subject Access Requests)
All individuals whose data is held by us, has a legal right to request access to such data or information about what is held. We shall respond to such requests within one month and they should be made in writing. No charge will be applied to process the request.
Personal data about students will not be disclosed to third parties without the consent of the student, unless it is obliged by law.
Location of information and data
Hard copy data, records, personal information are stored out of sight and in a locked cupboard. Sensitive or personal information and data should not be removed from the Hagleys Group Ltd site, however Hagleys Group Ltd acknowledges that some staff may need to transport data between the office and their home in order to access it for work in the evenings and at weekends.
The following guidelines are in place for staff in order to reduce the risk of personal data being compromised:
Paper copies of data or personal information should not be taken off the college site. If these are misplaced they are easily accessed. If there is no way to avoid taking a paper copy of data off the Hagleys Group Ltd site, the information should not be on view in public places, or left unattended under any circumstances.
Unwanted paper copies of data, sensitive information or student files should be shredded. This also applies to handwritten notes if the notes reference any other staff member or student by name.
Care must be taken to ensure that printouts of any personal or sensitive information are not left in printer trays or photocopiers.
If information is being viewed on a PC, staff must ensure that the window and documents are properly shut down before leaving the computer unattended. Sensitive information should not be viewed on public computers.
If it is necessary to transport data away from the site, it should be accessed via the Cloud. Work should be edited from the Cloud and saved onto this only.
These guidelines are clearly communicated to all Hagleys Group Ltd staff, and any person who is found to be intentionally breaching this conduct will be disciplined in line with the seriousness of their misconduct.
Data Disposal
Hagleys Group Ltd recognises that the secure disposal of redundant data is an integral element to compliance with legal requirements and an area of increased risk.
All data held in any form of media (paper, tape, electronic) shall only be passed to a disposal partner with demonstrable competence in providing secure disposal services.
All data shall be destroyed or eradicated to agreed levels meeting recognised national standards, with confirmation at completion of the disposal process. Disposal of IT assets holding data shall be in compliance with ICO guidance:
This statement has been signed and approved by: Hagleys Group Ltd.