This policy sets out the basis on which any personal data we collect from all data subjects will be processed and treated by the company. It also sets out the rules from the Data Protection Act 1998 (the Act) governing the handling of all data which is lawfully collected, used, stored or disclosed. There are various ways in which data can be collected from company’s stakeholders, visitors, staff and customers; all of these fall within the remit of the ICS Learn Data Protection Policy.
For the purposes of the Act, the data controller is International Correspondence Schools Limited (Company Number SC434382) of Breckenridge House, 274 Sauchiehall Street, Glasgow, G2 3EH.
The application of this policy will ensure that all personal and sensitive data collected irrespective of how it is collected or who it belongs to, is handled in the appropriate manner and the privacy of all parties to who the data belongs is protected even where disclosure is lawfully permitted or required. The Policy also aims to fulfil Expectation 17 of the Quality Enhancement and Performance Framework by ensuring that appropriate data is collected at the Teaching and Learning stage of the student journey and it is analysed in order to continually enhance learning opportunities.
2.1.1 Information Provided to ICS Learn: This information may be given by filling out enquiry forms on the ICS Learn website, or by correspondence done by phone, email or otherwise. It could also be information provided when contact is made with the Student Services team to report a problem or resolve a query. Such information may include name, address, email address, phone number, financial and credit card information.
Information provided to ICS Learn also includes coursework and assessment submissions, which are all personal data, made by learners during the teaching and learning stage of their student journey.
2.1.2 Information collected by ICS Learn: With regard to each visit to the ICS Learn website, the following information may be automatically collected.
- Technical information which included the IP Address used by the third party to connect the computer to the internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- Information about the visit to the website including the full Uniform Resource Locators (URL) clickstream to, through and from the ICS Learn site (including date and time); products viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
2.1.3 Information received from other sources: ICS Learn may receive information about visitors if any of the other websites we operate or services we provide are used. The company works closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information from them.
3. Policy Statements
- Coursework and assessment submissions made to ICS Learn during the teaching and learning stage of the learner’s journey will only be shared securely based on the terms of agreement, with the approved stakeholders such as a designated person or department in the applicable Awarding Organisation.
- Personal data or information collected through any of the ways described above shall be processed fairly and lawfully. The data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are collected or processed.
- Personal data shall be accurate and where necessary kept up to date.
- Personal data processed for any purpose or purposes shall not be kept longer than is necessary for that purpose or those purposes.
- ICS Learn shall take appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction or damage to, personal data.
- Personal data collected shall not be transferred to a country or territory outside of the European Economic area unless that country or territory ensures an adequate level of protection for the rights and freedom of data subjects in relation to the processing of personal data.
- Personal data shall be processed in accordance with the rights of data subjects under this act.
Information held about visitors to our website and our learners or other external stakeholders will be used in the following ways:
- to carry out our obligations arising from any contracts entered into between data subjects and ICS Learn, to provide them with the information, products and services that is requested from us. This includes the dissemination of exam, coursework or other assessment results and certificates of completion;
- to provide data subjects with information about other goods and services we offer that are similar to those that they have already purchased or enquired about;
- to provide data subjects, or permit selected third parties to provide them with information about goods or services we feel may interest them. If a data subject is an existing customer, we will only contact them by electronic means with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to them. Where we permit selected third parties to use data belonging to data subjects that are new customers, they will only be contacted by electronic means if they have consented to this. Data subjects who do not wish for their data to be used in this way or passed on to third parties for marketing purposes must tick the relevant box in the forms used to collect the relevant data.
- to notify all data subjects about changes to our service;
- to ensure that content from our site is presented in the most effective manner for data subjects and their computers.
Disclosure of Information
We may share personal information, including coursework and assessment submissions from data subjects with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. We may share information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or data subjects. Business partners also includes the various Awarding Organisations we work with.
- Advertisers and advertising networks that require the data to select and serve relevant adverts to data subjects and others. ICS Learn will not disclose information about identifiable individuals to our advertisers, but they might be provided with aggregate information about our users. Such aggregate information may also be used to help advertisers. We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
- Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
Storage of Data
The data collected by ICS Learn from data subjects and other stakeholders may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of orders, the processing of payment details and the provision of support services such as examination proctoring or software support.
By submitting their personal data, all data subjects and other stakeholders agree to this transfer, storing or processing. ICS Learn will take all steps reasonably necessary to ensure that all data is treated securely and in accordance with this policy.
All information provided to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology and where a password has been chosen to access certain parts of our sites, all data subjects and external stakeholders are responsible for keeping chosen passwords confidential. Passwords must not be shared with anyone.
The transmission of information via the internet is not completely secure and although all due diligence will be carried out to protect all personal data, we are unable to guarantee the security of any data transmitted to our sites and any transmission is done at the risk of the data subjects or stakeholders.
Once data and other information is received by ICS Learn, strict procedures and security features will be used to try to prevent unauthorised access.
All data subjects and external stakeholders have the right to ask us not to process their personal data for marketing purposes. ICS Learn will usually signify before the data is collected, if it is intended to be used for such purposes or if it is intended to be disclosed to any third party for such purposes.
Data subjects and other stakeholders can exercise their right to prevent such processing by checking certain boxes on the forms we use to collect data. Alternatively, ICS Learn can be notified by sending an email to firstname.lastname@example.org.
Access to Information
The Act gives all data subjects and stakeholders the right to access information held about them. This right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing details of the information held about the applicant.
4. Roles and Responsibilities
All ICS Learn staff, both permanent and freelance must:
- Read and understand this policy document;
- Read, understand and abide by the data protection statements above;
- Understand how to conform to the standard expected in relation to safeguarding data subjects’ rights under the Data Protection Act 1998;
- Understand what is meant by “sensitive personal data” and know how to handle such data;
- Refer to this document if in any doubt and not to jeopardise individuals’ rights or risk a contravention of the Act.
5. Associated or Related Documents
This policy document will be applied in conjunction with the following documents:
- Data Protection Act 1998
- UK Companies Act 2006
- ICS Quality Enhancement and Performance Framework
Data Subjects: Data Subject is a living individual to whom personal data relates.
SSL Technology: Secure Sockets Layer is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook).
Quality Enhancement and Performance Framework: The Framework defines all quality standards and expectations which the company intends to meet and fulfil within the student journey. The Framework is used to define quality standards and benchmark our performance to it.