Introduction
SAIGE is committed to a policy of protecting the rights and freedoms of individuals concerning the processing of their personal information. The organisation needs to collect and use certain types of information about centre staff, learners, employees and other individuals (data subjects) who work with SAIGE or come into contact with it. This information will be obtained for a relevant purpose and will be collected and retained to meet that purpose. It will be dealt with appropriately however it is collected, recorded and used; whether on paper, electronic or recorded on other material and it will be safeguarded to ensure we comply with relevant legislation. The information will not be held longer than is necessary. SAIGE regards the lawful and correct treatment of personal information as a priority and therefore it will ensure that this information is treated correctly. SAIGE will process and control such information primarily for recruitment, attendance, assessment, certification, personnel, marketing, administrative and payroll purposes.
Scope
This policy applies to all stakeholders of SAIGE.
This policy does not form part of the formal employment contract nor a centre contract with SAIGE, but it is a condition of both that the rules and policies made by SAIGE will be complied with. Any failure to comply with this policy will be dealt with formally.
All employees, participants and other data subjects are entitled to:
- Know what information the centre holds and processes about them and why
- Know how to gain access to it
- Know how to keep it up to date
- Know what the centre is doing to comply with its legal obligations
Implementation of the Policy
Data Security
All employees and associates are responsible for ensuring that:
- Any personal data which they hold is kept and disposed of securely
- Personal information is not disclosed either orally, in writing or accidentally or otherwise to any unauthorised third party
- Employees and associates should note that unauthorised disclosure will usually be dealt with formally.
- Personal information must be: Kept in a locked office, filing cabinet or drawer
- Password protected when stored on a computer
- Secure if it is held on a portable device
Unauthorised Access
Any employee, associate, participant or another stakeholder who deliberately gains or attempts to gain unauthorised access to personal data on any data subject or discloses such data to any third party will be dealt with formally by SAIGE procedures.
Participant Obligations
Participants must ensure that all personal data provided to SAIGE is accurate and up-to-date.
Rights of Access to Information
Employees, learners and other data subjects have the right of access to any personal data that is being kept about them either electronically or in other files.
Certain disclosures may be made without consent so long as the information is requested by an appropriate Government or regulatory authority for one or more of the following purposes (requests must be supported by appropriate paperwork):
- to safeguard national security
- prevention or detection of crime including the apprehension or prosecution of offenders
- assessment or collection of tax duty
- discharge of regulatory functions (includes health, safety and welfare of persons at work)
- to prevent serious harm to a third party
- to protect the vital interests of the individual, this refers to life and death situations
Retention of data
SAIGE will not hold data longer than is necessary. Information about participants will be retained for 4 years after the date when they finish studying with SAIGE. This will include the results of the qualifications studied and any references provided. Information about staff will be retained for at least six years after they leave SAIGE. However, some information will be held for a longer period, for example, data which relates to tax or pensions and any references provided.
Conclusion
Any stakeholders who wish to clarify the contents of this policy should speak to the Chief Executive of SAIGE Anyone who considers that this policy has not been followed in respect of personal data about themselves or about other data subjects can raise the matter, using the SAIGE’s formal complaints procedure.