Privacy policy


This page explains what we do with the personal information you provide us.

General

From time to time you will be asked to tell us personal information about yourself (e.g. name and email address etc.) in order to become a customer of Training 2000. At the point of collecting the information we aim to clearly explain what it is going to be used for and who we may share it with. Unless required or permitted by law, we will always ask you before we use it for any other reason. We would only use it for marketing with your prior consent.

Any sensitive personal information will never be supplied to anyone outside Training 2000 without first obtaining your consent, unless required or permitted by law. We comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), including removing your personal information from our systems when it is no longer required and ensuring that all personal information supplied is held securely.

Whenever you provide such personal information, we will treat that information in accordance with this statement, current legislation and our Data Protection Registration (Registration Number: Z8105915). We also aim to meet current best practice.

Individuals whose personal information Training 2000 holds have certain rights under the law. More information can be found on the Information Commissioner’s website.


How Training 2000 uses your information

Training 2000 uses information you provided on your booking form, as well as any supporting documents obtained as part of the admissions or booking process. We also collect and use information you provide during enrolment, including information about any disabilities or long-term health conditions you inform us about. As you progress through your course, we will collect and use a variety of other information to assist you with your studies, maintain records about your studies and achievements, finance and about your use of the facilities and services that we offer. Most of this information is usually collected from you directly during your time at Training 2000.

The information we collect may include the following:

  • name
  • contact information including email address
  • demographic information such as postcode
  • information about your qualifications, skills and experience
  • other information relevant to customer surveys and/or offers.

Sensitive personal information you provide (e.g. disability or ethnicity) may be used by Training 2000 for the purposes of equality of opportunity, support for your studies and to minimise risk. It may also be used anonymously for statistical purposes. Training 2000 will ask your permission before sharing sensitive information with other organisations, unless the sharing is permitted by law and necessary.


The legal basis for collecting the information

Most of the information on the form is collected for your booking on the course or is required by law. You must provide it in order to enrol at Training 2000.


Parents, carers and guardians

Under the GDPR (General Data Protection Regulation), young people aged 13 and over can decide for themselves and give consent for the processing of their personal information. Parental consent is not required. There may be exceptions in regards of learners with severe learning difficulties and those who are otherwise unable to decide for themselves.

Training 2000 has found that it is very beneficial to the young person’s progress as a learner if Training 2000 is able to engage with the parents (or guardian/carer) of learners aged under 18. Therefore it is very important that we have the parents’ details recorded on our systems.

When a learner is in Further Education, parents/carers/guardians (or any other third party) are not automatically entitled to the learner’s information. We can only release information about our learners if we have their consent for this recorded on Training 2000 system. Learners can also inform Training 2000 later on who we may discuss with their learning matters with. Learners may withdraw their consent the same way which they gave it.

In general, we can only share information if we have the person’s consent, or there is a particular piece of legislation or agreement allowing us to share it without consent.


Your rights: Subject Access Request:

Under the General Data Protection Regulations (GDPR) you have the right to make a subject access request (SAR) and to obtain copies of records and files relating to you held by Training 2000. If you wish to make a SAR then please complete our SAR form or email dpo@t2000.co.uk details of the information you require. Training 2000 has a month to reply to you unless your request is complex or there are a number of requests, in which case the deadline can be extended by a further two months, but Training 2000 will contact you within a month of receipt of the SAR, explaining why an extension is necessary. There is ordinarily no charge for making a SAR.


Right to erasure

The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.


When does the right to erasure apply?

The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances:

Under the GDPR, this right is not limited to processing that causes unwarranted and substantial damage or distress. However, if the processing does cause damage or distress, this is likely to make the case for erasure stronger.


When can Training 2000 refuse to comply with a request for erasure?

We can refuse to comply with a request for erasure where the personal data is processed for the following reasons:

  • to comply with a legal obligation;
  • for the performance of a task carried out in the public interest or in the exercise of official authority;
  • for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
  • for the establishment, exercise or defence of legal claims.
  • Data Portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability


The right to data portability only applies:

Where a relevant request is made by you to Training 2000 we will facilitate your request as soon as possible, and in no longer than one month.


How Long We Keep Your Data

We will only keep your personal data for so long as is required to fulfil the purpose(s) for which it was collected unless there are other legal requirements or it is necessary for us to keep it for our own business continuity.

If you want more details about our specific retention periods, please contact our Data Protection Team at dpo@t2000.co.uk.


How We Keep Your Data Secure:

We will never give or sell your data to anyone else, nor will we make use of it except as described above. Your data is stored on our secure server, which is properly protected by the use of firewalls and other data security systems. Further, access to your data is restricted, with access to learner data restricted.


Websites and Cookies

This section applies to anyone accessing the Training 2000 website: A cookie is a small file, typically of letters and numbers, downloaded on to your device (e.g. your PC) when you access Training 2000 website. Cookies allow the website to recognise your device and so distinguish between the different users that access the site.

Session cookies will remember your selections as you browse the site. These cookies are for the browsing session and not stored long term. No personal information is collected by these cookies.

Google Analytics cookies help us to make the website better for you by providing us with user statistics, for example: which pages are the most visited; how a user navigates the site. No personal information is collected by these cookies.

To find out more about cookies and what cookies might be stored on your device, visit aboutcookies.org.uk or allaboutcookies.org

During the course of your study you may be asked to use third party websites or services or access linked content (eg. Youtube) which may collect personal data about you. That site’s own privacy notice will explain you how they use your data.


Responsibilities

Training 2000 is a data controller under the Data Protection Act and the Board of Trustees is ultimately responsible for implementation. The designated data controller who is appointed to ensure compliance with the Act is the Director of Business and Educational Standards; and appointed to deal with day-to-day matters are the Business Assurance Manager.


Further information

If you have any questions about Data Protection at Training 2000, please contact: dpo@t2000.co.uk Data Protection Team Training 2000 Blackburn Headquarters Furthergate Business Park Harwood Street, Blackburn, Lancashire, BB1 3BD

If you have a data protection concern that cannot or has not been resolved by Training 2000, you have the right to raise it with the Information Commissioner’s Office.