Pure Training Solutions
Pure Training Solutions has created this document to demonstrate its commitment to data privacy and its alignment to the requirements of the Data Protection Act 1998 and, in substitution from 25 May 2018, the General Data Protection Regulation 2018 (“GDPR”) in respect of handling and processing personal data.
Pure Training Solutions is registered with the UK Information Commissioner’s Office as a Data Controller and Data Processor. (Registration Number Z8120816)
Data Received from Customers
Pure Training Solutions will collect and process data that is provided to us. Personal data may be included from existing customers, businesses, organisations, learners, tutors, assessors, internal and external quality assurance personnel. It is important that policies and procedures set out how Pure Training Solutions will use their data and with whom it could potentially be shared.
By adding an individual’s personal data to Pure Training Solutions systems, or by sending personal data via email or by other methods to Pure Training Solutions, you give consent to us processing the data and you confirm that you have obtained the appropriate consent from the relevant individuals for the personal data to be processed by Pure Training Solutions. This also applies where an individual customer supplies personal data for enrolling onto teaching and learning programmes, exams, assessments or to be kept informed of courses and centre updates to include; progression courses, changes to course or qualification standards / learning outcomes or other course related legitimate reasons.
Pure Training Solutions will retain this data for the legitimate processing of the customer details and for a period of not more than 3 years thereafter unless requested otherwise by the customer.
We will use customer personal data for delivering teaching and learning programmes, administering exams and assessments, registering candidates with awarding bodies, forwarding of exam and assessment results and certificates, promoting courses, satisfying the requirements if external funding agencies and legitimate partner Colleges and organisations. All data will be held securely on our systems for not more than 3 years unless requested otherwise. We are required by various awarding bodies to retain learner details for a period of 3 years from the end date of their course. Pure Training Solutions will review annually any incomplete customer details and securely destroy or deleted from electronic systems.
Customer personal data will be required by Pure Training Solutions when enrolling onto courses, work-based learning, awards or exams. The personal data is usually limited to the details required for Pure Training Solutions to deliver training, assessment and examinations in line with external awarding body requirements. These details will include a learner’s name, date of birth, gender and qualification awarded. For certain qualifications, such as those within the security industry, data held will include photo images and signatures in line with the Security Industry Authority’s (“SIA”) requirements.
In line with our regulatory requirements, basic learner data will be held by Pure Training Solutions for not more than 3 years.
Personal data captured as part of a quality visit (such as video evidence of training) will be used for the purpose and outcomes of the visit, and then destroyed or deleted.
Learners may also contact Pure Training Solutions to request certificate replacements. In these circumstances, a record of a learner’s address is taken so that the certificate can be sent. This is held on file for a maximum of 3 years before it is destroyed or deleted.
Existing Customer, Business & Organisations or Authorised Personnel
Existing Customers, Business, organisations and / or authorised personnel that procure teaching and learning activities from Pure Training Solutions may need to supply Pure Training Solutions with the following details:
names, email addresses, telephone numbers, billing information.
information about other personnel and contacts for the centre. For example, organisational charts, health and safety and other policies that may include personal data.
It is important that you seek permission from third parties if you provide their personal data to us. We may use the business and organisational contact’s personal data for the function of: communicating activities between Pure Training Solutions and business and organisational contacts. For example, to inform the business or organisational contact of course or exam results and to send certificates.
identifying relevant people with whom we should communicate to plan and undertake off site training, assessment and / or examination activity.
communicating regulatory changes and updates, and, if permitted, marketing Pure Training Solutions products or services.
Purchasing and the delivery of goods and products.
The existing customer, business or organisational contact’s details will be retained for as long as Pure Training Solutions provide a service to a business or organisation. If a business or organisational contact leaves the organisation, it is the organisation’s responsibility to inform Pure Training Solutions so that personal details and accounts can be disabled and removed.
Tutors, Assessors, and Internal Quality Assurance (IQA)
Tutors, assessors, and quality assurance staff provide Pure Training Solutions with information about their experience and qualifications that confirm their ability to teach in line with the requirements of external awarding bodies. As such, Pure Training Solutions may hold a substantial set of personal details about a tutor, assessor or other staff. These may include:
names, email addresses, telephone numbers and other contact information
teaching and training qualification certificates
proof of professional qualifications
employment history and training experience
This data is required for regulatory purposes to ensure that we meet the necessary conditions of the Awarding Body.
It is important that our customers seek permission from staff members before providing us with their personal data.
This data remains on Pure Training Solutions systems for as long as the individuals continue to be a tutor, assessor or IQA for Pure Training Solutions. If a tutor, assessor or IQA requires their personal data to be removed from Pure Training Solutions systems because they are no longer fulfilling the role, they need to inform Pure Training Solutions so that relevant data can be removed from the systems.
Other than as set out in the next paragraph, we will never distribute or share personal data that is held on our system with any third parties other than Pure Training Solutions employees, consultants and sub-contractors.
We may share personal data with regulatory bodies in respect of:
security qualifications: learners’ details, including photo ID and signatures, will be provided to the SIA
the national Learning Record Service (“LRS”) – where unique learner numbers (ULNs) have been provided, learners’ and qualification data is shared with the LRS
investigations carried out by regulatory bodies
Pure Training Solutions has a number of suppliers of services where personal data is shared including but not limited to:
On-screen assessment provider used for some end of course assessment or exam requirements
Pension provider for the administration of the corporate pension scheme
Further information regarding specific companies can be provided on request.
Pure Training Solutions maintains a marketing database that contains the basic details of individuals who have consented to Pure Training Solutions sending information about products, qualifications, events or services to them via email. You can opt out by sending a request specifying your new choice to GDPR@puretrainingsolutions.org.uk
External Consultants, IQA’s, SMEs & Suppliers
Pure Training Solutions engages the services of external freelance consultants and suppliers for various purposes within the company.
It is necessary to obtain and retain personal data for the fulfilment of contracts. Data including but not limited to: names, addresses, contact details, professional qualifications, identification documents, bank details – will be held on Pure Training Solution finance software.
Contracts are reviewed annually, and inactive partnerships deleted from systems.
It is necessary to share bank details with our bankers to make payments for services, Pure Training Solutions will always make sure that the details are only processed using secure banking systems.
Pure Training Solutions will never share this information elsewhere, outside of the company unless required to do so by a regulatory or legal authority.
Pure Training Solutions will only process and hold staff data for the legitimate purpose of employment.
Personal data including name, address, contact details, NI number, date of birth, bank details, employment history, medical history, next of kin contact details is stored and processed on the Pure Training Solutions payroll system and will be held for the duration of the employment.
On leaving the company all data will be removed from systems and personnel files and be archived for a period of 3 years before being securely destroyed. PAYE information will be held on Sage 50 payroll for 6 years after as required by HMRC.
CVs and interview notes will be held for 6 months after the recruitment of a role before being securely destroyed or deleted. Data for successful candidates will be stored with employment data.
Prospective CVs will be considered on receipt, shared with internal departments and destroyed should no suitable vacancies be available. Pure Training Solutions does not store prospective CVs.
References will be requested from former employers as part of employment terms. Factual references for former staff will only be provided on request from future employers, Pure Training Solutions will only state dates of employment and final role. On receipt of financial reference requests, Pure Training Solutions HR staff will seek consent before providing information.
Personal data will be shared with relevant agencies for the appropriate performance of pensions schemes, tax affairs, benefit schemes, insurances, fleet management, illness cover. Staff participation in such services will indicate consent to share required data for the performance of the service.
Pure Training Solutions online systems have security measures in place to help protect against the loss or misuse of any data under our control.
All sensitive information on the website, such as passwords, are encrypted by a proprietary encryption system. All personal data can only be accessed by the relevant end users by way of unique usernames and passwords that must be entered when a user logs in to the systems.
Credit card information is never stored on Pure Training Solutions systems and is only used to authorise specific transactions through Pay Pal card payment authority and then removed. Where credit card data is held (for speed of future payments), this is only held by Pay Pal. Under no circumstances will your credit card information be passed to any other third party.
Where We Store Data
All data in Pure Training Solutions systems is stored on a secure set of servers.
This is in a secure server hosting facility with the necessary environmental, physical, and technical controls in place to ensure unapproved access is prevented.
Pure Training Solutions email data is stored with Microsoft located in EU data centres and follows Microsoft’s standard security and backup processes.
Destruction of Physical Data
Pure Training Solutions employees are trained to destroy all personal data securely. Pure Training Solutions ensures that all paperwork containing personal data securely shredded off site. Certificates are provided to confirm secure shredding.
In the Event of a Data Incidents
In line with our regulatory requirements, Pure Training Solutions has a set of processes for data breach issues and incident management. These processes include the required notifications to be sent to the Information Commissioners Office and to customers. This is reviewed annually and may be subject to change.
The General Data Protection Regulation 2018
Pure Training Solutions has adapted its policies and procedures to ensure it is compliant with the GDPR. This will be reviewed annually and updated as processes are developed.
Under the GDPR, individuals have certain rights when it comes to the control of personal data:
The right to be informed. Individuals have the right to be given information about how their data is being processed and why. Pure Training Solutions has provided this policy to show how we handle your data.
The right of access. Pure Training Solutions has a duty to comply with the requirements of Subject Access Requests (SAR)
The right to rectification. The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete.
The right to be forgotten. You have the right to ask Pure Training Solutions to remove your data.
The right to restrict processing. You may restrict processing for a legitimate reason, we would still have the right to hold that information.
The right to data portability. You may be able to obtain the information we hold about you and use it for your own purposes. Conditions apply.
Should you wish to exercise any of your rights above, please email GDPR@puretrainingsolutions.org.uk stating the following information:
Your Name, Your Contact details, Your Relationship to Subject, Full details of information relating to your request, Reason for request and the right being exercised. You will be asked to verify your identity if you are the subject, alternatively you will be asked to provide consent from the subject if you are a representative.
Should we require further information we will contact you. Your request will be dealt with within 1 month of receipt of your request.