Privacy Policy

Introduction

This policy sets out the basis on which any personal data including special category personal data that we collect from you, or that you provide to us, will be processed by us.  Personal data means information about you that may identify you from that data.

This policy applies to Candidates, Learners, Employers and Partners.

This policy ensures Baltic Training meets the Data Protection Principles which require information to be:

  • Handled fairly and lawfully
  • Kept and used for limited purposes
  • Required for good reason
  • Correct and up to date
  • Not kept longer than necessary
  • Handled confidentially
  • Stored securely
  • Not transferred to unapproved countries outside the European Economic Area

Who we are

Baltic Training Services is a Training Provider who contracts with the Educations and Skills Funding Agency (ESFA), an executive agency of the Department for Education (DfE) to deliver Apprenticeship and Adult Education Training Programmes.

Data Controller Statement

Baltic Training Services Ltd, (also referred to in this policy as “we” or “us”) registered office is Baltic Works, Baltic Street, Hartlepool, TS25 1PW Telephone 01325 731050, company number 05868493 is the Data Controller in respect of all data collected.

Your acceptance of this policy and our right to change it

By using our websites, social media pages or by providing your information, you understand that we will collect and use the information provided in the way(s) set out in this policy.  If you do not agree to this policy do not use our sites, social media pages or services.

We may make changes to this policy from time to time.  If we do so, will post the changes on this page and they will apply form the time we post them.

What information do we collect from you or ask you to provide?

We collect data directly from you during programme recruitment and induction, this includes;

Personal Information – such as your name, date of birth, National Insurance number, gender, contact details, details of your current situation with regarding to education, training or employment, qualifications and your future career aspirations.

Special Categories of personal data – such as ethnic origin, physical or mental health or condition.

We will collect information you voluntarily provide us when you contact us with queries, complaints or customer feedback.

If you visit our Website, we may automatically collect the following information:

Technical information, including the internet protocol (IP) address used to connect your computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

Information about your visit to our Website such as the products and/or services you searched for and view, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Other sources of personal data

We may also use personal data from other sources, such as specialist companies that supply information, online media channels and public registers and public website domains.

Purpose of data?

We need to collect, hold and process information about you in order to:

  • Confirm your identify and keep in touch with you by post, email, text or telephone
  • Help you find and prepare for employment and training opportunities
  • Confirm your eligibility for training programme participation
  • Register you on a training programme in accordance with the compliance requirements detailed in The Education & Skills Funding Agency Funding (ESFA) Funding & Performance Management rules and ESFA Individual Learning Record (ILR) guidance
  • Understand your needs and provide you with the appropriate support
  • Meet our statutory obligations including those related to equality & diversity
  • Manage our employer customer account and provide you with details of our services
  • Respond to queries, complaints or customer feedback

Legal basis for processing your data

Candidate Recruitment – Legitimate interest:  To ensure that Baltic Training   match candidates wishing to seek apprenticeship and learning opportunities and considering their interests, skills and abilities to match them with employer apprenticeship and employment opportunities.

Learner Enrolment and on programme participation –  Legitimate interest: To ensure Baltic Training  deliver a programme of training in accordance with ESFA requirements which supports individuals and meets their learning and welfare needs.  For special categories of personal data, this is processed as it is necessary for employment.

Employers – Legitimate interest: To ensure Baltic Training supports your recruitment needs and that together we deliver a successful apprenticeship programme to our learners/employees.

Improving our service – Legitimate interest:  To make sure that Baltic Training continue to improve our service and provider the best and most effective service possible to our customers (candidates, learners and employers)

Who might we share your information with?

We do need to share your data with some third parties

Candidate data will be shared with employers recruiting to fulfil an apprenticeship vacancy

Learner data will be shared with the Education & Skills Funding Agency, Qualification Awarding Bodies, E-Portfolio Provider and End Point Assessment Organisations.  These organisations will become  Data Controllers on receipt of data.   Your contact details will be shared with organisations who carry out destination surveys on completion of your apprenticeship.  These organisations will be data processors.

Employer data will be shared with the Education & Skills Funding Agency.

Data will be visible to service providers who provide the mechanisms Baltic Training use to collect and store data:

  • Databases are provided by Perspective and Salesforce.
  • Company Shared Drive Data and email service is provided by Compuserve
  • Data transfer routes are provided by Cudasign and Google Doc

How we protect your information?

Measures we have in place to protect your information include computer safeguards such as firewalls and data encryption and we enforce physical access controls to our buildings and files to keep data safe.  We only authorise access to employees who need it to carry out their job responsibilities.   Please note that we cannot guarantee the security of any personal data that you transfer to us by email, for example a CV you submit to us for a vacancy.  CVs and Applications submitted via our website portal are secure.

How we Store your information?

Baltic Training maintains records of the geographical location of your personal data.   This is either:

  • Stored within the European Economic Area (EEA)
  • Stored in countries approved by the European Commission as having adequate levels of  protection in place eg Canada
  • Stored in the USA, with organisations who are certified with Privacy Shields, eg Google, this means that Google provide a level of protection which is deemed adequate by the European Commission

How long do we keep hold of your information?

Candidate/Learner and Employer data will be retained in accordance with our ESFA contractual requirements, this is currently until 31st December 2030.

Unplaced candidate data will be retained for a period of 12 months from date of first contact

Your rights under General Data Protection Regulation

You have a number of rights under data protection law.   We will need to ask you for proof of your identify before we can respond to a request to exercise any of the rights set out below.  We also may need to ask you for more information, for example to help us to locate the personal data that your request relates to.

Right 1 – A right to access your information

You have a right to ask us for a copy of your personal data that we hold about you.  A request to exercise this right is called a “subject access request” and must be made in writing.  Details of our subject access procedure and documentation can be found on our website at www.baltrictraining.com or you can request a copy at dataprotection@baltictraining.com

Right 2 – A right to object to us processing your information

You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing.  This includes all of your personal data that we process for all of the purposes set out in this Privacy Policy.   If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so.  Otherwise we will cease processing your personal data.

You can exercise this right by emailing dataprotection@baltictraining.com

Right 3 – A right to have inaccurate data corrected

You have the right to ask us to correct inaccurate data that we hold about you; on notification we will correct your personal data.

Right 4 – A right to have your data erased

You have the right to ask us to delete your personal data in certain circumstances for example if we no longer need the data for the purpose set out in this Privacy Policy.  You can exercise this right by emailing dataprotection@baltictraining.com

Right 5 – A right to ask us not to market to you

You can ask us not to send you direct marketing, for example “Technically Baltic”.  You can do this by clicking “update your preferences” or “unsubscribe from this list” option at the foot of the email.

Right 6 – A right to have processing of your data restricted

You can ask us to restrict processing of your personal data in some circumstances, for example if you think the data is inaccurate and we need to verify its accuracy.

How to contact us

If you have any questions or concerns about this Privacy Policy and/or our processing of your personal data you can contact us at dataprotection@baltictraining.com

What if you have a complaint?

You have a right to complain to the Information Commissioner’s Office (ICO) which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data.  You can find out how to do this by visiting www.ico.org.uk

Monitoring

This policy will be monitored by Data Protection audit procedure.

Policy review

This policy will be reviewed annually or when changes are required.