Privacy Notice

TechFuture

 

Introduction

 

The City & Guilds Group is committed to data security and the fair and transparent processing of personal data. This privacy notice sets out how we will treat the personal data which you provide to us in compliance with applicable data protection law, in particular the General Data Protection Regulation (EU) 2016/679 (GDPR) and Data Protection Act 2018 (DPA).

 

Please read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data, how to contact us and supervisory authorities in the event that you would like to report a concern about the way in which we process your data.

 

For the purposes of this privacy notice, “you” refers to any user of TechFuture, whether as a learner or apprentice, the parent or guardian of a learner or apprentice as a teacher, centre, training provider or employer of learners or apprentices, as the context permits.   

 

Who are we?

 

The City and Guilds of London Institute is a charity incorporated by Royal Charter, with registered charity number 312832 (England and Wales) and SC039576 (Scotland) (City & Guilds). Our registered address is 1 Giltspur Street, London EC1A 9DD.

 

For the purposes of the GDPR, City & Guilds is the ‘controller’ of the personal data you provide to us or one of our associated companies (together the City & Guilds Group).

 

City & Guilds owns and operates https://www.techfuture.com/, a website designed as an educational tool to provide a suite of computing and digital skills, projects and challenges to learners and apprentices from Key Stage 2 to Key Stage 5 (TechFuture). This privacy notice, together with the TechFuture website terms of use, and any other documents referred to in them, sets out the basis on which City & Guilds processes personal data via TechFuture.

 

What personal data do we collect?

 

We may collect and process the following personal data:

 

Information you may provide to us:

 

If you create an account profile on TechFuture, we may collect your

·       first name and surname

·       email address

·       position

·       school or organisation

·       teaching stage

·       profile picture (if you choose to provide it); and

·       consent to TechFuture’s terms and conditions for use.

We will also collect confirmation from you as to whether or not you wish to subscribe to any future TechFuture newsletter.

An email will be sent to you at your email address confirming registration of any account

Information you may provide to us about others:

Authorised Persons

Where you as a teacher, centre, training provider or employer create an account profile on TechFuture for learners or apprentices (Authorised Persons), we may collect the above information about such leaners or apprentices from you. Please note that you must ensure that you have obtained the prior express written consent of any such learners or apprentices (or their parent or guardian where such learners or apprentices are under the age of 13 years old) to use of their information before creating account profiles.

We reserve the right at all times to require that Authorised Persons provide us with a copy of any consents on demand as a condition of Authorised Persons or their learners or apprentices’ use of TechFuture. We also reserve the right at all times to close any accounts associated with Authorised Persons or their learners or apprentices where we have reason to believe that such consents have not been obtained or are otherwise invalid.

Parents and Guardians

[Where a learner is under the age of 13 years old, we may collect the above information about that learner from you as their parent or guardian. Please note that, in such cases, we shall only permit an account to be created for learners where we also obtain your express written consent as their parent or guardian. Where a learner under the age of 13 years old wishes to create an account profile, TechFuture will direct them towards asking you as their parent or guardian to provide us with your email address. This is so that we may contact you directly in order to verify your relationship with the learner, request the above information from you about the learner and request your express written consent to our use of the above information, before we register the account.]

We reserve the right at all times to require that you provide us with such evidence of your relationship with the learner as we deem reasonable as a condition of a learner’s use of TechFuture. We also reserve the right at all times to close a learner’s account where we have reason to believe such learner is under the age of 13 years old and we have not received your express written consent as their parent or guardian.]

Information we collect about you

If you visit TechFuture, we may automatically collect the following information:

 

·       technical information (e.g. the Internet protocol (IP) address used to connect your computer to the Internet)

·       login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and

·       information about your visit to TechFuture (e.g. the products and/or services you searched for and view, page response times, download errors, length of visits to certain pages, page interaction information (e.g. scrolling, clicks, and mouse-overs) and methods used to browse away from the page).

 

Information we receive from other sources

 

We may also receive information about you if you use any other websites which we operate or any other services which we provide.

 

If you are a teacher, apprentice, or learner, we may also receive information about you from your centre, training provider or employer when they register to receive products and/or services from us (including via TechFuture) or in connection with your or their use of TechFuture.

 

Information about other people

 

If you provide information to us about any person other than yourself (e.g. your relatives, next of kin, advisers,  suppliers, learners or apprentices) you must ensure that they (or their parents and/or guardians as required under this privacy notice) understand how their information will be used by us and that they have given their express written consent for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.

 

Special category data

 

In certain limited cases, we may collect and/or be provided with certain special category data, such as information about your physical or mental health or condition to enable us to administer requests for reasonable adjustments, or in relation to any issues, investigations, disputes or complaints. Such information should only be collected and/or provided to us if you have provided your explicit consent or if we are otherwise permitted to receive and use it under the GDPR and/or DPA.

 

How do we use your personal data?

 

When we ask you to supply us with personal data through TechFuture or our other websites or services we will make it clear whether the personal data we are asking for must be supplied so that we can provide the products and/or services to you, or whether the supply of any personal data we ask for is optional.

 

We collect information from you through TechFuture so that we may use it in accordance with the following lawful basis under the GDPR (as applicable):

 

Contract performance: so that we may fulfil our contract with you, or take steps linked to the contract, by:

 

-      providing you with the products and/or services on TechFuture (TechFuture’s Products and/or Services);

-      communicating with you in relation to the provision of TechFuture’s Products and/or Services; and

-      providing you with administrative support (e.g.account creation, security and responding to issues).

 

Legitimate interests: so that we may pursue our own, or a third party’s, legitimate interests. These interests may include, but are not limited to:

 

-      providing you with industry information, surveys, information about our awards and events, offers, and promotions, related to products and/or services offered by a member of the City & Guilds Group which may be of interest to you;

-      communicating with you in relation to any issues, investigations, disputes, or complaints;

-      preventing and detecting crime and/or assisting with the apprehension or prosecution of offenders;

-      improving the quality of experience when you interact with TechFuture’s Products and/or Services, including testing the performance and customer experience of TechFuture;

-      performing analytics on sales/marketing data, determining the effectiveness of promotional campaigns; and

-      developing, improving, and delivering marketing and advertising for products and/or services offered by a member of the City & Guilds Group.

 

You have the right to object to the processing of your personal data on the basis of legitimate interests as set out below, under the heading Your rights.

 

Consent: as you have provided your explicit consent for us to do so.

 

-      sending you any TechFuture newsletter (where you have subscribed to receive it).   

 

Where required by law: so that we may comply with our legal obligations, including for the prevention and detection of crime and/or assisting with the apprehension or prosecution of offenders. We may also, with respect to special category data, process such information if necessary for reasons of substantial public interest, including for the prevention or detection of unlawful acts or in compliance with, or to assist third parties to comply with, any regulatory requirements relating to the investigation of unlawful acts, dishonesty or malpractice.

 

Who do we share your personal data with?

 

We may share your personal data with members of the City & Guilds Group. You can read more about our group companies at www.cityandguildsgroup.com.

 

 

We may also share your personal data with trusted third-party service providers including:

 

·       legal and other professional advisers, consultants, and professional experts;

·       service providers contracted to us in connection with provision of TechFuture’s Products and/or Services, such as providers of IT services and customer relationship management services; and

·       analytics and search engine providers that assist us in the improvement and optimisation of TechFuture.

 

We will ensure there is a contract in place with the categories of recipients listed above which include obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them.

 

Where a third party recipient is located outside the European Economic Area, we will ensure that the transfer of personal data will be protected by appropriate safeguards, including, where appropriate,  the use of standard data protection clauses adopted or approved by the European Commission where the Commission does not believe that the third country has adequate data protection laws.

 

We may also share personal data (including any special category data) with law enforcement or other authorities or agencies if required by law or where we otherwise deem it necessary for the purposes of our legitimate interests. This may include, without being limited to, responding to requests for information from such authorities or agencies, or sharing information with them in connection with any issues, investigations, disputes or complaints. In such circumstances, we may share your personal data without informing you.

 

You should be aware that, where personal data is shared with a public authority, it will become subject to the Freedom of Information Act 2000 (FOIA) and may potentially fall within the scope of any future FOIA request made to such public authority.

 

Who do you share your personal data with?

 

As an educational tool shared by both learners and apprentices as well as teachers, centres, training providers and employers, information relating to learners and apprentices’ use of TechFuture and TechFuture’s Products and/or Services may be shared with and/or monitored by the relevant Authorised Persons for the purpose of supervising their learners and apprentices’ progress. Such information sharing shall be strictly restricted to between leaners and apprentices and their own Authorised Persons.

 

How long will we keep your personal data?

 

We shall retain your personal data for such period as is required in order to comply with our  contractual, legal, audit and other regulatory requirements or any orders from competent courts or authorities. We shall however keep this period under regular review. 

 

Where you have signed-up to receive any TechFuture newsletter, you shall be able to change your preferences or unsubscribe from such marketing communication at any time by clicking the “unsubscribe” link in the email from us.

 

Where do we store your personal data and how is it protected?

 

We store your personal data in the UK.

 

We take all reasonable steps to ensure that our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a genuine business need to know it.

 

We also take reasonable steps to protect your personal data from loss or destruction and  have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

 

When you create an account profile with TechFuture, you will also create a username and password for TechFuture which enables you to access certain services or parts of our site. You are responsible for keeping this password confidential. We advise you to use a “strong” password at all times and ask you not to share a password with anyone.

 

A “strong” password is a password containing random words and comprising a mixture of numbers, symbols and a combination of upper and lower case letters. If you want more detailed information on how to protect your information, computers and devices against fraud, identity theft, viruses and many other online problems, please visit Get Safe Online at www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

 

Your rights

 

Under the GDPR, you have various rights with respect to our use of your personal data:

 

Right to Access

You have the right to request a copy of the personal data that we hold about you by contacting us at the email or postal address given below.  Please include with your request information that will enable us to verify your identity. We will respond within 1 month of request. Please note that there are exceptions to this right. We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person, if we are legally prevented from disclosing such information or if your request is manifestly unfounded or excessive.

 

Right to Rectification

We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.

 

Right to Erasure

You have the right to request the deletion of your personal data where, for example, the personal data is no longer necessary for the purposes for which it was collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed.  If you would like to request that your personal data is erased, please contact us using the contact details provided below.

 

Right to Object

In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes. If you would like to object to the processing of your personal data, please contact us using the contact details provided below.

 

Right to Restrict Processing

In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have queried the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. Please contact us using the contact details provided below.

 

Right to Data Portability

In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. If you would like to request that your personal data is ported to you, please contact us using the contact details provided below.

 

Contact

 

If you have any queries about this privacy notice, the way in which City & Guilds processes personal data, the information we hold about you or about exercising any of your rights, please send an email to gdpr@cityandguilds.com or write to Data Protection, City & Guilds, 1 Giltspur Street, London EC1A 9DD.

 

Please note that, in handling any query from you as to what information we hold about you or any other person or if you would like to exercise any of your rights, as part of the process we may need to request from you evidence of your identity, your right to receive such information and/or to exercise such right. The nature of such evidence shall depend on the nature of any request and/or the right seeking to be exercised.

 

Complaints

 

If you believe that your data protection rights may have been breached and we have been unable to resolve your concern, you may lodge a complaint with the applicable supervisory authority or seek a remedy through the courts. The supervisory authority in the UK is the Information Commissioner. Please visit https://ico.org.uk/concerns/ for more information on how to report a concern to the Information Commissioner’s Office.

 

Changes to our Privacy Notice

 

Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail using the email address associated with your account. Please check back frequently to see any updates or changes to our privacy notice.

Last modified: Thursday, 31 October 2019, 8:40 PM