PRIVACY POLICY
1. INTRODUCTION
JBS TRAINING LTD is required to collect information about individuals to carry out its functions as a recognised Training Centre and act in accordance with relevant legislation and regulatory requirements.
Within this policy personal data is defined as ‘information which relates to a living individual and from which they can be identified, either directly or indirectly’. This data may also include private and confidential information as well as sensitive information, whether in paper, electronic or other form.
Irrespective of how information is collected, recorded and processed person–identifiable information must be dealt with properly to ensure compliance with the General Data Protection Regulation (GDPR) and any relevant regulatory requirements or legislation.
In undertaking its business JBS TRAINING LTD creates, gathers, stores and processes data on a variety of subjects such as on candidates (both potential, current and former), employees and contractors, suppliers and general contacts. The use of personal data for candidates and employees ranges from personal information, financial transactions, qualifications, employment, training and disciplinary action throughout the lifetime of their employment.
On occasion, some of the data collected and processed will be sensitive data, i.e. data concerning a subject’s racial or ethnic origin, physical or mental health.
The GDPR places obligations on JBS TRAINING LTD and the way it handles personal data to ensure personal data is processed fairly, lawfully and securely. This means that personal data should only be processed if there is a valid condition of processing (e.g. consent obtained from the data subject, or forms part of the legitimate interest of the organisation). There are restrictions on what can be done with personal data such as passing personal information on to third parties, transferring information outside the EU or using it for direct marketing.
2. PURPOSE OF POLICY
This policy sets out the responsibilities of JBS TRAINING LTD to comply fully with the provisions of the GDPR.
The policy applies to all staff and candidates and relates to any item of personal data that are created, collected, stored and/or processed through any activity of JBS TRAINING LTD including all areas of training, examinations, marketing, finance and professional services.
3. DATA PROTECTION PRINCIPLES
JBS TRAINING LTD is required to adhere to the six principles of data protection as laid down in the GDPR, which means that information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
The six principles are:
-
Personal data shall be processed lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’).
-
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in any manner incompatible with those purposes. Further processing for archiving, historical research or statistical purposes is permissible (‘purpose limitation’)
-
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed (‘data minimisation’).
-
Personal data shall be accurate and where necessary kept up to date (‘accuracy’).
-
Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose (‘storage limitation’).
-
Personal data shall be processed in a manner that ensures appropriate security including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
4. PERSONAL DATA
Personal data is information about a living individual, who is identifiable from that information or who could be identified from that information when combined with other data which JBS TRAINING LTD either holds or is likely to obtain. GDPR also refers separately to ‘special categories’ of personal data which includes particularly sensitive personal information such as health details, racial or ethnic origin or religious believes. Further information and guidance on personal data, including how JBS TRAINING LTD categorises individuals and the justification for holding and using that data is detailed in Appendix 1.
The definition of ‘processing data’ includes obtaining/collecting, recording, holding, storing, organising, adapting, aligning, copying, transferring, combining, erasing and destroying the information or data. It also includes carrying out any operation or set of operations on the information or data, including retrieval, consultation, use and disclosure.
JBS TRAINING LTD remains responsible for the control of personal data it collects even if that data is later passed onto another organisation or is stored on systems or devices owned by other organisations or individuals.
5. DATA BREACHES
If there is a data protection breach this will be reported to the Information Commissioner’s Office, no later than 72 hours after the breach is discovered.
Examples of personal data breaches include:
-
Loss or theft of data or equipment
-
Inappropriate access controls allowing unauthorised use
-
Equipment failure
-
Unauthorised disclosure (e.g. email sent to the incorrect recipient)
-
Human error
-
Hacking attack
6. CONDITIONS OF PROCESSING AND CONSENT
For it to be legal and appropriate for JBS TRAINING LTD to process personal data at least one of the following conditions must be met:
-
The data subject has given their consent;
-
The processing is required to carry out the functions of a professional examination and membership body;
-
It is necessary due to a legal or regulatory obligation;
-
It is necessary to protect someone’s vital interests;
-
It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in JBS TRAINING LTD;
-
It is necessary for the legitimate interests of the JBS TRAINING LTD or a relevant third party and does not interfere with the rights and freedoms of the data subject.
All processing of personal data carried out by JBS TRAINING LTD must meet one or more of the conditions above.
7. INDIVIDUAL RIGHTS
GDPR gives individuals the right to access personal information held about them by JBS TRAINING LTD. The purpose of a subject access request is to allow individuals to confirm the accuracy of personal data and check the lawfulness of processing to allow them to exercise rights of correction or objection if necessary.
Individuals also have the following rights under GDPR:
-
Right to Object – individuals can object to specific types of processing, including processing for direct marketing.
-
Right to be forgotten (erasure) – individuals have the right to have their data erased in certain situations such as where the data are no longer required for the purpose for which they were collected, the individual withdraws consent, or the information is being processed unlawfully. JBS TRAINING LTD may issue an exemption to this if the individual is or has been subject to disciplinary action or other legislative or regulatory obligations take precedence.
-
Rights in relation to automated decision making and profiling
-
Right to Rectification – the right to require a controller to rectify inaccuracies in personal data held about them. In some circumstances, if personal data are incomplete, an individual can require the controller to complete the data, or to record a supplementary statement.
-
Right to Portability – the data subject has the right to request information about them which is provided in a structured, commonly used and machine-readable form so it can be sent to another data controller.
Individuals can request to see any information that JBS TRAINING LTD holds about them which includes copies of correspondence referring to them or opinions expressed about them. However, information may be redacted or otherwise removed from a response if it includes:
-
Personal information relating to other individuals (unless their permission has been obtained to release it);
-
Confidential information relating to JBS TRAINING LTD’s business practices;
-
Information relating to examination results beyond the pass/fail result;
-
Intellectual property;
JBS TRAINING LTD will respond to all requests for personal information within 30 days. Depending on the complexity of the request, JBS TRAINING LTD may change an administration fee of £10.00 per request.
A data request can only be made by the individual that it concerns. Enquiries must contact The Data Protection Officer, JBS TRAINING LTD, Beggars Bridge, Coates, Whittlesey, PE7 2DH
The following information must be included with the request:
-
Full name and date of birth
-
Preferred contact details
-
A full description of the information requested, providing as much information as possible to help JBS TRAINING LTD locate the information such as the time periods concerned.
8. DATA RETENTION
Retention periods are set based on legal and regulatory requirements, legitimate business interests, the needs of the individual and good practice guidance.
Personal data must only be kept for the length of time necessary to perform the processing for which it was collected. Once information is no longer needed it should be disposed of securely. Paper records should be shredded or disposed of in confidential waste facilities and electronic records should be permanently deleted.
If data is fully anonymised then there are no time limits on storage.
THIRD PARTIES AND SUPPLIERS
Certain conditions need to be met before personal data can be shared with a third party or before an external data processor is used to process data on behalf of JBS TRAINING LTD.
As a rule, only specific personal data required to fulfil the process will be passed on to third parties and suppliers and must also meet the terms below:
-
Any transfers of personal data must meet the data processing principles, it must be lawful and fair to the data subjects concerned.
-
It must meet one of the conditions of processing. For example, legitimate reasons for transferring data would include, that there is a legal requirement or that it is necessary for the official business of JBS TRAINING LTD.
-
If no other conditions are met then consent must be obtained from the individuals concerned and appropriate privacy notices provided.
-
JBS TRAINING LTD is satisfied that the third party will meet all the requirements of GDPR particularly in terms of holding the information securely.
-
Where a third party is processing personal data on behalf of the JBS TRAINING LTD a written contract must be in place.
9. DIRECT MARKETING
Direct marketing relates to communication (regardless of media) with respect to advertising or marketing material that is directed to individuals e.g. mail shots, advertising courses, sector specific products or services etc. JBS TRAINING LTD makes clear opt-out provision and individuals are given the opportunity to remove themselves from lists or databases used for direct marketing purposes. JBS TRAINING LTD ceases direct marketing activity if an individual request the marketing to stop.
10. IMPACT OF NON-COMPLIANCE
All JBS TRAINING LTD staff are required to comply with this Data Protection Policy, its supporting guidance and the requirements specified in the GDPR. Any member of staff who is found to have made an unauthorised disclosure of personal information or breached the terms of this Policy may be subject to disciplinary action.
11. NAMED ROLES AND RESPONSIBILITIES
As the JBS TRAINING LTD processes ‘personal data’ of staff, candidates and other individuals, it is defined as a Data Controller for the purposes of the GDPR. The Data Protection Officer (DPO) is responsible for ensuring JBS TRAINING LTD’s compliance with the GDPR, for overseeing the data processing and the monitoring, revision and updating of this policy document on an annual basis or sooner, should the need arise.
The Data Protection Officer’s responsibilities include:
-
ensuring that the policy is produced and kept up to date
-
ensuring that the appropriate practice and procedures are adopted and followed by JBS TRAINING LTD
-
providing advice and support on data protection issues within the organisation
-
working collaboratively with department heads to help set the standard of data protection training for staff
-
ensuring compliance with individual rights, including subject access requests
-
acting as a central point of contact on data protection issues within the organisation.
-
implementing an effective framework for the management of data protection
The JBS TRAINING LTD’s named Data Protection Officer is Cathy Strauss.
In the first instance all enquiries or requests for further information or guidance relating to data protection should be addressed to info@jbstraining.co.uk
12. APPENDICES
Appendix 1: Retention of Information
How long JBS TRAINING LTD keeps personal information
JBS TRAINING LTD keeps personal information for as long as candidates are training here at JBS TRAINING LTD. After individuals have completed their course/s data may be kept for up to 10 years for one of the following reasons:
-
To respond to any questions or complaints
-
To show that we treated you fairly
-
To maintain records according to rules that apply to us
JBS TRAINING LTD may keep data for longer than 10 years if it cannot be deleted for legal, regulatory or technical reasons.
-
JBS Training Ltd Candidates
-
Retention Period: Lifetime until death or opt-out, subject to regulatory requirements.
-
Our Reasons: To comply with applicable laws and regulations, provide information to regulators, adhere to disciplinary regulations, and offer confirmation of achievements to academic institutions.
-
-
General Contacts
-
Retention Period: 10 years, subject to review, opt-out, or regulatory requirements.
-
Our Reasons: To deliver our products and services, develop and manage our brands, products, and services.
-
-
Potential Candidates
-
Retention Period: A maximum period of 12 months or until opt-out.
-
Our Reasons: To keep our records updated and provide information relating to relevant services, and define types of customers for new services.
-
-
Employees
-
Retention Period: In line with current UK employment legislation.
-
Our Reasons: To maintain up-to-date records, provide reference information for prospective employers.
-
This information retention strategy ensures that JBS Training Ltd keeps personal data only as long as necessary for specific purposes, complying with legal, regulatory, and technical requirements. The policy also reflects a commitment to respecting individuals' rights and maintaining the integrity of the data it manages.
Appendix 2: Privacy Policy
JBS TRAINING LTD is committed to protecting and respecting your privacy.
This policy together sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Cathy Strauss.
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
-
Information that you provide by filling in forms on our site s includes information provided at the time of subscribing to our membership, posting material while using our services or requesting further services. We may also ask you for information if you report a problem with our site or services.
-
If you contact us, we may keep a record of that correspondence.
-
Details of transactions you carry out through your orders.
-
Details of your visits to our site including, but not limited to, traffic data, location data and other communication data.
IP ADDRESSES
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
COOKIES
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a bespoke experience when you browse our website and allows us to improve our site.
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
-
To ensure that content from our site is presented in the most effective manner for you and for your computer.
-
To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
-
To carry out our obligations arising from any contracts entered between you and us.
-
To notify you about changes to our services.
If you do not want us to use your data in this way, please let us know immediately.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to third parties:
-
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
-
If we are under a duty to disclose or share your personal data to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or to protect the rights, property, or safety of JBS Training Ltd.
This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
YOUR RIGHTS
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.
You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at JBS Training Ltd, Beggars Bridge, Coates, Whittlesey, PE7 2DH.
Our site contains links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
ACCESS TO INFORMATION
You have the right to access information held about you. Your right of access can be exercised in accordance with written or verbal request to the JBS Training Ltd. Any access request will be free of charge. All information we hold about you will be provided with one calendar month.
CHANGES TO OUR PRIVACY POLICY
Any changes we may make to our privacy policy in the future will be posted on the website and, where appropriate, notified to you by a clear notice on our site.
CONTACT
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to JBS Training Ltd, Beggars Bridge, Coates, Whittlesey, PE7 2DH
SHARING INFORMATION
We may share your personal information with our awarding bodies who enable us to fulfil our function as a professional training centre, including, but not limited to:
-
Banks and building societies
-
Insurance companies
-
Study providers and examination venues
-
Agents and advisers who you use to help run your accounts and services
-
HM Revenue & Customs, regulators and other authorities
-
Credit reference agencies
-
Police and fraud prevention agencies
-
Any party linked with you or your business’s product or service
-
Companies we have a joint venture or agreement to co-operate with
-
Companies you ask us to share your data with