ELATT
The Learning Community
ELATT is an education and training charity based in London. We provide skills training and support to help people move forward in their lives and careers.
ELATT is the Data Controller for the personal data described in this notice.
All processing of personal data by ELATT is conducted in accordance with the data protection principles as set out in data protection laws and regulations in UK, in particular Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (known as GDPR).
As an employer and service provider ELATT needs to store and process information about you. We use this data for management and administrative use only. We will keep it safe and use it to run our organisation effectively, lawfully and appropriately. This applies to employees, suppliers and clients (past, current or potential).
This includes using information that enables us to comply with contractual and grant obligations, legal requirements, to pursue the legitimate interests of the organisation and to protect our legal position in the event of legal proceedings. In all cases we will only use your data to pursue our legitimate business interests.
The sort of personal data we hold about you includes:
For employees
Application form and references; contract of employment and any amendments to it; correspondence with or about you (e.g. letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary); information needed for payroll, benefits and expenses purposes; contact and emergency contact details; records of holiday, sickness and other absence; and records relating to your career history, such as training records, appraisal records, other performance measures and, where appropriate, disciplinary and grievance records.
Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used to comply with our health and safety obligations (i.e. to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate). We will also need this data to administer and manage sick pay.
In addition, we monitor employee computer, network and telephone/mobile telephone use, as detailed in our IT Acceptable Use Policy, which is available in the Staff Handbook. We also keep records of your presence in the office and hours of work through our Staff Timesheet system.
For clients (students)
This includes information provided at the time of registering for our newsletter, making enquiries about our courses or requesting further services – in these cases, the details we are likely to hold for you are your name, your email address, what service you are interested in, and your phone number if you provide it.
We use information held about you in the following ways:
We will also hold data related to your progress and performance on our courses, such as your scores in assessments and exams, your learning targets and outcomes.
For suppliers
Correspondence with or about you such as emails or documents about discussions held with you regarding the delivery of services you are involved in.
Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information about our employees to our external pension provider, Human Resources support or employee health schemes.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Specifically:
We do not store personal identifiable information (name, address, date of birth, phone number, email address etc) outside of the European Economic Area ("EEA"), although anonymised user data will be stored on Google's servers which may be outside of the EEA.
We have in place safeguards to ensure the security of your data is protected. Our Integrated Management Information System (Tribal Maytas) is both ISO 9001 and ISO 27001 certified.
We disclose information we collect about you on our site to the following third parties on the understanding that they will keep the information confidential:
CrowdSkills, who provides us with guidance on how to improve our website through interpreting anonymised user data on website use.
We may also disclose information we collect about you if we are under a duty to disclose or share your personal information to comply with any legal obligation, or to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of ELATT, our site users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
We may transfer information about you to other group companies for purposes connected with your employment or the management of the organisation’s business.
In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements. There are currently no plans for this.
We do not employ automated decision-making processes.
Your personal data will be stored for a maximum period of 10 years, though in some cases a particular funder (in particular the European Union) may typically require us to hold this data for up to fifteen years and on rare occasions longer.
Some of our funders require us to keep data relating to your racial or ethnic origin, religious and philosophical beliefs, sexual orientation and other equalities data. You will always have the option not to provide this if you do not wish to do so.
If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information about that purpose and any other relevant information.
Under the EU General Data Protection Regulation (GDPR) you have a number of rights with regard to personal data. You have the right to: (1) request access to your personal data; (2) request that we rectify any errors in your personal data; (3) request erasure of your personal data; (4) request that we restrict processing of your personal data; (5) object to our processing your personal data; and, (6) request that we provide your personal data to you in a portable format.
If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You have the right to register a complaint to the Information Commissioners’ Office (ICO) if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.
ELATT is the Data Controller and Processor of data for the purposes of the EU General Data Protection Regulation and the Data Protection Bill.
If you need further assistance or would like to make a comment, you can contact our Data Protection Officer Mia Wylie:
Like other websites, ELATT uses cookies to continuously improve our users' experience. These are small pieces of information that are stored on your device or browser.
Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie does not give us access to your computer or any information about you, other than the data you choose to share with us.
We use two types of cookies on our website:
1: Strictly Necessary cookies for Website Administrators only
These are only used by Website Administrators when they manage the website. No other visitor will use these. This type of cookie can be used to remember how long an administrator has been logged in. Please note that Web Administrators will not be able to login properly without accepting cookies. Some other website functions may also not work as well as intended.
2: Google Analytics
Google Analytics generates detailed statistics about visitors to a website for marketing purposes. Google Analytics can track users across search engines, email campaigns and display advertising giving advertisers the opportunity to optimise campaigns on multiple platforms.
Data Collected: Anonymous (ad serving domains, browser type, demographics, language settings, page views, time/date), Pseudonymous (IP address).
Data sharing: Google stores the information collected by these cookies on servers in the United States and may transfer anonymous data to third-parties.
For more information please see Google’s Privacy Policy.
Our website also collects anonymised data from our visitors' browsers for each session to help reduce load times in case the user continuously revisits and re-uses our website.
Our website contains links to other websites of interest (e.g. our funders, partners and membership organisations such as TSNLA, AELP and techUK).
Please note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. Please make sure you review the privacy statement applicable to that website.
You will always have the choice to accept or decline the use of cookies or change your mind later. You will be given a choice the first time you visit our website, and you will be able to change your choice by visiting the bottom of the website and clicking the Cookies tab.