How your information will be used
ELATT is an education and training charity based in London. We provide skills training and support to help people move forward in their lives and careers.
ELATT is the Data Controller for the personal data described in this notice.
All processing of personal data by ELATT is conducted in accordance with the data protection principles as set out in data protection laws and regulations in UK, in particular Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (known as GDPR).
As an employer and service provider ELATT needs to store and process information about you. We use this data for management and administrative use only. We will keep it safe and use it to run our organisation effectively, lawfully and appropriately. This applies to employees, suppliers and clients (past, current or potential).
This includes using information that enables us to comply with contractual and grant obligations, legal requirements, to pursue the legitimate interests of the organisation and to protect our legal position in the event of legal proceedings. In all cases we will only use your data to pursue our legitimate business interests.
The sort of personal data we hold about you includes:
Application form and references; contract of employment and any amendments to it; correspondence with or about you (e.g. letters to you about a pay rise or, at your request, a letter to your mortgage company confirming your salary); information needed for payroll, benefits and expenses purposes; contact and emergency contact details; records of holiday, sickness and other absence; and records relating to your career history, such as training records, appraisal records, other performance measures and, where appropriate, disciplinary and grievance records.
Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used to comply with our health and safety obligations (i.e. to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate). We will also need this data to administer and manage sick pay.
In addition, we monitor employee computer, network and telephone/mobile telephone use, as detailed in our IT Acceptable Use Policy, which is available in the Staff Handbook. We also keep records of your presence in the office and hours of work through our Staff Timesheet system.
For clients (students)
This includes information provided at the time of registering for our newsletter, making enquiries about our courses or requesting further services – in these cases, the details we are likely to hold for you are your name, your email address, what service you are interested in, and your phone number if you provide it.
We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you and we may contact you about these by email, text message, post or telephone where you have consented to be contacted for such purposes.
- To notify you about changes to our service.
We will also hold data related to your progress and performance on our courses, such as your scores in assessments and exams, your learning targets and outcomes.
Correspondence with or about you such as emails or documents about discussions held with you regarding the delivery of services you are involved in.
Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information about our employees to our external pension provider, Human Resources support or employee health schemes.
Where information is stored
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Specifically:
- Emails are stored in secure Office 365 mail servers
- Cookies are stored in your browser
- Google Analytics data is saved in Google's servers
- All other data is stored, managed and used in ELATT's internal secure server.
We do not store personal identifiable information (name, address, date of birth, phone number, email address etc) outside of the European Economic Area ("EEA"), although anonymised user data will be stored on Google's servers which may be outside of the EEA.
We have in place safeguards to ensure the security of your data is protected. Our Integrated Management Information System (Tribal Maytas) is both ISO 9001 and ISO 27001 certified.
How we share our information
We disclose information we collect about you on our site to the following third parties on the understanding that they will keep the information confidential:
CrowdSkills, who provides us with guidance on how to improve our website through interpreting anonymised user data on website use.
We may transfer information about you to other group companies for purposes connected with your employment or the management of the organisation’s business.
In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements. There are currently no plans for this.
We do not employ automated decision-making processes.
Your personal data will be stored for a maximum period of 10 years, though in some cases a particular funder (in particular the European Union) may typically require us to hold this data for up to fifteen years and on rare occasions longer.
Some of our funders require us to keep data relating to your racial or ethnic origin, religious and philosophical beliefs, sexual orientation and other equalities data. You will always have the option not to provide this if you do not wish to do so.
If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information about that purpose and any other relevant information.
Under the EU General Data Protection Regulation (GDPR) you have a number of rights with regard to personal data. You have the right to: (1) request access to your personal data; (2) request that we rectify any errors in your personal data; (3) request erasure of your personal data; (4) request that we restrict processing of your personal data; (5) object to our processing your personal data; and, (6) request that we provide your personal data to you in a portable format.
If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You have the right to register a complaint to the Information Commissioners’ Office (ICO) if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.
Identity and contact details of the Controller
ELATT is the Data Controller and Processor of data for the purposes of the EU General Data Protection Regulation and the Data Protection Bill.
Identity and contact details of the Data Protection Officer
If you need further assistance or would like to make a comment, you can contact our Data Protection Officer Mia Wylie:
Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie does not give us access to your computer or any information about you, other than the data you choose to share with us.
We use two types of cookies on our website:
1: Strictly Necessary cookies for Website Administrators only
These are only used by Website Administrators when they manage the website. No other visitor will use these. This type of cookie can be used to remember how long an administrator has been logged in. Please note that Web Administrators will not be able to login properly without accepting cookies. Some other website functions may also not work as well as intended.
2: Google Analytics
Google Analytics generates detailed statistics about visitors to a website for marketing purposes. Google Analytics can track users across search engines, email campaigns and display advertising giving advertisers the opportunity to optimise campaigns on multiple platforms.
Data Collected: Anonymous (ad serving domains, browser type, demographics, language settings, page views, time/date), Pseudonymous (IP address).
Data sharing: Google stores the information collected by these cookies on servers in the United States and may transfer anonymous data to third-parties.
Our website also collects anonymised data from our visitors' browsers for each session to help reduce load times in case the user continuously revisits and re-uses our website.
Links to other websites
Our website contains links to other websites of interest (e.g. our funders, partners and membership organisations such as TSNLA, AELP and techUK).
Please note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. Please make sure you review the privacy statement applicable to that website.