Being transparent and providing accessible information to individuals about how we use personal information is a key element of the Data Protection Act 1998 and the General Data Protection Regulation (Regulation (EU) 2016/679).
The most common way to provide this information is in a privacy notice.
Data Controller and Data Processor
Education Business Partnership (NW) Ltd and Education Business Partnership (NW Communities) CIC is registered as a data controller with the Information Commissioner’s Office.
Our Registration Number is: ZA229835.
Contact details are:
EBPNW, Oswaldtwistle Mills Business and Conference Centre, Clifton Mill, Pickup Street. Accrington. BB5 0EY
As a provider of work related learning and personal development services we support schools and colleges to meet their statutory and ethical duties.
In order to do this in an effective way we will need to collect and use personal information about you.
The Data Protection Act 1998 and the EU General Data Protection Regulation ensure that we comply with a series of data protection principles.
These principles are there to protect you and they make sure that we:
Process all personal information lawfully, fairly and in a transparent manner.
Collect personal information for a specified, explicit and legitimate purpose.
Ensure that the personal information processed is adequate, relevant and limited to the purposes for which it was collected.
Ensure the personal information is accurate and up to date.
Keep your personal information for no longer than is necessary for the purpose(s) for which it was collected.
Keep your personal information securely using appropriate technical or organisational measures.
We will usually seek your consent prior to processing or sharing your information, however, if there is a legal reason, as outlined under the Data Protection Act 1998, we may not require your consent, e.g. where the disclosure is necessary for the purposes of the prevention and/or detection of crime. Where we need to disclose sensitive or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to. We may disclose information when necessary to prevent risk of harm to an individual.
Categories of personal data
We process personal information relating to identified natural persons used to deliver services such as:
Work related learning and personal development activities, work experience, mentoring, career fairs.
Access to information requests from HSE, schools/colleges, other Government agencies
human resources, appeals/incidents, pensions, payroll
Sensitive information revealing racial or ethnic origin, or data concerning health or sex life. .
Research and statistical data to provide intelligence about Lancashire including demographic data, population projections, the economic situation, health and wellbeing information. This personal information is often pseudonymised when an identifier such as name is replaced with a unique number. This information is usually required by funding bodies on grant funded projects.
To ensure that we provide you with an efficient and effective service we will sometimes need to share your information between teams within the organisation as well as with our partner organisations that support the delivery of the service you may receive or be part of, for example:
Work experience employers
Funding Agencies such as ESF contracts
Careers and Enterprise Company
We will also need to supply your information to organisations we have contracted to provide a service to you.
We will only ever share your information if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do.
We will never share your information for marketing purposes.
Before sharing information we will ensure that:
Privacy Notices are completed if appropriate.
Technical security such as encryption and access controls are in place to keep information secure.
Information Sharing Agreements are completed showing the rules to be adopted by the various organisations involved in the sharing exercise.
Privacy Impact Assessments are completed to assess any risks or potential negative effects.
Common retention periods and deletion arrangements are set for the information.
Subject access rights are catered for.
Details of transfers to third country and safeguards
Your personal and sensitive data will only be stored and processed on servers based within the European Economic Area (EEA), specifically in the UK.
We will only keep your information for as long as it is required to be retained. The retention period is either dictated by law or by our discretion and is usually seven years for accounting and funding purposes, and for if any claims of accidents, incidents or abuse are raised. Once your information is no longer needed it will be securely and confidentially destroyed.
You have certain rights under the Data Protection Act 1998 and the EU General Data Protection Regulations (GDPR), these are:
The right to be informed via Privacy Notices such as this.
The right of access to any personal information the council holds about yourself. To request a copy of this information you must make a subject access request in writing, either via letter to EBPNW, Oswaldtwistle Mills Business and Conference Centre, Clifton Mill, Pickup Street, Accrington. BB5 0EY. Or by Email: firstname.lastname@example.org
To ensure that we can deal with your request as efficiently as possible you will need to include your current name and address, proof of identity (a copy of your driving licence, passport or two different utility bills that display your name and address), as much detail as possible regarding your request so that we can identify any information we may hold about you, this may include your previous name and address, date of birth and what services you were involved with.
We do not charge for making a subject access request. You are entitled to receive a copy of your personal data within 40 calendar days of our receipt of your subject access request.
The right of rectification, we must correct inaccurate or incomplete data within one month.
The right to erasure. You have the right to have your personal data erased and to prevent processing unless we have a legal obligation to process your personal information.
The right to restrict processing. You have the right to suppress processing. We can retain just enough information about you to ensure that the restriction is respected in future.
The right to data portability. We can provide you with your personal data in a structured, commonly used, machine-readable form when asked.
The right to object. You can object to your personal data being used for profiling, direct marketing or research purposes.
You have rights in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.
Access to Official Information
Under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 you have a right to request any recorded official information held by us.
If you would like to make a request, you must do so in writing to EBPNW or via email to: email@example.com.
You do not need to say why you want the information. Your request must include your name, and an address for correspondence (if you apply by email, your email address is a suitable address for correspondence). Please ensure you identify the information you want as clearly as possible.
With certain limited exceptions, you are entitled to a response within 20 working days.
It costs nothing to make a freedom of information request. However, we can refuse to deal with your request if doing so would cost more than £450 (which equates to 18 hours’ work).
In extreme circumstances, we may also charge for the cost of photocopying and postage.
You may not get the information you asked for:
If we do not hold the information you have requested
If the information is exempt from disclosure
If finding the information you have requested would take longer than 18 hours
If we are unable to supply any of the information you have requested, we will tell you the reasons why. For more details please refer to the Information Commissioner’s Office website.
Information Security incident
Should you wish to report an information security incident please phone: 01254 433390.
Complaints, Comments and Compliments
If you wish to make a compliment, comment or complaint about how we are processing your data, then please visit send a compliment or comment or make a complaint to us.
If you are still dissatisfied with how the council have handled your complaint, you may contact the Information Commissioner’s Office.
Phone: 08456 30 60 60 Website: www.ico.gov.uk
If this privacy notice changes in any way, we will place an updated version on our website.
By regularly reviewing this page you will ensure that you are always aware of what information we collect, how we use it and under what circumstances, if any, we share it with others.