Kiss it Better First Aid Training logo

kissitbetter@live.com

07903 655195

Kiss it Better First Aid Training logo
kissitbetter@live.com | 07903 655195
Enquire
Enquire

Data Protection Policy

Introduction

1.1 The General Data Protection Regulation (GDPR) is a regulation, which requires any business that processes data belonging to UK & EU citizens to protect it and not misuse it. As a responsible business, Kiss It Better aims to robustly implement the requirements of the GDPR. Part of meeting the obligation of meeting the obligations of GDPR is the production and implementation of this policy.

1.2 Kiss It Better is committed to the rules of data protection and abiding by eight data protection principles. These are the principles that must be satisfied when obtaining, handling, processing, moving and the storage of personal data.

1.3 As an approved training centre, Kiss It Better must collect and process information as required by ITC First awarding body and its regulators. Kiss It Better is therefore considered the Data Processor and its course candidates and employees the Data Subjects.

The 8 Data Protection Principles
4
2Data must be obtained and processed fairly and lawfully.
Data must be obtained for a specified and lawful purpose.
Data must be adequate, relevant and not excessive for its collection purpose.
Data must be accurate and kept up to date.
Data must not be kept for longer than is necessary for its purpose.
Data must be processed in accordance with the Data Subject’s rights.
Data must be kept safe from unauthorised access, accidental loss or destruction.
Data must not be transferred to a country outside the European Economic Area.

3. Data Subjects Rights

3.1 Under the GDPR individuals have rights associated with their data, described below:

To know what information is held by Kiss It Better about them and why
Know how to gain access to it
Know how to keep it up to date
The right to erasure
Know what Kiss It Better does to ensure compliance within its legal obligations
The right to object

3.2 Children’s Personal Data
For the benefit of this policy a child is classed as a young person under the age of 16. Children must have parental (or an individual in loco-parentis) consent for ITC First to collect and process their data. ITC will maintain evidence of consent using our learner registration process.

4. Data Collection

4.1 Kiss It Better acts on behalf of ITC First, by gathering and submitting learner data securely via the ITC website and/or registered post. Kiss It Better have a legally binding Centre Agreement, which confirms that Kiss It Better publishes and implement a Data Protection Policy (this document).

4.2 Kiss It Better collects data as part of the booking and registration process required for qualification delivery. Kiss It Better also collect and retain data as part of their Kiss It Better trainer and administrative tasks. Kiss It Better requires a COVID-19 screening document to be signed prior to training commences. This document is also forwarded to ITC First with other course documentation.

4.3 When individuals provide their data to Kiss It Better on the Course Registration form, the data is submitted to ITC First and is used to:

Attribute qualification credit to learners
Produce commemorative certificates
Produce CPD certificates
Receive information pertinent to qualifications
Enable ITC to contact you at your request (depending on when your data is provided and in which specific context or interaction with ITC First)
Monitor ITC First qualifications to ensure equality and inclusivity

4.4 Learners data will only be used for the legitimate purposes described above. Any changes to the ways in which learner data is used will be communicated to those individuals affected.

4.5 Kiss It Better will post client registration forms to ITC First with other course paperwork. Kiss It Better does however as access to the information on the registration form via the secure portal for ITC First. This information (on the original registration form) can be used to contact clients in the event that something unexpected has happened prior to the start of the course, ie Snow, sudden illness, accident, etc.

5. Data Storage
Kiss It Better will ensure that:
Data is held securely such as password protected computer, encrypted, computers have appropriate virus/data protection software appropriate to the business, locked cabinets/drawers,
Course registrations (which includes, name, address, contact details, ethnicity, signature) are removed from sight and access of other course candidates immediately after completion.
Data is not disclosed or shared verbally or in writing to any unauthorised party.
Kiss It Better will download course candidate data to their part of the ITC website and promptly submit all documentation to ITC First. Data submitted will only be viewable via individual unique User log on and password of Kiss It Better and ITC First.
Kiss It Better will not share their log on and passwords with any unauthorised individuals or companies.

6. Data Retention
Kiss It Better will retain any data in accordance with ITC retention periods, currently 5 years.
This Centre, as agreed with ITC First, retains copies of qualification assessment decisions, course register and examination documents for a period of 5 years on a password protected and encrypted computer. These documents are available for inspection by the awarding body and/or external regulator, as requested.
Kiss It Better will review its necessity to retain data once it has been submitted and accepted by ITC First.

7. Data Destruction
Kiss It Better will ensure it destroys data in a confidential manner i.e. shredding/burning of paper documents, deletion of digital records from computer systems.
Kiss It Better will ensure it does not retain data longer than is required for the purpose of training.

8. Subject Access
8.1 Any party who has provided personal data to Kiss It Better, has the right to request what information is stored and its content.

8.2 Access request may be made in writing by letter or email to the Kiss It Better Owner who will discuss the request with the data subject.

8.3 Data will be provided in accordance with the subject’s Rights of Access under the GDPR.

9. Breaches of Data Protection
Breaches or suspected breaches should be reported to Kiss It Better Owner, Trudy McLaughlin, who will make the necessary investigations and provide a response to the informant within 3 weeks of receipt.
Breaches may also be raised with ITC First by contacting their office either via email, telephone or in writing.

10. Policy monitored and updated as and when necessary, review requirement as stated or before.