Data Protection Policy

1. Introduction and Definitions

Purpose and Scope

This Policy gives detailed guidance on how CCG College of Skills and Innovation will process information about its staff, learners and other workers and how staff, learners and other workers must ensure that all data is processed correctly and lawfully. The Policy applies to all staff, learners, suppliers, and others with whom it communicates.

Unless otherwise applicable, all references to staff include all current, past and prospective staff, full time and part time staff as well as agency workers, temporary workers and contractors. Unless otherwise applicable, all references to learners include all current, past and prospective learners, whether full-time or part-time. This Policy refers to data in any format or storage media.

General Policy Statement

In order to operate and to fulfil its legal obligations, CCG College of Skills and Innovation needs to collect and use certain types of information about people with whom it deals. These include current, past and prospective learners, staff, suppliers, and others with whom it communicates. This personal information must be dealt with properly however it is collected, recorded and used – whether on paper, in a computer, or recorded on other material.

All information containing personal data must be carefully classified and protected against unauthorised access, accidental loss or destruction, modification or disclosure. CCG College of Skills and Innovation regards the lawful and correct treatment of personal information as important to successful operations, and to maintaining confidence between those with whom we deal and ourselves. To this end we are committed to the principles of data protection, as stated in the Data Protection Act 1998 (“the Act”).


“Personal Data” means data relating to a living individual who can be identified from those data; or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller. It includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of that individual.

“Sensitive personal data” consists of personal data relating to ethnic origin, physical and mental health (including, for example, how many days sick leave an individual has had), sex life, religion or belief, political opinion and information relating to alleged or actual criminal offences. The more sensitive data is, the more securely it should be treated in terms of deciding whether it is necessary to obtain it, how to obtain it, whether to retain/disclose it and how to retain/disclose it.

“Processing” means obtaining, recording, holding or adding to the information or data, or carrying out any operation or set of operations on the information or data.

“Data Subject” means an individual who is the subject of the personal data.

“Data Controller” means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

“Data Processor” means any person (other than a member of staff) who processes the data on behalf of Fusion People Training.

The “Information Commissioner” oversees the implementation of the Act.

2. Data Protection Principles

The 8 principles set out in the Act require that personal data:

  • Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met;
  • Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;
  • Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
  • Shall be accurate and, where necessary, kept up to date;
  • Shall not be kept for longer than is necessary for that purpose or those purposes;
  • Shall be processed in accordance with the rights of data subjects under the Act;
  • Shall be protected by appropriate technical and organisational measures which shall be taken against unauthorised,

or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data; Shall not be transferred to any country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

3. Assessment Centre Procedures and Guidelines

Data collected :

The only data collected about learners will relate to their portfolio of evidence, awarding body registration and certification and funding body registration. No personal or sensitive data will be collected or stored on any other person with the exception of Assessor CVs and qualifications to meet awarding body requirements.

Data Usage :

Data will not be used for any other purpose other than assessment, verification and certification of candidate portfolios. At all times awarding body guidelines on data protection will be strictly adhered to.

Data Storage and Retention :

Data will be stored with the following retention guidelines:

Student work (E-portfolios) Three years after completion of course Internal and external verification In case of student appeals
Internal Verifiers Records Three years after completion of course Awarding body and Audit requirements and inspection
Apprenticeship and SFA paperwork Six years after the current SFA and audit requirement

Security :

All data will be stored securely. Any examination papers will be kept in a locked safe, and invigilated following awarding body procedures.

Email :

Personal or sensitive data will not be discussed via email.

Giving of References :

Feedback to assessors and learners will be given following awarding body policies. References for assessors and learners will not be given but referred to the Employer.