fbpx

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

1. What we’re storing: 

We store only necessary information, as provided by you to complete your training and register you for any funding or qualifications with the appropriate regulatory authorities.

2. Why we need to store your data:

Most of our training programmes are funded by organisations such as The Skills Development Scotland Ltd. who requires information on their trainees to be kept in line with their regulations. Similarly, our qualifications are accredited by other regulatory bodies such as the Scottish Qualifications Authority and they likewise require information on their candidates to be kept for a certain period of time. We comply with these regulatory bodies in the type of data stored and the length of time and do not store data over and above their requirements.

3. How we’re storing it:

Your digital data is encrypted both at rest and in transit, and our site and storage processes are architected for security. Storage of hardcopy paperwork is required by certain regulatory bodies for the delivery of some of our training programmes. Hardcopy paperwork is stored in a locked room and in a locked cabinet. We only store hard copies when required and for no longer than required. Hard copies are destroyed on site as soon as they’re no longer required.

4. Who can access it:

We have extensive internal access controls and regulations for the Sixth Sense Training team, who only have access to data under limited conditions. All of these staff have all been security checked. Within our digital storage facilities, we set permission levels for all employees to restrict access to sensitive materials. Your hardcopy paperwork is stored in a locked room and in a locked cabinet only accessible by authorised personnel. We follow the principles of the General Data Protection Act of May 2018. We have a designated Data Protection Officer, and accountability and privacy are principles that are integral to our company standards.

 Our core compliance with the act means we:

  • Have full awareness of where any of your data is being held & when outside the EU, ensuring appropriate compliance is in place
  • Ensure that only those who require access to your data are able to & we have the highest level of protection against unauthorised access
  • Ensure you have the right to view, amend, export or delete any information that we hold on your behalf. This includes anything held by 3rd party services
  • Make sure that consent is given during the sign-up process for all that use Sixth Sense Training and allowing you to withdraw this at any time. Note: As the storage of personal information is required for us to record your completion of certain training programmes completion of your training programme will be affected should you ask us to withdraw your consent to store personal information.
  • You’re able to review the exact standards we hold ourselves to via our Privacy Policy.
  • Our Data Protection Officer is on hand should you have any concerns or issues, they can be contacted at [email protected]

Frequently asked questions

Are you compliant with the GDPR?

Based on our self-assessment and that of our external Data Protection Officer we are currently compliant.

Who is the official Data Protection officer for your organisation?

Jamie McBean. You can contact them via [email protected] for any GDPR enquiries.

 Do you market 3rd party services to your customers?

No.

How long do you retain our employee data?

Your digital and hardcopy data is stored only for as long as required by the relevant regulatory bodies. Those funding and accrediting your training programme.

Where is our data held?

Within the EU.

If we were to ask you to remove all data we have provided you on an employee are you able to do that in a timely fashion?

Of course – please email [email protected] with subject GDPR. But be aware that this will no doubt prevent you from completing your training programme.

Do you have a process in place for reporting personal data breaches to those affected and to the relevant data protection authority, and in some circumstances, to the affected data subjects, where feasible, within 72 hours of having become aware of it?

Yes, we do.

GDPR Image