Privacy Notice

W1se Angels have revised our data protection and related policies to take account of the Data Protection Act 2018 as amended on 01 January 2021 by regulations under the  European Union (Withdrawal) Act 2018 reflecting the UK’s status outside the EU. The Data Protection Act 2018 sets out the framework for data protection law in the UK and
is the UK’s implementation of the General Data Protection Regulation (GDPR). W1se Angels Ltd are a data controller for personal data processed by W1se Angels Ltd and other third parties contracted to process data on our behalf. We may also process data as a data processor on the instructions of any third parties under relevant agreements or for statutory purposes.

W1se Angels Ltd’s Data Protection Registration can be viewed on the Information Commissioner’s Office Data Protection Public Register, our registration number is: C1340250

Changes to this Privacy Notice

W1se Angels Ltd have updated its data protection and related policies, combining them in one document “Data Protection, GDPR, IT Security, Data Retention and Disposal Policy” in order to ensure that our policy and procedures are consistent, straight forward and in compliance with the Data Protection Act 2018 and any changes made as a result of the UK’s exit from the EU.

The company may amend this Privacy Notice from time to time. If we make any substantial changes in the way, we use your personal information we will make that information available by amending this notice.

We have included a “GDPR Summary of Key Facts” below and this Notice refers to the terms used therein.

W1se Angels Ltd continues to train our staff in its responsibilities when handling personal data.

​

Children and privacy

The Company does not knowingly solicit personal information from children under the age of 13 or send them requests for personal information.
 

Security

The security of the company’s systems which process and store data are regularly reviewed, assessed and checked in line with GDPR requirements for the evaluation of the effectiveness of the security measures we have in place.
Data is securely deleted when it is no longer required.

Rights of the Data Subject

The law requires W1se Angels Ltd in its capacity of the data controller and data processor to provide you, the data subject, with Individual Rights (See GDPR Summary of Key Facts). We will only ask you to provide personal information to us voluntarily, that is with your consent. However, without providing us with your personal information, you may not be able to undertake funded or other educational provision with us.

Where you request any information held on our systems about you, we aim to provide it free and within 30 working days of such written request being received by us. However, we may charge for additional copies. We will only charge a fee or refuse such request if in our reasonable opinion the request is ‘manifestly unfounded or excessive’ or it contains information about other individuals. If so, we may ask for a reasonable fee for administrative costs associated with the request.
 

Questions or concerns about personal data

If you have any questions or concerns about our collection, use, or disclosure of your personal information, please write to the W1se Angels, info@w1seangels.co.uk or 0203 865 4277

​

Data Collection & Sharing

W1se Angels Ltd only collects and/or processes data in compliance with a Lawful Basis while adhering to the Fundamental Principles as set out in the GDPR Summary of Key Facts.

Our Lawful Basis are:
• Consent – where you have given your consent for us to use personal information in a certain way, for example to access funded educational provision.

• Performance of a Contract - where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract, for example in order to register you with an Awarding Organisation in order to achieve a regulated qualification and certification.

• Compliance with a legal obligation - where necessary so that we can comply with a legal obligation to which we are subject, for example where we are obliged to share an individuals personal information with government agencies in relation to employment law, funded educational provision or to ensure safe recruitment decisions are made for the safeguarding of children and of individuals at risk.

​

• Performance of task carried out in the public interest – for example for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to funded educational provision.

Legitimate interests - that is in the interests of running of W1se Angels Ltd as a commercial entity, for example in ensuring that appropriate levels of accredited awards or other recognition of achievement are granted in line regulatory or other stakeholder requirement. Where we share data with a third party who undertakes work for us, we require that the sharing is undertaken under contract and is subject to a data sharing agreement, specifying the secure management of the data. Data might also be shared with other bodies, as informed to learners, for the purposes of those organisations fulfilling their own lawful purposes.

Such sharing is undertaken using a standard data sharing agreement for specified legitimate and restricted purposes.

In the event that a third party is unable to continue the delivery of training or provision of any other such services under a contract with W1se Angels Ltd (for example, where a training provider is a limited company that is dissolved,) W1se Angels Ltd will endeavour to make arrangements for secure transfer of information, including the learner’s personal data, from the former training provider in order to support the learner in their continued learning.

The data W1se Angels Ltd collects enables effective delivery of training, educational provision and apprenticeship programmes to Learners both online and face to face.

Types of information we ask for can include:
• When you visit our website or our virtual learning environment
• The type of devices you have access to
• Your name, age or date of birth
• Your contact details including address, email address and telephone numbers
• National Insurance Number
• Your ethnicity or national origin
• Emergency contact or next of kin details
• Educational achievements
• Employment history
• Health information
• Support needs
• Your learning progress information and learning portfolio
Communication between yourself and W1se Angels including Preferences and Interests When you visit our premises, for example, where CCTV is used.

What do we use the data for?

We use the information collected from you for enrolment and engagement through to completion of training programmes as well ensure your programme of learning is funded.

We may contact you requesting evaluation and feedback throughout the course of your programme and for up to 24 months following completion of your programme as well as recording any positive outcome as a result of the training you have completed, e.g. securing employment.

We will use your information to ensure we protect your health, safety and welfare throughout your journey with us.
 

We will use your information for our own internal record keeping.

​

Who do we share the data with?

The data is used by the W1se Angels Ltd and third parties acting under a contract with the Company to perform statutory functions as set out in the Apprenticeships, Skills, Children and Learning Act 2009 and for the exercise of functions of the Crown, a Minister of the Crown or that government department or for any such lawful purpose. Information provided by learners may be shared with other organisations for purposes of administration, the provision of career and other guidance and statistical and research purposes, relating to education, training, employment and well-being. Other organisations include the Department for Works and Pensions, Local and Combined Authorities in England, the Greater London Authority, educational institutions and organisations performing research and statistical work on behalf of the Department for Education, or partners of those organisations and carefully selected partner organisations.

The learner data processed by W1se Angels Ltd is known as the Individualised Learner Record (ILR). This personal data is used by the Education and Skills Funding Agency (ESFA) to issue learners with a Unique Learner Number (ULN), and to create and maintain the Personal Learning Record. Information held in the Personal Learning Record is shared with third parties such as providers of learning. Further details of how this personal data is processed for these purposes are published for the Learning Records Service.
We may also share this data with potential employers, auditors and other regulatory bodies such as OFSTED, and parents and guardians where applicable.
We do not share, sell or rent your personal information to third parties for marketing purposes.

Registering for Training, Education and Apprenticeships

Individuals can apply for and be kept informed of training, education, apprenticeship or other educational provision opportunities with W1se Angels Ltd. Personal data is also processed to match registered candidates to vacancies including for those with employers or providers offering interviews.
W1se Angels Ltd may act on behalf of employers to sift and shortlist candidates for interview that meet the criteria set by the employer. This enables us to deliver the training or support programmes and to search for apprenticeship vacancies or other educational provision and pass details on to other partner organisations for the purpose of providing careers advice and guidance.

 

GDPR – SUMMARY OF KEY FACTS

Purpose
• The GDPR provides privacy for individuals and gives powers to regulatory authorities to take action against data controllers and data processors who don’t comply with it. Penalties
• Fines of up to 4% of annual worldwide turnover or £17.5M for non-compliance with GDPR and/or with the ICO
Wider Scope
• Applies to all organisations worldwide who provide goods or services to individuals within the UK or who monitor their behaviour.
• Data Processors have direct regulation obligations to fulfil
• Special categories of data are defined with additional rules
Individual Rights
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling.
Fundamental Principles
• Lawfulness, fairness and transparency - Personal data is processed fairly and lawfully
• Purpose limitation - Personal data is obtained for one or more specified and lawful purpose(s) and is not be further processed in a manner incompatible with that purpose(s)
• Data minimisation - Personal data will be adequate, relevant and not excessive in relation to those purposes
• Accuracy - Personal data will be accurate and where necessary kept up-to-date
• Storage limitation - Personal data will not be kept for longer than is necessary for that purpose
• Integrity and confidentiality (security) - Personal data will be processed in accordance with the rights of the data subject under the DPA
• Accountability - Appropriate technical and organisational measures will be taken against
or unlawful processing of personal data and against accidental loss destruction or damage
 

Data Controllers

• Need to be able to demonstrate compliance
• Appointment of Data Protection Officer
• Mandatory Privacy Impact Assessments
• Privacy by design and default
• Data breaches must be reported within 72 hours of the Data Controller becoming aware of it
 

Supervisory Body

• The Information Commissioners Office (ICO) is the supervisory body in the U