Data Protection

1. Introduction

APPLIED FIRST AID are committed to the rules of data protection and abiding by the eight data protection principles. These are the principles that must be satisfied when obtaining, handling, processing, moving and the storage of personal data.

As a first aid training centre, APPLIED FIRST AID need to collect and process information as required by ITC First Aid awarding body and its regulators. APPLIED FIRST AID is therefore considered the Data Controller and its course candidates and employees the Data Subjects.

1.0 The 8 Data Protection Principles
a) Data must be obtained and processed fairly and lawfully
b) Data must be obtained for a specified and lawful purpose
c) Data must be adequate, relevant and not excessive for its collection purpose
d) Data must be accurate and kept up to date
e) Data must not be kept for longer than is necessary for its purpose
f) Data must be processed in accordance with the Data Subject’s rights
g) Data must be kept safe from unauthorised access, accidental loss or destruction
h) Data must not be transferred to a country outside the European Economic Area

1.1 Data Subjects Rights
a) To know what information is held by APPLIED FIRST AID about them and why
b) Know how to gain access to it
c) Know how to keep it up to date
d) Know what APPLIED FIRST AID does to ensure compliance with its legal obligations

2.0 Data Collection
APPLIED FIRST AID collect as part of the booking and registration process of qualification delivery.
APPLIED FIRST AID collect and retain data as part of their APPLIED FIRST AID trainer and staff administrative tasks

3.0 Data Storage
APPLIED FIRST AID will ensure that:
a) Data is held securely such as password protected computer, locked cabinets/drawers, encrypted, computers have appropriate virus/data protection software appropriate to the business
b) Course registrations (which includes, name, address, contact details, colour, race, signature) are removed from sight and access of other course candidates immediately after completion
c) Data is not disclosed or shared orally or in writing to any unauthorised party
d) APPLIED FIRST AID will download course candidate data to their part of the ITC website and promptly submit all documentation to ITC. Data submitted will only be viewable via individual unique User log on and password of APPLIED FIRST AID and ITC First Aid.
e) APPLIED FIRST AID will not share their log on and passwords with any unauthorised individuals or companies.

4.0 Data Retention
a) APPLIED FIRST AID will retain any data in accordance with ITC retention periods currently 5 years.
b) APPLIED FIRST AID will review its necessity to retain data once it has been submitted and accepted by ITC

5.0 Data Destruction

a) APPLIED FIRST AID will ensure it destroys data in a confidential manner ie shredding of paper documents, deletion from computer systems
b) APPLIED FIRST AID will ensure it does not retain data longer than is required for the purpose of training

6.0 Subject Access
Any party who has provided personal data to APPLIED FIRST AID have the right to request what information is stored and its content.

Access request may be made in writing by letter or email to the APPLIED FIRST AID who will discuss the request with the data subject.

Data will be provided in accordance with the subject’s Rights of Access under Data Protection Act.

7.0 Breaches of Data Protection
a) Breaches or suspected breaches should be reported to the APPLIED FIRST AID who will make the necessary investigations and provide a response to the informant within 3 weeks of receipt.
b) Breaches may also be raised with ITC First Aid by contacting their office either via email, telephone or in writing.