Privacy Policy

Data Controller
Qualsafe Awards (QA) (a trading name of Qualsafe Limited), City View, 3 Wapping Road, Bradford, West Yorkshire, BD3 0ED.

Qualsafe Limited Data Protection Officer
Paul Griffiths, City View, 3 Wapping Road, Bradford, West Yorkshire, BD3 0ED.

Legal Basis

QA is an Ofqual approved Awarding Organisation and, as such, is regulated in line with Section 134 of the Apprenticeships, Skills, Children and Learning Act 2009. This means that Qualsafe Awards has a legal obligation to comply with the General Conditions of Recognition issued by Ofqual which includes the requirement to abide by all applicable Data Protection Laws. As a regulated Awarding Organisation, Qualsafe Awards is approved by Government to carry out all functions associated with designing, developing, delivering, awarding and certificating regulated qualifications. QA also has a legitimate business interest in sending marketing information and materials to customers for business purposes.

QA therefore undertakes to capture, process and retain all data obtained from individuals and businesses in line with the requirements of all applicable Data Protection Laws, including the UK Data Protection Act, General Data Protection Regulation (GDPR) requirements, Privacy and Electronic Communications Regulation (PECR) and EU Data Protection Directive 95/46/EC (when managing EU business and personal data). QA will capture, process and retain data from the following categories of data subjects:

Prospective/Approved Centres

QA will capture, process and retain data that is submitted by telephone, email or online when a customer requests a Centre Application Pack and/or further information on Centre Approval. Data for any prospective Centre and staff members acting as key contacts at prospective Centres will be captured, processed and retained when a Centre Approval Application Form is submitted. This data will be used for the purposes of:

• processing the Centre Approval Application and carrying out normal due diligence, including requesting any further information required from the applying Centre
• populating our in-house data systems to create a Centre profile
• contacting the Centre (once approved) on matters relating to their account
• arranging QA’s external quality assurance activity
• automatically calculating a risk rating for the Centre. This rating can either be low, medium or high. The rating is calculated based on the risk of the qualifications the Centre is approved to deliver, the quality assurance record of the Centre and the risk rating of the Trainers/Assessors/IQAs approved to deliver QA qualifications at the Centre. The Centre risk rating is used to calculate the level of internal and external quality assurance required for the Centre
• invoicing for payments due and making invoicing enquiries
• issuing reminders regarding insurance policy renewal dates
• processing appeals received from Approved Centres against decisions made by QA which directly affect them
• creating customised course delivery materials and qualification certificates for the Centre
• complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA)
• supporting investigation activity carried out by QA or the Qualification Regulators
• sending updates and marketing materials*

There is no statutory requirement for prospective or approved Centres and/or staff to consent to QA capturing, processing and retaining their data. However, if a Centre and/or Centre staff chooses to withdraw consent then:
• QA will be unable to process any Centre Approval Application Form submitted if consent is withdrawn prior to this being completed
• if a Centre holds QA approval, this approval will be withdrawn and we will be unable to process the details of any training courses delivered or any requests to award qualifications and issue certificates to Learners. In order to become a QA approved Centre there is a requirement to agree to the contents of a Data Management Contract. This contract outlines the roles and responsibilities of QA and the approved Centre, who act as Joint Data Controllers, and this agreement requires that both parties agree to manage all data in line with GDPR requirements.

*Prospective and Approved QA customers are not able to opt out of communication relating to the updating and maintenance of their account as this is necessary for the fulfilment of the contract between QA and the customer. Prospective and Approved QA customers are provided with an opportunity to opt out of Qualsafe Limited marketing messages at the time of submitting their details and when receiving all subsequent marketing communication. Some data may be used to carry out limited manual profiling of customers, for the purposes of tailoring marketing messages. Limited customer data is transferred to our email management system (held and managed on secure servers) and email addresses may also be shared with secure advertising platforms including Google and Facebook in order to tailor marketing messages.

From time to time, QA may also use secure third parties (eg Survey Monkey) to capture, process and retain customer feedback. QA customers have the option to provide such feedback anonymously, however the details they provide and IP addresses used will be captured, processed and retained by QA for a period of a year. Customers who provide their name may have their existing QA records and/or profiles updated with the information captured for the purposes of informing QA customer communications and ongoing business activity.

Trainers/Assessors/IQAs

QA will capture, process and retain Trainer/Assessor/IQA data when a completed approval application is submitted and this data will be used for the purposes of:

• processing the approval application and carrying out normal due diligence
• populating our in-house data systems to create a Trainer/Assessor/IQA profile
• recording training, assessment and internal quality assurance activity carried out at the Centre by the Trainer/Assessor/IQA
• awarding QA qualifications that have been successfully completed by the Trainer/Assessor/IQA
• issuing certificates for qualifications that have been awarded to the Trainer/Assessor/IQA
• making decisions on whether or not qualifications should be awarded to Trainers/Assessors/IQAs based on evidence presented to claim Recognition of Prior Learning (RPL)
• producing a Learner record of achievement for the Trainer/Assessor/IQA on our in-house data systems
• complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA)
• checking certificate verification requests received from external sources
• analysing, producing and exchanging statistical information with external stakeholders
• creating a risk rating profile based on the quality assurance activity carried out at Centre level. This risk rating profile will be used to determine what further quality assurance activity requires to be carried out and also the level of external quality assurance that QA may carry out arranging training and continuing professional development (CPD) events
• sending reminders to Trainers/Assessors/IQAs when requalification is required
• processing appeals received from Trainers/Assessors/IQAs against decisions made by QA which directly affects them
• sending updates and marketing materials*

There is no statutory requirement for Trainers/Assessors/IQAs to consent to Qualsafe Awards collating, processing and retaining their personal data. However, if a Trainers/Assessors/IQA chooses to withdraw consent then QA approval will be withdrawn and QA will be unable to process any paperwork submitted by them for courses delivered or action any requests to award qualifications and issue certificates.

Learners

When any Learner completes the registration process at a QA approved Centre, the Centre will transfer the data to QA (who act as Joint Data Controllers with the approved Centre). QA will capture, process and retain Learner data obtained through the registration and assessment processes (including Learner Feedback Forms) for the purposes of:

• assessing evidence provided in support of claims for the Recognition of Prior Learning (RPL) from Learners
• making decisions on whether or not qualifications should be awarded based on assessment evidence
• awarding QA qualifications that have been successfully completed
• issuing certificates for qualifications that have been awarded
• producing a record of Learner achievements on our in-house data systems
• planning, preparing and carrying out quality assurance activity in line with our own policies and regulatory requirements
• complying with requests for information from the Qualification Regulators in England, Wales and Northern Ireland (Ofqual, Qualifications Wales and CCEA)
• checking certificate verification requests received from external sources
• processing appeals received against assessment decisions made which directly affect them
• analysing and producing statistical information for internal review purposes

There is no statutory requirement for Learners to consent to Qualsafe Awards collating, processing and retaining their personal data. However, if a Learner chooses to withdraw consent then QA will be unable to process any course paperwork submitted for them or action any requests to award qualifications and issue certificates.

Complainants

QA has a Customer Complaints Policy and Approved Centre staff, Trainers/Assessors/IQAs and Learners have the right to make a complaint when they are unhappy with goods or services that have been provided by QA. When receiving the details of any complaint, QA will use the data provided for the purposes of:

• logging and processing the details of the complaint
• carrying out and investigating the scenario outlined in the complaint
• making decisions based on the findings of any investigation
• informing the complainant of the outcome of their complaint
• informing any affected parties of the outcomes and actions required (should there be any)

Whistleblowers

QA has a Whistleblowing Policy and Approved Centre staff, Trainers/Assessors/IQAs and Learners wishing to make a report should complete and submit a Whistleblowing Report Form (included in the Policy document). QA will manage all information received in line with the applicable legislation and use the data provided for the purposes of:

• logging and processing the whistleblowing report provided
• carrying out and investigation into the scenario outlined in the report
• making decisions based on the findings of any investigation
• informing the Whistleblower of the outcome of the information they provided
• informing any affected parties of the outcomes and actions required (should there be any)

Data Transfers

Data transferred from QA approved Centres will be transferred as outlined in the Data Management Contract and this ensures that all necessary safeguards are in place to ensure data security as required by the DPA, GDPR, PECR and EU Data Protection Directive 95/46/EC (where applicable). All QA approved Centres are based within the European Economic Area (EEA) with the exception of those based in South Africa and Qatar for which QA has carried out all necessary due diligence to ensure appropriate mechanisms for data transfer and security are in place.

QA will not transfer personal data to any other company or organisation without your request or prior consent, with the exception of requests that may be received from the Qualification Regulators to which QA must respond to in order to meet with our regulatory obligations and Her Majesty’s Revenue and Customs (HMRC) requests for financial information (relating to customer invoices).Data Retention

QA will retain the data captured from the above categories of Data Subjects indefinitely for the purposes of:

• responding to data requests from the Qualification Regulators
• statistical analysis for business improvement purposes
• responding to certificate verification requests from internal and external parties
• planning and carrying out quality assurance activity.

Individual Rights

QA will capture, process and retain personal data in line with GDPR requirements. Your individual rights in line with these requirements include the:

• right to be informed of how we use and process your personal data
• right of access to any personal data that we retain about you
• right to rectification of any personal data that we retain about you that you believe to be inaccurate
• right to erasure when there is no legal justification or legitimate business interest allowing us to retain your personal data
• right to restrict processing of personal data if , for example, you think that personal data we retain about you is inaccurate or we have no legal justification or legitimate business interest to continue to retain and process your personal data. Rather than request erasure, you can make the request to restrict processing
• right to data portability should you want to move, copy or transfer your personal data from one source to another
• right to object when personal data is processed due to legitimate business interest or performance of a task in the exercise of official authority, direct marketing and research and/or statistical analysis
• rights associated with automated decision making and profiling which allow you to obtain human intervention in any such process, express your points of view on decisions or outcomes made about you and obtain an explanation of any decisions made and subject them to challenge
• right to withdraw consent to hold your personal data at any time
• right to lodge a complaint with a supervisory authority should you be dissatisfied with how we have managed your personal data (the Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest). Each EU member state has a designated data protection supervisory authority and EU customers should direct any complaints to the relevant authority in their country of origin.

Subject Access Requests

In line with these individual rights, anyone who wishes to make a formal Subject Access Request to QA in order to request personal data held on them or take some action with respect to the personal data held on them should submit the request in writing to the Qualsafe Limited. Data Protection Officer either in writing by post to Qualsafe Awards, City View, 3 Wapping Road, Bradford, BD3 0ED or by emailing thedpo@qualsafe.com

Cookies

Visitors to the QA website should be aware that information and data may be automatically collected by our website through the use of “cookies.” These are small text files that a website can use to recognise repeat visitors and facilitate the visitor’s ongoing access to, and use of, the site. They allow us to monitor usage behaviour and compile aggregate data that will help us to make improvements to our website.

Cookies are not programs that will enter any visitor’s computer system and damage their files. Generally, cookies work by assigning a unique number to the visitor that has no meaning outside the assigning site. If a visitor does not want information collected through the use of cookies, there is a simple procedure in most browsers that allows the visitor to deny or accept the cookie feature. However, please note that you may lose some features and functionality if you choose to disable cookies.

Whenever you visit our website, we automatically record the IP address that you are connecting to us from and we log the pages that are visited. We also record other details such as the operating system and web browser type being used. If a link was followed to this site, details of the search engine or website that was previously visited are recorded. This data is used only to compile general statistical information. We also use cookies to measure the effectiveness of our marketing campaigns on Google, Facebook, LinkedIn and Twitter.

Call Recording

Qualsafe Awards records customer calls and details on why we do this and how we use and store this data can be found in the QA Telephone Call Recording Policy here.

Revised April 2021