Skip to Content

Data Protection Policy

Policy PurposeScopePolicy StatementLegal and Regulatory FrameworkPrinciples of Data ProtectionTypes of Data ProcessedLawful Basis for ProcessingResponsibilitiesCollection and Use of Personal DataSharing of InformationSecurity of DataRetention and DisposalIndividual RightsData BreachesTraining and AwarenessComplaintsMonitoring and ReviewContact Details

Policy Purpose

The purpose of this policy is to set out how SCTNI Limited collects, uses, stores, protects, and manages personal data in the course of its operations. The organisation recognises that personal data entrusted to it by learners, staff, employers, awarding organisations, and partners must be handled lawfully, fairly, and securely. SCTNI Limited is committed to maintaining the confidentiality, integrity, and availability of personal information and to ensuring full compliance with applicable data protection legislation. This policy establishes the principles, responsibilities, and safeguards that underpin the organisation’s approach to data protection and privacy.

Scope

This policy applies to all personal data processed by SCTNI Limited in connection with the delivery of training, assessment, certification, business administration, marketing, and support services. It applies to all employees, contractors, tutors, assessors, internal quality assurers, consultants, and any other individuals acting on behalf of the organisation. The policy covers information relating to learners, prospective learners, staff, clients, employers, suppliers, awarding organisations, and any other identifiable individual whose data is processed by the centre, whether that data is held electronically or in paper format.

Policy Statement

SCTNI Limited is committed to processing personal data responsibly and transparently and to respecting the rights and freedoms of individuals. The organisation will ensure that personal information is collected only for legitimate purposes, processed in ways that are necessary and proportionate, and retained only for as long as required. Appropriate technical and organisational measures will be implemented to safeguard data against loss, unauthorised access, misuse, or disclosure. The centre will continuously review its practices to ensure ongoing compliance with legal and regulatory requirements and to maintain the trust of learners and stakeholders.

Legal and Regulatory Framework

All personal data will be processed in accordance with the requirements of the UK General Data Protection Regulation and the Data Protection Act 2018, together with any related legislation or regulatory guidance. SCTNI Limited will also comply with any data protection expectations or requirements imposed by awarding organisations, regulators, or contractual agreements. Where obligations conflict, the organisation will apply the highest standard of protection reasonably practicable.

Principles of Data Protection

SCTNI Limited will ensure that personal data is processed lawfully, fairly, and in a transparent manner. Information will be collected for specified, explicit, and legitimate purposes and will not be further processed in ways incompatible with those purposes. Data collected will be adequate, relevant, and limited to what is necessary for operational and regulatory needs. Reasonable steps will be taken to ensure accuracy and to correct inaccuracies promptly. Personal data will be retained only for as long as required for legitimate business, legal, or regulatory purposes and will be securely deleted or anonymised thereafter. Throughout its lifecycle, personal data will be protected through appropriate security controls to prevent unauthorised or unlawful processing or accidental loss.

Types of Data Processed

DeIn delivering its services, SCTNI Limited may process personal information including contact details, identification information, learner registration details, assessment records, certification information, financial data, employment information, and communications. In certain circumstances, the organisation may also process special category data where necessary to provide reasonable adjustments, safeguarding support, or compliance with legal obligations. Such information will be handled with enhanced care and confidentiality.ail

Lawful Basis for Processing

Personal data will only be processed where a lawful basis exists. In most cases, processing will be necessary for the performance of a contract with the learner or client, for compliance with legal or regulatory obligations, for the legitimate interests of the organisation in delivering education and training services, or on the basis of consent where appropriate. SCTNI Limited will ensure that the chosen lawful basis is documented and that individuals are informed about how their data will be used.

Responsibilities

Overall accountability for data protection compliance rests with the Centre Director or designated senior manager, who will oversee implementation of this policy and ensure that appropriate controls are maintained. Managers are responsible for ensuring that data protection requirements are followed within their areas of responsibility. All staff and associates are individually responsible for handling personal information securely, maintaining confidentiality, and reporting any concerns or breaches promptly. Failure to comply with data protection requirements may result in disciplinary or contractual action.

Collection and Use of Personal Data

SCTNI Limited will collect personal data directly from individuals or from legitimate third parties where appropriate. Individuals will be informed about how their information will be used through privacy notices and related communications. Personal data will be used only for legitimate operational purposes, including learner administration, course delivery, assessment, certification, communication, safeguarding, quality assurance, regulatory reporting, and lawful business management. The organisation will not sell or misuse personal data for unrelated purposes.

Sharing of Information

Personal data may be shared where necessary with awarding organisations, regulators, employers, funding bodies, professional advisers, or service providers, provided that such sharing is lawful and proportionate. Where third parties process data on behalf of SCTNI Limited, appropriate contractual safeguards will be in place to ensure confidentiality and compliance with legal requirements. Information will not be disclosed to unauthorised parties without a lawful basis.

Security of Data

SCTNI Limited will implement appropriate technical and organisational measures to protect personal data. These measures include secure IT systems, password protection, controlled access, encryption where appropriate, secure storage of physical records, and staff training in data protection awareness. The organisation will regularly review security arrangements to ensure that they remain effective and proportionate to the risks presented.

Retention and Disposal

Personal data will be retained only for as long as necessary to fulfil its intended purpose or to meet legal, regulatory, or contractual obligations. Once no longer required, information will be securely destroyed or anonymised in a manner that prevents recovery or misuse. Retention periods will be defined in accordance with regulatory expectations and organisational needs.

Individual Rights

SCTNI Limited respects the rights of individuals in relation to their personal data. Individuals have the right to request access to their information, to seek correction of inaccuracies, to request erasure or restriction of processing where appropriate, to object to certain types of processing, and to request transfer of their data where applicable. Requests will be handled promptly and in accordance with legal timescales. The organisation will provide reasonable assistance to individuals exercising these rights.

Data Breaches

Any suspected or actual loss, unauthorised disclosure, or misuse of personal data will be treated as a data breach and must be reported immediately to management. SCTNI Limited will investigate all incidents promptly and will take appropriate steps to mitigate risks and prevent recurrence. Where required by law, the organisation will notify the relevant supervisory authority and affected individuals within the prescribed timescales.

Training and Awareness

All staff and associates will receive appropriate guidance and training to ensure that they understand their responsibilities regarding data protection. Ongoing awareness activities will be undertaken to maintain good practice and to reduce the risk of accidental breaches or misuse.

Complaints

Individuals who are dissatisfied with how SCTNI Limited has handled their personal data may raise concerns directly with the centre. Complaints will be investigated fairly and promptly. Individuals also have the right to raise concerns with the relevant supervisory authority where they believe their data protection rights have not been respected.

Monitoring and Review

This policy will be reviewed at least annually, or sooner where changes in legislation or operational practice require revision, to ensure ongoing compliance and effectiveness. Improvements identified through audits, incidents, or feedback will be incorporated into updated procedures.

Contact Details

Queries relating to this policy or requests concerning personal data should be directed to SCTNI Limited by telephone on 028 7077 0078 or by email at info@sctni.co.uk