The General Data Protection Regulation (GDPR)
As you know the European GDPR comes into force on 25th May 2018. This page is to tell you what
Of course, your data has always been protected, but the new GDPR gives individuals new rights and freedoms not afforded by the current Data Protection Act.
- ‘Personal data’ means any information that may (either on its own or in combination with other information) be capable of identifying a living person.
- ‘Processing’ includes anything from using, collecting, storing, accessing, deleting, extracting or transferring.
|Name of Supplier|
|Is EduCare a Data Controller?||Yes|
|Is EduCare a Data Processor?||Yes|
|Does EduCare have a Data Protection Officer?||No. Due to the nature of EduCare’s service and data management, there is no requirement for this post.|
|Who is the senior person responsible for information security and data protection at EduCare?||
Information security and data protection is a standing agenda item for EduCare Board Meetings.
|Who is the senior person with overall responsibility for security at EduCare?||Liz Arnold|
|What service is EduCare providing?||EduCare provides customers with licensed access to its Online Learning Service – www.myeducare.co.uk - whereby learners can gain essential knowledge on a wide variety of duty of care and safeguarding topics. Learners complete training modules and answer corresponding questionnaires with access to additional learning resources to support the learning. Downloadable personalised certificates evidence course completion and confirm the CPD credits achieved. The robust reporting suite provides organisations with learner status reports on training progress and completions.|
|In providing this service, is EduCare processing personal data belonging to its customers?||
Yes. The organisation data (organisation name, address, URL, key business and contact information) is stored securely on EduCare’s Customer Relationship Management (CRM) system for the purpose of managing the relationship and service, ensuring satisfaction and awareness of products and developments.
The organisation’s individual learner data (first/last name and email) is stored on EduCare’s Learner Management System (LMS) to enable learners to access the LMS, complete courses, questionnaires, access resources, record learning progress and download personalised certificates.
|Does EduCare process sensitive special category data?||No.|
|What security standards does EduCare have in place to keep personal data secure?||
We take customers privacy and security very seriously.
EduCare’s robust quality processes meet the ISO 9001:2015 British Standards Institute.
Preparations for GDPR readiness:
|What policies and procedures are in place and how does EduCare ensure they are followed?||
We maintain a Quality standard and all staff are trained to follow the processes within the scope of the standard. ISO 9001:2015.
We have also created/updated:
|How often are EduCare policies and procedures reviewed?||Annually.|
|Does EduCare appoint other companies or organisations to process personal data?||
Yes. EduCare works with external third-party service providers to support and host the LMS, the IT infrastructure and website, plus professional services such as accountants, auditors and marketing agencies who assist us in carrying out business activities.
EduCare carries out due diligence on third-party suppliers related to their position on GDPR. All our systems are located
Access to organisation data and individual learner data is only allowed when required by law. We do not, and will never, sell or share your personal information with third parties for marketing purposes.
|Does EduCare ever transfer personal data outside the UK? If so, please specify where.||We may process some data outside of the EU. Our LMS stores data with Amazon Web Services (AWS) and they meet the EU-US Privacy Shield framework adopted by the European Commission. This complies with data protection requirements and GDPR legislation when transferring data outside of the EU. For more information, please see here.|
|Who has access to the data regarding customer data subjects?||Our customer services team have access to the data for the purpose of service set-up, training and to support learners with day-to-day needs
|Does EduCare have signed contracts and statements of works between the data controller, data processor and third parties?||Yes. Contracts are reviewed annually, or when renegotiating continuity of service.|
|Does EduCare, as the data processor, have a written contract?||
Yes. The agreement and Service Level Agreement (SLA) form part of EduCare’s quotation process, which customers agree when finalising the sale.
Please also view EduCare’s general terms and conditions here.
These would have been signposted to you and agreed at the point of quotation and service delivery.
|How is this data gathered?||
Learner data is currently exchanged via CSV file with our customer services team. The purpose of the CSV file is to enable our staff to upload your learners to the LMS and they can start their training.
Once this upload is completed, the CSV is securely stored on our CRM system for record keeping and future amendments. CSV files can be encrypted on customer request.
From May/June 2018, we will be introducing a secure online form whereby customer administrators can directly upload and edit learners on the LMS without the need for CSV files.
|How does EduCare ensure consent for the data’s use has been obtained by the Data Controller?||When the customer confirms their agreement to purchase the service from EduCare, consent is agreed between the parties at this stage, as mentioned in the T&Cs.|
|How will data be provided in response to
||A subject access request will follow our internal process and be responded to within the period required by law. Please view our privacy statement here.|
|What happens to personal data when the service contract ends?||