Learning Curve Group is committed to ensuring that your personal information is used properly and is kept securely. This Privacy Policy explains how we will collect and use your personal information. This policy explains the privacy practices for our services. We'll refer to our website and our apps as our "Services".
Who are we?
If you have any questions about your personal information, please get in touch with us by emailing data.protection@learningcurvegroup.co.uk.
Learning Curve Group (a trading name of Learning Curve (NE) Group Limited, Learning Curve (JAA) Limited and Learning at Work Limited). Learning Curve Group is registered as a data controller with the Information Commissioner under reference: Z904602X. Learning Curve Group is a company registered in England and Wales with company number 06388790. Our registered office is at Dunelm Rise, Durhamgate, County Durham DL16 6FS. Below is a list of all Learning Curve Group entities.
When Does This Policy Apply?
This policy only applies to personal data that Learning Curve Group handles as a Controller (meaning where Learning Curve Group controls how and why your personal data is processed). This includes when you:
Visit or interact with the learningcurvegroup.co.uk website, our branded social media pages, and other sites which we operate (collectively, our EdTech Suite of products)
Interact with us in person, such as when you visit our academies; and
Inquire about or engage in undertaking a course with us.
Changes: We may update this policy from time to time. Please check back periodically for updates. When required under applicable law, we will notify you of any changes to this policy by posting an update on our Privacy policy webpage or in another appropriate manner.
What information we collect?
We collect various types of personally information from you during your use of our services.
|
Personal data we will collect |
|
|
1. Learners |
|
|
|
|
2. Job Applicants/Seekers |
|
|
|
How is it being collected?
Most of the Personal Information we process is provided to us directly by yourself or indirectly by:
- A third party with your consent, e.g.: consultants and other professionals (schools/colleges).
- Your employer.
- Learning Records Service (LRS (e.g., Unique Learner Reference / Number (URL/URN), ESFA etc.).
- Our website by you expressing interest in one of our courses—we also use cookies on our website (for more information on cookies, please see our cookies policy).
- Our information technology (IT) systems, e.g.: e-Assessor portal, automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email, and instant messaging systems.
However, we may access information from other sources. Such as when visiting our website and as we are trying to make it as user-friendly as possible, to provide you with all the available features. We collect specific data from the device you used to access our website (for more information on cookies, please see our cookies policy).
Children’s privacy
Our Web sites and Services are not directed to children under the age of 16, and we do not knowingly collect personal data directly from children. If you are a parent or guardian of a minor child and believe that the child has disclosed personal data to us, please contact us using the details provided in “What rights do you have regarding your personal data” section below.
How will it be used?
Under the UK General Data Protection Regulation 2018 (UK GDPR), we can only process your personal data if we have a proper legal basis for doing so, e.g.:
- For the performance of our contract with you or to take steps at your request before entering a contract.
- To comply with our legal and regulatory obligations to the Department for Education (DfE) and the Equality Act, health and safety Law, safeguarding and Child Protection.
- For our legitimate interests as a business. For example, using data for marketing purposes.
- Process special category data if it is necessary for reasons of substantial public interest. This might include safeguarding measures, health and safety requirements, or other regulatory obligations.
- Where you have given us your consent.
Legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests and we have conducted a Legitimate Interest Assessment (LIA).
The table below explains what we use (process) your personal data for and our reasons for doing so:
|
What we use your personal data for |
Our reasons |
|
To provide educational services to you |
For the performance of our contract with you or to take steps at your request before entering a contract. |
|
To provide recruitment services to you |
For the performance of our agreement with you or to take steps at your request before entering a contract. |
|
Conducting checks to identify our learners and verify their identity |
To comply with our legal and regulatory obligations. |
|
Gathering and providing information required by or relating to audits, enquiries, or investigations by regulatory bodies |
To comply with our legal and regulatory obligations. |
|
Ensuring business policies are adhered to, e.g., policies covering security and internet use |
For our legitimate interests or those of a third party, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you. |
|
Operational reasons, such as improving efficiency, training, and quality control |
For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price |
|
Preventing unauthorised access and modifications to systems |
For our legitimate interests or those of a third party, i.e., to prevent and detect activity that could be damaging for us and for you. To comply with our legal and regulatory obligations. |
|
Updating records |
For the performance of our contract with you or to take steps at your request before entering a contract. To comply with our legal and regulatory obligations. For our legitimate interests or those of a third party, e.g., making sure that we can keep in touch with our clients about existing and new services. |
|
Ensuring safe working practices, staff administration and assessments |
To comply with our legal and regulatory obligations. For our legitimate interests or those of a third party, e.g., to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you. |
|
Marketing our services to:
|
For our legitimate interests or those of a third party, i.e., to promote our business to existing and former learners. |
|
External audits and quality checks, e.g., for…. |
For our legitimate interests or a those of a third party, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards. To comply with our legal and regulatory obligations. |
|
Safeguarding concerns |
To comply with our legal and regulatory obligations. |
When it's in our "legitimate interest" we need to use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party's) interest and which doesn't involve overriding your privacy rights.
How long we keep your information?
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe that there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We will retain your personal information after we have finished providing our services to you. We will do so for one of these reasons:
- To respond to any questions or complaints made by you or on your behalf.
- To show that we treated you fairly.
- To keep records required by law and/or funding criteria.
We will not retain your information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of data.
When it is no longer necessary to retain your personal data, we will delete or anonymise it.
Who we share it with?
We share your information with companies that give services to us. Here we mean companies that help us to provide services we use and need to process details about you for this reason. We share as little information as we can and encrypt and/or make it impossible for you to be identified by the recipient where possible (for instance by using a User ID rather than your name).
We routinely share personal data with:
- Employers.
- Government funding agencies (including the Apprenticeship Service where applicable).
- FE Providers/Colleges.
- Our group companies.
- Our insurers and brokers.
- External auditors, e.g., in relation to ISO accreditations and the audit of our accounts.
- External service suppliers, representatives, and agents that we use to make our business more efficient, e.g., marketing agencies, document collation or analysis suppliers.
- End Point Assessment Organisations (EPAO).
- Software suppliers (e.g., Maytas, Advanced etc).
- Awarding Organisations for certification.
- Cloud computing power and storage providers like Microsoft Azure.
- Companies that help us with marketing (but we won't share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out at any time. We may contact you by email, text, WhatsApp message or by phone cal.
- Software companies we use for contacting leads like Salesforce and AI powered enquiry resolution, or for web chat or in-app chat like LiveChat.
- Companies that provide single sign-on services for creating an account and logging into our Service, like Microsoft Azure.
- Anyone you give us permission to share it with. We tell you in our “Service” when we need your consent to share your data with peers, training providers, employers, recruiters, career professionals and other third parties or users.
We only allow our service providers to handle your personal data if we are satisfied, they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers relating to ensure they can only use your personal data to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal data with other parties, such as potential buyers of some or all our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
We will not share your personal data with any other third party.
How do we protect and store your information?
We endeavour to store all information within the UK, but we may transfer and store the data we collect from you somewhere else inside the EU. No data will be shared outside of the European Union. People who work for us or our partners might also process your data. We may share data with organisations and countries that:
The European Commission says the country or organisation has adequate data protection, or we've agreed to standard data protection clauses approved by the European Commission with the organisation.
Keeping your personal data secure
We take all appropriate security measures to prevent personal data from being accidentally lost, used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We employ a 3rd part Security Operation Centre (SOC) to deal with any suspected or suspicious activity that could lead to a data breach. We also uphold our Cyber Essentials Plus certification annually to ensure that we are meeting our security requirements. We will notify you and any applicable regulator of a suspected data breach where we are legally required to do so.
What rights do you have regarding your personal data?
You have the following rights, which you can exercise at any time:
|
Access |
The right to be provided with a copy of your personal data |
|
Rectification |
The right to require us to correct any mistakes in your personal data |
|
To be forgotten |
The right to require us to delete your personal data—in certain situations.
Please contact us directly if you wish to discuss this further. |
|
Restriction of processing |
The right to require us to restrict processing of your personal data—in certain circumstances, e.g., if you contest the accuracy of the data |
|
Data portability |
The right to receive the personal data you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party—in certain situations |
|
To object |
The right to object:
At any time to your personal data being processed for direct marketing (including profiling);
In certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests. |
|
Not to be subject to automated individual decision-making |
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the guidance from the UK Information Commissioner’s Office (ICO) on individuals' rights under the General Data Protection Regulation: For the public | ICO
If you would like to exercise any of those rights, please:
- Complete the data protection submission form on our website Data Protection Submission Form - External; or
- Let us have enough information to identify you (e.g., your full name, address, and learner reference number (if applicable)).
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill. These will be deleted once identity has been confirmed).
If you make a request, we have 30 days to respond to you.
Please contact us at data.protection@learningcurvegroup.co.uk or 01388777129 if you wish to make a request.
How To Complain?
If you have any concerns about our use of your personal information, you can make a complaint to us in writing to our registered office is at Dunelm Rise, Durham Gate, County Durham DL16 6FS or you can email data.protection@learningcurvegroup.co.uk.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: Information Commissioner's Office
The UK's supervisory authority is the Information Commissioner's Office (ICO). For more details, you can visit their website.