- Like to know more about WGTA ?
Call: (01926) 428490
Warwickshire Garage & Transport Group Training Association Limited (WGTA) is committed to protecting your privacy. When you interact with us by phone, mail, in person or online, we sometimes receive personal information about you. This policy document tells you about how we collect, use and store your personal information. Please read this carefully to understand how we collect, use and store your personal information.
The General Data Protection Regulation (GDPR) Regulation (EU) 2016/679
The Data Protection Act 1998
(non-personal identification information)- We may collect non-personal identification information from Users whenever they interact with our Site. This type of information may include the browser name, the type of computer and technical information about the User’s means of connection to our Site, such as the operating systems and the Internet service providers utilised and other similar information. Financial information such as credit card information is not processed by our Site and therefore is not stored on this Site.
How we use collected information – WGTA may collect and use your personal information for the following purposes:
- To improve customer service-any information you provide helps us to respond to your request and support needs more efficiently
- To personalise user experience-we may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site
- To improve our Site-we may use feedback you provide to improve our products and services.
- To send periodic emails-we may use the email address to send the User information, response to their enquiry or questions and/or other requests. If the user decides to opt in to our mailing list, they will receive emails that may include company news, updates and service information. If at any time the User would like to unsubscribe from receiving future emails they should contact us via our Site.
How we protect your personal information – We take appropriate physical, electronic and managerial measures to ensure that we keep your information secure, accurate and up to date, and that we only keep it as long as is reasonable and necessary.
Sharing your personal information – We do not sell, trade or rent Users personal identification information to others.
We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and Users with our business partners and trusted affiliates for the purposes outlined above.
Your acceptance of these terms: By using this Site, you signify your acceptance of this policy and its terms. If you do not agree to this policy, please do not use this Site. Your continued use of the Site following the posting of any changes to the policy will be deemed as acceptance of those changes.
The Data Protection Act 1998 has two principal purposes:
to regulate the use by those (known as data controllers) who obtain, hold and process personal data on living individuals, of those personal data: and
to provide certain rights (for example, of accessing personal information) to those living individuals (known as data subjects) whose data is held
The cornerstones of the Act are the eight data protection principles, which prescribe:
guidelines on the information life-cycle (creation/acquisition; holding; processing; querying; amending; editing; disclosure or transfer to third parties and destruction (“the life-cycle”)
the purpose for which data is gathered and held
enshrine rights for data subjects
The Act applies to Warwickshire Group Training Association (WGTA), the Data Controller for the purposes of the Act and to anyone who holds personal information in a structured way so that retrieval is easy.
WGTA is fully committed to abiding, not only by the letter, but also by the spirit of the Act, and, in particular, is committed to the observation, wherever possible, of the highest standard of conduct mandated by the Act. This policy has been written to inform staff of their duties under the Act and to set out the standards, expected by WGTA in relation to processing of personal data and safeguarding individuals’ rights and freedoms.
All WGTA employees are expected to:
acquaint themselves with and abide by the Data Protection Principles;
read and understand this Policy;
understand how to conform to the standard expected at any stage of the life-cycle;
understand how to conform to the standard expected in relation to safeguarding data subjects’ rights (e.g. the right to inspect personal data) under the Act;
understand what is meant by “sensitive personal data” and know how to handle such data; and
contact the Data Protection Officer if in any doubt and not to jeopardise individuals’ rights or risk a contravention of the Act.
The Data Protection Principles:
The Data Protection Principles, in summary are:
Personal data shall be processed fairly and lawfully
Personal data shall be obtained only for one or more specified and lawful purposes and shall not be processed in any manner incompatible with that purpose or those purposes. Personal data shall be adequate, relevant and not excessive in relation to the purpose of purposes for which they are processed.
Personal date shall be accurate and where necessary, kept up to date
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Personal data shall be processed in accordance with the rights of data subjects under this Act
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage, to personal data.
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Best practice guidelines for the life-cycle process
Acquisition of personal data – Those wishing to obtain personal data must comply with guidelines issued from time to time by the Data Protection Officer and in particular should tell data subjects the purpose (s) for which they are gathering the data, obtain their explicit consent, and inform them that WGTA will be the data controller for the purpose of the Act and the identities of any other persons to whom the data may be disclosed. If sensitive data is being collected, explicit consent is not only best practice, it is mandatory. No more data should be collected than is necessary for the purpose(s) declared.
Holding/safeguarding/disposal of personal data – Data should not be held for longer than is necessary. Awarding Bodies, Government Agencies etc should be consulted for guidance on what is necessary for each kind of data. Personal data should be reviews periodically to check it is accurate and up to date and to determine whether retention is still necessary.
Adequate measures should be taken to safeguard data so as to prevent loss, destruction or unauthorised disclosure. The more sensitive the data, the greater the measures that need to be taken.
Processing of personal data – In this particular context, “processing” is used in the narrow sense of editing, amending or querying data. In the context of the Act as a whole, “processing” is very widely defined to include acquisition, passive holding, disclosure and deletion. Personal data must not be processed except for the purpose(s) for which it was obtained or for a similar, analogue purpose. If the new purpose is very different, the data subject’s consent must be obtained.
Disclosures and transfers of personal data – WGTA’s policy is to exercise its discretion under the Act to protect the confidentiality of those whose personal data it holds.
Employees of WGTA may not disclose any information about applicants, learners or other employees, including information as to whether or not any person is or has been an applicant, learner or employee of WGTA, unless they are clear that they have been given authority by WGTA to do so.
No employee of WGTA may provide references to prospective employers or others without the consent of the individual concerned. It is therefore essential that where WGTA is given as a referee, the subject of the reference should provide WGTA with the necessary notification and consent.
No employee may disclose personal data to the police or any other public authority unless that disclosure has been authorised the WGTA Data Protection Officer.
Transfers – Personal data should not be transferred outside WGTA and in particular not a country outside the EEA.
except with the data subject’s consent: or
unless that country’s data protection laws provide an adequate level of protection; or
adequate safeguards have been put into place in consultation with the Data Protection Officer: or
Destruction of personal data– Personal data must not be held for longer than necessary; and when such data has been earmarked for destruction, appropriate measures must be taken to ensure that the data cannot be reconstructed and processed by third parties.
Data subject’s rights of access – WGTA is fully committed to facilitating access by data subjects (applicants) to their personal data, while bearing in mind the need to protect other individual’s rights of privacy
Review – this policy will be reviewed periodically to take account of changes in the law and guidance issued by the Information Commissioner.
Data protection contacts
For general enquiries about WGTA Data Protection policy and for formal subject access requests under the Act:
The Training Director, WGTA, 44 Holly Walk, Leamington Spa, CV32 4HY
Disciplinary consequences of this policy – Unlawful obtaining or disclosure of personal date or any breach of the Data Protection Act 1998 by staff or learners will be treated seriously by WGTA and may lead to disciplinary action up and including dismissal or removal from the programmes.
WGTA hold the CYBER ESSENTIALS CERTIFICATION – FEBRUARY 2023
Reviewed December 2020
Reviewed and updated February 2021
Reviewed and updated February 2022
Reviewed and updated February 2023