Skills Forward Ltd Privacy Statement
Skills Forward Ltd Privacy Statement
Skills Forward Ltd (the “we”, “us”, “our”) (registered company number 05440652) is the UK’s leading e-learning provider for English, maths and ICT assessments and learning resources.
We are committed to protecting your privacy. At all times we aim to respect any personal information you share with us, or that we receive from others, and to keep it safe. This Privacy Statement provides you with information about how your personal data will be used by us in connection with your use of our e-learning platform available at https://learning.myncfe.org.uk/cookiespolicy.htm (“Platform”).
We collect certain technical information, which may include personal data, via our Platform. We act as a data controller in respect of any such personal information. You can find further details about what information we collect and how we process it as a data controller in paragraph 1 below.
We also supply access to our Platform to various organisations to help deliver their training and educational activities. We collect and process personal data as a data processor for such organisations, in order to provide our Platform services. Our role as a data processor is explained in detail in paragraph 2 below.
- Our role as a data controller
- What personal data do we process as a data controller?
We collect certain technical information about the use of our Platform. This data may include online identifiers, such as IP addresses of the visitors to our Platform, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Platform. We collect and use this information as a data controller because we determine which data to collect and how to use it. We use trusted third-party providers who collect such information for us via tracking technologies placed on our Platform. Please see our Cookies Policy for more details: https://learning.myncfe.org.uk/cookiespolicy.htm
- Why do we process personal data as a data controller?
We collect personal data mentioned in paragraph 1.1 above to monitor and assess the impact of our Platform, for internal research purposes and to improve and further develop our services.
When you use our Platform, we will collect some additional information about your use, such as for example data about the frequency of your visits or your journey through various sites. We use it (as a data controller) for the following purposes:
- To monitor our users’ compliance with the Terms and Conditions of Use of our Platform
- To notify you about the changes to the Terms and Conditions of Use of our Platform or this Privacy Statement
- To improve and further develop our Platform and the services available via our Platform
- To ask you to leave a review or take a survey
- For research and statistical purposes
- To keep our systems secure and to prevent fraud
- To otherwise manage our relationship with the users of our Platform, including handling of enquiries and complaints, and
- To satisfy our legal obligations, for example in relation to regulatory, government and/or law enforcement bodies.
- What are the legal grounds on which we rely to process personal data as a data controller?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform or enforce our obligations under the Terms and Conditions of Use of our Platform, which create a contract between you and us
- Where it is necessary for our legitimate interests (or those of a third party, such as the organisation that granted you access to our Platform) and your interests and fundamental rights do not override those interests, and/or
- Where we need to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
- Our role as a data processor
If you are using our Platform, whether as an administrative user, teacher or a learner, you have received access and login credentials from one of such organisations. We collect and process personal data as a data processor for such organisations, in order to provide our Platform services, including:
- To create, activate, manage and support your account on our Platform
- To provide technical support services to the users of the Platform, including handling any complaints that may arise
- To provide the best and most effective learning experience, integrated with the requirements that granted you access to our Platform, and to help such organisation in the course administration
- To enable in-Platform mail between our users, and
- To effectively operate our Platform, by enabling various features and functionalities and the storage and backup of all information uploaded by our users.
Some of this information is supplied to us by the organisation that granted you access to our Platform and some of it is supplied by you, other users, and/or is collected by us through your use of the Platform.
The information that we collect and process as a data processor can be categorised as follows:
Categories of data: Your full name, email address, telephone number, contact address, country of residence
Purposes for which we use it: Setting up your account on our Platform and communicating with you for example via any messaging features on our Platform.
Categories of data: Picture (if uploaded by the user), profile information summary, preferences regarding contact method and subject matter, privacy preferences and preferences regarding participating in forums.
Purposes for which we use it: If such information is supplied by the user, we use it only to provide the account personalisation and/or choice selection features of our platform.
Additional information (only about learner users of our Platform)
Categories of data: Your date of birth, ethnicity, gender, National Insurance number, student reference number
Purposes for which we use it: This information is collected only if the organisation that granted you access to our Platform requires it in connection with the learning programme you are completing with the help of our Platform.
Use information (only about users of our platform)
Categories of data: Messages sent and received via our Platform, and if you are a learner user, your educational history and attainment, information about courses, assessments and other activities undertaken on our Platform.
Purposes for which we use it: The information is collected, stored and processed by us on behalf of the organisation that granted you access to our Platform for record keeping purposes. It also enables you to track and review your progress and activities completed to date.
Special category of personal data (only about learner users of our Platform)
Categories of data: Information about health
Purposes for which we use it: This information is collected, stored and processed by us on behalf of the organisation that granted you access to our Platform for the purpose of providing reasonable adjustments and/or special considerations (including learning difficulties, disabilities or health problems).
Please refer to the privacy notice of the organisation that granted you access to our Platform for further information about how such organisation may use the above information in its capacity as a data controller, as well as your rights in relation to your personal data.
- How long do we keep your personal information?
In relation to any personal data we process as a data processor on behalf of the organisation that granted you access to our Platform, we will only process such personal data for as long as we are instructed to do so by such organisation. This would normally be for the duration of our agreement with such organisation for the supply of Platform service, although we may need to retain some information after our agreement is terminated, for example records of any complaints or if longer retention of data is necessary in connection with legal disputes.
With respect to any personal data we process as a data controller, we will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you or the organisation that granted you access to our Platform.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
- Will we share your personal information?
We do not share, sell or rent your personal information to third parties for marketing purposes. However, in general, we may disclose your personal information to selected third parties in order to achieve the purposes set out in this Privacy Statement, including:
- Companies within our group, including NCFE
- Our suppliers, for example, IT service providers such as website hosts or cloud storage providers
- Professional service providers such as accountants and lawyers
- Parties assisting us with research to monitor the impact/effectiveness of our products and services
- The police, for example in sharing data in relation to malpractice cases linked to fraud
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Statement
- If we are under any legal or regulatory duty to do so, and/or
- To protect the rights, property or safety of NCFE, its personnel, users, visitors or others.
The personal data we collect from you may be transferred to, shared and/or otherwise processed by organisations or companies outside the United Kingdom or the European Economic Area (“EEA”). Where your personal data is transferred outside the UK or EEA, we will take steps to ensure that the recipient implements appropriate measures to protect your personal data (for example, by entering into EU Commission approved standard contractual clauses), as required under the applicable data protection laws.
- Security/storage of and access to your personal information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify the organisation that granted you access to our Platform, you and/or any applicable regulator of a breach where we are legally required to do so.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that are transferred via the internet. If you have any particular concerns about your information, please contact us.
- Your rights
Under certain circumstances, by law, you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information (often referred to as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.
- Request the transfer of your personal information to another party.
In respect of any personal data we process as a data processor on behalf of the organisation that granted you access to our Platform, if we receive an enquiry or request from you in respect of your personal data, we will need to notify the data controller about your enquiry or request and we will need to follow their instructions in this regard.
If you would like to exercise any of the above rights, please:
- email, call or write to us (see paragraph 7 below);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill). This is to allow us to verify your identity and prevent disclosure to unauthorised third parties; and
- let us know the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- How to contact us
Please let us know if you have any questions or concerns about this Privacy Statement or about the way in which we process your personal information by contacting us at the channels below. Please ask for / mark messages for the attention of the Data Protection Team.
Email: [email protected] Telephone 0191 239 8000
Post: Q6, Quorum Park, Benton Lane, Newcastle Upon Tyne, NE12 8BT
- Right to complain
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We keep our Privacy Statement under regular review.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
- Third-party links
Last updated November 2021.