01740 655437 exams@entercic.org

Privacy

People processing data in a large form

Enter CIC, who operates the Private Exams North East and Enter Education services, is registered with the Information Commissioner’s Office to process personal data. Enter CIC is a data controller. Registration Number: Z2486288. Our personal information management procedures are DPA 2018 and UK GDPR compliant. GDPR = General Data Protection Regulation, the law that helps to keep your personal information safe and afford you rights and freedoms in relation to that personal data. When referencing Data Protection Act 2018 in this privacy notice, we may also include references to UK GDPR.

Personal Information:

What we need

  • Enter CIC collects basic personal data about exam candidates our students and their parents/carers (for students and candidates under 18).
  • We collect minimal personal information about our visitors to our buildings (see CCTV below) and website, unless a website visitor completes a registration form.
  • We collect personal information about our staff and volunteers.
  • All personal data we collect is volunteered by the owner of the information or their representative (parent). Usually, this will be on our secure web forms and via emails, in person, etc.
  • Typically, we collect name, address, date of birth, previous exams information, ULN numbers and other information as appropriate to effectively operate essential services.
  • We do not process any sensitive information unless this is required to ensure that we can offer the best service, meet regulations and conform to best practice.

Why we need it

  • We need to know candidate’s information to ensure we conform to regulations and meet our obligations under contracted services such as providing exam facilities and services to candidates and their representatives.
  • We need to process personal information about our staff and volunteers for general administrative purposes.
  • We will not collect any personal data from you that we do not need.

Privacy information
We give you privacy information in a number of ways; in writing, orally, in signage and electronically. This can be at the time we collect personal information, before you give personal information, enter an area, in signs or symbols and on our website. We hope our signage is clear, well-positioned and gives you the information you need in an accessible format you can understand. Please let us know if this is not the case.

Is personal information safely handled?
All the personal data we process is processed securely by our GDPR-trained staff in the UK. Our website’s IT servers are also in UK data centres, so personal data is not shared internationally (see ‘Marketing information’ below). No third parties or unauthorised personnel have access to personal data at Enter, unless the law allows them to access it, or we must share it to safeguard staff, volunteers, students, candidates, parents and visitors.

Do we share personal information?
Where we do share personal information, this is done using the most secure methods available to us. Sometimes we need to share personal information with other organisations to carry out a legal obligation, such as make sure students / candidates are registered with exam / awarding bodies.

We may also contact and share information with students’ current learning providers to coordinate study evidence and projected grades information as required by legislation.

Where appropriate, we share personal information with others as a data controller or data processor, we have a DPA 2018/GDPR-compliant Data Sharing Agreement in place to protect personal information.

We may share information with examination boards or regulatory bodies if we suspect malpractice on the part of candidates or their representatives before, during or subsequent to an exam sitting and/or submission.

How long we keep it
We may be required to retain personal information under certain laws, but, we will not keep personal data for longer than we need it.

Deleting personal information
When it comes time to delete personal information (if we’re asked to delete it, or if we no longer need to keep it), we always delete it securely, in line with the DPA 2018 and UK GDPR. There may be some exemptions that require us to keep personal information for certain periods of time, even if we receive a request to delete it.

Marketing information
We do not use exam candidates’ personal information, images or other identifiers in the public domain, unless this permission is freely given (when users contribute to our social media posts, etc). We will not send exam candidates marketing information. We will only send information relevant to your relationship with us; ie; to process your examination details, results and certificates. We hope you think our service is worth coming back for, rather than us pester you.

What we don’t need
We do not, typically, need sensitive details such as financial and medical information, except where this concerns payment of invoices or the welfare of those using our services and buildings. You are always free to ask us why we need certain information and it is your right to refuse the request, but it may affect the level or breadth of service we can provide.

What we will never do
We will never sell your personal information. We will never share it with people who are not authorised to access it. We will never use it for any purposes that you have not agreed to.

What we don’t process at all
We don’t process bio metric information or automated profiling information. We don’t process data relating to certain protected characteristics as defined in the Equality Act 2010, unless this is required by law.

Point of Sale (POS) Processing
On occasion, we do collect financial information through our Point of Sale system. If you choose to pay for our services or products via Credit or Debit Card to our secure Point of Sales device/system, we will collect a limited amount of financial information related to that particular transaction. This will include setting up a limited customer profile on our payment system, which ensures that we are processing only the personal information you give us. It allows us to process future payments more quickly and conveniently for you. We will only keep this information for as long as we need it. Our system fully supports your privacy rights in relation to access, correction (rectification), deletion (right to be forgotten), objection to profiling, restriction of processing or portability of your personal information. We do not directly keep credit card information given to Square, our merchant payment processor. Square’s privacy policy for our customers is available by clicking this link.

Cookies
You’ll find more information on our use of cookies here.

What are your rights?
You can ask to see a copy of any of your personal information we may be processing. If we are processing your personal data, we will let you know without undue delay and within one month and give you a copy of that data, if that’s what you wish. If at any point you believe the information we process about you is incorrect, you can request to have this corrected or deleted. You can also ask us to stop processing part or all of your personal data, or port it to another agency, or delete it. However, we may not have to comply with your request if there is a regulatory reason why we must not comply. Submit a request.

CCTV
We use CCTV for the safety and security of our staff, volunteers, students, candidates and visitors, as well as our property.

Contacting Enter CIC, the Data Controller
If you wish to contact us regarding your personal information or privacy issues, you can do so at info@entercic.org, or use the details on our contact page.

This privacy notice has been prepared using advice and guidance from the Information Commissioner’s Office. Last updated: February 2023.