Enter CIC, who operates the Enter Education service and The Enter Centre building, is registered with the Information Commissioner’s Office to process personal data. Enter CIC is a data controller. Registration Number: Z2486288. Our personal information management procedures are GDPR and Data Protection Act 2018 compliant. GDPR = General Data Protection Regulation, the law that helps to keep your personal information safe. When referencing GDPR, we also include references to the new Data Protection Act 2018.
What we need
- Enter CIC collects basic personal data about exam candidates our students and their parents/carers (for students under 18).
- We collect minimal personal information about our visitors to our buildings (see CCTV below) and website.
- We collect personal information about our staff and volunteers.
- All personal data we collect is volunteered by the owner of the information or their representative (parent). Usually, this will be on our web forms and via emails, in person, etc.
- Typically, we collect name, address, date of birth, previous exams information and other information as appropriate to operate our services.
- We do not process any sensitive information unless this is required to ensure that we meet regulations and conform to best practice.
Why we need it
- We need to know candidate’s information to ensure we conform to regulations and meet our obligations under contracted services such as supplying exam facilities and services to candidates and their representatives.
- We need to process personal information about our staff and volunteers for general administrative purposes.
- We will not collect any personal data from you that we do not need.
- You can also check our ICO registration details for a full list of the data types we collect and the reasons we collect it.
We give you privacy information in a number of ways; in writing, orally, in signage and electronically. This can be at the time we collect personal information, before you give personal information, enter an area, in signs or symbols and on our website. We hope our signage is clear, well-positioned and gives you the information you need in an accessible format you can understand. Please let us know if this is not the case.
Is personal information safely handled?
All the personal data we process is processed securely by our GDPR-trained staff in the UK. Our website’s IT servers are also in UK data centres, so personal data is not shared internationally (see ‘Marketing information’ below). No third parties or unauthorised personnel have access to personal data at Enter, unless the law allows them to access it, or we must share it to safeguard staff, volunteers, students, parents and visitors. Where we do share personal information, this is done using the most secure methods available to us.
Do we share personal information?
Sometimes we need to share personal information with other organisations to carry out a legal obligation, such as make sure students are registered with exam / awarding bodies. Where we share personal information with others as a data controller or data processor, we have a GDPR-compliant Data Sharing Agreement in place to protect personal information.
How long we keep it
We may be required to retain personal information under certain laws, but, we will not keep personal data for longer than we need it.
Deleting personal information
When it comes time to delete personal information (if we’re asked to delete it, or if we no longer need to keep it), we always delete it securely, in line with the GDPR. There may be some exemptions that require us to keep personal information for certain periods of time, even if we receive a request to delete it.
We do not use exam candidates’ personal information, images or other identifiers in the public domain. We will not send exam candidates marketing information. We will only send information relevant to your relationship with us; ie; to process your examination details, results and certificates. We hope you think our service is worth coming back for, rather than us pester you.
What we don’t need
We do not, typically, need sensitive details such as financial and medical information, except where this concerns payment of invoices or the welfare of those using our services and buildings. You are always free to ask us why we need certain information and it is your right to refuse the request, but it may affect the level or breadth of service we can provide.
What we will never do
We will never sell your personal information. We will never share it with people who are not authorised to access it. We will never use it for any purposes that you have not agreed to.
What we don’t process at all
We don’t process bio metric information or automated profiling information. We don’t process certain types of data relating to certain protected characteristics as defined in the Equality Act 2010.
Point of Sale (POS) Processing
We do collect financial information through our Point of Sale system. If you choose to pay for our services or products via Credit or Debit Card to our secure Point of Sales device/system, we will collect a limited amount of financial information related to that particular transaction. This will include setting up a limited customer profile on our payment system, which ensures that we are processing only the personal information you give us. It allows us to process future payments more quickly and conveniently for you. We will only keep this information for as long as we need it. Our system fully supports your privacy rights in relation to access, correction (rectification), deletion (right to be forgotten), objection to profiling, restriction of processing or portability of your personal information.
What are your rights?
You can ask to see a copy of any of your personal information we may be processing. If we are processing your personal data, we will let you know without undue delay and within one month and give you a copy of that data, if that’s what you wish. If at any point you believe the information we process about you is incorrect, you can request to have this corrected or deleted. You can also ask us to stop processing part or all of your personal data. However, we may not have to comply with your request if there is a regulatory reason for which we must keep it. Submit a request.
We use CCTV for the safety and security of our staff, students and customers, as well as our property.
Contacting Enter CIC, the Data Conroller
If you wish to contact us regarding your personal information, you can do so at firstname.lastname@example.org, or use the details on our contact page. Before we begin processing your request we will ALWAYS request to check your identity and any claim of representation you make for access to personal information.
If you are not satisfied with our response you can contact the Information Commissioner’s Office (ICO).
This privacy notice has been prepared using advice and guidance from the Information Commissioner’s Office. Last updated: January 2020.