When we process your personal data we comply with all applicable data protection legislation, including the UK GDPR and the Data Protection Act 2018.
Your personal data includes all the information we hold that identifies you or is about you. More information about the types of personal data we process about you is set out below.
Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it.
Highfield Awarding Body for Compliance Limited t/a Highfield Assessment (a company registered in England with registered company number 06478925 and registered address at Highfield Icon, First Point, Balby Carr Road, Doncaster, South Yorkshire DN4 5JQ) is the controller of the personal data you provide.
What data do we process about you and why?
If you are undertaking assessments, apprenticeships and/or qualifications with us, we collect the information we need in order to provide services to you. The information we collect includes your:
- full name
- date of birth
- address and contact details (including email address and telephone number)
- place of work
- Unique Learner Number
- information related to special considerations & reasonable adjustments for assessment where applicable, which may include special category data such as information about your health and medical requirements
- recordings of assessments (audio or video calls and conferences)
- outcome and result data
This information will be held by us or one of our group companies for a period of 6 years from the date you complete your assessment, apprenticeship and/or qualification so that we can comply with regulatory requirements and requirements to deliver future services such as certificate re-prints and confirmation of awards.
We process your personal data on the grounds of our legitimate interests in providing you with the end-point assessment services you have requested or a training provider or your employer has requested on your behalf, on the grounds of fulfilment of the contract where our contract is with you rather than the training provider or your employer and in accordance with our legal obligations including regulatory requirements. Where we process your special category data we do so on the grounds of your consent.
- Remote Assessment and Invigilation
We may provide remote assessment (through video conference) or invigilation services in respect of the assessment you are undertaking. Remote assessment is carried out by Highfield Assessment using tools and services located in the EU. Invigilation services are provided on our behalf by a company located in the EU. We retain the recording of your assessment or invigilation for a period of 30 days from the date of the assessment unless an issue has arisen in respect of your assessment in which case we will retain the recording until the issue has been resolved.
We process your personal data on the grounds of our legitimate interests in ensuring you are able to participate remotely in assessments and that those assessments are properly conducted.
- Business customers and suppliers (including external consultants, EQCs, SMEs, end-point assessors and exam markers) and centre contacts
If the organisation for which you work engages us to provide end-point assessment services to support learners, we will process your personal data on the grounds of our legitimate interests in fulfilling that order. The personal data we process about you may include your name and your contact details (including your email address and telephone number). We process your personal data for a number of reasons, including to:
- record your involvement in gateway reviews and end-point assessment activities in relation to the learner;
- communicate with the learner’s training provider or employer about, for example, timings of assessments, results and certification (and where this takes place, we may need to transfer your personal data to the learner’s training provider or employer);
- communicate regulatory changes and updates; and
- to provide you with information about Highfield’s products and services.
We will retain your personal data for the duration of our contract with the organisation for which you work or, if earlier, until we are notified that you are no longer the relevant person to contact at the organisation.
If you supply services to you us directly (for example, as an external consultant, end-point assessor or exam marker) we will retain your personal data for the duration of our contract with you.
- Webinar attendees
We will process personal data about you if you choose to attend one of our webinars. We use a third party to provide webinar tools and services to us. When you register to use/access our webinars we will ask for your full name, email address, job title and the name of the company for which you work. We and the third-party provider may have access to those systems from the date you input them to the date 6 months after the webinar takes place. Personal data may be accessed by the third party from outside the UK and the EEA, including in the US. Any such transfers of data take place on the basis of standard contractual clauses.
- Highfield Recruitment Candidates
We will process personal data about you if you apply for a role with us. That personal data is likely to include:
- identity data such as your first name, middle names, last name, marital status, title, date of birth and gender;
- contact data such as your postal address, email address and telephone numbers;
- background data such as your education, career background and work experience;
- personal information such as your skills and qualities;
- any other information that you include on any CV, application or covering letter you send to us. If this information includes special categories of data we will process that information on the grounds of consent because you have chosen to provide it to us.
We process your personal data on the grounds of our legitimate interests in determining whether or not we have a suitable vacancy for you.
If you are unsuccessful or if we do not have any suitable active roles, we will retain your personal data for 24 months from the date of your application.
Our collection of your personal data
We use different methods to collect data from and about you including through:
- Information received from our clients and the centres to which we provide services
We may receive information about you from your training provider or employer so that we can provide you with our assessment services.
- Direct interactions
You may give us your personal data by filling in forms on our website or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: place an order for our services or provide products or services to us; submit a query about our products whether on our website or by email or phone; request for marketing to be sent to you; or otherwise correspond with us.
- Automated technologies or interactions
Who will receive or have access to your personal data?
Your personal data is only transferred to the extent that this is necessary. In addition to transfers of your personal data referred to elsewhere in this policy, recipients of your personal data may include:
- external awarding bodies if they provide a qualification to you as part of your assessment;
- our third-party remote invigilation partner that provides remote invigilation services in respect of your assessment. Data transferred to our remote invigilation partner includes your full name and email address so that instructions relevant to the remote invigilation may be sent to you;
- our third-party provider of webinar tools and services, referred to above in the section entitled “Webinar Attendees”;
- our third-party marketing partners that send marketing and service communications to you on our behalf where you have consented to us doing so or where we have other grounds for sending you marketing in accordance with data protection legislation. Your personal data may be transferred to those providers located outside of the UK and EEA, including in the US, in which case the transfer takes place on the basis of standard contractual clauses;
- legal advisers to the extent they need to see your personal data to provide us with legal advice;
- our external hosted data centre;
- Microsoft Azure which provides our disaster recovery solution;
If you are a learner, we may also share your data with:
- associate end-point assessors, awarding organisations (including Highfield Awarding Body for Compliance Limited) and regulators to the extent necessary to provide you with the products and services requested for you;
- the Security Industry Authority to the extent necessary to comply with regulatory requirements (the information shared is likely to include your photo ID and signature);
- the national Learning Record Service; and
- other regulatory bodies to the extent we are required to do so in relation to, for example, investigations.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
Unless otherwise expressly stated in this policy, we do not transfer your personal data outside of the EEA.
What are your rights?
You benefit from a number of rights in respect of the personal data we hold about you. We have summarised your rights below, and more information is available from the Information Commissioner’s Office website (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/). These rights apply for the period in which we process your data.
- Access to your data
You have the right to ask us to confirm that we process your personal data, as well as access to and copies of your personal data. You can also ask us to provide a range of information, although most of that information corresponds to the information set out in this fair processing notice.
- Rectification of your data
If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information. We will comply with your request within one month of receiving it unless we do not feel it is appropriate in which case we will let you know why. We will also let you know if we need more time to comply with your request.
- Right to be forgotten
In some circumstances, you have the right to ask us to delete personal data we hold about you.
There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we will let you know.
- Right to restrict processing
In some circumstances, you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we do not have to delete it.
- Data portability
You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller.
- Right to object
In some circumstances, you are entitled to object to us processing your personal data.
Automated decision making
Automated decision making means making a decision solely by automated means without any human involvement.
We do not carry out any automated decision making using your personal data.
Your right to complain about our processing
If you think we have processed your personal data unlawfully or that we have not complied with GDPR, you can report your concerns to the supervisory authority in your jurisdiction. The supervisory authority in the UK is the Information Commissioner’s Office (“ICO”). You can call the ICO on 0303 123 1113 or get in touch via other means, as set out on the ICO website - https://ico.org.uk/concerns/.
A 'Cookie' is a small piece of information that we store on your computer. Our system will issue cookies to your computer when you access the site. We use the following cookies
Strictly necessary cookies; These are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
Analytical/performance cookies; These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functional Cookies; These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Remarketing Cookies; These allow us to recognise your interests, based on the webpages you visit on our website, and allow us to present you with relevant promotions and updates to keep you up to date with Highfield E-Learning. Third party vendors, Google, Facebook and LinkedIn, use these cookies to serve ads in various places across the internet. If you wish to opt out of remarketing cookies, simply click on the below links and follow the opt out processes:
Facebook: Your Ad Preferences
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including “strictly necessary” cookies) you may not be able to access all or parts of our website.
You can remove cookies from your computer at any time by going into the settings in your browser and deleting the browsing history and cookies stored. The exact location of this setting will depend on your browser of choice.
If you have any questions or would like more information about the ways in which we process your data, please contact firstname.lastname@example.org.