1. Introduction

This privacy policy sets out how The Digital College Ltd uses and protects any information required to deliver our services to you, including any marketing communication you agree to.

The Digital College Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

You can contact our Data Protection Office ("DPO") if you have any queries regarding this policy or you wish to invoke your Personal Data rights as detailed below. The DPO can be contacted:
- by email as [email protected]
- by letter at The Digital College, Omnibus, 39-41 North Road, London, N7 9DP

2. Our role

The Digital College acts as a Data Controller for any customers that purchase services from us directly.

The Digital College acts as a Data Processor for Personal Data for any services provided to individuals on behalf of our Partners.

3. What we collect

We may collect the following information:
- name and job title
- contact information including email address and home address
- data of birth as and when required by Awarding Organisations
- records of your contact with us such as email communications regarding courses and examinations
- products and services you hold with us, as well as have been interested in and have held
- the usage of our products and services, including course materials used, times and dates of access and scores from any assessments or progress tests provided by us
- marketing actvities, including history of those communications, whether you open them or click on links, and information about products or services we think you may be interested in.

4. What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping.
  • We may use the information to improve our products and services.
  • Managing the product or service you have with us
  • To improve the operation of our business and that of our business partners
  • To follow guidance and best practice under the change to rules of governmental and regulatory bodies
  • To monitor and to keep records of our communications with you and our staff
  • For market research and analysis and developing statistics for use by ourselves only
  • For direct marketing communications and related profiling to help us to offer you relevant products and service, including deciding whether or not to offer you certain products and service. We may send marketing to you by SMS, email, phone, post, social media and digital channels with your permission. Offers may relate to any of our products and services as well as to any other offers and advice we think may be of interest
  • To provide personalised content and services to you within our websites, such as tailoring our products and services, our digital customer experience and offerings, and deciding which offers or promotions to show you on our digital channels
  • To allow Google, our digital marketing partner, to advertise to people with similar demographics and interests as visitors to our website
  • To comply with legal and regulatory obligations, requirements and guidance
  • 5. What are the legal grounds for our processing of your personal information?

    We rely on the following legal bases to use your personal data:

    1. Where it is needed to provide you with our products or services, such as:
    a) All stages and activities relevant to managing the product or service including enquiry, application, administration and management of accounts, courses and assessments
    b) Registering candidates for assessments with Awarding Organisations

    2. Where it is in our legitimate interests to do so, such as:
    a) Managing your products and services relating to that.
    b) To perform and/or test the performance of, our products, services and internal processes
    c) To follow guidance and recommended best practice of government and regulatory bodies
    d) For management and audit of our business operations including accounting
    e) To carry out monitoring and to keep records of our communications with you and our staff (see below)
    f) For market research and analysis and developing statistics
    g) To inform our online marketing strategy to help us find other people with similar interests in our products and services h) For direct marketing communications and related profiling to help us to offer you relevant products and services. We will send marketing to you by SMS, email, phone, post and social media and digital channels.
    i) Where we need to share your personal information with people or organisations in order to run our business or comply with any Awarding Body, legal and/or regulatory obligations

    3. To comply with our legal obligations

    4. With your consent or explicit consent:
    a) For some direct marketing communications

    6. When do we share your personal information with other organisations?

    We may share information with the following third parties for the purposes listed above:
    - Awarding Bodies to enrol candidates in their award programmes
    - Trade Bodies (eg CITB) for the purposes of requesting specific training, resources and membership cards
    - Testing organisations (eg Pearson Vue) for the purposes of booking assessments.

    7. Data processed by third parties on our behalf

    As well as sharing essential information with third parties in order to provide services to you, we use the services of other organisations in the processing of your data. We use cloud-based accounting platforms, email and document storage, video conference platforms, customer relationship management platform and a cloud based ticketing platform for support purposes. Our website processes limited personal data such as through our Contact Us form.

    In addition our online advertising partner (Google) receives limited information to improve the performance of our online adverts. This information allows Google to construct audience lists of people who are likely to have an interest in our products and services. Google retains this information in an anonymised format after initial receipt.

    Those organisations that process personal data on our behalf are subject to a data processing contract as required by Article 28 of the UK GPDR. This ensures that your data is handled in accordance with the UK GPDR.

    Transferring your data outside of the UK

    All our key IT platforms and day to day usage of Personal Data is hosted in the UK including: learning management system; office systems and document storage; helpdesk information and history. However we do transfer data outside of the UK as some of our cloud platforms are located overseas. If your data is sent out of the UK, we ensure that there are approved mechanisms to do so, such as adequacy decisions under Article 45 UK GDPR, standard contractual clauses under Article 46.2 UK GDPR or in exceptional circumstances, allowable derogations under Article 49 UK GDPR. Currently, we transfer personal data of our client contacts to the USA for our CRM system.

    8. What should you do if your personal information changes?

    You should tell us so that we can update our records using the details in the Contact Us section of our website. We'll then update your records if we can.

    9. Do you have to provide your personal information to us?

    We're unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we'll make this clear.

    10. For how long is your personal information retained by us?

    Unless we explain otherwise to you, we'll hold your personal information based on the following criteria:
    - For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
    - For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
    - Retention periods in line with legal and regulatory requirements or guidance.

    11. What are your rights under data protection laws?

    Below is a list of the rights that all individuals have under data protection laws. They don't apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.
    -The right to be informed about the processing of your personal information
    -The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
    -The right to object to processing of your personal information
    -The right to restrict processing of your personal information
    -The right to have your personal information erased (the "right to be forgotten")
    -The right to request access to your personal information and to obtain information about how we process it
    -The right to move, copy or transfer your personal information ("data portability")
    - Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you