OCN Credit4Learning is an established Accrediting Organisation which supports providers who deliver training and educational programmes to learners.
OCN Credit for Learning is committed to data security and the fair and transparent processing of personal data. This policy sets out how we will treat personal data which is provided to us in compliance with applicable data protection law, in particular the General Data Protection Regulation 2018 (GDPR). Specifically, we want you to know that we are not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes.
1.0 Data received from providers/customers
We will collect and process data that is provided to us by our providers and customers. Personal data may include the data provided from providers about learners, tutors, assessors and provider and learner contacts. It is important that the provider’s policies and agreements clearly set out how they will use their data and with whom it could potentially be shared. We require all providers to comply with the GDPR.
By sharing individuals’ data with OCN Credit4Learning, through the submission of registration/certification documents, by email or through any other means, the provider gives consent to us processing the data, and confirm that they have obtained the appropriate consent from the relevant individuals.
OCN Credit4Learning will retain and use the data to perform the contract between us while you remain a provider/customer, and further will use it where it is in OCN Credit4Learning’s legitimate interest, for example fraud prevention.
1.1 Learners Data
Providers/customers may provide OCN Credit4Learning with personal details about learners when we are notified of learner registrations and certification requests. The personal details are usually limited to the details for us to undertake the basic functions of an Accrediting Organisation and the certification process. These details will normally include the learners name, date of birth and qualification awarded. In addition, learner email contacts will be required to ensure the proper and right certification process has been adhered to and that the learner benefits directly from the learning experience in line with our charitable objectives. In line with the requirement to deliver future services such as certificate re-prints and the confirmation of awards, this basic learner-level data will be held by OCN Credit4Learning indefinitely.
Learners may also contact OCN Credit4Learning directly to request certificate replacements. In these circumstances, a record of the learner’s address is taken so that the certificate can be sent. This is held on file for a maximum 12 months before it is destroyed or deleted.
2.0 Data storage and access
All data in OCN Credit4Learning’s systems is stored on a secure set of servers hosted by our hosting provider. The servers reside in the United Kingdom. Data is frequently backed up and stored. This is in a secure server hosting facility with the necessary environmental, physical and technical controls in place to ensure unapproved access is prevented.
We take care to ensure personal data is only accessible to those who have a business need. Access decisions are taken by the CEO.
2.1 Data Retention and Deletion
Data, excluding learner data, is kept for up 10 years to enable OCN Credit4Learning to manage accounts, requests, compliance and legal requirements. After which time it is destroyed.
OCN Credit4Learning maintains a database that contains the basic details of individuals who have consented to OCN Credt4Learning sending information about products, events or services, as well as general news, via email.
We will at times contact individuals at providers/customers by email with important updates that you must be made aware of as an approved member provider. These updates are for mandatory or regulatory reasons. We will also on occasion send communications which we believe will be of legitimate interest regarding new products or services, or requesting feedback on our services. Contact to all will be made for quality assurance and due diligence monitoring.
4.0 The General Data Protection Regulation (2018)
Under GDPR, individuals have certain rights when it comes to the control of personal data:
The right to be informed. Each individual has the right to be given information about how their data is being processed and why. This policy to shows how we handle your data.
The right of access. OCN Credit4Learning have a duty to comply with the requirements of Subject Access Requests (SAR)
The right to rectification. The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete.
The right to be forgotten. You have the right to ask OCNCredit4Learning to remove your data.
The right to restrict processing. You may restrict processing for a legitimate reason, we would still have the right to hold that information.
The right to data portability. You may be able to obtain the information we hold about you and use it for your own purposes. Conditions apply.
Should you wish to exercise any of your rights above, please contact OCN Credit4Learning stating the following information:
• Contact details
• Relationship to Subject
• Full details of information relating to your request
• Reason for request and the right being exercised.
You will be asked to verify your identity if you are the subject, alternatively you will be asked to provide consent from the subject if you are a representative. Should we require further information we will contact you. Your request will be dealt within one month of receipt.