This Data Protection Policy is aligned to the Data Protection Act 1988, (DPA), which applies to all personal data, which is either held electronically or in a manual filing system.
UNIVERSAL BUSINESS ACADEMY is committed to a policy of protecting the rights and freedoms of individuals with respect to the possession of their personal data. This includes students, graduates, employees and others. All data in this respect will only be processed in accordance with this policy.
All data users must comply with the following principles in terms of how data can be legally processed, where processed in this sense includes obtaining, recording, holding or storing information and carrying out any operations on the data, including adaptation, alteration, use, disclosure, transfer, erasure, and destruction.
- Personal data shall be processed fairly and lawfully.
- Personal data shall be held only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or purposes.
- Personal data shall be adequate, relevant, and not excessive in relation to the purpose for which it is processed.
- Personal data shall be accurate and where necessary kept up to date.
- Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose.
- Personal data shall be processed in accordance with the rights of the data subject under the DPA.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of the data.
3.0 UNIVERSAL BUSINESS ACADEMY Responsibilities
UNIVERSAL BUSINESS ACADEMY staffs have a responsibility to ensure compliance with the Act and this Code, and to develop and encourage good information handling practices, within their areas of responsibility. All users of personal data within UNIVERSAL BUSINESS ACADEMY have a responsibility to ensure that they process the data in accordance with the eight Principles and the other conditions set down in the DPA.
4.0 Student Responsibilities
The use of personal data by students is governed by the following
- A student should only use personal data for a UNIVERSAL BUSINESS ACADEMY-related purpose with the knowledge and express consent of an appropriate member of UNIVERSAL BUSINESS ACADEMY staff.
- The use of UNIVERSAL BUSINESS ACADEMY-notified personal data by students should be limited to the minimum consistent with the achievement of academic objectives. Wherever possible data should be de-personalised so that students are not able to identify the subject.
The use of personal data by students is subject to the regulations set out below. The UNIVERSAL BUSINESS ACADEMY policy and regulations are based on the principle that students must only use personal data under the guidance of a member of UNIVERSAL BUSINESS ACADEMY staff. A breach of these regulations is an offense against the UNIVERSAL BUSINESS ACADEMY discipline.
- Students must not construct or maintain files of personal data for use in connection with their academic studies/research without the express authority of the appropriate member of staff.
- When giving such authority, the member of staff shall make the student aware of the requirements of the Data Protection Act and of the appropriate level of security arrangements that attach to the particular set of personal data.
- Students must abide by the Data Protection Principles and follow the instructions of UNIVERSAL BUSINESS ACADEMY in relation to any uses of personal data notified by UNIVERSAL BUSINESS ACADEMY.
5.0 Access to Data
Under the Act, individuals have the right to access personal data held about them by UNIVERSAL BUSINESS ACADEMY. A record will be kept of all individuals’ requests and access to personal information/data.
6.0 Retention of Data
Personal data will only be kept by UNIVERSAL BUSINESS ACADEMY for the time necessary to perform the process for which it was collected.
7.0 Data Transfer
When personal data are transferred internally the recipient must only process the data in a manner consistent with UNIVERSAL BUSINESS ACADEMY’s Notification and the original purpose for which the data was collected.
Personal data can only be transferred out of the European Economic Area under certain circumstances. The Act lists the factors to be considered to ensure an adequate level of protection for the data and some exemptions under which the data can be exported. Information published on the Web must be considered to be an export of data outside the EEA.
8.0 Data Security
All UNIVERSAL BUSINESS ACADEMY users of personal data must ensure that all personal data they hold is kept securely. They must ensure that it is not disclosed to any unauthorised third party in any form either accidentally or otherwise.
9.0 Related Documents
- Academic Appeals Policy
- Admissions Policy
- Appraisal Scheme
- Assessment Policy
- College Partner Application Form
- Conflict of Interest Policy
- Complaints Policy
- Curriculum Planning Procedures
- Distance Learning Questionnaires
- Data Protection Policy
- Equality and Diversity Policy
- Internal Verification Policy and Procedures
- Learner Contracts
- Learner Journey’ Roles and Responsibilities
- Malpractice Policy
- Reasonable Adjustments and Special Considerations Policy
- RPL Policy and Questionnaire
- Staff Development Policy
- Study Centre Due Diligence Procedures