Under data protection law, individuals have a right to be informed about how KMT uses any personal data that Kent and Medway Training (KMT) hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.
This privacy notice explains how we collect, store and use personal data about individuals we train to teach with us.
We, Kent and Medway Training (KMT), are the ‘data controller’ for the purposes of data protection law. Our Data Protection Officer is Stephane Vernoux (see ‘Contact us’ below).
The personal data we hold
We process data relating to those we train to teach with KMT. Personal data that we may collect, use, store and share (when appropriate) about you includes, but is not restricted to:
- Contact details;
- Date of birth, marital status and gender;
- Next of kin and emergency contact numbers;
- Salary, annual leave, pension and benefits information;
- Bank account details, payroll records, National Insurance number, tax status information Passport number;
- Recruitment information, including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process;
- Qualifications and employment records, including work history, job titles, working hours, training records and professional memberships;
- Performance information;
- Outcomes of any disciplinary and/or grievance procedures;
- Absence data;
- Copy of driving licence and car insurance certificate;
We may also collect, store and use information about you that falls into “special categories” of more sensitive personal data. This includes information about (where applicable):
- Race, ethnicity, religious beliefs, sexual orientation and political opinions;
- Trade union membership;
- Health, including any medical conditions, and sickness records.
Why we use this data
The purpose of processing this data is to help us run KMT, including to:
- Process your application for Training.
- Enable you to be paid;
- Facilitate safe training, as part of our safeguarding obligations towards pupils;
- Support effective performance management;
- Enable ethnicity and disability monitoring;
- Ensure the safety and welfare of our trainees;
- Improve the management of workforce data across the sector;
Our lawful basis for using this data
We only collect and use personal information about you when the law allows us to. Most commonly, we use it where we need to:
- Fulfil a contract we have entered into with you;
- Comply with a legal obligation;
- Carry out a task in the public interest;
- Processing is necessary for reasons of substantial public interest. We may also use personal information about you where:
- You have given us consent to use it in a certain way.
- We need to protect your vital interests (or someone else’s interests).
Where you have provided us with consent to use your data, you may withdraw this consent at any time. We will make this clear when requesting your consent, and explain how you go about withdrawing consent if you wish to do so.
Some of the reasons listed above for collecting and using personal information about you overlap, and there may be several grounds which justify KMT’s use of your data.
Collecting this information
While the majority of information we collect from you is mandatory, there is some information that you can choose whether or not to provide to us.
Whenever we seek to collect information from you, we make it clear whether you must provide this information (and if so, what the possible consequences are of not complying), or whether you have a choice.
How we store this data
We create and maintain an employment file for each trainees. The information contained in this file is kept secure and is only used for purposes directly relevant to your employment.
Once your training with us has ended, we will retain this file and delete the information in it in accordance with the KMT Data Retention Policy.
We do not share information about you with any third party without your consent unless the law and our policies allow us to do so.
Where it is legally required, or necessary (and it complies with data protection law) we may share personal information about you with:
- The relevant School and University – to meet our legal obligations to share certain information with it, such as safeguarding concerns;
- Our regulator -‐ Ofsted, the organisation that scrutinises us, under whom we have a legal obligation and a public interest to provide a quality education for pupils;
- Our auditors -‐ to meet our legal obligations to share data in order to ensure compliance to relevant legislation;
- External moderator and examining bodies -‐ to meet our public task obligations;
- The Department for Education -‐ to meet our legal obligation in providing a workforce census;
- Security organisations -‐ to meet our legal obligations to share information where appropriate, such as safeguarding concerns;
- Health and social welfare organisations -‐ to meet our legal obligations to protect the welfare of staff and pupils;
- Professional advisers and consultants -‐ to meet our public task obligations in providing quality educational services;
- Police forces, courts, tribunals -‐ to meet our legal obligations as a responsible employer;
- Professional bodies -‐ to meet our public task obligations in providing continuous professional development;
- Employment and recruitment agencies -‐ to meet our legal obligations in providing responsible recruitment practices.
Transferring data internationally
Where we transfer personal data to a country or territory outside the European Economic Area, we will do so in accordance with data protection law.
How to access personal information we hold about you
Individuals have a right to make a ‘subject access request’ to gain access to personal information that KMT holds about them.
If you make a subject access request, and if we do hold information about you, we will:
- Give you a description of it;
- Tell you why we are holding and processing it, and how long we will keep it for;
- Explain where we got it from, if not from you;
- Tell you who it has been, or will be, shared with;
- Let you know whether any automated decision-‐making is being applied to the data, and any consequences of this;
- Give you a copy of the information in an intelligible form.
You may also have the right for your personal information to be transmitted electronically to another organisation in certain circumstances.
If you would like to make a request, please contact email@example.com
Your other rights regarding your data
Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe. You have the right to:
- Object to the use of your personal data if it would cause, or is causing, damage or distress;
- Prevent your data being used to send direct marketing;
- Object to the use of your personal data for decisions being taken by automated means (by a computer or machine, rather than by a person);
- In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing;
- Claim compensation for damages caused by a breach of the data protection regulations. To exercise any of these rights, please firstname.lastname@example.org
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.
To make a complaint, please contact our Data Protection Officer at email@example.com. Alternatively, you can make a complaint to the Information Commissioner’s Office:
- Report a concern online at https://ico.org.uk/concerns/;
- Call 0303 123 1113;
- Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact our data protection officer:
- Stephane Vernoux, Group Data Protection Officer, firstname.lastname@example.org.