Privacy Statement
This page explains what Innersummit does with the personal information you provide us.
General
From time to time you will be asked to tell us personal information about yourself (e.g. name and email address etc) in order to become a student or a client, to use Innersummit systems and services and so on. At the point of collecting the information we aim to clearly explain what it is going to be used for and who we may share it with. Generally, the information is processed as part of our public task of providing education.
We would only use it for marketing with your prior consent.
Any sensitive personal information will never be supplied to anyone outside Innersummit without first obtaining your consent, unless required or permitted by law. We comply with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR), including removing your personal information from our systems when it is no longer required and ensuring that all personal information supplied is held securely.
Whenever you provide such personal information, we will treat that information in accordance with this statement and current legislation. We also aim to meet current best practice.
Individuals whose personal information Innersummit holds have certain rights under the law. More information can be found on the Information Commissioner’s website.
Enrolment
This section explains how Innersummit uses the personal information that you give us on the enrolment form.
How Innersummit uses your information
The information will be used for purposes relating to education, training, employment, general advice services, well-being and research. Innersummit may share non-sensitive personal information about you with other organisations, for example the Local Authority, for these purposes. We do not share your information for purposes that are incompatible, such as product marketing.
Sensitive personal information you provide (eg. disability or ethnicity) may be used by Innersummit for the purposes of equality of opportunity, support for your studies and to minimise risk. It may also be used anonymously for statistical purposes. Innersummit will ask your permission before sharing sensitive information with other organisations, unless the sharing is permitted by law and necessary.
How government departments use your information
We pass most of the information to government agencies to meet funding arrangements. Innersummit is a Data Processor for the Education and Skills Funding Agency. This means that Innersummit will pass most of the personal information and some of the sensitive information you provide to the Education and Skills Funding Agency (ESFA), and where necessary it is also shared with the Department for Education (DfE).
The information is used for the exercise of functions of these government departments and to meet statutory responsibilities, including under the Apprenticeships, Skills, Children and Learning Act 2009. It is also used to create and maintain a unique learner number (ULN) and a Personal Learning Record (PLR).
The information provided may be shared with other organisations for purposes of administration, the provision of career and other guidance and statistical and research purposes, relating to education, training, employment and well-being. This will only take place where the sharing is in compliance with the Data Protection Act 1998 and GDPR 2018.
You may be contacted after you have completed your programme of learning to establish whether you have entered employment or gone onto further training or education.
You may be contacted by the English European Social Fund (ESF) Managing Authority, or its agents, to carry out research and evaluation to inform the effectiveness of the programme.
Further information about use of and access to your personal data, and details of organisations with whom the data is regularly shared are available at: https://www.gov.uk/government/publications/esfa-privacy-notice
The legal basis for collecting the information
Most of the information on the form is collected because it is necessary for your enrolment as a student or is required by law. You must provide it in order to enrol at Innersummit.
The following information we are collecting based on your consent, and you may withdraw your consent without this affecting your status as a learner: emergency contact details and parent/carer contact details.
Parents, carers and guardians
Under the GDPR and the Data Protection Act 2018, young people aged 16 and over can decide for themselves and give consent for the processing of their personal information. Parental consent is not required. There may be exceptions in regards of students with severe learning difficulties, school link students and those who are otherwise unable to decide for themselves.
Innersummit has found that it is very beneficial to the young person’s progress as a learner if Innersummit is able to engage with the parents (or guardian/carer). Therefore it is very important that we have the parents’ details recorded on our systems.
When a student is in Further Education, parents/carers/guardians (or any other third party) are not automatically entitled to the learner’s information. We can only release information about learners if we have their consent for this recorded on Innersummit system. Learners are asked for their consent for sharing information with parents/others on the enrolment form or when enrolling face-to-face. Learners can also inform Innersummit later on of who |Innersummit may discuss with about their Innersummit matters.
Learners may withdraw their consent the same way which they gave it.
In general, we can only share information if we have the person’s consent, or there is a particular piece of legislation or agreement allowing us to share it without consent.
Websites and Cookies
This section applies to anyone accessing Innersummit websites.
A cookie is a small file, typically of letters and numbers, downloaded on to your device (e.g. your PC) when you access Innersummit website. Cookies allow the website to recognise your device and so distinguish between the different users that access the site.
Session cookies will remember your selections as you browse the site. These cookies are for the browsing session and not stored long term. No personal information is collected by these cookies.
Google Analytics cookies help us to make the website better for you by providing us with user statistics, for example: which pages are the most visited; how a user navigates the site. No personal information is collected by these cookies.
You may delete or control the use of cookies through your browser settings.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
To find out more about cookies and what cookies might be stored on your device, visit www.aboutcookies.org or www.allaboutcookies.org
During the course of your study you may be asked to use third party websites or services or access linked content (eg. Youtube, Mahara) which may collect personal data about you. That site’s own privacy notice will explain you how they use your data.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Responsibilities
Innersunmmit as a corporate body is the data controller under the Data Protection Act, and the Non-Executive Board is therefore ultimately responsible for implementation.
The designated Data Controller who is appointed to ensure compliance with the Act is the Director at Innersummit; and appointed to deal with day-to-day matters.
Further information
The Data Protection Officer (DPO) is Chris Andreou. If you have any questions about Data Protection at the College, please contact:
chris@innersummit.co.uk
Innersummit Ltd
7 & 8 Delta Drive Road
Metro Riverside Park
Gateshead NER11 9DJ
If you have a data protection concern that cannot or has not been resolved by Innersummit, you have the right to raise it with the Information Commissioner’s Office.