List of active policies
|Privacy and Data Protection Policy||Site policy||All users|
This policy affirms Advance Assessments commitment to comply with UK Data Protection and Privacy Laws. It identifies the organisations that we share data with to allow us to complete End Point Assessments and describes your rights as a user of this assessment service. Advance Assessments is registered as a Data Controller with the Information Commissioner's Office. Registration ZA460596.
1.1 The Advance Assessments board of
directors is responsible for oversight of this policy.
1.2 The Advance Assessments’ Data Controller for the period ending 30th September 2021 is Graham Meek () and he is responsible for implementation of this policy. He is identified on the Advance Assessments’ online assessment site as the ‘Data Protection Officer’.
1.8 Advance Assessments collects the data that service users (data subjects) provide on registration, which service users agree to supply to us as accurate. Advance Assessments may process service users’ personal data in combination with their uploaded evidence documents to provide the services offered and improve the service offer.
1.9 Data will not be transferred to, or shared with, any third party with the exception of UK government bodies or their appointed agents, the apprentice’s employer and training provider(s) for the purpose of certification, award, audit and review. These include:
1.11 Email users. Please note that the emails Advance Assessments sends are an integral part of the assessment service offered and this service cannot be provided where the use of email communication is opted out of. By registering with Advance Assessments users are consenting to the storage and use of the data required to send emails and provide assessment services. Advance Assessments limits the use of personal data to that which is reasonably required to provide its services.
1.12 Retention of personal data. A service user (data subject) may request that personal data provided when registering with Advance Assessments is deleted. Please note that it is a requirement of the ESFA that information about end point assessments undertaken, including the assessment evidence, which versions of the standard and plan referred, the assessor’s details, the internal verifier’s details and payments received by Advance Assessments is held for six years after the activity took place. In order to comply with this ESFA stipulation all data relating to an assessment will be held for six years after all assessment activity is completed. Please also note that it will not be possible to complete an assessment for a data subject (apprentice) should the data subject request data removal prior to the completion of the assessment process. In this case the cost of the assessment activities completed will be payable in full at the time of data deletion.
1.13 Storage and protection of personal data. Advance Assessments takes reasonable steps to protect service users’ data from loss or destruction. Advance Assessments will notify service users and any applicable regulator of a suspected data security breach where legally required to do so. Unfortunately, the transmission of information via the internet is not completely secure. Advance Assessments takes all practicable steps to protect personal data, but cannot guarantee the security of personal data during transmission; any transmission is at the risk of the sender. Once Advance Assessments has received personal data, strict procedures and security features that aim to prevent unauthorised access are implemented.
1.14.4 The right to erasure (also known as the right to be forgotten). Data subjects can exercise this right either by emailing Advance Assessments or using the facility embedded in the online assessment system.
1.14.6 The right to data portability. This means that data subjects can ask Advance Assessments for a copy of personal data to re-use with another service or business. Please note, however, that this right applies only if a data subject has provided personal data to Advance Assessments directly.
1.15 Requests from site users (data subjects). Should a data subject wish to make a request, in accordance with their rights listed above, they should contact stating their name and email address (as supplied to Advance Assessments). Requesters will be required to verify their identity. Where the request is made on behalf of a data subject, the requester will be required to provide consent from the data subject they represent.
1.16 Destruction of physical data records. Advance Assessments holds all personal data about apprentices, employers and training providers in an electronic format only. When it is necessary to temporarily store data in a paper format, all Advance Assessment employees are trained to destroy data securely.
1.17 Site Security and Password Policy. When registering with Advance Assessments, all service users are asked to accept this privacy and data protection policy. All service users are required to choose a strong password during first log-on. Where service users have a username or password (or other identification information) to enable access to certain services or parts of the Advance Assessments online assessment site, the service user is responsible for keeping this password confidential. Please do not share a password with anyone. The system is designed so that apprentices registering with the site have access to their personal data and evidence documents only.
1.18.1 The essential one is the session cookie, usually called MoodleSession. Users must allow this cookie in their browsers to provide continuity and to remain logged in when browsing the site. When a user logs out or closes the browser, this cookie is destroyed (in the browser and on the server).
1.18.2 The other cookie is purely for convenience, usually called MOODLEID or similar. It remembers a service user’s username in the browser. This means that when a service user returns to this site, the username field on the login page is already filled in. It is safe to refuse this cookie – service users will then have to retype their username each time they log in.
1.18.4 To learn more about cookies and how to manage them, visit the Information Commissioner’s Office page at: Advance Assessments Limited is not responsible for the content or maintenance of the ico.org.uk site.
1.19 Data breach incidents. Advance Assessments will follow its regulatory requirements in the event of data breach incidents. This means that there are procedures in place (AA_OP_15) for the issue of notifications, documentation and management of incidents, including notification of the Information Commissioner’s Office. All data breaches will be notified to the Information Commissioner’s Office within 72 hours of detection and all affected individuals will be notified without undue delay.
1.21 Further information about the rights of data subjects can be obtained from the Information Commissioner’s Office (ICO). Service users also have the right to lodge a complaint with the Information Commissioner’s Office if they believe that their rights have been breached. Contact the ICO on Advance Assessments is registered with the ICO, Reference ZA460596.