Purpose
The Data Protection legislation (The General Data Protection Regulation (GDPR) and the Data Protection Act 2018) protect individuals with regard to the processing of personal data, in particular by protecting personal privacy and upholding an individual’s rights. It applies to anyone who handles or has access to people’s personal data.
This policy is intended to ensure that personal information is dealt with properly and securely and in accordance with the GDPR and the Data Protection Act 2018 (DPA 2018). It will apply to information regardless of the way it is used, recorded and stored and whether it is held in paper files or electronically.
Scope
The GDPR and DPA 2018 have a wider definition of personal data than the Data Protection Act 1998 and includes information generated from cookies and IP addresses if they can identify an individual.
‘Personal data’ is any information that relates to an identified or identifiable living individual, which means any living individual who can be identified, directly or indirectly, in particular by reference to—
a. an identifier such as a name, an identification number, location data; or
b. an online identifier; or
c. one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The DPA 2018’s wider definition of personal data is broadly defined and is not limited to confidential or sensitive data. It also includes any expression of opinion about an individual, personal data held visually in photographs or video clips (including CCTV) or sound recordings.
This GDPR Policy explains how Magic Training LTD (“Magic Training”, “we”, “us”, or “our”) collects, uses, and discloses personal data in connection with our EAL (products and services (the “Products”).
1. What data do we collect?
We collect a variety of personal data from users of our Services, categorized as follows:
- Personal Data:
- Required:
- Name
- Email address
- Date of Birth
- Contact Number
- Required:
- Learning Data:
- Information about your progress in our courses, such as:
- Course enrolment information
- Test scores and completion rates for assignments, and modules
- Learning path choices and areas of focus
- Time spent on learning activities
- Interactions with learning materials (e.g., videos watched, articles read)
- We may also collect (NVQs / portfolio):
- Recordings of technical discussion with your assessor (for clarity and communication effectiveness)
- Examples of communication between you and the client (if applicable / for accuracy and adherence to electrical safety regulations)
- Video demonstrations of your practical skills.
- Photos of your work (for visual evidence of competence and following best practices)
- Information about your progress in our courses, such as:
2. How do we use your data?
We use your data for the following purposes:
- To provide and administer the Services to you:
- User creation and management
- Access control and course enrolment
- Delivery of learning materials and activities
- Progress tracking and reporting
- Processing of Learner Records
- Technical support
- To personalize your learning experience:
- Tailor course content and difficulty to your proficiency level
- Recommend learning activities based on your progress and goals
- Provide targeted feedback and suggestions
- To communicate with you about your account and the Products:
- Send progress information
- Provide customer support
- Share updates about new features, courses, or promotions (with your consent)
- To improve the Products and develop new products and services:
- Analyse learning data to identify areas for improvement
- Develop new learning materials and activities
- To comply with legal and regulatory requirements:
- Data retention for tax or accounting purposes
- Reporting to regulatory bodies (as required by law)
3. Legal basis for processing your data
We process your data on the following legal bases:
- Contract: To fulfil our contractual obligations to provide you with the Products you have purchased. This includes account creation, course access, and progress tracking.
- Consent: For specific purposes where we have obtained your explicit consent, such as using recordings of your discussion or collecting samples of your written communication with your supervisor/ customer.
- Legitimate interests: To improve the Products, develop new offerings, personalize your learning experience, and ensure the security of our platform. We will only process your data for these purposes in a way that does not unduly impact your privacy rights.
4. How long do we store your data?
We will store your data for as long as it is necessary for the purposes for which it was collected, or as required by law. Here’s a general guideline:
- Personal Data: As long as your account with Magic Training is active. You can also request account deletion at any time.
- Learning Data: For a reasonable period, as required by the Awarding Body, to track your progress and provide information to the Awarding Body.
We will implement appropriate technical and organizational measures to ensure the security of your data in accordance with GDPR best practices.
5. Your data protection rights
Under the GDPR, you have a number of rights in relation to your data, including:
- The right to access your data: You can request a copy of the personal data we hold about you.
- The right to rectify inaccurate data: You can request that we correct any inaccurate or incomplete information about you.
- The right to erasure of your data (“Right to be forgotten”): You can request that we delete your data, subject to certain exceptions (e.g., legal requirements).
- The right to restrict processing of your data: For example, you might choose to restrict the centre from using your contact details for marketing purposes.
- Portability: You can request to receive your data in a format that allows you to transfer it to another institution (if applicable).
Data Security
Magic Training will use proportionate physical and technical measures to secure personal data. We will store hard copy data, records, and personal information out of sight and in a locked cupboard.
Breaches of the policy will be dealt with in accordance with the centre’s disciplinary policy and could amount to gross misconduct.
Breaches
Magic Training will notify the individual and the ICO of breaches of personal or sensitive data within 72 hours of becoming aware of the breach.
Notifying the Information Commissioner
Magic Training is required to ‘notify’ the Information Commissioner of the processing of personal data. This information will be included in a public register, which is available on the Information Commissioner’s website.