TribeCX Learner Privacy Policy
Introduction
TribeCX is committed to data security and the fair and transparent processing of personal data. This privacy notice sets out how TribeCX, treats learners’ personal data.
If you are a learner registered with TribeCX to undertake learning for the purposes of end-point assessment, please read this notice carefully as it contains important information on who we are, how and why we collect, store, use, and share your personal data (process), your rights in relation to your personal data, how to contact us, and how to contact supervisory authorities in the event that you would like to report a concern about the way in which we process your personal data.
Who are we?
For the purposes of applicable data protection law, including the General Data Protection Regulation (Regulation (EU) 2016/679) (EU GDPR), the UK GDPR and the UK Data Protection Act 2018 (DPA), TribeCX is the ‘controller’ of learner and apprentice personal data.
TribeCX Ltd is a UK limited company registered in England and Wales, registered number 09561540. Our registered office address is Dept 1307 601 International House, 223 Regent Street, London, W1B 2QD.
Our website address is: https://www.tribecx.com
What personal data do we collect?
We collect your name, gender, and a generic date of birth so that your actual date of birth does not appear in our records and any other personal data which is necessary in relation to a specific qualification or programme, standard or framework, or assessment. We may also collect personal data if required to administer our quality assurance processes, investigations, complaints, and appeals. This personal data is provided to us by learners, customers, employers, employer providers, training providers, awarding bodies, or other industry bodies you have registered and/or contracted with to receive learning, training, assessment, and/or certification products and/or services provided by us.
In exceptional circumstances, we may also collect and/or be provided with special category data, such as data about your physical or mental health or condition, to enable us to administer requests for reasonable adjustments, or in relation to an investigation, complaint, or appeal. Such data should only be collected and/or provided to us if you have provided your explicit consent or if we are otherwise permitted to receive and process it under the applicable data protection law.
How do we process your personal data?
We may process your personal data where this is necessary to pursue our legitimate interests as a provider of learning, training, assessment, invigilation, and/or certification products and/or services, including to:
- provide you with products and/or services for which you have enrolled or registered, or have been enrolled or registered;
- undertake administration in relation to products and/or services for which you are enrolled or registered;
- provide you with a certificate, credential, or other records of learning;
- arrange for a digital credential to be issued to you when you have successfully completed a course or e-learning module, attended an event, or in recognition of an achievement
- contact you directly in relation to our quality assurance processes, investigations, complaints, and appeals;
- assess and provide reasonable adjustments in relation to your learning or assessment where requested;
- prevent and detect crime and/or assist with the apprehension or prosecution of offenders; and
- provide you with remote invigilation session booking confirmation emails and support.
We may also process your personal data in pursuance of our legitimate interests to contact you directly in relation to new and existing products, services, news, awards, and events offered by TribeCX. Where you do receive such marketing communications from us, you may change your preferences or unsubscribe from marketing communications at any time by clicking the unsubscribe link in an email from us.
Where required by law: we may also process your personal data if required by law.
Special category data
We may collect and/or be provided with special category data, such as data about your physical or mental health or condition. For example, we may collect and/or be provided with special category data to enable us to administer requests for reasonable adjustments, or in relation to an investigation, complaint, or appeal.
With respect to special category data, we may also process such data if necessary for reasons of substantial public interest, including for the prevention or detection of unlawful acts or in compliance with, or to assist third parties to comply with, any regulatory requirements relating to the investigation of unlawful acts, dishonesty or malpractice.
Who do we share your personal data with?
We may share your personal data with relevant third parties, where necessary, in relation to your learning, assessment, certification, or the verification of your learning, assessment, or certification, and associated research and analytical activities, including:
- regulatory authorities, sector skills councils, professional bodies, and similar industry bodies;
- skills certification schemes and bodies;
- consortiums, authorised representatives, and partners; and
- centres, customers, employers, employer providers, training providers, awarding bodies, and similar third parties.
- We may also share your personal data with trusted third-party service providers, including:
- legal and other professional advisers, consultants, and professional experts;
- service providers contracted to us in connection with the provision of learning, assessment, and training products and/or services such as markers, moderators, invigilators, assessors, certification or credentialing providers, IT services, and customer relationship management services;
- City & Guilds provides assurance and digital credential partner Credly Inc, based in the US, which owns and manages www.credly.com, and
- analytics and search engine providers that assist us in the improvement and optimisation of our website.
We will ensure that there is a contract in place with such third-party service providers, which includes obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them, and which upholds your rights and freedoms with respect to personal data.
Where a third party recipient is located outside the UK, European Economic Area, or any other approved country or territory, we will ensure that the transfer of personal data is protected by appropriate safeguards, including international data transfer agreements in the UK, and the use of standard data protection clauses adopted or approved by the European Commission when applicable.
Any shared access to personal data is subject to restrictions both legally and contractually. We may also share personal data (including any special category data) with law enforcement or other authorities or agencies if required by law or where we otherwise deem it necessary in pursuance of our legitimate interests. This may include, without being limited to, responding to requests for information from such authorities or agencies, or sharing information with them in connection with our quality assurance processes, investigations, complaints, or appeals.
You should be aware that, where personal data is shared with a public authority, it will become subject to the Freedom of Information Act 2000 (FOIA) and may potentially fall within the scope of any future FOIA request made to such public authority.
How long will we keep your personal data?
We will keep personal data relating to your learning, training, assessment, and/or certification in order to:
- provide information about your learning, training, assessment, and/or certification;
- provide replacement certification;
- respond to any questions, complaints, or claims made by you, on your behalf, or about you;
- comply with any relevant third-party record retention requirements (e.g. those of a regulator); and
- comply with any contractual, legal, audit, and other regulatory requirements, or any orders from competent courts or authorities.
We will also keep personal data relating to our quality assurance processes, investigations, appeals, and complaints, in order to comply with the applicable contractual, legal, audit, and other regulatory requirements, or any orders from competent courts or authorities.
TribeCX keeps personal data for no longer than is necessary for the above purposes.
How do we protect your personal data?
We take all reasonable steps to ensure that both we and our third-party service providers protect your personal data. This includes ensuring that our staff is aware of their information security obligations, providing training, and limiting access to your personal data to staff who have a genuine business need to know.
We also take reasonable steps to protect your personal data from loss or destruction and have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your rights
Under applicable data protection law, you have various rights with respect to our processing of your personal data:
Right to Access
You have the right to request a copy of the personal data that we hold about you by contacting us at the email or postal address is given below. Please include with your request information that will enable us to verify your identity. We will respond within 1 month of the request. Please note that there are exceptions to this right. We may be unable to make all data available to you if, for example, making the data available to you would reveal personal data about another person, if we are legally prevented from disclosing such data, if there is no basis for your request, or if your request is excessive.
Right to rectification
We aim to keep your personal data accurate, current, and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes so that we can keep your personal data up-to-date.
Right to erasure
You have the right to request the deletion of your personal data where, for example, the personal data is no longer necessary for the purposes for which it was collected, where you withdraw your consent to the processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed. If you would like to request that your personal data be erased, please contact us using the contact details provided below.
Right to object
In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes. If you would like to object to the processing of your personal data, please contact us using the contact details provided below.
Right to restrict processing
In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have queried the accuracy of the personal data we hold about you and we are verifying the personal data, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. If you would like to make such a request, please contact us using the contact details provided below.
Right to data portability
In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another ‘controller’, in a commonly used, machine-readable format. This right arises when you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. If you would like to make such a request, please contact us using the contact details provided below.
Please note that applicable data protection law sets out exceptions to these rights. If we are unable to comply with your request due to an exception, we will explain this to you in our response.
Contact and complaints
If you have any questions about this notice or concerns about how we handle your personal data please email us at: datarequest@tribecx.com
You can also complain to the ICO if you are unhappy with how we have used your data.
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk