Outdoor First Aid Limited (OFA)
Data Protection Policy
1.1 OFA are committed to the rules of data protection and abiding by the eight data protection principles. These are the principles that must be satisfied when obtaining, handling, processing, moving and the storage of personal data.
1.2 As a first aid training centre, OFA need to collect and process information as required by ITC First Aid awarding body and its regulators. OFA is therefore considered the Data Controller and its course candidates and employees the Data Subjects.
2. The 8 Data Protection Principles
a) Data must be obtained and processed fairly and lawfully
b) Data must be obtained for a specified and lawful purpose
c) Data must be adequate, relevant and not excessive for its collection purpose
d) Data must be accurate and kept up to date
e) Data must not be kept for longer than is necessary for its purpose
f) Data must be processed in accordance with the Data Subject’s rights
g) Data must be kept safe from unauthorised access, accidental loss or destruction
h) Data must not be transferred to a country outside the European Economic Area
3. Data Subjects Rights
a) To know what information is held by OFA about them and why
b) Know how to gain access to it
c) Know how to keep it up to date
d) Know what OFA does to ensure compliance with its legal obligations
4. Data Collection
4.1 OFA collects data as part of the booking and registration process of qualification delivery.
OFA also collect and retain data as part of their OFA trainer and staff administrative tasks
5. Data Storage
5.1 OFA will ensure that:
a) Data is held securely i.e. password protected computer, locked cabinets/drawers, encrypted, computers, appropriate virus/data protection software
b) Course registrations (which includes, name, address, contact details, colour, race, signature) are removed from sight and access of other course candidates immediately after completion
c) Data is not disclosed or shared orally or in writing to any unauthorised party
e) OFA will download course candidate data to their part of the ITC website and promptly submit all documentation to ITC. Data submitted will only be viewable via individual unique User log on and password of OFA and ITC First Aid.
f) OFA will not share their log on and passwords with any unauthorised individuals or companies
6. Data Retention
6.1 OFA will retain any data in accordance with ITC retention periods, currently 5 years.
OFA will review its necessity to retain data once it has been submitted and accepted by ITC.
7. Data Destruction
7.1 OFA will ensure it destroys data in a confidential manner ie shredding of paper documents, deletion from computer systems.
7.2 OFA will ensure it does not retain data longer than is required for the purpose of training.
8. Subject Access
8.1 Any party who has provided personal data to OFA have the right to request what information is stored and its content.
8.2 Access request may be made in writing by letter or email to the OFA Director who will discuss the request with the data subject.
8.3 Data will be provided in accordance with the subject’s Rights of Access under Data Protection Act.
9. Breaches of Data Protection
9.1 Breaches or suspected breaches should be reported to the OFA Director who will make the necessary investigations and provide a response to the informant within 3 weeks of receipt.
Breaches may also be raised with ITC First Aid by contacting their office either via email, telephone or in writing.