It also applies to the emergency contacts of our Staff.For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the company responsible for your personal data (“NSAR” or “us”) can be found here.
You are required to supply your Data in order to register for our membership, newsletters, access to applications and services or where you have asked us to send you further information.
What kind of personal data do we collect?
In order to recruit effectively we need to process certain information about you. We only ask for details that will genuinely help us to help you, such as your name, contact details, education details, employment history and financial information (where we need to carry out financial background checks). Where appropriate and in accordance with local laws and requirements, we may also collect information related to your health, diversity information or details of any criminal convictions.
Organisations are required by law to hold certain personal data for their workforce such as records of workers joining them, their job title, contact details, pay and benefits and so on. NSAR collects as a minimum personal data relating to contact details, previous work history, proof of right to work in the UK, bank details, and terms & conditions of employment.
If you are active NSAR Member, we need to collect and maintain information about you and organisation. We will would ask that you submit any changes to these details once they are apparent. Lapsed members records will be held for a period of 6 months where beyond this period they will be eliminated from our records.
We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
People whose data we receive from staff, such as referees and Emergency Contacts
In order to provide candidates with suitable employment opportunities safely and securely and to provide for every eventuality for them and our employees, we need some basic background information. We only ask for very basic contact details, so that we can get in touch with you either for a reference or because you’ve been listed as an emergency contact for one of our employees.
How do we use your personal data?
Your data will solely be used for the purpose specified at the time of collection and unless specified, will not be passed on or sold to any third parties unless you have indicated your consent to at the time of your registration or following further communications from us.
The main reason for using information about Clients is to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly. The more information we have, the more bespoke we can make our service.
The main reasons for using Supplier data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.
Employee records are necessary for the formulation and implementation of employment policies and procedures for recruitment, training, promotion, dismissal etc. Some of these are required by law and others enable personnel to monitor other processes. Accurate records help ensure that employees receive their correct pay, annual leave, pension and other entitlements and benefits. They can be used to monitor fair and consistent treatment of staff.
People whose data we receive from staff, such as referees and Emergency Contacts
We use referees’ personal data to help verify our Employee’s details and qualifications on commencement of employment. We use the personal details of an Employee’s emergency contacts in the case of an accident or emergency affecting that individual.
How can you access, amend or take back the personal data that you have given to us?
Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.Right to withdraw consent: Where we have obtained your consent to process your personal data or consent to market to you, you may withdraw your consent at any time.Data Subject Access Requests: You have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or Delete such information. At this point we may comply with your request or, additionally do one of the following:
Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will Delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority or the Information Commissioners Office.
Children and Privacy
Our Website does not target and is not intended to attract children under the age of 14. We do not knowingly solicit personal information from children under the age of 14 or send them requests for personal information.
What are cookies and how do we use them?
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number.
More information about cookies, including how to block them and/or delete them, can be found at AboutCookies.org
You do not need to have cookies turned on to use or navigate through many parts of our Website, however this may limit some of the functions available on the Website and you may not be able to use all the interactive features.
Security – How do we safeguard your data?
We take reasonable precautions to keep your Data secure. Such information is subject to restricted access to prevent unauthorised or unlawful access, modification or use and accidental loss, destruction, or damage. We will ensure any third parties to whom we send your data for processing on our behalf are obliged to comply with our own standards of security and to act only upon our instructions.
NSAR and your employer are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we store on the web based system will be processed by us. This includes your trainer / assessor account, if applicable, and your individual record on the system (called ‘Skills ID’). Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. Please note that this policy only relates to personal data stored on the NSAR system; your employer also has a policy for other personal data collected by it or not held on the NSAR system.
For the purpose of GDPR, NSAR and your employer are joint data controllers. NSAR is registered in England and Wales under company number 07484465 and data controller number Z2646486.
Information we collect from you
We will collect and process the following data about you:
Where we store your personal data
Once your information is stored on the NSAR system, we will use strict procedures and security measures to prevent unauthorised access. For example, when your NSAR account is accessed over the internet by either us or your employer the delivery of information is executed using secure transport mechanisms. When not in transmission, all information you provide to us is stored on secure servers.
If you would like further information regarding the security of the NSAR system, please contact the nominated data control representative in your organisation or NSAR’s helpdesk.
Retention of data
Once your information has been uploaded onto the NSAR system, it will remain accessible while you are employed by your employer or whilst you remain an active Trainer/Assessor.‘Archiving’ means that your NSAR account(s) has been removed to a separate area on the NSAR system and is not accessible to anyone except NSAR. Your Trainer/Assessor account will be archived if you cease to be sponsored by any approved Sentinel training/assessment provider or if your employing training/assessment organisation withdraws from the NSAR scheme.
Your system account will be archived in the two circumstances:
After archiving, one of three things will happen to your account:
Uses made of this information
We use information held about you in the following ways:
If NSAR needs to contact you it will use the email information provided on your account.
Access to information
The GDPR gives you the right to access information held about you. Your right of access can be exercised in accordance with the GDPR. Please address any requests to NSAR Data Protection Controller at NSAR’s head office address.
Trainers/Assessors are able to access information held about them via their Trainer /Assessor account. As a SkillsID holder you will be able to access some of this information yourself (i.e. your training and qualification records), unless your account has been archived. If you are not able to access your account, then you can also ask your employer for assistance in accessing your SkillsID.
firstname.lastname@example.orgIf you wish to unsubscribe from NSAR communications follow the unsubscribe link sent with all NSAR electronic communications or alternatively by email your request to unsubscribe request to email@example.com
We are registered as a data controller with the Information Commissioner. If you have any further questions or concerns about our collection, use, or disclosure of your personal information, please write to the Data Protection Officer, the National Skill Academy for Railway Ltd, 11 Carteret Street, London SW1H 9DJ.
We use our reasonable endeavours to make sure information on this Website is accurate and up to date but before you rely on anything please contact us or double check the information from another source.
This Website also contains links to external Internet websites. We have included such links for your ease of reference but please note that we have no control over the contents of these websites and do not endorse their content and cannot accept responsibility for them. You access such websites at your own risk.
© 2018 Copyright National Skills Academy for Rail