Data Protection Policy
- Aims of this Policy
The Data Protection Policy sets out IGrow Academy’s overall principles concerning the collection and use of personal data and the responsibilities of IGrow Academy and its Partner Institutions. For the purpose of this policy a Partner Institution is a Content provider that has signed a Course Distribution Agreement with IGrow Academy.
- Data Control
IGrow Academy is the Data Controller for personal information submitted by enquirers and learners in relation to the IGrow Academy Platform (for the purposes of this policy the “Personal Data”). Personal Data is shared with the relevant Partner Institutions as soon as the learner identifies their learning partner. From that stage, IGrow Academy and the relevant partner are Data Controllers in Common for this Personal Data.
In some instances, IGrow Academy will be a Data Processor and process some Personal Data on behalf of the Partner Institution and in accordance with their instructions. This includes when a learner enrols on a Course that bears credit, formal certification or other forms of recognition of prior learning by the Partner Institution.
- Data Collection Principles
IGrow Academy and its Partner Institutions are required to observe good Personal Data handling practice by:
- complying with applicable data protection legislation
- collecting and using the Personal Data fairly and lawfully
- transferring the Personal Data within their institution and to any authorised third-parties only on a need-to-know basis
- ensuring that the Personal Data is up to date and accurate
- establishing appropriate retention periods for the Personal Data
- ensuring that learners’ rights as data subjects can be appropriately exercised and that contact details are available to learners wishing to exercise their rights
- providing adequate security measures to protect the Personal Data
- ensuring that all staff handling Personal Data receive adequate training and are made aware of good practice in data protection
- complying with their own internal data protection policies and guidelines
- Further Responsibilities
4.1 Further Responsibilities of IGrow Academy
- To provide an appropriate privacy statement which learners are required to read and accept before becoming an enrolled learner
- To provide the mechanism by which personal data is transferred to the appropriate partner
- To nominate a data protection contact and provide their details to the nominated contacts in Partner Institutions
- To liaise with data protection contacts in Partner Institutions when necessary in order to address any issues promptly
- To enter into agreements with learners which support the licenses granted to partner institutions by IGrow Academy.
4.2 Further Responsibilities of partners
- To nominate a data protection contact and provide their details to the IGrow Academy nominated contact
- To liaise with the IGrow Academy data protection contact when necessary in order to address any issues promptly
- Where they are sole Data Controller, to provide an appropriate privacy statement which learners are required to read and accept before becoming an enrolled learner.