Privacy Notice (How we use delegate information)
What information do we collect about you?
We collect information about you when you register with us or place an order for products or services. We also collect information when you voluntarily complete customer surveys, provide feedback and participate in competitions. We also collect information on contractors and employees for the purposes of payments and legal processing of HMRC information.
The categories of this information that we collect, process, hold and share include:
- Personal DTSA delegate information (such as name, email address and workplace, DBS status for access to schools)
- Personal Schools Direct Trainee Information (such as DOB, email address, placement info, DBS status, qualifications, passport information or driving licence information, home address, immigration status, phone numbers, proof of name change, interview outcomes, internal assessment information on maths and English, UCAS enrolment form and wage slips for salaried ITT placements)
- Contractor information (such as name, email address, premises address, phone number, DBS status, rates of pay, tax status)
- Employee information (such as name, email address, residence, contact number, DBS status, rates of pay, HMRC PAYE information, H&S records, divulged medical information, next of kin and absence information.)
Why we collect and use this information
We use delegate data to:
- Enable us to carry out specific functions for which we are responsible
- Evaluation with government departments if requested
- Marketing if opted in – Via Mailchimp and Adestra
- Derive statistics which inform decisions such as the funding of courses
- Assess performance of courses
- Attendance on courses
- Invoice for attendance
- Science delegates information is shared with STEM to record national CPD hours
- DGP Schools data is shared with NGA for membership purposes
We use Schools Direct Trainee data to:
- Enable us to carry out specific functions for which we are responsible
- Evaluation with government departments if requested (DOE and NCTL)
- Share with Derby University for the purpose of completion of the course
- UCAS share data with us from their registration forms
- Contact host schools and arrange funding of placements
- Prevent fraud
- Safeguarding purposes
- Check of eligbility to work in the UK and complete the course
We use contractor and employee data to:
- Enable us to carry out specific functions for which we are responsible inc safeguarding
- Sharing with required government departments if requested
- Produce annual accounts and PAYE/HMRC returns including payments
- Monitor performance
How will we use the information about you?
We collect information about you to process your order, manage your account and, if you agree, to email you about other products and services we think may be of interest to you. Registers and email addresses are kept for 1 year after last attendance on a course.
We use your information collected from the courses to personalise your repeat visits to our courses. DTSA CIO will not share your information for marketing purposes with companies outside the DTSA Group unless required to by STEM for science courses and NGA for Governor Membership only. In processing your order, we may send your details to, and also use information from your workplace to complete your course.
We use information from schools direct programmes to offer placements on the ITT course to successful candidates. Unsuccessful candidate data is held for the application window plus one year. Successful candidate data is kept for 7 years.
We would like to send you information about products and services of ours which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, please email booking@DTSA.org.uk.
Mailchimp Privacy Notice
MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. We are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome. A list of Privacy Shield participants is maintained by the Department of Commerce and is available at: https://www.privacyshield.gov/list.
MailChimp is responsible for the processing of Personal Information it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. the European Commission (the “Commission“) and the US Department of Commerce (“DOC“) have agreed on a final EU-US “Privacy Shield” framework for use by companies seeking a legal basis for commercial transatlantic transfers of personal data. The Commission formally approved the “adequacy” of the Privacy Shield on 12 July 2016, and the DOC began accepting “self-certifications” from US organisations on 1 August 2016
Adestra Privacy Notice (for STEM marketing only)
We employ a variety of technical and organizational measures to keep personal data safe and to prevent unauthorized access to, or use or disclosure of it. We take our position as a digital marketing services provider seriously and believe part of being a leading supplier involves upholding and developing leading security practices. We are proud to maintain accreditations in DataSeal, ISO 9001:2015 and ISO 27001:2013.
We normally only store data within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (such as a US organization that is certified under the EU-US Privacy Shield Framework).
Clients who have purchased enhanced out-of-hours support in their contract or by an amendment may have personal data transferred outside the EEA. This is necessary because enhanced support (including that provided outside of normal UK working hours) may be provided by staff from companies in the Adestra group (Adestra Inc. and Adestra Pty Limited) located in the United States or Australia (respectively).
Our lawful basis for processing data.
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
We collect and use information under clause a – from registers, b – from schools buying into packages and f – from STEM
Storing this information
We hold delegate information for a year after the last attendance on a course. We hold employee and contractor information for tax purposes as per HMRC guidelines of 6 years after the current tax year. We use information from schools direct programmes to offer placements on the ITT course to successful candidates. Unsuccessful candidate data is held for the application window plus one year. Successful candidate data is kept for 7 years.
Requesting access to your personal data
Under data protection legislation, all data subjects have the right to request access to information about them that we hold. To make a request for your personal information, contact firstname.lastname@example.org.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like further information about this privacy notice, please contact: