General Data Protection & Retention Policy
General Principal
General Principles:
Pinehirst Education Centre’s will retain information about students, staff and others for as long as is reasonable and necessary to comply with data protection legislation and for legitimate business needs. The purpose of this Policy is to explain how Pinehirst Education complies with its legal obligation not to keep personal data for longer than we need it and sets out when different types of personal data will be deleted. In order to comply with the storage limitation principle set out in the General Data Protection Regulation UK - (GDPR), personal data will not be kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the personal data is processed. This Data Retention Policy will be read in conjunction with the Data Protection Policy and Process, which sets out Pinehirst Education’s overall approach to data protection and sets out the rationale as to why a Data Retention Policy is required. This policy applies to all staff across all Pinehirst Education Centres.
Paul Morton, Director of Curriculum , Pinehirst Education June 2023.
Data Retention Periods
Pinehirst Education has assessed the types of personal data that it holds and the purposes for which it is used. The tables below sets out the retention periods that Pinehirst Education has set for the different Operational area’s within Pinehirst Education services, and the different types of data that they each hold. The list below covers key data held by Pinehirst Education but is not exhaustive.
Governance
Finance
Human Resources
Insurance and Resources
Student
Administration and Support
Teaching and Learning
Data Protection
Learning records and evidence
Data areas Retention Period
Privacy Notice data Protection
Pinehirst is committed to data security and the fair and transparent processing of personal information. Our privacy notice explains what, how and why we collect personal data. It further explains how we store data, who we share data with and your rights in relation to the personal data you provide to us.
This privacy notice applies to all the personal data we collect if you visit our website or use our services. This is following current data protection law, in particular the UK - General Data Protection Regulation UK - (GDPR) (Regulation (EU) 2016/679) and Data Protection Act 2018.
Portfolios
Portfolios used for collating learner evidence will be presented in a manner that allows internal and external quality assurers to be able to easily locate evidence that meet specific Assessment Criteria. A completed portfolio will include, as a minimum:
The name of the learner, assessor(s), and internal quality assurer
A tracking sheet that states where to find evidence that each Assessment Criteria has been met.
A statement signed by the learner that confirms that the evidence in the portfolio is their own work.
Assignment briefs, where applicable
All evidence of learner achievement
Evidence of the tutor’s feedback to the learner
Portfolio Front Sheet
This document includes the details of the learner and units to be completed. It incorporates a checklist for the assessor to ensure that the portfolio is complete.
Learner Evidence
Tracking Sheet
This document is completed by the learner and presented with evidence for formal assessment to clearly show where evidence requirements have been met.
Authenticity Statement
This form is completed by the learner to confirm that the work/evidence they have submitted is their own work and has been created by the learner. It also confirms that the learner understands that their results may be invalidated if they have submitted evidence that does not belong to them.
Assessment Feedback Form
A template for providing developmental feedback to learners following submission of an assessment.
Individual Progress Record
Allows you to record individual learner achievement for a unit.
Witness Testimonial Form
You may complete this form if you are a witness to a learner achieving criteria, by clearly listing or describing the evidence presented by the learner and linking to the Assessment Criteria met.
· Assessment Observation Record Form
A task set for a particular unit may involve observing a learner. The Assessment Observation Record Form will allow you to summarise clearly the activities observed and the unit Assessment Criteria the learner met.
· Group Progress Record
Allows you to record achievement of a unit by group.
Further areas of Retention
• Complaints and Appeals, including Appeals against Assessment Decisions 3 years
• Learner Registrations, Recommendations for Award of Credit, Certificates, Transcripts and Qualifications issued Indefinitely.
• Verifier Reports, Quality Reviews Reports 5 years
• Remote invigilation of on-line assessment videos 18 months
• Course documentation (withdrawn programmes) 3 years after expiry of course
• Centre Recognition 6 years after recognition expires.
• Qualification Guides (including Qualification approval) 6 years after qualification expires.
• Payment card details Card details taken by phone are processed immediately through a secure connection to the Merchant Service Providers Online Terminal and not otherwise recorded or stored.
E-Portfolios
Along with paper-based learner evidence and associated paperwork, Pinehirst Education also accepts e-portfolios. Online e-portfolios will be secure and complete with evidence clearly cross-referenced to Assessment Criteria, be supported by assessment and internal quality assurance records, and allow learner progress to be tracked. Pinehirst Education representatives must be able to access all relevant documentation for external quality assurance purposes. If you are unsure whether an e-portfolio system meets our requirements, please contact your Lead Quality Reviewer.
Retention of Learner Evidence
A portfolio of evidence is the property of the learner. The centre will retain all learner work until the course run has been external quality assured. Following a successful external quality assurance review, original evidence will be returned to learners. Pinehirst Education has Authorised Internal Verifier (AIV) status, the completion of the AIV Report is deemed to be equivalent to a successful external quality assurance review and original learner evidence will be returned to learners at this point.
If assessment records cannot be separated from the learner portfolio, Pinehirst Education must also retain a copy of the portfolio.
Pinehirst Education will retain copies of sufficient learner evidence (electronic copies are acceptable) to allow them to participate in internal and external standardisation events. Samples will include all assessed work produced by selected learners for the whole unit/ qualification. Wherever possible, evidence will be retained for learners with borderline levels of achievement (i.e. on the pass/fail border, merit/ distinction border etc.).
Where the centre repeats the delivery of the same course multiple times, evidence will be retained to ensure standards of assessment and internal quality assurance are comparable over time.
· Retention of Assessment and Internal Quality Assurance Records
Pinehirst Education must keep complete and accurate learner assessment and internal quality assurance records, for at least three years following certification, in case any issues arise. These records must be made available to Pinehirst Education upon request. If relevant regulatory authorities make a request to see these records, either directly to Pinehirst Education or via Open Awards, they must be made available.
This evidence will cover all units/ qualifications and be made available to Pinehirst Education on request. Electronic versions of this evidence is acceptable. Pinehirst Education must retain the following records:
• A list of all learners registered.
• Learner name
• Date of birth
• Contact address.
• Registration date
• Pinehirst Education learner registration number
• Unique Learner Number (ULN) - where applicable
• Unit names and unit codes for each unit completed.
· Learner assessment records:
• Name of the assessor(s)
• The assessment methods used.
• Evidence of the assessment decision being made.
• Reasons for the assessment decision made.
• the location of relevant supporting evidence
Records of internal quality assurance activity
Name of the internal quality assurer(s)
Name of the Authorised Internal Verifier (where applicable) Sampling strategy, including the sample selected and the rationale for choosing that sample.
Details of internal standardisation meetings relating to the units.
Copies of AIV Reports for the course runs.
Evidence of assessor competence (including copies of certificates, CVs, and evidence of continuing professional development
Records of certificates claimed.
Records of learner complaints – including outcomes.
Records of learner appeals – including outcomes.
If Pinehirst Education do not comply with these record retention requirements and cannot substantiate claims made on behalf of learners it will affect their centre’s risk rating.
External assessment
For some Pinehirst Education qualifications (e.g. Functional Skills Qualifications), learners must complete assessments that we set. Pinehirst Education must ensure that these assessments are carried out in controlled conditions to minimise the potential for plagiarism. In order to ensure these conditions are enforced, external assessments must be delivered in accordance with our Instructions for Conducting Controlled Assessments.
Where Pinehirst Education are remotely assessing, external assessments must be delivered in accordance with our Instructions for Conducting Controlled Assessments Remotely.
Pinehirst Education must ensure that there are no conflicts of interest between the invigilator and learners by checking in advance of the assessment (e.g. a relative of a learner or there is a personal interest in the outcome of the assessment).
Reasonable adjustments and special considerations Pinehirst Education is committed to ensuring access to fair assessment for all learners and to protecting the integrity of the award of credit and qualifications.
Pinehirst Education centres will ensure that it creates, at all times, an inclusive assessment process that adheres to disability and equal opportunity legislation and other regulatory criteria whilst ensure that standards of assessment are maintained.
There may be circumstances whereby arrangements need to be made to take account of particular learners’ requirements in order to ensure that this is achieved without giving any unfair advantage over other learners.
Reasonable adjustments
Reasonable adjustments are actions made to help reduce the effect of a disability or difficulty that places a learner at a substantial disadvantage in the assessment situation. These amendments to assessment allow a disabled learner to demonstrate his or her knowledge, skills and understanding to the levels of attainment required by the specification for that qualification.
Reasonable adjustments must not affect the reliability or validity of the assessment outcomes but may involve:
Changing the usual assessment arrangements, e.g. allowing a learner extra time to complete an assessment activity.
Adapting assessment materials e.g. by providing large print or providing materials in Braille
Providing assistance during an assessment e.g. by providing a trained signer, interpreter, or a reader
Changing the assessment method e.g. from a written assessment to a spoken assessment
· Using assisted technology such as screen reading, or a voice activated software.
Reasonable adjustments must be approved and set in place before the assessment takes place. The work produced by the learner will be assessed in the same way as all other learners.
When considering reasonable adjustments, the centre will review the Reasonable Adjustments and Special Considerations Policy which can be found on the Open Awards Secure Portal.
The policy clearly states whether reasonable adjustment requests can be approved by the centre or whether they need to be author be submitted to Pinehirst Education for approval.
Where reasonable adjustments have been agreed by the centre, completed RA1 forms must be made evidence available to Pinehirst Education at quality assurance visits and will be reviewed alongside learner evidence.
Where permission needs to be sought from Open Awards, Pinehirst Education will complete Form RA2 as soon as possible after the need has been identified, and in any event at least 20 working days before the assessment is due to be taken. For short courses lasting less than 20 working days, Pinehirst Education are advised to complete Form RA2 as soon as possible. Supporting evidence must be provided along with RA2 forms– this may include one or more of the following:
• The centre’s assessments of the learner’s needs
• History of provision within the centre
• Medical certificate
• Psychological or other professional assessment/report
In cases where the centre has applied for reasonable adjustments or special considerations, records must be kept for at least 3 years from the end of the year to which they relate.
Data Security and UK - GDPR
Pinehirst Education will take steps to ensure the personal data it processes is secure, including by protecting the personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
Pinehirst Education understands that all health and care organisations, as detailed below, are required to comply with the Data Security and Protection Toolkit. A link to an explanatory guidance note is included in the "Underpinning Knowledge" section. Compliance with the Data Security and Protection Toolkit facilitates compliance with UK- GDPR.
Pinehirst Education will implement and embed the use of policies and procedures to ensure personal data is kept secure. The suggestions below apply in addition to the steps Pinehirst Education is required to take pursuant to the Data Security and Protection Toolkit, if the toolkit applies to Pinehirst Education. For paper documents, these will include, where possible:
• Keeping the personal data in a locked filing cabinet or locked drawer when it is not in use
• Adopting a "clear desk" policy to ensure that personal data is not visible or easily retrieved
• Ensuring that documents containing personal data are accessible only by those who need to know/review
the documents and the personal data contained within them.
• Redacting personal data from documents where possible
• Ensuring documents containing personal data are placed in confidential waste bins or shredded at the end of the relevant retention period For electronic documents, the measures taken by Pinehirst Education will include, where possible:
• Password protection or, where possible, encryption
• Ensuring documents containing personal data are accessible only by those who need to know/review the documents and the personal data contained within them
• Ensuring ongoing confidentiality, integrity and reliability of systems used online to process personal data (this may require a review of IT systems and software currently used by Pinehirst Education Education)
• The ability to quickly restore the availability of and access to personal data in the event of a technical incident (this may require a review of IT systems and software currently used by Pinehirst Education Education).
• Taking care when transferring documents to a third party, ensuring that the transfer is secure and the documents are sent to the correct recipients Pinehirst Education will ensure that all business phones, computers, laptops, and tablets are password protected.
Pinehirst Education will encourage staff to avoid, storing personal data on portable media such as USB devices. If the use of portable media can't be avoided, Pinehirst Education will ensure that the devices it uses are encrypted or password protected and that each document on the device is encrypted or password protected.
Pinehirst Education will implement guidance relating to the use of business phones and messaging apps. Pinehirst Education understands that all personal data sent via business phones, computers, laptops, and tablets may be captured by UK - GDPR, depending on the content and context of the message. As a general rule, Pinehirst Education will ensure that staff members only send personal data by text or another messaging service if they are comfortable that the content of the messages may be captured by UK - GDPR and may be provided pursuant to a Subject Access Request (staff will refer to the Pinehirst Education Subject Access Policy and Procedure for further details).
Pinehirst Education will ensure that all staff are aware of the importance of keeping personal data secure and not disclosing it on purpose or accidentally to anybody who will not have access to the information. Pinehirst Education will provide training to staff if necessary. Pinehirst Education will consider in particular, the likelihood that personal data, including special categories of data, will be removed from Pinehirst Education's premises, and taken to, for example, Service Users' homes and residences. Pinehirst Education will ensure that all staff understand the importance of maintaining the confidentiality of personal data away from Pinehirst Education's premises and take care to ensure that the personal data is not left anywhere it could be viewed by a person who will not have access to that personal data.
Pinehirst Education will adopt policies and procedures in respect of recognising, resolving, and reporting security incidents including breaches of UK - GDPR. Pinehirst Education understands that it may need to report breaches to the ICO and to affected Data Subjects.
Protection Toolkit.
Pinehirst Education will adopt processes to regularly test, assess, and evaluate the security measures it has in place for all types of personal data.
Privacy By Design
Pinehirst Education will consider the UK - GDPR requirements around privacy by design, particularly in terms of data security.
Pinehirst Education understands that privacy by design is an approach set out in GDPR that promotes compliance with privacy and data protection from the beginning of a project. Pinehirst Education will ensure that data protection and UK - GDPR compliance is always at the forefront of the services it provides, and that it won't be treated as an afterthought.
Pinehirst Education will comply with privacy by design requirements by, for example:
• Identifying potential data protection and security issues at an early stage in any project or process, and addressing those issues early on; and
• Increasing awareness of privacy and data protection across Pinehirst Education, including in terms of updated policies and procedures adopted by Pinehirst Education
Pinehirst Education will conduct Privacy Impact Assessments to identify and reduce the privacy and security risks of any project or processing carried out by Pinehirst Education. A template Privacy Impact Assessment is available within the Pinehirst Education Initial Privacy Impact Assessment Policy and Process .
Procedure
Pinehirst Education will consider data retention and data security issues and concerns at the beginning of any project (whether the project is the introduction of a new IT system, a new way of working, the processing of a new type of personal data or anything else that may affect Pinehirst Education's processing activities). Pinehirst Education appreciates that this is key for complying with the privacy by design requirements in GDPR.
Pinehirst Education will review the periods for which it retains all the personal data that it processes.
Pinehirst Education will, if necessary, adopt new policies and procedures in respect of data retention and will circulate those policies and procedures to all staff. Pinehirst Education will consider providing training to staff in respect of data retention.
Pinehirst Education will review the security measures currently in place in respect of all the personal data it processes.
Pinehirst Education will document the decisions it takes, and the logic and reasoning behind those decisions, in respect of both data retention and data security. Pinehirst Education will keep a record of all policies and procedures it implements to demonstrate its compliance with GDPR.
Document Version: 2 (June 2023) ( REVIEW DATE June 2024)
Data Retention and protection Policy and Process
Author PNM
Quality Assurance
This Policy and Procedure maps to the following external quality assurance frameworks
Inspection Framework
· MATRIX
· QAA
· QIA
· ESFA
General Data Protection Regulation2016
• Data Protection Act 2018 Underpinning Knowledge - What have we used to ensure that the policy is current:
• GOV.UK, (2018), About the IG Toolkit. [Online] Available from:
https://www.igt.hscic.gov.uk/resources/About%20the%20IG%20Toolkit.pdf
[Accessed: 07/03/2018]
• Department of Health & Social Care and NHS England, (2018), 2017/18 Data
Security and Protection Requirements. [Online] Available from:
• Home Office, (2018), An Employer's Guide to Right to Work Checks. [Online]
Available from:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/6
38349/Employer_s_guide_to_right_to_work_checks_-August_2017.pdf
[Accessed: 07/03/2018]
• NHS DIGITAL,, (2018), Records Management Code of Practice for Health and
Social Care 2016. [Online] Available from:
https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-forHealth-and-Social-Care-2016 [Accessed: 07/03/2018]
Suggest education:
• Impact assessment/action plan
• Discuss in supervision sessions
• Notify relevant staff of changes to policy
• Encourage sharing the policy through the use of the QCS App
• Establish process to confirm the understanding of relevant staff
• Establish training sessions for staff
• Arrange specific meetings to discuss the policy changes and implications
• Ensure that the policy is on the agenda for all team meetings and staff handovers
All Pinehirst Education Policies are subject to screening for Equality Impact Assessment
Equality Impact Assessments are carried out to see whether the policy has, or is likely to have, a negative impact on grounds of age, disability, gender reassignment, pregnancy and maternity, race, religion or belief, marriage or civil partnership, sex, or sexual orientation.
Pinehirst Education not only fulfils its legal position in relation to current and future equality legislation, but additionally goes beyond compliance in providing and promoting “Opportunities for all to succeed”, free from any aspect of discrimination, harassment, or victimisation.
All staff have a duty of care to look after the interests of and support their colleagues. This policy takes account of our commitment to eliminating discrimination, identifying, and removing barriers and providing equal opportunities for our learners, staff, and visitors to ensure that no one feels excluded or disadvantaged.
Safeguarding, Child Protection, Prevent and Missing from Education
All staff have a responsibility to support and promote Pinehirst Education Education’s commitment to providing a safe environment for students, staff, and visitors. Additionally, all staff have a responsibility to report any safeguarding or Prevent issues to the Designated Senior Lead for Safeguarding and Prevent.