GDPR Compliance Statement

The EU General Data Protection Regulation (‘GDPR’) came into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, GDPR has been designed to meet the requirements of the digital age.

GDPR imposes new obligations on organisations that control or process relevant personal data and introduces new rights and protections for EU data subjects.

Within this statement CloudRock want to highlight to our customers the measures we have put in place to ensure compliance with GDPR where we process personal data on your behalf.

GDPR Compliance

Our preparation and objectives for GDPR compliance have been summarised in this statement and includes the development of existing and implementation of new policies, procedures, controls and measures to ensure ongoing compliance.

Our internal Information Security and Data Protection staff have worked with external consultants and legal counsel to ensure that we meet the requirements of GDPR across our business.

CloudRock will comply with GDPR as a processor and controller of data, depending on the area and engagement, and has been planning and developing a programme of works which deliver the requirements of the legislation. This has mandated working with our suppliers and partner organisations to ensure that they can also meet these obligations.

Our preparation includes

⦁ Data Audit – we understand the data, how any why we process it, retention, and where required, DPIA

⦁ Lawful Basis for Processing – reviewed activities and confirmed the lawful basis

⦁ Information Security – confirm our technical and organisational controls are appropriate

⦁ Cookies and Privacy Notices– we have reviewed and updated our polices

⦁ Data Subjects Rights – we have reviewed our processes to ensure that the data subject’s rights are preserved including consent, subject access requests, right of erasure and correction

⦁ Data Breaches – our incident management procedures have been enhanced to ensure we meet the reporting requirements

⦁ Supplier Assessment – continue the process of supplier evaluation to confirm contractual and legal requirements are in place

 

If you have any questions surrounding CloudRock GDPR compliance, please contact [email protected]

Privacy Policy

At CloudRock Academy, we value the privacy and security of your personal information, and are committed to the fair and transparent processing of your information. This Privacy Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage and delete your information. This Privacy Policy applies to the Academy and all Courses offered by the Academy.

 

Your personal information

We may collect personal information directly from you, from an organisation that introduces you to our programmes and courses, or other organisations you agree for us to contact. The information may come from enrolment forms, application forms, letters, emails or text messages, written materials or discussions.

The information we collect, and process could include

⦁ name, address, email address and telephone number, to enable us to contact you

⦁ date of birth and National Insurance number, to identify you

⦁ bank account details for collection of course fees

⦁ racial, ethnic origin and sexual orientation, for statistical purposes and to meet any related needs

⦁ disability or health conditions and wellbeing status to tailor our services to your needs

⦁ any criminal record you may have, so we can provide advice and guidance to you

⦁ information relating to your work history, past experience, education history, housing situation, benefits claiming and right to live and work in the UK to better tailor support to your needs

⦁ details of jobs you apply for and activities you undertake on our programmes, to help you increase your skills, find/stay in employment and improve your health and wellbeing

CloudRock Academy may also use your information to meet our contractual obligations; for statistical purposes to monitor our performance and identify trends; to evaluate the effectiveness of our service; and claim payments from commissioners.

Protecting your information 

Your data will be stored on secure databases, and only accessed by authorised personnel who have a need to know the information. Data will not be processed outside the European Economic Area without your prior written consent.

Information may be shared with third parties for administration, management and/or service delivery purposes, where it is necessary and lawful for CloudRock Academy to do so. In all cases we will share only the minimum information necessary and will do this using secure methods such as face-to-face meetings and secure mail.

We will only keep your information for as long as we need to meet our contractual and legal obligations. When the information is no longer required, we will destroy it securely.

Authority to collect and process your information

Under Data Protection law, CloudRock Academy has the following legal bases for processing personal information:

⦁ it is needed for the performance of a contract you have with us, or to enter a contract, such as accessing our services.

⦁ it is necessary for CloudRock Academy legitimate interests, specifically enabling us to provide the services we are commissioned to deliver by government departments, Local Authorities and other organisations; and delivering one of our core values by supporting our customers to achieve their right to inclusion and independence, through our education, work and disability programmes.

Certain personal data, such as health information, is called “special category data” and we cannot use this without your written consent, which you can give by signing the consent box at the bottom of this notice. However, you must be aware that, if you do not give us consent to collect or store your special category data, this may limit the services we can offer you and therefore reduce their effectiveness.

Sharing your information

To help you get maximum benefit from your programme, and to comply with our contractual obligations, we may need to share some of your information with other organisations and/or individuals.

These could include:

⦁ the organisation that referred you to our programme, such as Jobcentre Plus, a local authority, health service provider etc – to tell them how you are progressing

⦁ our service delivery partners – to help you get the right support to meet your needs

⦁ training providers – to help you improve specific skills or gain qualifications

⦁ employers – to help you find work or get work experience

⦁ charities or voluntary sector organisations providing specific support services

⦁ health care providers and professionals – to help you access essential services

⦁ your representatives e.g. carers, family members where you ask us to

⦁ the police and other law enforcement agencies – we may be required to release your data for the purposes of criminal investigations or to support you in a crisis

We will only share information where we have a legal basis as shown above, or when we must by law.

Should you wish us not to share your data with a particular organisation or person, please tell the member of staff who is working with you, so we can note this on our records. You can add to or change this list at any time by writing to us (by letter, email, SMS). By requesting this change, this could result in us no longer being able to provide a service to you.

Your rights and responsibilities

You have the right to:

⦁ see any of the personal data we hold about you

⦁ have your personal data corrected if it is inaccurate or incomplete

⦁ ask us to remove or delete personal data where we are not entitled to hold this, or if there is no good reason for its continued processing

⦁ restrict or stop us processing your personal data in certain circumstances

⦁ withdraw consent (where relevant) at any time

⦁ make a complaint to the Information Commissioner’s Office if you think we are doing something wrong.

If you wish to exercise any of these rights, please contact the Data Protection Officer for details of how an application may be made.

When you are accessing your personal data through CloudRock Academy IT systems you are responsible for following all security instructions e.g. protecting your password, logging out of computers correctly etc.

 

Changes to this Privacy Policy

CloudRock Academy has the discretion to update this Privacy Policy at any time. We encourage Students to frequently check this page for any changes. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications.

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by us are called “first party cookies”. Cookies set by parties other than us are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the Website (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognise your computer both when it visits the website in question and also when it visits certain other websites.

How can you control cookies?

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. You have the right, therefore, to choose whether or not to accept non-essential cookies and to set your own cookie preferences on your device.

CloudRock has implemented a cookie management tool on its websites that allows you to select which of the optional cookie classifications can be set. By choosing not to set some of these cookies certain features of the Website cannot be provided and you may not be able to enjoy the Website to its fullest. When cookie retention settings expire, you will be presented with the cookie management interface to refresh your selection.

Where you wish to review the settings of the cookies on subsequent visits, you can clear the cookies from your browser and the management tool will reappear to allow you to review and select appropriate cookies. All web browsers are different and to learn how to change your cookie preferences, check the “Help” menu of your browser. For the remaining CloudRock sites not currently operating the cookie management tool, settings should be managed in line with browser instructions.

 

Contact Us

If you have any questions, concerns or complaints about this Privacy Policy, please contact us:

• By email: [email protected]
• By visiting this page on our website: Contact CloudRock

 © CloudRock Academy 2022