The Literacy Tree Limited needs to collect personal information to effectively carry out our everyday functions and activities and to provide our products and services. Such data is collected from employees, members, international partners, customers, stakeholders, suppliers and clients and includes (but is not limited to), name, address, email address, data of birth, IP address, identification numbers, private and confidential information, sensitive information and bank/credit card details.
In addition, we may be required to collect and use certain types of personal information to comply with the requirements of the law and/or regulations, however we are committed to processing all personal information in accordance with the General Data Protection Regulation (GDPR), UK data protection laws and any other relevant data protection laws and codes of conduct (collectively referred to as "the data protection laws").
The Literacy Tree Limited is committed to ensuring and maintaining the security and confidentiality of personal and/or special category data and all colleagues are responsible for handling data in accordance with this policy.
The purpose of this policy is to ensure compliance with the Data Protection Act (DPA) 2018 and General Data Protection Regulation (GDPR) (EU) 2016/679 which govern any processing of information about living individuals and the rights those individuals have relating to this information. This legislation covers all personal information held in both electronic form and manual form.
The Literacy Tree Limited is both a controller and processor of personal data and is registered with the Information Commissioner's Office (ICO) as a Data Controller. The policy incorporates guidance from the ICO, and outlines how QAA will discharge its duties and obligations to comply with Data Protection legislation.
This policy applies to all parts of QAA and to all personal data held and processed by the organisation. This includes data held in any system or format, whether electronic or hard copy.
Adherence to this policy is mandatory for all employees of The Literacy Tree Limited whether permanent, fixed term or temporary, reviewers, any third-party representatives or sub-contractors, agency workers, volunteers, interns and agents engaged with The Literacy Tree Limited in the UK or overseas. Non- compliance could lead to disciplinary action.
For the purposes of information categorisation, The Literacy Tree Limited applies the GDPR definitions of "personal data" and "special category data", as follows:
“Personal data” | “Special category data” |
---|---|
Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as:
|
Personal data revealing or relating to an identifiable natural person's:
|
The Literacy Tree Limited ensures that personal data falling within the GDPR's "special categories" is handled with a particularly high level of care, due to the assumption that this type of information could be used in a negative or discriminatory way and is of a sensitive, personal nature to the persons it relates to. The processing of special category data by The Literacy Tree Limited is kept to the minimum necessary to enable us to perform our functions.
1.1 Article 5 (2) of the GDPR requires that The Literacy Tree Limited, its employees and others who process or use any personal information shall be responsible for, and be able to demonstrate, compliance with the data protection principles.
1.2 The data protection principles state that personal data should be:
1.3 The Literacy Tree Limited’s policy is that the processing of all personal data should be safe, secure, ethical and transparent and we have procedures in place to enable data subjects to exercise their rights:
2.1 2.1 Where we act either in the capacity as a data controller or in the capacity as a data processor (or a representative), our internal records of the categories of processing activities carried out will contain the following information:
3.1 The Literacy Tree Limited is committed to obtaining ISO 27001:2022 certification at some point in the near future.
4.1 The Literacy Tree Limited utilises external processors for certain processing activities. We use information audits to identify, categorise and record all personal data that is processed outside of The Literacy Tree Limited, so that the information, processing activity, processor and legal basis are all recorded, reviewed and easily accessible. Such external processing may include (but is not limited to):
4.2 We have due diligence procedures and measures in place and review, assess and background check all processors prior to forming a business relationship. In the course of these checks, we may obtain company documents, certifications and references to ensure that the processor is adequate, appropriate and effective for the task we are employing them for.
4.3 We ensure that Service Level Agreements (SLAs) and contracts containing appropriate compliance obligations are in place with all data processors via the contract approval process. Processors are notified that they must not engage another processor without our prior specific authorisation and any intended changes concerning the addition or replacement of existing processors must be done in writing, in advance of any such changes being implemented.
4.4 It is the responsibility of the contract manager to ensure that each of the processing activities specified in the contract are monitored, audited and reported on.
5.1 The rights given to data subjects under Data Protection legislation are:
5.2 Under Data Protection Regulation legislation, data subjects have the right of access to their personal data held by The Literacy Tree Limited.
5.3 Any individual who wishes to exercise this right can do so verbally or in writing by contacting admin@literacytree.com.
6.1 Employee personal data: We do not use consent as a legal basis for obtaining or processing employee personal information. Our HR policies have been updated to ensure that employees are provided with the appropriate information about how we process their data and why.
6.2 The Literacy Tree Limited’s Privacy Notice tells you what to expect when we collect personal information to meet our legal, regulatory, statutory and contractual obligations and to provide members, international partners, customers and stakeholders with information, either about our products and services or about matters of public interest
6.3 Data storage: Information and records relating to data subjects will be stored securely and will only be accessible to authorised employees. Information will be stored for only as long as it is needed or in accordance with the required statute and will be disposed of appropriately.
6.4 Data accuracy: The Literacy Tree Limited takes reasonable steps to ensure that this information is kept up to date by asking data subjects whether there have been any changes.
6.5 Audits & monitoring: Regular internal audits are completed independently by an outsourced consultant. We also have compliance monitoring processes with a view to ensuring that the measures and controls in place to protect data subjects and their information are adequate, effective and compliant at all times. The Literacy Tree Limited is accountable to the Board, in respect of compliance with this policy.
6.6 Training: The Literacy Tree Limited is committed to a staff awareness programme ensuring that new and existing employees are trained, assessed and supported in a variety of ways to discharge their data protection responsibilities in a variety of ways, including online and virtual induction.
7.1 The Literacy Tree Limited understands its obligations and responsibilities under the data protection laws and recognises the severity of breaching any of these. We respect the Information Commissioner's authority to impose and enforce fines and penalties where there is a failure to comply with regulations, a failure to mitigate the risks where possible and operate in a knowingly non- compliant manner.
7.2 Employees should note the severity of such penalties and their proportionate nature in accordance with the breach, including the following:
Type of Breach | Maximum Fine |
---|---|
Breaches of the basic principles for processing, conditions for consent, the data subjects' rights, the transfers of personal data to a recipient in a third country or an international organisation, specific processing situations or non-compliance with an order by the Information Commissioner. | Administrative fines up to £17.5 million or 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher. |
8.1 As a Data Controller (or when acting as a joint Data Controller or a Data Processor), The Literacy Tree Limited has a corporate responsibility for the following:
8.2 Roles and responsibilities are defined as follows:
The Literacy Tree Limited is committed to keeping a safe working environment and contributing to a safe and just society where people are treated fairly and respectfully, and where we anticipate and respond positively to unlawful circumstances. Any violation or non-compliance with this policy may be treated as a serious misconduct and may include termination of employment or contractual arrangements, civil or criminal prosecution.
The Literacy Tree Limited will commit necessary resources in terms of people, time, money and training to make sure that we comply with our statutory duties and that our equality scheme is implemented effectively.
For assistance or further guidance please contact Anthony Legon or Lynn Sear (co-CEOs)
Your cart is empty.