Data Protection Agreement
Data Protection Policy
Unionlearn, which is part of the Trades Union Congress (TUC), has an overarching objective to help unions spread a lifelong learning message to members. The TUC is registered as a data controller under the 1998 Data Protection Act (the Act) - registration no. Z8053646.
Unionlearn recognises its legal obligation to comply with the Act. It processes personal and sensitive personal data in order to achieve its goals and in particular to:
- Strengthen union capacity on learning by training and supporting over 23,000 union learning representatives and by supporting 250,000 learning opportunities each year.
- Provide effective union representation in the workplace by training union representatives and union professionals.
- Monitor and improve the effectiveness of Unionlearn.
Unionlearn fully endorses and adheres to the principles of the Act. It has implemented data protection policies and procedures to help ensure that employees and union learning representatives treat personal information lawfully and correctly. Steps have also been taken to ensure that employees and union learning representatives who manage and handle personal information are appropriately trained to do so and that data handling processes and procedures are regularly reviewed and audited for compliance.
All unionlearn employees and union learning representatives are responsible for complying with the Act. Managers are responsible for supervising their staff and overseeing compliance.
The Act includes eight data protection principles. Unionlearn is committed to complying with these principles and all other aspects of the Act and in particular will seek to ensure that the personal data it holds is:-
(i) processed fairly and lawfully
- we will seek to ensure that individuals whose data we hold know what we intend to do with their personal information
- wherever necessary and appropriate we will seek the individual’s consent to our processing of their personal data
- we will use the personal data that we hold for our purposes only and in accordance with the processing purposes as stated in our notification with the Information Commissioner’s Office
- we will only store and use individuals’ personal data for our reasonable and legitimate activities
- we will always try to ensure the quality of our information
- we welcome and encourage individuals to inform us if they believe any of our information is inaccurate so that we can update our information sources accordingly
- we operate a retention policy to ensure that old or surplus personal data is removed from our records after a reasonable time
- we will seek to comply with individual requests and notices
- we will provide data subject access to personal information in accordance with the Act
- we will prevent processing in certain circumstances, if requested
- we will correct, rectify, block or erase information which is regarded as wrong information, when notified
- we operate appropriate organisational and technical security arrangements in relation to all personal data we hold
- we recognise that personal data need to be treated with particular care in countries which do not have reciprocal data protection laws
- we will not transfer personal data outside the EEA without the individual’s consent or suitable safeguards