PRIVACY AND DATA PROTECTION POLICY 

This Privacy and Data Protection Policy (the Policy) applies to the treatment of Personal Data and Sensitive Personal Data.

​

Unless the context otherwise requires all words in the singular shall include the plural and shall inlcude the singular.  A reference to one gender shall inlcude a reference to the other genders and any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description definition, phrase or term preceding those terms.  A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality) and that person’s personal representatives, successors and permitted assigns.

Everything Apprenticeships (EA), a trading name of Rubitek Solutions Limited,

s committed to protecting the personal data of all individuals with whom we work. This includes learners, employers, staff, partners and any other stakeholders whose information we process. 

​

We recognise the importance of handling personal data responsibly and securely. We operate in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring that all personal data is processed lawfully, fairly and transparently. 

This policy outlines how we collect, use, store and protect personal data, and the responsibilities of staff in ensuring compliance with data protection legislation.

 ​

PURPOSE 

​

The purpose of this policy is to ensure that personal data is managed in a way that is lawful, secure and proportionate to our role as an apprenticeship provider. It sets out how we protect the rights of individuals while enabling the effective delivery of our programmes and services. 

Protecting personal data is fundamental to maintaining trust with our learners, employers and wider stakeholders, and supports the integrity of our provision. 

​

SCOPE

​

This Policy applies to all learners, staff, contractors, and representatives of EA. It applies to all personal data processed by EA, including data relating to learners and applicants, employers and partners, staff and contractors, suppliers and third parties. 

​

OUR APPROACH TO DATA PROTECTION

EA processes personal data in line with the principles set out in UK GDPR. In practice, this means that personal data is only collected for clear and legitimate purposes, is limited to what is necessary, and is kept accurate and up to date. ​We ensure that personal data is not retained for longer than required and that it is stored securely, with appropriate measures in place to prevent unauthorised access, loss or misuse. ​We also recognise our responsibility to demonstrate compliance with these principles, and to embed data protection into our everyday practice. This includes considering data protection at the point of design when introducing new processes or systems.

WHY WE MAY HOLD INFORMATION ABOUT YOU, AND HOW THIS IS COLLECTED

​

To offer our services to learners and employers, to support our staff, and to comply with our statutory and legal obligations we need to both capture and process personal information. The information we hold is collected verbally, through correspondence, from visits and inspections, when you sign up to a learning program, or to receive our emails/course information, surveys, competitions or when speaking to us by telephone. 

​

LAWFUL PROCESSING​​

We only process personal data where there is a lawful basis to do so. In most cases, this will be because processing is necessary to deliver our services, meet legal obligations, or support our legitimate interests as a training provider. 

Where we process more sensitive information, such as health-related data, we ensure that additional safeguards are in place and that processing is carried out in line with the requirements of UK GDPR. 

​

COLLECTION AND USE OF DATA

​

​We collect personal data to enable us to deliver apprenticeship programmes effectively, support learners throughout their journey, and meet our regulatory and funding requirements. Information is typically collected during enrolment, through assessments and reviews, and through ongoing communication with learners and employers. We ensure that individuals are aware of how their data will be used and that it is only used for the purposes for which it was collected. 

We do not use personal data for unrelated purposes without informing the individual and establishing an appropriate lawful basis. 

​​

​DATA SECURITY

We take appropriate steps to ensure that personal data is stored securely and protected from unauthorised access or loss. Access to data is restricted to those who need it to carry out their role, and systems are protected through secure logins and appropriate safeguards. 

Staff are expected to handle personal data carefully and to follow established processes when storing, sharing or disposing of information. 

​

DATA RETENTION

​ 

Personal data is retained only for as long as necessary to fulfil its intended purpose or to meet legal and regulatory requirements. Once data is no longer required, it is securely deleted or destroyed in line with our procedures. 

​

INDIVIDUAL RIGHTS

Under the UK Data Protection Act 1998 and other European Data Protection laws data subjects have a right to request a copy of the personal data EA holds about them, or to request that it be updated, corrected or removed (in which case EA will address such requests promptly). EA will respond to such requests in accordance with relevant UK law.

​​

DATA SHARING

In order to deliver our services, we may share personal data with employers, regulatory bodies, funding agencies and selected third-party providers. We ensure that any sharing of data is appropriate, lawful and limited to what is necessary. 

Where required, we put appropriate safeguards in place to ensure that data is protected when shared. 

​

DATA BREACHES

Any actual or suspected data breach must be reported immediately. EA will take appropriate steps to assess the situation, contain any risks, and take corrective action where necessary. 

Where required, breaches will be reported to the Information Commissioner’s Office (ICO) and affected individuals will be informed.

​

ROLES AND RESPONSIBILITIES

​

​The Directors are responsible for ensuring that EA meets its obligations under data protection legislation. A designated lead oversees data protection arrangements and acts as a point of contact for any concerns or queries. 

​​

All staff share responsibility for protecting personal data and are expected to follow this policy, complete relevant training, and report any concerns promptly. 

​​

TRAINING AND AWARENESS

​

​Staff receive appropriate training in data protection as part of their induction and ongoing development. This ensures that they understand their responsibilities and are able to handle personal data confidently and securely.

MONITORING AND REVIEW

​

We regularly review our data protection practices to ensure they remain effective and compliant with current legislation. This includes reviewing policies, monitoring how data is handled, and making improvements where required. 

​

Under the UK Data Protection Act 1998 and other European Data Protection laws data subjects have a right to request a copy of the personal data EA holds about them, or to request that it be updated, corrected or removed (in which case EA will address such requests promptly). EA will update personal information as requested by the data subject. 

YOUR ACCEPTANCE OF THESE PRIVACY POLICY TERMS / EXPRESS CONSENT

​

By using any of the sites within our web site network, or our Services, you unconditionally agree to be bound by the Privacy Policy. The data we collect is for a specific, explicit and legitimate purpose. We cannot and will not use information collected for one purpose for another without your permission.  

​

We will gain your explicit consent where we may want to legitimately use personal data we hold about you. 

​

REGISTRATION AND REGULATORY OVERSIGHT

​​

EA, as part of Rubitek Solutions Limited, is registered with the Information Commissioner’s Office (ICO) as a data controller (Registration Reference ZA512019). We are committed to meeting our obligations under data protection legislation and maintaining appropriate standards in the way personal data is collected, processed and stored. Further information about data protection rights and responsibilities can be found on the ICO website. 

​

PROMOTING THIS POLICY AND GAINING COMMITMENT 

​

EA is committed to ensuring that this policy is understood, embedded and applied in practice across the organisation. 

All staff are introduced to data protection requirements as part of their induction, where the importance of handling personal data appropriately is clearly explained in the context of their role. This is reinforced through ongoing communication, day-to-day practice and, where appropriate, further training. 

Leaders promote a culture where data protection is seen as a shared responsibility. Staff are expected to take ownership of how they handle personal data, to act with care and professionalism, and to seek guidance where they are unsure. Open discussion is encouraged so that questions or concerns can be addressed promptly. 

​

The application of this policy is supported through regular oversight and review. Leaders consider how effectively data protection requirements are being implemented in practice and make improvements where necessary. Feedback from staff and stakeholders is also taken into account to ensure that the policy remains relevant, proportionate and effective. 

​

Through this approach, EA aims to ensure that data protection is not treated as a standalone requirement, but as an integral part of delivering high-quality, responsible and compliant provision.  

​

​APPROVAL AND REVIEW

The Directors are responsible for ensuring the Company meets its obligations in line with this policy. 

This policy shall be reviewed by the Directors and updated where necessary before being approved at least annually to ensure that it (and any subsidiary policies and procedures) remains appropriate considering any relevant changes to the law, organisational policies, or contractual obligations. 

This policy is approved by the Directors on 3rd February 2026.  

​​​​