site map | 18 June 2018

“CILEx Law School staff are efficient, friendly and sympathetic.”

CILEx Law School Student Survey

Select

Accessibility and policies

Below, you will find our accessiblity, personal data and environmental policies.

Accessiblity

We invite you to view the CILEx Group Single Equality and Diversity Scheme and Action Plan.

Our Courses

CILEx Law School is committed to the provision of accessible learning and wishes to support all students in their studies. To this end, we will make reasonable adjustments in accordance with section 29 of the Equality Act 2010 and the associated Code of Practice on Services, Public Functions and Associations.

All CILEx Law School students who disclose a disability, health condition or learning difficulty will be contacted by a member of Learner Support, who will discuss the student’s needs and create a mutually agreed Learner Support Plan.

If you are a prospective student and wish to discuss the reasonable adjustments that CILEx Law School may be able to make to assist you in your studies, please contact Ruby Denton on 01234 844 310. 

Website

This web site has been produced in accordance with current accessibility guidelines. Should you encounter any difficulty accessing content within this site, please send your suggestions to IT@cilexlawschool.ac.uk .

Use of cookies 

By using the CILEx Law School website, course shop and our Student Area,  you consent to the use of data as indicated in our cookies policy.

Contacting CILEx Law School

If you have any questions about this privacy policy or our use of your personal data, please contact Morag Hiskett at morag.hiskett@cilexlawschool.ac.uk

Privacy and data protection policy

CILEx Law School (CLS) is committed to respecting the personal data you supply to us. The information we collect will only be used for the purposes for which it was originally submitted. Information will be held in accordance with the Data Protection Laws before 25 May 2018, the Data Protection Act 1998 and the Data Protection Directive and from 25 May 2018 the General Data Protection Regulation and the UK Privacy and Electronic Communications Regulations 2003.

Principles

CLS adheres to the following principles in its use of data:
1. processed fairly and lawfully and not processed unless certain conditions are met;
2. obtained for a specified and lawful purpose and not processed in any manner incompatible with that purpose;
3. adequate, relevant and not excessive for those purposes;
4. accurate and where necessary kept up to date;
5. not kept for longer than necessary for that purpose;
6. processed in accordance with the data subject’s rights;
7. kept secure from unauthorised or unlawful processing and protected against
accidental loss, destruction or damage by appropriate technical and organisational measures;
8. only shared with third party organisations such as our partner organisations where we jointly deliver courses, or apprentice employers, where specific consents have been obtained from the data subject;
9. not transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data

How we collect and use data

Personal data you provide on application and enrolment forms, and on any transaction made through the course shop, will be used according to the 'use of data' clause relating to the course or apprenticeship you are applying for, or publication you are ordering. These vary depending on the nature of your application. For example, we offer some courses with partner organisations, and in these circumstances the clause allows for sharing with those partner organisations. On apprenticeships we are required to issue reports to government departments and consents are collected for this activity.

Where sensitive data is required, separate consents are obtained at the point of collection with detailed reasons given for why the data is collected and how it will be used.

Please refer to individual application forms for detailed information on how your data will be collected and used. We will only use your data for the purposes listed in each case.

Data sharing and processing

CLS is wholly owned by the Chartered Institute of Legal Executives (CILEx) and is part of the CILEx group (CILEx Professional Association, CILEx Regulation, CILEx Group Services and CLS). The CILEx group holds data on a common software platform but the data is only used by each part of the group as agreed with each individual.

CLS works with a number of third party processors and has agreements in place to ensure that they are compliant with data protection legislation. These include email software provider, printing supplier, website developers, virtual learning environment provider, e-portfolio provider. Data is only shared with third parties for specific purposes and we will endeavour to obtain consent for the individual prior to the data being shared.

CLS works in partnership with a number of institutions and employers to deliver courses and apprenticeships. CLS will share data with these partners where it has a contractual or statutory requirement to do, or where consent has been obtained from the individual.

CLS might also collect and process data on the basis of legitimate interests for the purposes of monitoring and improving our performance. This will only be done where it has a limited impact on our students, apprentices or employer clients’ privacy and, where possible, we will obtain consent.

Compliance with data principles

Ensuring compliance with data principles is the responsibility of the Marketing Manager. If you have a complaint about the processing of your Personal Data, you should put forward the matter in writing to Morag Hiskett, Marketing Manager (see contact details below). An investigation of the complaint will be carried out to the extent that is appropriate based on the merits of the specific case and you will be informed of the progress and the outcome of the complaint within a reasonable period.

If an issue cannot be resolved through consultation with the Marketing Manager, then you may seek redress by writing to Noel Inge, Managing Director.

All CLS staff are required to go through a mandatory programme of training to ensure that they understand data protection issues and that data is to be used only for the purposes required to carry out their roles.

We have mapped all locations and formats in which data is stored and have retention policies in place which are in line with statutory and business requirements.

Subject Access Requests

You are entitled under data legislation to make a subject access request to find out whether any of your personal data is being processed and to be given a description of the personal data, the reasons it is being processed, and whether it has been given to any other organisations.
When a subject access request is received, CLS will:

1. Ask you to complete a Data Request Form if further information is needed in order to fulfil the request. On receipt of this request we will ask all departments to complete a data search sheet so that we can locate all sources of data relating to the request.
2. We shall comply with the data request within 40 days from the date the request is received. Where we can respond earlier we will do so. Where appropriate we will explain the results of the search. We will provide the data in a commonly-used format.

Subject Access Requests are free of charge. However, if the request is manifestly unfounded or excessive, a reasonable fee will be imposed.

Breach of obligations

All members of staff have been trained to notify CLS’s Marketing Manager and their line manager if they become aware of any breach of our obligations relating to your personal data. Potential breaches will be investigated and remedial action taken as appropriate at the earliest opportunity. We will notify you if we become aware that the security of your personal data has been breached. We maintain a data incident log.

Where required, breaches will be reported to the Information Commissioner’s Office (ICO) as specified under the GDPR.

Further rights

In addition to the rights and procedures outlined above, you also have the right to request for your data to be rectified and kept up-to-date. Please contact us if you think that the data we hold on you is incorrect. You can also request for us to restrict the processing of your data if you object to its use or you think that it is inaccurate. CLS does not use automated decision making mechanisms.
In certain circumstances, individuals will also have the right to request for the data that CLS holds on them to be deleted. For example, as a result of a withdrawal of consent.

Each request will be judged on its merits and responded to without undue delay.

Business to business communications

From time to time, on a limited basis, CILEx Law School may contact organisations for the purposes of providing information on CILEx Law School’s products and services. Should the organisation or individual representative contacted indicate that they do not wish to receive further communications, their contact details will be deleted save for the purposes of maintaining a suppression list.

Contact details

Morag Hiskett, CLS data controller
College House, Manor Drive, Kempston, Bedford, MK42 7AB
morag.hiskett@cilexlawschool.ac.uk
 

CILEx Law School Archive and Data Retention Policy

This policy relates to data held by CILEx Law School (CLS) in the delivery of its services to customers. CLS needs to keep information about its employees, students, apprentices, clients and other users in order to deliver its services. CLS is committed to only processing data for specific purposes and, where possible, informing data subjects clearly and transparently of these purposes. Employee data is covered by the Chartered Institute of Legal Executives Group Archive, Data Protection Policy and Procedure.

This policy applies to all CLS records which contain personal data, both in electronic (soft) and paper (hard) format.

Principles

The following reasons determine what information needs to be retained:

1. Information that must be retained for legal and regulatory reasons
Certain pieces of legislation set out types of information that should be kept and how long they should be kept for.
2. Information that should be retained in order to deliver services to our customers
We gather data about students and record their progress in order to deliver education and training to them.
3. Information that should be retained for business reasons
This is information that is of value to CLS which is needed for both day to day activities and longer term strategic planning.
4. Information that should be retained in order to preserve student records
It is important that we keep records of student achievements for their future reference and to be able to advise on progression. Due to the nature of CILEx qualifications, many of our distance learning students study with us over very long periods, often taking study breaks of several years before picking up again to complete further units towards a qualification.
5. Information that should be retained for the liability period
CLS enters into contracts with students, employers and partner organisations. We retain records to prove performance and delivery of our contracts for a period of seven years in order to be able to respond to any claims raised within the liability period.

CLS adheres to the following principles in its retention of data:
1. data is kept for no longer than is necessary for the purposes for which it is being processed
2. retention time limits are established so that personal data storage is kept to a strict minimum
3. the purposes for which we retain data and our retention periods are periodically reviewed
4. data which is incorrect, duplicated or no longer relevant will be updated, archived or securely disposed of

CILEx Group data retention

CLS is wholly owned by the Chartered Institute of Legal Executives (CILEx) and is part of the CILEx group (CILEx Professional Association, CILEx Regulation, CILEx Group Services and CLS). The CILEx group holds data on a common software platform and shares functions such as Human Resources, IT and Finance. Please refer to the CILEx Retention Policy for group-wide retention information.

CLS specific data

We hold data in a variety of formats and locations:

Profile Concept: this is our main Customer Relationship Management (CRM) system and is hosted at a server in our own premises. It contains all transaction and student performance data.

We carry out data duplication and cleansing on this system regularly and are working on a major data cleansing and migration project which will move this data to a new CRM system in February 2019.

Most data will be retained for the purposes of retaining our student records. Data more than seven years old will be deleted upon request under the right to be forgotten.

The Student Area: this is our Moodle-based virtual learning environment and it holds records of student activity and performance. Most data will be retained for the purposes of retaining our student records. Data more than seven years old will be deleted upon request under the right to be forgotten.

OneFile: this is the delivery platform for our apprenticeships. It contains personal and performance data on our apprentices which is archived upon completion. We need to retain data for a period of 15 years after the completion of an apprenticeship to demonstrate the delivery of our services in support of our claims for government funding for apprenticeships.

Apprenticeship reporting software: we use PICS and BKSB to record and report on apprentices' programme delivery, progression and achievements.

E-commerce site: transactional data is held on our website and downloaded and processed daily. The website databases are deleted monthly.

Internal secure electronic storage – the F:/drive: this is a database of limited-access folders which are held locally on our in-house servers. Access is strictly limited to members of staff who need to process data to carry out their roles. Retention policies are in place for each folder and data cleansing is carried out regularly. Examples of files stored here include progress trackers on cohorts of students, exam pass lists, attendance lists for face-to-face events, editorial commissioning documents, marked study exercises, apprenticeship application forms and so on. Retention for each item is considered in the light of the reasons listed under ‘Principles’ above and a policy is adopted and recorded by the relevant department. The creation and implementation of the policies is the responsibility of the Academic Director, Customer Services Manager and Director of Business and Apprenticeships for their particular area.

Locked cabinets: hard copy paper items containing personal data are held in locked cabinets with access only available to relevant staff members. All paper items, such as application forms, are subject to a retention policy and regular shredding is carried out to deliver the policies. Overflow is kept in a secure archiving facility.

Microsoft Outlook, OneDrive and Sharepoint: ad hoc documents created for analysis of business performance or student progress are saved locally on staff member’s OneDrive location or uploaded to Sharepoint with limited access. Strict policies are in place for data handling and data cleansing which all staff are bound to agree to and which is monitored by managers.

Data processing agreements

Where data is held on third party software (Moodle, PICS, OneFile, BKSB) or where bespoke software systems such as our e-commerce site are hosted on external servers, we are working towards having data processing agreements in place with all third parties.

CLS works in partnership with a number of institutions and employers to deliver courses and apprenticeships. CLS will share data with these partners where it has a contractual or statutory requirement to do so. Our data subjects will be informed of this data sharing and should contact the partner directly if they have any questions regarding their data retention policies.

Compliance with data retention principles

Ensuring compliance with data retention principles is the responsibility of the Marketing Manager. If you have a complaint, you should put forward the matter in writing to Morag Hiskett, Marketing Manager (see contact details below). An investigation will be carried out to the extent that is appropriate based on the merits of the specific case and you will be informed of the progress and the outcome of the complaint within a reasonable period.

If an issue cannot be resolved through consultation with the Marketing Manager, then you may seek redress by writing to Noel Inge, Managing Director.

All CLS staff receive information and training on our data retention policies.

Data subject requests

Data subjects are entitled under data legislation to make a number of requests in relation to your data. In certain circumstances, individuals will also have the right to request for the data that CLS holds on them to be deleted. For example, as a result of a withdrawal of consent.
Each request will be judged on its merits and responded to without undue delay.

Subject Data Requests are free of charge. However, if the request is manifestly unfounded or excessive, a reasonable fee will be imposed.