site map | 18 August 2018

“CILEx Law School staff are efficient, friendly and sympathetic.”

CILEx Law School Student Survey

Select

Accessibility and policies

Below, you will find our accessiblity, personal data and environmental policies.

Accessiblity

We invite you to view the CILEx Group Single Equality and Diversity Scheme and Action Plan.

Our Courses

CILEx Law School is committed to the provision of accessible learning and wishes to support all students in their studies. To this end, we will make reasonable adjustments in accordance with section 29 of the Equality Act 2010 and the associated Code of Practice on Services, Public Functions and Associations.

All CILEx Law School students who disclose a disability, health condition or learning difficulty will be contacted by a member of Learner Support, who will discuss the student’s needs and create a mutually agreed Learner Support Plan.

If you are a prospective student and wish to discuss the reasonable adjustments that CILEx Law School may be able to make to assist you in your studies, please contact Ruby Denton on 01234 844 310. 

Website

This web site has been produced in accordance with current accessibility guidelines. Should you encounter any difficulty accessing content within this site, please send your suggestions to IT@cilexlawschool.ac.uk .

Use of cookies 

By using the CILEx Law School website, course shop and our Student Area,  you consent to the use of data as indicated in our cookies policy.

Contacting CILEx Law School

If you have any questions about this privacy policy or our use of your personal data, please contact Morag Hiskett at morag.hiskett@cilexlawschool.ac.uk

 

Privacy and data protection policy

CILEx Law School (CLS) is committed to respecting the personal data you supply to us. The information we collect will only be used for the purposes for which it was originally submitted. Information will be held in accordance with data protection legislation including the General Data Protection Regulation and the UK Privacy and Electronic Communications Regulations 2003.

Our commitment

CLS is committed to:

  • protecting any information that you’ve given us,
  • being clear and transparent on how we use it,
  • respecting the rights given to you by the legislation.

We do not sell data to any third parties.

All CLS staff are required to go through a mandatory programme of training to ensure that they understand data protection principles and that data is to be used only for the purposes required to carry out their roles.

Principles

CLS adheres to the following principles in its use of your data. Data should be:

  1. processed fairly and lawfully and not processed unless certain conditions are met;
  2. obtained for a specified and lawful purpose and not processed in any manner incompatible with that purpose;
  3. adequate, relevant and not excessive for those purposes;
  4. accurate and where necessary kept up to date;
  5. not kept for longer than necessary for that purpose;
  6. processed in accordance with your rights;
  7. kept secure from unauthorised or unlawful processing and protected against
  8. accidental loss, destruction or damage by appropriate technical and organisational measures;
  9. only shared with third party organisations where this is essential for the delivery of our services and where specific consents have been obtained from you;
  10. not transferred to a country or territory outside the European Economic Area.


Data collection and use – students, apprentices and purchasers of publications

The primary reason we collect information is to allow us to process your application and deliver our services for the duration of your course or apprenticeship, or to fulfil the order for any publication you have purchased. In addition, only if you’ve agreed to it, we might also contact you about relevant products and support services.

Personal data you provide on application and enrolment forms, and on any transaction made through the course shop, will be used according to the 'use of data' clause relating to the course or apprenticeship you are applying for, or publication you are ordering.

Where sensitive data is required, separate consents are obtained at the point of collection with detailed reasons given for why the data is collected and how it will be used.

Please refer to individual application forms for detailed information on how your data will be collected and used. We will only use your data for the purposes listed in each case. In some circumstances it is necessary for us to share data with third parties in order to deliver our services. These requirements vary depending on the nature of the services being delivered. Examples are given in the ‘Sharing your data’ section below.

CLS also processes data for the purposes of monitoring and improving our performance and for business analysis.

Sharing your data with partner organisations, awarding bodies and government departments

CLS is wholly owned by the Chartered Institute of Legal Executives (CILEx) and is part of the CILEx Group (CILEx, CILEx Regulation, CILEx Group Services and CLS). The CILEx Group holds data on a common software platform to be used only for the purposes agreed by you.

The other organisations in this category that we share data with will vary according to the nature of your transaction with us and will be listed in the ‘use of data’ clauses in the forms that you complete. Depending on the nature of the services being delivered, the third parties with whom we share your data with may include, but may not be limited to:

  • your employer where they have paid for your course fees on a distance learning course or have secured an apprenticeship with them
  • your prospective employer if you are an applicant for an apprenticeship
  • our partner organisation for your course or apprenticeship where the course or apprenticeship is jointly delivered by us and either De Montfort University, Northumbria University, Manchester Metropolitan University or City, University of London for the purposes of teaching, course delivery and maintaining your student record
  • City & Guilds where your course is awarded by them. The City & Guilds privacy notice can be found here
  • the Learner Record Service, a government department, with whom we are obliged to share your data if you are enrolling on a course or apprenticeship listed on Ofqual’s Register of Recognised Qualifications. We are obliged to share the LRS privacy notice with you, which can be found here
  • the Education and Skills Funding Agency (ESFA), a government department, for reporting purposes for apprenticeship funding. If you are enrolling on an apprenticeship we are obliged to share the ESFA’s privacy notice with you, which can be found here
  • the Office for Standards in Education, Children’s Services and Skills (OFSTED) if we are inspected by them in respect of our delivery of an apprenticeship programme on which you are enrolled. The OFSTED privacy notice can be found here 
  • the Federation for Industry Sector Skills and Standards (FISSS) to request your apprenticeship completion certificate through their online portal Apprenticeship Certificates England (ACE). The ACE privacy notice can be found here

Sharing your data with our suppliers

CLS works with a number of software and other suppliers in order to deliver our services to you. As indicated at the point of application, enrolment or purchase, the organisations we share your data with may include, but may not be limited to:

  • our print contractor to send out your course materials or a publication you have purchased,
  • the e-commerce software provider for our online shop,
  • our virtual learning environment software so you can access and use the functionality of the Student Area. The Student Area software is supplied by Blackboard. You can view their privacy policy here,
  • our e-portfolio software so you can access and use the functionality of OneFile,
  • our video conferencing software for the delivery of webinars,
  • our learner management and reporting software to assist us in keeping apprenticeship records for internal analysis and external reporting,
  • our freelance tutors who mark your study exercises or assignments,
  • our freelance tutors who deliver your face-to-face sessions/webinars or provide additional study support,
  • our GCSE and functional skills assessment software to determine your English, Maths and/or ICT level (for apprenticeships),
  • the email software and survey tool software we use to issue mass communications, including surveys.

As required under the GDPR, we are working towards putting agreements in place to ensure that these organisations have all signed data processing agreements to ensure that they comply with our requirements for the use of your data. We will ensure that data will not be held by our suppliers on servers outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Data collection and use – business-to-business communications

Where business-to-business relationships exist, details of employees or partners involved in the organisation or administration of student sponsorship or apprenticeships at client organisations are held on the basis of legitimate interest, as defined by the GDPR, rather than on the basis of consent.

From time to time, on a limited basis, CLS may contact organisations for the purposes of providing information on CLS’s products and services. Should the organisation or individual representative contacted indicate that they do not wish to receive further communications, their contact details will be deleted save for the purposes of maintaining a suppression list.

Data retention

We have mapped all locations and formats in which data is stored and have retention policies in place which are in line with statutory and business requirements. Please refer to the CLS Archive and Data Retention Policy for further information on how long we keep and where we store data.

Your rights

You have a number of rights in relation to your data with which you should familiarise yourself. Further information about individual rights is given below:

Subject Access Requests

You are entitled under data legislation to make a subject access request to find out whether any of your personal data is being processed and to be given a description of the personal data, the reasons it is being processed, and whether it has been given to any other organisations.

When a subject access request is received, CLS will:

  1. Ask you to complete a Data Request Form if further information is needed in order to fulfil the request. On receipt of this request we will ask all departments to complete a data search sheet so that we can locate all sources of data relating to the request.
  2. We shall comply with the data request within 40 days from the date the request is received. Where we can respond earlier we will do so. Where appropriate we will explain the results of the search. We will provide the data in a commonly-used format.

Subject Access Requests are free of charge. However, if the request is manifestly unfounded or excessive, a reasonable fee will be imposed.

Further rights

In addition to the right to know what data we hold on you, you also have the right to request for your data to be rectified and kept up-to-date. Please contact us if you think that the data we hold on you is incorrect. You can also request for us to restrict the processing of your data if you object to its use or you think that it is inaccurate. CLS does not use automated decision-making mechanisms.

In certain circumstances, individuals will also have the right to request for the data that CLS holds on them to be deleted. For example, as a result of a withdrawal of consent. These requests will be accommodated where they do not conflict with our contractual, legal or statutory obligations.

Each request will be judged on its merits and responded to without undue delay.

Breach of obligations

All members of staff have been trained to notify CLS’s Marketing Manager and their line manager if they become aware of any breach of our obligations relating to your personal data. Potential breaches will be investigated and remedial action taken as appropriate at the earliest opportunity. We will notify you if we become aware that the security of your personal data has been breached. We maintain a data incident log.

Where required, breaches will be reported to the Information Commissioner’s Office (ICO) as specified under the GDPR.

Complaints procedure

Ensuring compliance with data principles is the responsibility of the Marketing Manager. If you have a complaint about the processing of your Personal Data, you should put forward the matter in writing to Morag Hiskett, Marketing Manager (see contact details below). An investigation of the complaint will be carried out to the extent that is appropriate based on the merits of the specific case and you will be informed of the progress and the outcome of the complaint within a reasonable period.

If an issue cannot be resolved through consultation with the Marketing Manager, then you may seek redress by writing to Noel Inge, Managing Director.

Should you feel that your complaint has not been handled satisfactorily by CLS or have additional concerns about our organisational practices, you can also contact the Information Commissioner’s Office. Please visit their website for more information: https://ico.org.uk/make-a-complaint/

Contact details

If you have any questions or concerns about this policy, or would like to report an issue, please contact the following person:

Morag Hiskett
College House, Manor Drive, Kempston, Bedford, MK42 7AB
morag.hiskett@cilexlawschool.ac.uk

CILEx Law School Archive and Data Retention Policy

This policy relates to data held by CILEx Law School (CLS) in the delivery of its services to customers. CLS needs to keep information about its employees, students, apprentices, clients and other users in order to deliver its services. CLS is committed to only processing data for specific purposes and, where possible, informing data subjects clearly and transparently of these purposes. Employee data is covered by the Chartered Institute of Legal Executives Group Archive, Data Protection Policy and Procedure.

This policy applies to all CLS records which contain personal data, both in electronic (soft) and paper (hard) format.

Principles

The following reasons determine what information needs to be retained:

1. Information that must be retained for legal and regulatory reasons
Certain pieces of legislation set out types of information that should be kept and how long they should be kept for.
2. Information that should be retained in order to deliver services to our customers
We gather data about students and record their progress in order to deliver education and training to them.
3. Information that should be retained for business reasons
This is information that is of value to CLS which is needed for both day to day activities and longer term strategic planning.
4. Information that should be retained in order to preserve student records
It is important that we keep records of student achievements for their future reference and to be able to advise on progression. Due to the nature of CILEx qualifications, many of our distance learning students study with us over very long periods, often taking study breaks of several years before picking up again to complete further units towards a qualification.
5. Information that should be retained for the liability period
CLS enters into contracts with students, employers and partner organisations. We retain records to prove performance and delivery of our contracts for a period of seven years in order to be able to respond to any claims raised within the liability period.

CLS adheres to the following principles in its retention of data:
1. data is kept for no longer than is necessary for the purposes for which it is being processed
2. retention time limits are established so that personal data storage is kept to a strict minimum
3. the purposes for which we retain data and our retention periods are periodically reviewed
4. data which is incorrect, duplicated or no longer relevant will be updated, archived or securely disposed of

CILEx Group data retention

CLS is wholly owned by the Chartered Institute of Legal Executives (CILEx) and is part of the CILEx group (CILEx, CILEx Regulation, CILEx Group Services and CLS). The CILEx group holds data on a common software platform and shares functions such as Human Resources, IT and Finance. Please refer to the CILEx Retention Policy for group-wide retention information.

CLS specific data

We hold data in a variety of formats and locations:

Profile Concept: this is our main Customer Relationship Management (CRM) system and is hosted at a server in our own premises. It contains all transaction and student performance data.

We carry out data duplication and cleansing on this system regularly and are working on a major data cleansing and migration project which will move this data to a new CRM system in February 2019.

Most data will be retained for the purposes of retaining our student records. Data more than seven years old will be deleted upon request under the right to be forgotten.

The Student Area: this is our Moodle-based virtual learning environment and it holds records of student activity and performance. Most data will be retained for the purposes of retaining our student records. Data more than seven years old will be deleted upon request under the right to be forgotten.

OneFile: this is the delivery platform for our apprenticeships. It contains personal and performance data on our apprentices which is archived upon completion. We need to retain data for a period of 15 years after the completion of an apprenticeship to demonstrate the delivery of our services in support of our claims for government funding for apprenticeships.

Apprenticeship reporting software: we use PICS and BKSB to record and report on apprentices' programme delivery, progression and achievements.

E-commerce site: transactional data is held on our website and downloaded and processed daily. The website databases are deleted monthly.

Internal secure electronic storage – the F:/drive: this is a database of limited-access folders which are held locally on our in-house servers. Access is strictly limited to members of staff who need to process data to carry out their roles. Retention policies are in place for each folder and data cleansing is carried out regularly. Examples of files stored here include progress trackers on cohorts of students, exam pass lists, attendance lists for face-to-face events, editorial commissioning documents, marked study exercises, apprenticeship application forms and so on. Retention for each item is considered in the light of the reasons listed under ‘Principles’ above and a policy is adopted and recorded by the relevant department. The creation and implementation of the policies is the responsibility of the Academic Director, Customer Services Manager and Director of Business and Apprenticeships for their particular area.

Locked cabinets: hard copy paper items containing personal data are held in locked cabinets with access only available to relevant staff members. All paper items, such as application forms, are subject to a retention policy and regular shredding is carried out to deliver the policies. Overflow is kept in a secure archiving facility.

Microsoft Outlook, OneDrive and Sharepoint: ad hoc documents created for analysis of business performance or student progress are saved locally on staff member’s OneDrive location or uploaded to Sharepoint with limited access. Strict policies are in place for data handling and data cleansing which all staff are bound to agree to and which is monitored by managers.

Data processing agreements

Where data is held on third party software (Moodle, PICS, OneFile, BKSB) or where bespoke software systems such as our e-commerce site are hosted on external servers, we are working towards having data processing agreements in place with all third parties.

CLS works in partnership with a number of institutions and employers to deliver courses and apprenticeships. CLS will share data with these partners where it has a contractual or statutory requirement to do so. Our data subjects will be informed of this data sharing and should contact the partner directly if they have any questions regarding their data retention policies.

Compliance with data retention principles

Ensuring compliance with data retention principles is the responsibility of the Marketing Manager. If you have a complaint, you should put forward the matter in writing to Morag Hiskett, Marketing Manager (see contact details below). An investigation will be carried out to the extent that is appropriate based on the merits of the specific case and you will be informed of the progress and the outcome of the complaint within a reasonable period.

If an issue cannot be resolved through consultation with the Marketing Manager, then you may seek redress by writing to Noel Inge, Managing Director.

All CLS staff receive information and training on our data retention policies.

Data subject requests

Data subjects are entitled under data legislation to make a number of requests in relation to your data. In certain circumstances, individuals will also have the right to request for the data that CLS holds on them to be deleted. For example, as a result of a withdrawal of consent.
Each request will be judged on its merits and responded to without undue delay.

Subject Data Requests are free of charge. However, if the request is manifestly unfounded or excessive, a reasonable fee will be imposed.