Crossfields Europa Privacy notice
The data controller at Crossfields Europa is: Cecile Ithurbide
Crossfields Europa collects data for processing on a lawful basis where:
- Processing is necessary for the performance of a contract to which the individual is party or in order to take steps at the request of the individual prior to entering into a contract (Article 6 1(b) GDPR). For example: where processing of data is necessary to register learners a Virtual Learning Environment (VLE) or where a member of the public has requested to be included in a mailing list
- An individual has given explicit consent to the processing of personal data for one or more specified purposes and the processing relates to personal data which are manifestly made public by the individual (Article 9 2(a) & 2(e) GDPR) For example: where a learner requests a reasonable adjustment or special consideration which is health related and health data may be required for the approval process
What we process
Information that Crossfields Europa collects, holds and shares includes:
- Personal identifying information, typically name, date of birth, gender.
- Personal e-mail address/address/phone number where this has been shared with us for using the VLE, learner correspondence, or a learner survey regarding experience of a qualification or programme as part of quality assurance monitoring
- Occasionally we process special category data, for example, health and additional support related information (Article 9 GDPR). This data is collected in support of requests for Reasonable Adjustments or Special Considerations and processed by the Head of Centre.
Why we collect and use this information
As a consultancy and education provider, we use personal data to:
- Register learners on programmes and qualifications
- Verify learner assessment evidence as part of the quality assurance process
- Claim certificates from other Awarding Organisations or Universities (e.g. Crossfields Institute / Alanus University)
- Issue certificates for CPD programmes
- Consider and/or approve requests for Reasonable Adjustments and Special Considerations
- Assess the quality of our services using learner surveys
- Respond to enquiries
- Send mailings and updates
- Enable access to, and use of, the Crossfields Institute VLE
What we share
As a branch of Crossfields Institute, Crossfields Europa is required to share data with Crossfields Institute. As an education provider, Crossfields Europa is required to share data with educational partner organisations, Sammenslutningen af Steiner Skoler (Denmark), Alanus University (Germany) and the University of Southern Denmark.
As an Approved Centre for Crossfields Institute and an externally validated education provider for Alanus University, Crossfields Europa collects learner data to be processed by Crossfields Institute and Alanus University for the purposes of registration and certification. As a University operating from within the European Union Alanus University is bound by law to abide by the GDPR and will therefore not knowingly or intentionally request information from Crossfields Institute International that would not be GDPR compliant or would cause Crossfields Institute International to be non-compliant. Crossfields Institute state that they will not knowingly or intentionally request information from Crossfields Europa that would not be GDPR compliant or would cause Crossfields Europa to be non-compliant.
Under GDPR legislation, you have the right to request access to information about you that we hold.
You also have the right to:
- Object to processing of personal data which is likely to cause, or is causing, damage or distress
- Prevent processing for the purpose of direct marketing
- Object to decisions being made by automated means
Please see Appendix 1 for Retention periods of data
Transfers of data to and from third countries
Crossfields Europa have registered learners and clients outside the Denmark and the UK. Countries within the European Union have the same GDPR requirements and data protection safeguards as the UK. We may collect and process individual data from countries which do not have equivalent data protection legislation (e.g the United States of America, Russia, Japan, China and India). We collect, process and transfer data from all centres, learners and individuals in the way that is set out in this notice regardless of the country of origin. We will only collect, process or transfer data to and from a third country if the Information Commissioners Office (www.ico.org.uk) have determined that there are adequate levels of data protection legislated for that country, or we have been assured of adequate safeguards by the relevant partner/organisation.
What this means for you when you register for a Crossfields Europa programme or a qualification, or engage with us as a client
Crossfields Europa is GDPR compliant and has the appropriate policies and procedures in place. These are approved annually by Crossfields Institute as its parent charity. If you register as a learner with Crossfields Europa this privacy notice as well as the data protection policy and procedure apply to you.
Crossfields Europa Web presence
- Crossfields Europa has its web presence on the Crossfields Institute website
- Cookies do not typically contain any information that personally identifies a user, but personal information that you consent to being used as you are using the website may be linked to the information stored in and obtained from cookies
- Most browsers allow you to refuse to accept cookies; however, if you block cookies, you will not be able to use all the features on our website
- Our website includes hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties
- Our website uses Google Analytics to provide us with data about visitors to the website. It has been set so that your IP address is anonymised when processed by Google Analytics. This means that although it will be able to identify general things about you such as your country, computer operating system, web browser, and the pages you viewed on the website, you will not be personally identifiable. To find out more about how Google complies with privacy laws, please visit https://privacy.google.com/businesses/compliance/ If you wish to disable Google Analytics tracking via your web browser please visit https://tools.google.com/dlpage/gaoptout
- We use a security plugin called Wordfence, which monitors and records IP addresses for the purposes of trying to stop hacking attempts. This is a website equivalent of having a firewall on a computer.
If you would like to discuss anything in this Privacy Notice, please contact:
Cecile Ithurbide on email email@example.com or by phone on +44 1453 808118