COYO is registered with the Information Commissioner’s Office (ICO) under the Data Protection Act 1998 as a Data Controller.
COYO will collect data relating to students, parents and teachers for the purpose of evaluation and measuring social and educational outcomes related to the Design Engineer Construct! Learning Programme.
Where applicable, COYO will anonymise this personal/sensitive data.
COYO will process personal and sensitive data fairly and lawfully in accordance with the framework of rights and duties established under the Data Protection Act 1998.
COYO will provide right of access to individuals who require a copy of the information comprised in their personal data and will observe all other individual rights as specified in the Act.
COYO will comply with the eight underlying ‘good information handling’ principles of the Data Protection Act in designing its data processing and recording systems and will adhere to these principles in its daily operations.
COYO has produced a ‘Data Protection Policy and Guidelines’ document which covers the main points and principles in the Act relating to the processing of personal data and with reference to ICO’s guidance. It also provides some background detail on data protection law which we think will be useful to COYO directors, staff and partners and can be used as a training aid.
COYO has produced a ‘Data Matrix’ which defines groups of data collected and processed by COYO, its purpose and other information related to its use, its source, consent, time kept, access rights to the data, its storage, how to ensure it is accurate and up to date, etc. This is an internal document which assists COYO and its staff in understanding the different classes of data and the way in which such data must be treated by COYO. It is regularly reviewed to check that data treatment remains appropriate. The matrix also serves as a training tool.
The COYO ‘IT & Security Policy’ covers the security of data, in particular, personal/sensitive data as identified by the Data Protection Act. In drafting the ‘IT & Security Policy’, COYO has referred to the security suggestions on ICO’s website at 22/01/14.
COYO will ask all directors, staff and others processing or handling data on behalf of COYO to refer immediately to COYO’s Data Protection Officer in all cases of data requests by individuals or third parties or in any circumstances of suspected breach.
COYO will provide a copy of the relevant policies to our partners in delivering our goods and services – schools, industry Adopters, and other partners. COYO expects such partners to comply with data protection law in respect of any shared personal data. Where there are specific requirements relating to sharing such data, COYO will ensure a written agreement is in place.
The Data Protection Act eight guiding principles: Personal data shall be:
1. Processed fairly and lawfully;
2. Obtained only for one or more specified and lawful purposes;
3. Adequate relevant and not excessive;
4. Accurate and, where necessary, kept up to date;
5. Kept no longer than necessary;
6. Processed in accordance with the rights of the data subject;
7. Kept secure;
8. Not transferred to a country outside the EEA.
As COYO provides its Design Engineer Construct! Learning Programme to schools, for the benefit of students and teachers, COYO has specifically taken into account the ICO ‘Report on the data protection guidance we gave schools in 2012’. Their summary of recommendations is attached to COYO’s ‘Data Protection Policy and Guidelines’.
The COYO ‘Data Protection Policy and Guidelines’ also refers to the duty of confidentiality owed by the Company to its employees. As it is essential that all records containing personal information maintained by the Company should be kept completely confidential, only HR and the Managing Director will have access to the overall information. Line managers will have access to certain information relating to the staff they manage in order to perform their job.