Data Protection and Retention Policy
Mid County Safety shall be abbreviated to MCS for the purposes of this document. This policy describes how MCS will make use of the data which is handled during its pursuit of its legitimate interests in training, consultation and accreditation concerning the activities of Health & Safety Training.
Personal Data Collected and Held
Any Personal Information held by MCS will primarily be that provided by candidates, corporate clients, non personal entities, trainees and private individuals in course enquiries and course documentation, by post, telephone, text, email or otherwise. The records may contain:
• Individuals contact details including address, telephone no.
• Full Name and date of birth
• Passport and/or photographic identification
• Personal data supplied by individuals for specific purposes (e.g. medical conditions and disability requirements)
• Any relevant qualifications or work experience supplied by an individual
Use of Personal Data
Individuals personal data is used by MCS for:
• Sending individuals certificates and processing qualifications with our awarding body; Qualsafe Awards
• Collecting course fees and other payments which may be due
• Internal record keeping
• Administrative purposes
• Purposes required by law e.g maintenance of accounting and health and safety records, compliance with the requirements of governing and law enforcement authorities.
Retention of Data
Individuals personal data will be processed for as long as they retain a valid certificate of training qualification (up to advised refresher date) and for up to six years thereafter. MCS will retain information to maintain statutory records in line with the Accredited Bodies appropriate statutory requirements or guidance. MCS will retain all data processed on MCS Laptops, (currently numbering two as at April 2020). The data will then be transferred via portable/mobile USB drives to our primary database (Designated Lenovo MCS). Once the information has been transferred it will be backed up to our external hard drive on a weekly basis.
Data Protection Measures and Compliance
MCS will ensure that only MCS Instructors and Staff are responsible for the processing and storage of any Data. MCS will ensure that all paper copies are processed and systematically stored in accordance with the Accredited Bodies appropriate statutory requirements. MCS will ensure that this policy has been published and communicated to all MCS Instructors and Staff and/or any Sub Contractors. MCS will review this policy on a regular basis to ensure that the policy is still relevant and appropriate for the level of protection required.
Data Breach Policy
MCS will maintain appropriate Safeguards and Firewalls on all MCS Laptops, Mobile Flash Drives and External Hard Drives. MCS will ensure that the up to date Anti-Virus programmes are installed on all MCS Hardware, currently McAfee Total Protection. MCS will limit the access to the Main Database and External Hard Drives by the use of Security Passwords / User IDs known only to WB. MCS will control the access to the database only to authorised individuals. Each user will have their own unique username and password. Usernames and passwords are not to be shared or stored in a shared location. Usernames and passwords are only stored in a secure location.
Links to external websites
The MCS website may occasionally contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.