COLLEGE CODE ETC

 

MISSION STATEMENT

 

 

 

The college wants to offer flexible courses, for people with busy lives. Courses can be adaptable to take as long as the student requires. We have 2 practical exams a year but sometimes extra ones are added to suit a group of 10 or more students. This depends on commitments & capabilities.

 

 

 

COLLEGE RESPONSIBILITIES

 

To teach the currect syllabus to level 3 standard

 

To always act in a professional & moral way

 

To conform to NOS, core curricula and latest government standards such as OFQUAL,

 

To provide equipment as needed, maintained in an hygeinic condition

 

To maintain the premises in an hygeinic manner

 

The college may withdraw students from practical or theory exams at the discretion of the tutor.

 

The college may withdraw students and refund fees at their discretion

 

To treat students with respect & courtesy at all times

 

Provide course objectives & expectations re assignments, assessments & attendance.

 

Provide statement of required course work prior to commencement

 

Publish fee charges & extra expenses required

 

Provide notes & formats for course work

 

Provide assistance as required re further lessons, theory, different format etc

 

Offer facilities for disabled learners as practicable

 

 

 

STUDENT RESPONSIBILITIES

 

To attend 80% of classes

 

To submit assignments and case studies when requested in an  acceptable time frame as agreed at the beginning of the course

 

To act appropriately in lessons and towards tutors and other students

 

To pay course fees in an acceptable timescale and ultimately before the exams

 

To pay deposit prior to course with enrolment form

 

To pay exam fee 8 weeks prior to exams

 

To abide by college rules and code of practice

 

Students must not set themselves up as practitioners until they are qualified

 

 

 

CODE OF PROFESSIONAL PRACTICE

 

Staff & students must:

 

- always act in a moral & professional way and act with integrity

 

- maintain standards that do not bring themselves, the college or profession into disrepute

 

- respect the rights of individuals, parents, carers or guardians

 

- maintain strict confidentiality procedures (except where disclosure is required by law)

 

- never diagnose or prescribe

 

- never work outside our limits of training

 

- use referral procedures when they apply

 

- never take advantage of our position or authority

 

- never discriminate on grounds of sex or sexual orientation, race, religious beliefs, age or disability

 

- never be disrespectful of other complementary or medical practitioners 

 

 

 

 

 

COMPLAINTS PROCEDURE

 

 

 

Any complaint against the college or individual tutor must be made in writing within 1 year.

 

Applications must be made in writing to the Administrator and must contain full name and address and a signature of the complainant. (Anonymous complaints will not be investigated).

 

 

 

 

 

MALPRACTICE & MALADMINISTRATION POLICY

 

 

 

Any suspicion of either should be addressed to the administrator as soon as possible.

 

This will be investigated by the college and referred to any appropriate body or organization as appropriate.

 

 

 

STUDENT APPEALS POLICY

 

 

 

All students have the right to appeal about the decision of the college regarding assessment, exam withdrawal, course discontinuement or any other decision.

 

Any such appeal must be made in writing to the administrator.

 

 

 

 

 

DISRIMINATION POLICY

 

The college does not discriminate on grounds of sex or sexual orientation, race, religious beliefs, age or disability.

 

 

 

 

 

QUALITY ASSURANCE

 

The college complies with ITEC rules & regulations regarding training , examination & assessment & maintains the high quality of training expected.

 

All tutors maintains CPD and personal development.


 

GDPR: Data Protection Policy: Carole Armstrong                  Created 27th April 2018

 

Nature Care College of Complementary Therapies 


 

 

Policy Purpose

 

This policy outlines my data protection policy, and thus how I comply with the GDPR.

 

 

 

GDPR Registration

 

I have registered with the ICO and this is renewed automatically each year.

 

 

 

Policy Content

 

  1. 1.   The data that I process and how it flows into, through and out of my business.

 

 

 

Data comes into my business in 5 ways:

 

  1. Via email messages to me from potential students
  2. Via text messages (as above)
  3. Via mobile phone
  4. Via Whats App (Closed Group)
  5. Via facebook    (Closed Group)

 

 

 

It flows through my business via:

 

●      My laptop at home

 

●      My smart phone - everywhere I go

 

●      My desktop at home

 

●      My tablet at home or elsewhere on rare occasions such as holidaying

 

 

 

The information does not flow out of my business.

 

 

 

2. The personal data I hold, where it came from, who I share it with and what I do with it.

 

Information Asset Register

 

 

 

●      I hold personal information about my students that they have given me.

 

●      This includes name, address, email & phone numbers (mobile & home), occupation and date of birth (needed for registration & enrolment)

 

●      I only share this information with those people connected with the training, registration, certification & qualification.

 

  1. 1.    Other tutors namely Jo Stanford, Rachel Milton & Lisa Woodruff Truscott
  2. 2.   An external verifier from ITEC
  3. 3.   The Awarding body (ITEC)
  4. 4.   A & P provider Gill Tree
  5. 5.   The Association of Reflexologists

 

●      I use the information I have to enrol, certify and transfer course documentation & information

 

●      I keep all data for:

 

  1. a.    claims occurring insurance: for which I am required to keep my records for 7 years
  2. b.   Accountancy requirements

 

 

 

3. The lawful bases for me to process personal data and special categories of data.

 

 

 

I process the personal data under:

 

●      Legitimate interest: I am required to retain the information about my students in order to provide them with the best possible training, support and advice, certification and qualification.

 

 

 

●      Special Category Data - Health Related: I process under special category data, therefore the additional condition under which I hold and use this information is for me to provide additional support.

 

 

 

4. Privacy Notice

 

 

 

Individuals need to know that their data is collected, why it is processed and who it is shared with.  This information in included in my privacy notice on my website and within any forms or letters I send to students.

 

I have written a privacy notice for my website and for my students, and have ensured that the privacy notice includes all of the information included in the ICO privacy notice checklist at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed#table

 

 

 

5. Processes to recognise and respond to individuals' requests to access their personal data.

 

All individuals will need to submit a written request to access their personal data - either by email or by letter.  I will provide that information without delay and at least within one calendar month of receipt. I can extend this period by a further two months for complex or numerous requests (in which case the individual will be informed and given an explanation).

 

I will identify the student using reasonable means.

 

I will keep a record of any requests to access personal data.

 

6. Processes to ensure that the personal data I hold remains accurate and up to date.

 

I will ensure that student information is kept up to date during the course, and will update the information as I am informed of any changes.

 

Once a year I will also have a wholesale review of all data.

 

7. Schedule to dispose of various categories of data, and its secure disposal.

 

Once a year I will review my contact information and will place dormant or completed students in a separate file and will be deleted from my email contact list. This will be assessed each month to ensure that data that is no longer required to be kept under GDPR is destroyed securely.

 

8. Procedures to respond to an individual’s request to restrict the processing of their personal data.

 

If I do receive a request I will respond as quickly as possible, and within one calendar month, explaining clearly what I currently do with their data and that I will continue to hold their data but will ensure that it is not processed.

 

 

 

9. Processes to allow individuals to move, copy or transfer their personal data from one IT environment to another in a safe and secure way, without hindrance to usability.

 

 

 

Should students wish their data to be copied or transferred I would work with them to ensure that this is done in a way that was most appropriate for them.

 

 

 

10. Procedures to handle an individual’s objection to the processing of their personal data.

 

 

 

I will inform my students of their right to object “at the point of first communication” and have clearly laid this out in my privacy notice.

 

 

 

11. Processing operations that constitute automated decision making.

 

 

 

I do not have any processing operations that constitute automated decision making and therefore, do not currently require procedures in place to deal with the requirements.  This right is, however, included in my privacy statement.

 

 

 

12. Data Protection Policy

 

 

 

This document forms my data protection policy and shows how I comply with GDPR.

 

 

 

This is a live document and will be amended as and when any changes to my data processing takes place, at the very least it will be reviewed annually.

 

I believe that I have done an appropriate amount of research around the implications of the new GDPR, including taking heed of the advice and guidance provided by my professional membership organisation, the AOR.

 

I will ensure that all people as listed previously that are concerned with training, registration, certification & qualification are GDPR compliant.

 

 

 

13. Effective and structured information risks management

 

 

 

The risks associated with my data, and how that risk is managed are as follows:

 

 

 

●      Theft of electronic devices - all electronic devices have password locks which are changed regularly and are not shared with anyone.

 

●      Break in to my house - all my paper files are stored in locked filing cabinet in a locked room.  No one else has the key but me.

 

●      Hacking of electronic devices – all are Kaspersky protected

 

 

 

14. Named Data Protection Officer (DPO) and Management Responsibility

 

 

 

I am the DPO and will ensure that I remain compliant with GDPR.

 

 

 

15. Security Policy

 

 

 

As detailed in my risk assessment all my electronic equipment have Kaspersky Internet Protection

 

 

 

16. Data Breach Policy

 

 

 

A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

 

I understand that I only have to notify the ICO of a breach where it is likely to result in a risk to the rights and freedoms of individuals.

 

Where a breach is likely to result in a high risk to the rights and freedoms of individuals, I will notify those concerned directly and without undue delay.

 

In all cases I will maintain records of personal data breaches, whether or not they were notifiable to the ICO.

 

 

 

Data Protection Policy created: 27th April 2018

 

This is a live document and will be updated as and when changes occur.

 

 

 

Date of Last Review: 27th April 2018

 

Date of Next Review: 27th April 2019

 

 

 

 

 

…………………………………………………………………………………

 

Signed: Carole Armstrong