enlarge funding finder web tool
Find out if you are eligible for FREE training

Privacy Policy 2009

BEST Computer Training is committed to protecting your privacy. The following policy explains our data handling practices and procedures and the requirements of our staff.

These policies apply to any personal information you provide us whether online or in person at one of our centres.

Why do we need to record personal details?
For online courses and bookings, we need to take personal details to process your bookings, payments and to update any accounts you have with us.

For funded training, we cannot provide you with links to free training on government schemes without taking some personal details and verifying that you are eligible for government funding.

For private training, we may need to take personal details to process bookings and payments, reserve places on our courses and to offer information, advice and guidance or discounts for those eligible.

What personal details do we record?
We only take those details necessary to carry out our services, booking procedures, arrange government funding and/or to refer you to the training/services that you request.

How long do we keep your details for?
We do not keep your details longer than is necessary to carry out our services, booking procedures, arrange government funding and/or to refer you to the training/services that you request.

What other measures do we take to protect your personal details?
There are a set of core mandatory measures to protect information that apply across central Government and which we adhere to.

Since February 2008 all Government Departments, agencies and public bodies have been required to ensure that any personal data that is transmitted (sent by email, sent by post, and taken outside of government/public premises) is protected appropriately. More details of this are given below.

BEST Computer Training have arrangements in place to protect personal information securely that conform to Cabinet Office Security Standards. These Standards are available at:

http://www.cabinetoffice.gov.uk/media/cabinetoffice/csia/assets/dhr/cross_gov080625.pdf

Security Standards for handling document transfer between organisations
and information security labelling
In summary, but not exclusively, our arrangements for handling document transfer between organisations include:

Marking of documents
• Due to the personal and sensitive data being held that would enable an individual to be identified, documents (including Action Plans) will be SECURITY marked. Print in bold capitals, same size as body text, centre top and bottom of each page (header AND footer) with “PROTECT –PERSONAL”

• Multiple documents for transfer should be double enveloped with the INTERNAL envelope ONLY marked ‘PROTECT - PRIVATE’. The name and the address should also be on the internal envelope. No protective labelling will appear on the external envelope.

Internal distribution
• Documents must be in a double-sealed envelope and sent through internal post or delivered by hand. Both means should be supported by a signature service for the delivery and receipt of documents. A signature service is a daily record of the transfer of numbered packages signed out and in by an officer at an appropriate level in our organisation.

External distribution
• A signature delivery service such as Royal Mail Special Delivery or trusted courier must be used so that the parcel can be tracked on line from sending to receipt with electronic proof of delivery. We do not consider Recorded or Registered post to be secure.

Storage
• Information classified as PROTECT should:

• Not be left unattended (e.g. table, desk or printer)

• Be stored in a locked cabinet when not in use

• Not be emailed or transmitted via the internet without the use of encryption as set out below

Disposal of papers
• All material that has been used for protected data should be subject to controlled disposal. Documents must be disposed of sensibly by destroying in a manner to make retrieval or reconstruction unlikely, such as incineration, pulping or shredding.

Notified address
• Under no circumstances should information classified as PROTECT be transmitted to any location other than the notified address. For example, if one of our advisers are delivering Action Plans to a Jobcentre Plus
(JCP) office, the documents must not be taken home overnight. The data can however be saved on to a encrypted USB stick for transportation purposes.

Transfer of information over the internet or via email
• Wherever possible protected personal data should be held and accessed on paper or ICT systems on secure premises.

• The second best option is secure remote access so that data can be viewed or amended without being permanently stored on the remote computer using products that meet the Federal Information Processing Standard (FIPS) 140-2 standard or equivalent.

• The third best option is secured transfer of information to a remote computer on a secure site on which it will be permanently stored. Both the data at rest and the link should be protected at least to the FIPS 140-2 standard or equivalent as above.

• Protectively marked information must not be stored on privately owned computers unless they are protected in this way.

• In all cases, the remote computer should be password protected, configured so that its functionality is minimised to its intended business use only and have up to date software patches and anti virus software.

• The LSC standard (to meet the FIPS 140-2 standard) is that all documents marked PROTECT require encryption before transmission using Winzip v.9.0 or later and including:

• We always select the 256 bit Advanced Encryption Standard (256 AES).

• We always use 15 (or more) characters for the pass phrase

• The pass phrase MUST NOT be emailed with the encrypted zip

• The pass phrase must not be communicated to the intended recipient until the sender has verified that the intended recipient has taken safe receipt of the encrypted data

Transfer of information via removable electronic media
• Wherever possible, protected personal data is held and accessed by BEST Computer Training on paper or ICT systems on secure premises. This means we avoid the use of removable media (including laptops, removable disks, CDs, USB memory sticks, PDAs and media card formats).

• However, where it is not possible to avoid the use of removable media all the following conditions apply:

• The information transferred to the removable media should be the minimum necessary to achieve the business purpose, both in terms of the numbers of people covered by the information and the scope of information held. Where possible only anonymised information will be held.

• The removable media should be encrypted to a standard of at least FIPS 140-2 or equivalent (for, example, WInzip 9.0 or later using the 256 bit Advanced Encryption Standard) in addition to being protected by an authentication mechanism, such as a password. In instances where a password is used it must not be supplied with the data. It must only be disclosed to the intended recipient once they have confirmed safe receipt of the data and positively identified themselves.

• User rights to transfer data to removable media should be carefully considered and strictly limited to ensure that this is provided only where absolutely necessary for business purposes and is subject to monitoring.

• The individual representing BEST Computer Training responsible for the removable media will handle it as if it were the equivalent of a large amount of their own cash

• Electronic media that have been used for protected personal data must be disposed of through secure destruction, overwriting, erasure or degaussing

Action Plans
In addition to the requirement for security markings set out earlier in this document all our Action Plans must include the signature of the customer to gain their informed consent before that information is shared with any other specified 3rd party.

Subject to change
Our privacy policy is subject to minor amendments from time to time, however we will always publish the most up to date information on this page. Please check back at any time to check our policies.

Comments
We welcome any feedback about our privacy policy. If you have any questions or comments about our privacy policy, please contact:

Data Protection Officer
BEST Computer Training
Suite 1.01
Whitechapel Technology Centre
65 Whitechapel Road
London
E1 1DU

Access rights
You have a right to access the personal data that is held about you. To obtain a copy of all personal information we hold about you, please write to us at the following address:

Data Protection Officer
BEST Computer Training
Suite 1.01
Whitechapel Technology Centre
65 Whitechapel Road
London
E1 1DU
Free Learndirect courses to improve Maths and English skills
Free Learndirect Courses in Business and Management
Microsoft Office Courses, web design, HTML, Photoshop, SAGE accounting software and many other IT training courses
Expert tuition in Photoshop CS3, Dreamweaver 8, Flash CS3 and CS4, HTML and other Web Design related training
ICB recognised bookkeeping and accounting training in double entry and SAGE book keeping
SAGE line 50 and SAGE payroll training courses
BEST IT, Microsoft office, word, excel, access, powerpoint, adobe photoshop, dreamweaver, flash, html Training course search
BEST training course booking online by card or invoice, you can also book by phone

 
Course Search

BEST Computer Training, (HO) Suite 1.01, 65 Whitechapel Road, London E1 1DU | 0207 247 2428 | 0207 377 1072