top of page

Privacy Notice

Data Privacy Notice for Students

Contact Details

Data controller: Onyx Student Support Ltd, 2 Demswell, Northampton, NN6 9BL

Email: datagovernance@onyxstudents.com

Data protection officer: Angela Sargeant, 2 Demswell, Northampton, NN6 9BL

Email: datagovernance@onyxstudents.com / angela@onyxstudents.com

Purpose of processing and lawful basis

Purpose – Processing of personal data is required to:

  • Match and allocate student to support worker

  • Keep track of students support hours

  • Monitor students support

Lawful Basis for processing:

Personal Data – Contract 

Processing of personal data is necessary for the performance of a contract with the student.

Reference - Contract | ICO

Special category Data – Explicit Consent or Public Interest

Student has given explicit consent to Onyx to process the personal data for a specific purpose or, it is necessary to process the personal data for public interest.

Reference - Specialist Category Data | ICO

Data Source

The personal data we hold is provided either directly by the student or, the students needs assessor (assessment centre), funding body, higher education provider or a student allocated representative.

The Personal Data We Hold

Students Personal Data Includes:

  • Name

  • Address

  • Phone number

  • Email address

  • Course information

  • Funding body details

  • Customer reference number

  • Date of birth

  • Support type (including amount of hours)

Students Special Category Data includes:

  • Disability information (with students consent to tailor your support)

  • Any wellbeing concerns

  • Any health related concerns (with students consent required by the funding body to report reason for any missed sessions)

Sharing Data

Personal data is shared with:

  • Funding body (name, customer reference number,  date of birth, support type, hours completed, missed session information)

  • Higher education provider (name, customer reference number, course name and student support records with consent)

  • Support worker (your allocated support worker)

  • Family member or a student allocated third-party (organising support arrangements, with student consent)

  • Needs assessors and/or assessment centres

  • Auditors on request (with student consent)

Sharing to Third Countries

We do not transfer your data outside of the UK

Retention Periods

Personal Data is retained no longer than necessary regarding the purposes for which it was obtained. The purpose includes the purpose of satisfying any legal, accounting, or other reporting requirements. The retention period is dependent on the type of data therefore, some personal data will be retained for longer periods than others.

Example:

Student contact details are deleted after 1 year from their exit date. Accounting records including invoices, will be kept for 6 years from the financial year end date, in accordance with the laws of the land HMRC. 

At the end of the retention period the studet data is deleted.

Deleted data will remain on our data backup system for a period of 30 days from the date of deletion.

Subject Rights

All processing will be in line with your rights. Your rights are:

  • The right to be informed

  • The right of access

  • The right to rectification

  • The right to erasure

  • The right to restrict processing

  • The right to data portability

  • The right to object

  • Rights in relation to automated decision making and profiling

  • The right to withdraw consent

Reference - A guide to individual rights | ICO

Should the student wish to exercise any of their rights listed above, please contact our Data Protection Officer (details at the top of this notice).

Complaints

The student has a right to make a complaint to the Information Commissioners Office (ICO), if they are unhappy or if they believe Onyx is processing their data unlawfully. In these instances the student can contact the ICO using the contact details below:

Contact details:

0303 123 1113

casework@ico.org.uk

Automated Decision Making

Onyx does not use any automated decision-making process.

Consequences of Failing to Provide Personal Data

Without the required personal data Onyx will not be able to fulfil our legal and contractual obligations.

Data Security

Appropriate security measures are in place to protect personal data from being compromised. Issues that could compromise data include but are not limited to, accidental loss, unauthorised access, unauthorised use or disclosure.

 

All of our systems and personal data are diligently managed by an IT management service provider.

 

Permissions are in place to ensure only those who need to know can gain access to information.

Data protection training including cyber security and confidentiality training, is provided to all staff annually and when additional education is deemed necessary.

 

Procedures are in place to deal with suspected data breaches. The procedures involve notifying data subjects and the regulating body when required to do so legally.

Data Privacy Notice for Students

Data Privacy Notice for Support Workers - Freelancer

 

Contact details

 

Data controller: Onyx Student Support Ltd, 2 Demswell, Northampton, NN6 9BL

Email: datagovernance@onyxstudents.com

 

Data protection officer: Angela Sargeant, 2 Demswell, Northampton, NN6 9BL

Email: datagovernance@onyxstudents.com / angela@onyxstudents.com

Purpose of processing and lawful basis

 

Purpose - Processing of personal data is required to:

 

  • Determine the correct level of education and governance,

  • Match and allocated support worker to student,

  • Keep track of the support the support worker delivers to the student/s

  • Initiate administration services such as payroll

Lawful Basis for processing:

Personal Data – Contract and Legal Obligation.

Processing of personal data is necessary for the performance of a contract with the support worker and necessary for us to comply with laws of the land.

Reference - Contract | ICO Legal Obligation | ICO

Special Category Data – Explicit Consent or, Employment and Social Security and Social Protection Law.

Data Subject has given explicit consent to the processing of personal data for a specified purpose or, it is necessary to process the personal data in order to carry out obligations and exercise specific rights regarding employment, social security and social protection laws.

Reference: Special Category Date | ICO

Criminal Convictions/Offences – Consent or, Legal Obligation.

Explicit consent has been given to process the data for a specific purpose or, it is necessary to process the personal data in order to comply with the law.

Reference: Criminal Offence Data | ICO

Data Source

References are provided to us by other parties. Referee details are provided to us by the support worker. All other personal data we hold is provided directly by the support worker (data subject). No personal data comes from publicly accessible sources.

The Personal Data we Hold

Support Workers Personal Data includes:

  • Name

  • Address

  • Phone number

  • Email address

  • Education details

  • Employment details

  • Training Details

  • Professional body registration details

  • Identification documents

  • Bank account details

  • ID photograph

  • Date of birth

  • Gender details

  • References

  • Emergency contact details

  • Information concerning the work the support worker has provided

 

Support Workers Special Category Data includes:

Under the Data Protection Act 2018 we do not currently process special category data about the support worker. However, as a precaution we classify, ID documents as Special Category Data.

 

Disability and health information on occasions is divulged to Onyx by the support worker. Onyx does not process this information.

Sharing Data

 

Personal data is shared with:

  • The support workers allocated student (support worker contacts student initially with their names and contact details, email/telephone)

  • The higher education provider (with consent)

  • The students funding body

  • HMRC at their request

  • The Department of Education if we are audited by them

 

Sharing involves only what is necessary

 

Sharing to Third Countries

We do not transfer your data outside of the UK

Retention Periods

Personal Data is retained no longer than necessary regarding the purposes for which it was obtained. The purpose includes the purpose of satisfying any legal, accounting, or other reporting requirements. The retention period is dependent on the type of data therefore, some personal data will be retained for longer periods than others.

Example:

Support worker (freelancer) notifies us of their leave. Support workers contact details is deleted after 1 year from their exit date. Accounting records – Including remittance advice, will be kept for 6 years from their exit date, in accordance with the laws of the land HMRC.

At the end of the retention period the support workers data is deleted.

Deleted data will remain on our data backup system for a period of 30 days from the date of deletion.

Subject Rights

All processing will be in line with your rights. Your rights are:

  • The right to be informed

  • The right of access

  • The right to rectification

  • The right to erasure

  • The right to restrict processing

  • The right to data portability

  • The right to object

  • Rights in relation to automated decision making and profiling

  • The right to withdraw consent

Should the support worker wish to exercise any of their rights listed above, please contact our Data Protection Officer (details at the top of this notice).

 

Complaints

The support worker has a right to make a complaint to the Information Commissioners Office (ICO), if they are unhappy or if they believe Onyx is processing their data unlawfully. In these instances the support worker can contact the ICO using the contact details below:

 

Contact details:

0303 123 1113

casework@ico.org.uk

Automated Decision Making

Onyx does not use any automated decision-making process.

 

Consequences of Failing to Provide Personal Data

 

Without the required personal data Onyx will not be able to fulfil our legal and contractual obligations.

Data Security 

Appropriate security measures are in place to protect personal data from being compromised. Issues that could compromise data include but are not limited to, accidental loss, unauthorised access, unauthorised use, or disclosure. 

All of our systems and personal data are diligently managed by an IT management service provider. 

Permissions are in place to ensure only those who need to know can gain access to information. 

Data protection training including cyber security and confidentiality training, is provided to all staff annually and when additional education is deemed necessary. 

Procedures are in place to deal with suspected data breaches. The procedures involve notifying data subjects and the regulating body when required to do so legally. 

Data Privacy Notice for Support Workers - Freelancer
bottom of page