en-ieen
enquiries@cenitcollege.ie
01 901 2014

Privacy Notice

Introduction

This privacy policy sets out the basis and explains how and when Cenit College uses the subscribers’ information in compliance with the Data Protections Acts 1988-2018. Cenit College Ltd is GDPR (General Data Protection Regulation) compliant at all times and all information is stored within EU borders. The Personal Data provided by you will be held by Cenit College as a controller. Cenit College respects user privacy and is committed to ensuring its protection. We assure you that any identifiable data provided when using our websites will be used only in accordance with this privacy policy.

Data Queries Contact Information

All personal data enquires should be made to the Cenit College Data Protection Manager at the following email address: dataprotection@cenitcollege.ie
If a data subject is not satisfied with the information provided by Cenit College or you believe that your rights as a data subject have not been addressed, then that data subject can make a formal complaint to the Data Protection Commissioners (Ireland), who can be contacted as follows.
Post: Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.
Phone: +353 (0761) 104800, or
Email: info@dataprotection.ie

How Initial Information Is Collected

Data is collected when a user registers for a course or asks a question via email/chat or phone (or similar means of communication). A user may visit our sites without going through the registration process.

The Purpose of Data Collection

Personal data may be collected for the following purposes.

  • Staff recruitment, selection, and employment
  • Register learners so that Cenit College can administer learners for their programme of study.
  • Record learner achievements
  • Health Information needed to provide learner supports.
  • Record learner payments (bank details – this is held for 1 month only and not on Cenit Colleges records permanently)
  • Communication (email, phone, web communication)
  • Monitor and evaluate learner experiences and provide feedback.
  • Internal and external audits
  • Disciplinary matters, appeals, complaints, and other grievances
  • To respond to any information requests made under the Data Protection legislation.
  • Marketing (website activity such as IP address, geo-location, page activity). Google analytics and Hotjar are examples of such mechanisms for data collection.
  • Some programmes require the submission of CVs for the purpose of engaging employers.

Types of personal data Collected

The type of personal data that Cenit College collects from its data subjects depends on the interaction between Cenit College and the Data Subject and the relationship between them. Cenit College will collect personal data but only when voluntarily submitted. Non-personal information (such as demographic data regarding user IP addresses that have been clipped) is collected from all of our website users on a cumulative basis. This type of anonymous statistical data cannot be used to identify or contact the user.
Having user’s information is essential for Cenit College to properly identify customers’ needs so Cenit College can provide the best service. When Cenit College processes user information, it may be used for the following reasons:

  • To provide the user with the service
  • To contact the user in relation to the service
  • To send promotional emails about new offers or services
  • To customise the website in accordance with chosen preferences
  • To respond to any communications Cenit College may have received from the users.
  • For internal record keeping
  • Prospective employment
  • To supply customers with any certifications or awards
  • To ensure we meet our obligations to our clients.

Data Collection and Retention

Under the Data Protection Acts 1988-2018, the College is obliged to update or remove user’s personal information if informed of any changes. Cenit College retains personal data only for as long as is necessary to fulfil the purpose it was collected. It will not be used for purposes beyond that. Retention periods, deletion, archiving, or destruction methods are documented in the Cenit College Record of Processing.

For the website user’s personal information can be updated or removed by emailing the Data Protection Manager at dataprotection@cenitcollege.ie

Where any potential learner contacts Cenit College about any programme of study in the College, Cenit College will collect personal data to respond to that enquiry or request for service. This information permits Cenit College to respond to the respective enquiry. Cenit College may also acquire data from its clients to subprocess data and provide the required service to the client.

This information is collected on a legal basis that is within the legitimate interests of both Cenit College and the Data Subject to respond to requests for information. The primary sources of most learner data collected are the information you submit during the application, enrolment, or registration process, the information your manager or supervisor supplies, and your academic data, such as test scores and diplomas.

Where learners apply and register for programmes of study further information is required to be collected, this is dependent on the programme of study. Our Company may collect some or all the following data, please review the following document and select your programme for more information:

Data Collection

Registered Learners

As a registered learner, Cenit College will use the personal data it may collect from the learners for the following purposes.

  • To provide the user with the service requested
  • To contact the user in relation to the service requested
  • To send promotional emails about new offers or services that Cenit College believes may be of benefit.
  • To customise the website in accordance with chosen preferences
  • To respond to any communications Cenit College may receive from the user.
  • For internal record-keeping
  • Prospective employment
  • To supply customers with any certifications or awards
  • To ensure we meet our obligations to our clients.

Cenit College will process this data for the following reasons.

  • Communication: Cenit College will collect personal data to communicate with learners to advise them of learner supports and services, timetables, assessments, and any other communication required to fulfil the learner journey within the college.
  • Certification: Cenit College will collect personal data to allow us to process any relevant certifications with the relevant vendors (such as QQI, ILM etc)
  • Quality Assurance and Monitoring: Cenit College will collect personal data for the purpose of quality assurance and monitoring and reporting in respect of evaluating the learner journey and experience within Cenit College along with learner satisfaction, progression, completion, and achievement.
  • Attendance: Cenit College will collect personal data to monitor the attendance of learners in programmes (online and in the classroom) and for attendance at examinations. This is collected in order to fulfil the Cenit College obligation to funding agencies or awarding bodies, along with the legitimate interest in providing the best possible learner support for programmes of study.
  • Webinar Software: Cenit College may record webinars for future access by the class.
  • Photographs: These are collected in the legitimate interest of Cenit College to verify the identity of learners for examinations and assessments or access to services that may require photo identity.
  • Using CCTV Cenit College captures images of individuals entering our premises. This is the legitimate interest of the security, health and safety of all visitors, learners and staff attending the Cenit College premises.

How will we process and use your data

Data Protection law requires that Cenit College must have a valid lawful basis to process personal data. Cenit College relies on several such bases as follows:

1. The provision of a contract (core services)

Much of the personal information processes are necessary to meet its commitments to you, for example, processing your data in relation to teaching, assessment, and associated administration. The following sets out the main purposes for which we may process your data in the provision of a contract:

  • Dealing with enquiries/recruitment and admission of learners
  • Provision of teaching and academic services including examinations,
  • Progression and related administration
  • Recording and managing learner conduct (including disciplinary procedures)
    Maintaining learner records
  • Management and administration of learner finance (including fees and funding)
  • Delivering plagiarism checking and academic validation services
  • Providing services necessary for the learner experience (including IT and communication services)
  • Safeguarding and promoting the welfare of learners.
  • Dealing with grievances and disciplinary actions
  • Dealing with complaints and enquiries
  • Providing careers and placement advice and services
  • Service improvement via feedback and surveys
  • Internal reporting and record keeping
  • Responding to data access requests
  • Providing learner support services

An opt-out option is not permitted for these operations and core services.

2. The fulfilment of a legal obligation

Cenit College must process your data when required to do so under Irish/EU law, for instance:

  • Sharing information with statutory bodies
  • Monitoring equal opportunities
  • Providing safety and operational information
  • Performing audits
  • Preventing and detecting crime
  • Administration of insurance and legal claims
  • Garda vetting

3. To protect the vital interest of you or another person – under extreme circumstances

Cenit College would share your data with third parties to protect your interests or those of another person, for example:

  • Providing medical or emergency contact information to emergency services personnel
  • Contacting you or your next of kin, in case of an emergency

4. Consent – under certain circumstances

Cenit College will only process your data with your explicit consent. Explicit consent requires you to make a positive, affirmative action and be fully informed about the matter to which you are consenting, for example:

  • Providing information on Cenit College courses and other programmes of study that may be of interest and benefit to you.
  • References: We may agree to provide a reference for you if you apply for a job or further study.
  • To send promotional emails about new offers or services that Cenit College believes may be of benefit.
  • To customise the website in accordance with chosen preferences

Cenit College and the sharing of personal data

Under Article 6 of the GDPR Cenit College can share learner information with third parties if it is lawful to do so. According to Article 6 these lawful means are as follows.

  • Consent: the data subject has given consent to the processing of his or her personal data for a specified purpose
  • Contract: the processing is necessary in order to perform a contract where both the Cenit College and the data subject are parties to or because the data subject has requested Cenit College to take steps to obtain certain information prior to entering into the contract e.g. reference checks or revenue checks.
  • Legal Obligation: the processing is necessary for Cenit College to comply with legislation
  • Vital Interests:  the processing is necessary to protect the vital interests of the data subject or another person.
  • Public Task: the processing is necessary for Cenit College for the performance of a task carried out in the interest of the public or for Cenit College’s official functions which have a legal basis.
  • Legitimate Interests: the processing is necessary for Cenit College’s legitimate interests or the legitimate interests of a third party, except where this interest overrides the protection of the data subject’s fundamental rights and freedom of their personal data.

Generally, within Cenit College, data (especially sensitive data) is not shared with third parties. However, the following instances may give rise to the sharing of personal or sensitive data.

  • Where Cenit College has a legitimate reason or obligation to share the data (for example, to awarding bodies, tutors, or external companies/bodies).
  • The data subject consents to sharing the data.
  • Cenit College enters a contract with a third party to act as the data processor (for example employee benefits). In such instances, there must be a clear written contract with the roles and responsibilities clearly defined.

Protection of Data

We follow industry standards on information security management and safeguarding sensitive information. Our information security systems apply to people, processes, and information technology systems on a risk management basis.
Your data may be shared between members of staff within Cenit College for us to fulfill its functions and objectives. Cenit College will employ reasonable and appropriate administrative, technical, personnel, procedural, and physical measures to safeguard your information against loss, theft, and unauthorised users’ access, uses, or modifications.
The GDPR principles apply:

  • Confidentiality: only people who are authorised to use the data will be authorised to access it. Staff are required to maintain the confidentiality of any of your data to which they have access.
  • Integrity: All reasonable efforts are made to ensure that your personal data is maintained accurately and remains suitable for the purpose for which it is processed.
  • Availability: Only authorised users should be able to access the data if they need it for authorised purposes.
  • Security: We are committed to ensuring that your personal data is secure with us and with the data processors who act on our behalf. We are continuously taking technical and organisational steps to better protect your information.

User’s personal information is stored on secure servers. Although Cenit College is committed to ensuring that data is secure, Cenit College cannot guarantee the security of any information sent to them via the Internet, as no Internet data transmission can be guaranteed to be absolutely secure. To prevent unauthorised access, Cenit College has taken all reasonable physical, electronic, and managerial steps to protect personal information.

Cenit College has a range of measures that it implements to safeguard the personal data of the data subject. These include.

  • Access to data is restricted to certain roles that are relevant to the purpose for which the data is collected.
  • Technical security measures such as password protection, encryption, firewalls, back-ups, etc.
  • Regular security audits and penetration testing
  • The creation of policies and procedures to protect personal data. These are published implemented and monitored on an organisation-wide basis.
  • Use of physical storage which is locked and has limited access and electronic storage that is password protected with limited access.
  • Staff training
  • Data Protection audits
  • Risk assessments of any third-party data processing on behalf of Cenit College
  • Procedure for acting on data breaches to minimise the impact
  • Retention and destruction schedule of personal data

 

Rights of the Data Subject

Under articles 12 to 23 of the GDRP legislation, data subjects have increased rights, and data controllers are required to notify data subjects of their rights. Individuals have the right to:

  • Transparency of information. Cenit College provides individuals with privacy information at the time that it collects personal data from them. The privacy notice is available on the Cenit College website. Furthermore, Cenit College representatives will provide data subjects with a link to the privacy statement, a hardcopy of the privacy statement or give verbal information to the data subject on the privacy statement.
  • Access their personal information. This includes information as to whether their personal data has been processed and information about that processing. Prior to releasing any personal data Cenit College requires verification of the identity of the applicant. Where the request has been made in electronic form the data will subsequently be provided in electronic form. Where a large amount of data is involved Cenit College may ask the data subject to specify the precise data they wish to access.
  • Withdraw consent. Where consent is the legal basis for data processing.
  • Rectification, erasure, and restriction of data processing and be notified when this has taken place. Rectification, erasure, and restriction of data processing and be notified when this has taken place.
    • Rectification: Where a data subject requests rectification of their personal data, the controller must inform recipients to whom that data has been disclosed, where possible. The controller must also inform the data subject about the recipients to whom the data has been disclosed if he/she requests it.
    • Erasure: This applies in the following instances:
      • Where the personal data is no longer necessary in relation to the purpose for which it was collected.
      • The data subject withdraws consent and there are no other legal grounds for processing the data.
      • The data subject objects to the processing and there are no overriding legitimate grounds for the processing.
      • The personal data have been unlawfully processed.
      • The personal data has to be erased to comply with an EU or Member State legal obligation; or
      • The personal data has been collected in relation to the offer of information society services (online business) to a child. Cenit College does not offer information society services to children.
    • Where the controller complies with this request, reasonable attempts must be made to inform other controllers regarding the right to erasure. Often this is difficult for online processing such as on social network sites.
  • Request the restriction or suppression of their personal data, in certain circumstances. A data subject’s right to restrict processing applies in four scenarios:
      • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify its accuracy.
      • The processing is unlawful, and the data subject opposes erasure and requests restriction instead.
      • The controller no longer needs the personal data, but the data subject requires the data to exercise or defend a legal claim; or
      • The data subject has objected to the processing. It should be restricted pending verification of whether the legitimate interest’s grounds or public interest tasks of the controller override those the rights of the data subject.
    • When processing is restricted, Cenit College will store the personal data but not further process it. Where the data are processed automatically, the restriction will be affected through technical methods and Cenit College will make a note on the IT system.
  • Data portability. Allowing individuals to reuse their data across different services, where feasible.
  • Object to personal data processing. Cenit College requires consent from the individual to use their personal data for marketing purposes.

If you make a data access request, we have one month to respond to you if this is data that we are the controller of. Data requests that are the responsibility of our clients (which we are the processor of) will be sent to the controller and they in turn will be in contact with the user.
If you would like to exercise any of these rights or ask any questions, please contact us:
Write to us: @ dataprotection@cenitcollege.ie
Or call us at 01 901 2019

Cenit College Website

Where a data subject interacts with the Cenit College websites, Cenit College will collect personal data that relates to their browsing activity. This is collected through Cookies and other web technologies such as Vimeo, Google Font and Adobe Typekit, Tidio. Specifically, Cenit College will collect:

  • IP Address & geo-location
  • Session information
  • Device information (type, brand, operation system name)
  • Browser name and version, language, and protocol
  • Unique numbers assigned to a device (e.g. IDFA on an iPhone, google adID on Android)
  • Details of pages visited and activity on those pages (typically the courses viewed and purchased along with the time and date of these activities)
  • Activities relating to advertisements displayed from Cenit College to the data subject. Information typically collected includes the number of such advertisements and if the data subject clicked on these ads.
  • Generation of user activity through the website and collection of user information using forms on specific pages. This is collected using AgileCRM. Visitors to the Cenit College website can opt out of this by using the Privacy Toolbar when they first enter the website.
  • The website utilises Hotjar Behaviour Analytics to collect data on how Cenit College users use the Cenit College website. Visitors can opt-out by using the Privacy Toolbar when they first enter the website.
  • Vimeo: The website uses videos hosted on Vimeo.com which uses cookies for data collection. Visitors can opt-out by using the Privacy Toolbar when they first enter the website.
  • Google Font and Adobe Typekit: The Cenit College website uses Google Fonts and Adobe Typekit to display custom fonts. Visitors can opt-out by using the Privacy Toolbar when they first enter the website.
  • Tidio: The Cenit College website uses the live chat service Tidio which is completely optional to use. To use the service, visitors click on ‘chat with us’ on the side.

Contributions to the Cenit College Website:

Posting “Content” on Cenit College (which for these T&C and conditions is defined to include any text of whatever nature, including without limitation any comments or submissions, photographs, graphics, video, or audio posted by you to any part of Cenit College. The subscriber agrees that Cenit College may use, edit, move, moderate, copy, disclose to third parties, and make the Content or any part of it available as it sees fit on the Cenit College or third-party services in any media worldwide now known or later developed. By providing content to Cenit College, the user confirms and warrants that it is your original work and not copied from anyone else or infringing any third party’s intellectual property or other rights and is not defamatory, obscene, harmful to minors, harassing, offensive, sexist, homophobic, threatening, encouraging racial hatred or violence or in breach of anyone’s privacy, or confidentiality rights or prejudicial to legal proceedings and is not posted for promotional or commercial purposes.

Privacy policies of other websites

Our Company website may contain links to other websites. Our privacy policy applies only to our website, so you should read their privacy policy if you click on a link to another website.

Marketing

Cenit College will collect personal data for the purpose of marketing. This is used to inform the data subjects of programmes, information, and events that may be of interest to them. The website utilises Google Analytics to generate reports and insights of users visiting the Cenit College website. Visitors to the Cenit College website can opt out of this by using the Privacy Toolbar when they first enter the website. Alternatively, visitors may opt out by contacting the Cenit College Data Protection Officer. The college would like to send users information about products and services that we think they might like. If you have agreed to receive marketing, you may always opt out later. You have the right at any time to stop Our Company from contacting you for marketing purposes or giving your data to other members of our Company Group. If users no longer wish to be contacted for marketing purposes, they can unsubscribe here https://www.cenitcollege.ie/unsubscribe 

Cenit College Careers

Please note it is our policy to store submitted CVs electronically for one year, after which they will be securely deleted. During this period, we will only contact you if we feel you are a potentially suitable candidate for a position with Cenit College.

Changes to our privacy policy

Our Company keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 21/11/2024.