Firebrand Training | IT Intensivkurse

The following privacy policy covers the UK and European operations of Firebrand Training Ltd (The Firebrand Group of Companies).

What is the purpose of this Privacy Policy?

Firebrand respects your privacy and is committed to protecting your personal data. This Privacy Policy aims to give you information on how Firebrand collects and processes your personal data through:

your use of Firebrand websites, including any data you may provide through Firebrand websites when you make an enquiry or purchase a product or any course/programme (whether online, face to face or distance learning) and whether on behalf of yourself; as an employer client; as a third-party training provider; or as a reseller (“Services”);
your registration for, purchase of or use of any Firebrand products and/or Services (including but not limited to courses, programmes or study materials (in any medium));
your use of any Firebrand social media channel; and
the provision of personal data to Firebrand by any other means.

This Policy will also inform you of what we do with personal data, how we look after personal data and tell you about your privacy rights and how the law protects you.

It is important that you read this Privacy Policy and any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements the other notices and is not intended to override them.

This Privacy Policy is provided in a layered format, so, if you wish, you can select the specific areas of the Policy you are interested in, as set out below. We have also included a Glossary to help you understand the meaning of some of the terms used in this Privacy Policy.

WHO WE ARE
IMPORTANT INFORMATION ABOUT THIS POLICY
YOUR PERSONAL DATA
HOW YOUR PERSONAL DATA IS COLLECTED
HOW WE USE YOUR PERSONAL DATA
DISCLOSURES OF YOUR PERSONAL DATA
COMPLIANCE WITH BRIBERY ACT AND RELEVANT LEGISLATION
ONLINE LEARNING AND ASSESSMENT
INTERNATIONAL TRANSFERS
DATA SECURITY
DATA RETENTION
YOUR LEGAL RIGHTS
GLOSSARY

WHO WE ARE

Data controller

Firebrand Training Limited is registered in the UK. It operates as a wholly separate business but is part of the BPP Professional Education Group. (UK). We may share personal data within our group companies in order to provide our goods and services to you and for the other purposes outlined in this notice. You can read BPP's privacy notice here.

International Entities

In addition to its presence in the UK Firebrand Training Limited is also the parent of companies in Germany, the Netherlands and Denmark.

For ease of reference, this Policy shall refer to all companies within the Firebrand Group (including Firebrand Ltd (UK) and those Firebrand companies located in Europe) as Firebrand.

Firebrand Training Limited

This Privacy Policy is issued on behalf of Firebrand Training Limited, operating as the Firebrand Group, so when we mention “Firebrand”, “we”, “us” or “our” in this Privacy Policy, we are referring to the relevant company responsible for processing your data.

This Policy shall apply to any Firebrand website, including any subdomains that may be made available by us from time to time, including websites with the ending ‘. Firebrand.com’; and all Firebrand social media channels (“Website(s)”):

Contact details

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions about this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please get in touch with the DPO using the following details:

FAO of the Data Protection Officer

Firebrand Training Limited

27 Old Gloucester Street London England WC1N 3AX

Email: privacy@firebrand.training

You have the right to make a complaint at any time to:

the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk)

We would, however, appreciate the chance to deal with your concerns before you approach the ICO (or other relevant authority) so please get in touch with us in the first instance.

IMPORTANT INFORMATION ABOUT THIS POLICY

Changes to the Privacy Policy and your duty to inform us of changes

This Privacy Policy outlines your rights under the Data Protection Act 2018 and the UK General Data Protection Regulation.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

We keep this Privacy Policy under review and may update it from time to time. This version was last updated on 7th March 2023.

If you reject the terms of this Privacy Policy

If you do not agree to your personal data being used in accordance with this Privacy Policy, please do not submit your personal data to us through the Website or any other means.

Third-party links and products

The Website may include links to third-party websites, plug-ins and applications. Clicking or enabling those links may allow third parties to collect or share your data. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website, we encourage you to read every website's privacy policy.

During your studies, you may also be directed to use third-party platforms (for example bksb, LinkedIn Learning, Code Red, Gmetrix, Microsoft 365 (and other specialist learning platforms for specific courses). We do not control these third-party platforms and are not responsible for their privacy policies or responsible for personal data which you may transfer to such third parties. We encourage you to read these platforms' terms of use and privacy policy.

YOUR PERSONAL DATA

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Audio / Visual and CCTV Data

We consider personal information in the context of our audio visual recording and surveillance systems to be an image, audio or other information from which a living individual can be identified where:

The individual is the focus of the image;
The image contains or shows significant information about that individual;
The audio commentary identifies the individual;
The processing of the image/audio affects the individual’s privacy.

This includes recordings from closed circuit televisions systems which are in place at some of our premises (including our main Wyboston training venue) for security purposes; telephone recordings (for monitoring and training purposes) where you call any of our student advice or sales teams (although not all calls to Firebrand are recorded); photographs of you for use on ID cards or to be used on registers/your online accounts so Firebrand staff (such as tutors or exam invigilators) can identify you; audio/video recordings of meetings with Trainers, Skills Coaches and Learning Mentors or other performance/progress calls on courses or programmes (although not all of these types of calls are recorded); recordings (including video, audio and text) where any lecture, seminar, webinar or other interactive teaching session is recorded; video recordings from recorded exams/assessments (including mock exams/assessments); and any video recordings from any recorded interviews (such as credibility interviews and English language interviews for visa compliance purposes). Please see Online Learning and Assessment for further information.
Contact Data includes billing address, delivery address, postal address, email address and telephone numbers.
Eligibility Data includes education/academic history, qualifications and/or training records, personal statements and references. For apprentices, this will also include a national insurance number. For international students, this may also include copies of bank statements or other financial information to ensure visa requirements are met.
Employment Data (this is relevant where your employer/future employer sponsors your place on a course or Programme) includes the name of employer, job title, line manager name and contact details, work contact details (email address, telephone number and postal address), National Insurance number and employment start and end dates (and for apprentices may include hours of work).
Financial Data includes bank account, billing information, payment card details and information from any student loan organisation.
Identity Data includes first name, maiden name, last name, student ID number, and usernames for Firebrand sites (including Firebrand’s Learning Management System, Virtual Learning Environment, Hub) and other online platforms (including Microsoft Teams), Firebrand IT accounts (including Firebrand emails), or similar identifiers, marital status, title, date of birth and gender. It may also include copies of identification documents (such as a passport, driver’s licence or national identity card) which are used to confirm your identity in assessments (including online assessments). It may also include copies of identification documents (such as a passport, driver’s licence or national identity card) which are used to confirm your identity in enrollments and assessments (including online assessments).
Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
Next of Kin Data includes the name and contact information of a friend or relative to be used in the event of an emergency involving you. This will also include (for international students) the details of any friend or relative you are staying with, as declared on any visa application. It may also include details of relatives you have authorised to communicate with Firebrand on your behalf or attend Firebrand events with you, such as graduation ceremonies.
Profile Data includes your usernames and passwords (for Firebrand platforms), purchases or orders made by you, your interests, preferences, feedback, reviews, survey responses and enquiries submitted to Firebrand.
Recruitment Data includes any information you have provided to us (or through a third party such as Job Train, Zellis, Indeed, Get My First Job, LinkedIn or a recruitment agency) in your curriculum vitae, any cover letter, any application form (including name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications and reasons for wanting to apply for the relevant position) and any information you provide to us during an interview.
Student Data Student Data includes the course or programme you are studying with Firebrand, your years of study, records of achievements on the course or programme (exam, assessment and mock results), exam scripts, exam transcripts, attendance and progress information, feedback from lecturers or personal tutors (including student references), emails sent by you to Firebrand, emails sent/received by you to or from your Firebrand email address or messages posted on any forums or message boards (including on Teams), information relating to your involvement in Firebrand’s apprentice network, information relating to your involvement in Firebrand’s alumni network, information relating to your registration for or attendance at any Firebrand hosted/advertised events, information relating to allegations of academic misconduct or other matters of discipline, information relating to any application for mitigating circumstances or an academic appeal, any application for deferrals or interruption of studies and any complaints made by you or about you to Firebrand.
Technical Data includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Usage Data includes information about your visit to a Website, including the Uniform Resource Locators (URL) clickstream to, through and from the Website (including date and time), products and/or services you viewed or searched for, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouseovers) and methods used to browse away from the page and any phone number used to call our customer services numbers.

We also collect, use and share Aggregated Data, such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Privacy Policy.

Special Categories of Personal Data

The law requires that “special categories” of particularly sensitive personal information require higher levels of protection than other personal data.

In some circumstances we may also collect, store and use the following “special categories” of more sensitive personal information:

Information about your race or ethnicity is collected for equality and diversity monitoring purposes. We also collect this information on behalf of the Education and Skills Funding Agency (about apprenticeship students) and the Higher Education Statistics Agency in respect of Firebrand students (please see section 7 for further information). This information is voluntary.
Information about your gender identity is collected regarding apprenticeship students and Firebrand students for equality and diversity monitoring purposes. We also collect this information on behalf of the Higher Education Statistics Agency (please see section 7 for further information). This information is voluntary.
Information about your sexual orientation is collected regarding apprenticeship students and Firebrand University students for equality and diversity monitoring purposes. We also collect this information on behalf of the Higher Education Statistics Agency (please see section 7 for further information). This information is voluntary.
Information about your religious beliefs -this information is collected concerning apprenticeship students and Firebrand University students for equality and diversity monitoring purposes. We also collect this information on behalf of the Higher Education Statistics Agency (please see section 7 for further information). This information is voluntary.
Information about your nationality and immigration status - this information is required to ensure that, where relevant, prospective Firebrand students have the correct visa or right to study in the UK to enrol onto a course or programme. Accordingly, we will collect information such as copies of passports, copies of visas and any relevant correspondence between you and the UK Visas and Immigration department of the Home Office. Without completing these checks, we cannot enrol Students onto a course or Programme. This information is also collected regarding apprenticeship and Firebrand students for equality and diversity monitoring purposes. We also collect this information on behalf of the Higher Education Statistics Agency (please see section 7 for further information). Where this information is collected under paragraph 2, it is voluntary.
Information about any disabilities or learning needs 1) this information is collected so that any reasonable adjustments can be made to accommodate students with disabilities (for example, large print learning materials or exam papers) and also to ensure that any learning needs are supported (for example extra time in exams). This information is voluntary, but Firebrand cannot provide you with learning support/reasonable adjustments if you do not. 2) This information is also collected regarding apprenticeship students and Firebrand University students for equality and diversity monitoring purposes. We also collect this information on behalf of the Higher Education Statistics Agency (please see section 7 for further information). Where this information is collected under paragraph 2, it is voluntary.
Medical information – this information may be collected where a medical issue is having an impact on your studies with Firebrand (for example, you may have a prolonged period of absence; or you make an application for an interruption of studies where an illness is preventing you from studying; or where a medical issue has affected your performance in an exam, you may make an application for mitigating circumstances) or if an incident occurs whilst on campus. Such information is required for health and safety reporting. It may also include dietary requirements where you are attending a catered Firebrand event (this information may be provided to Firebrand via third parties such as Eventbrite). This information is voluntary.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to enroll you onto a relevant course or programme or provide goods or services to you). In this case, we may have to withdraw your application or cancel/restrict a product or service you have with us, but we will notify you if this is the case at the time.

HOW YOUR PERSONAL DATA IS COLLECTED

We use different methods to collect data from and about you including through:

Direct interactions.

You may give us your Identity, Contact, Eligibility, Employment, Financial and Marketing and Communications Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

apply for a course or programme;
submit an online query or request a call back;
purchase goods or Services from us;
speak with one of our student advisors or admissions teams;
speak with one of our client or supplier services teams;
speak with your tutor or other teaching staff;
make a room (or desk) booking at one of our premises;
sign into a Firebrand center or other venue (such as an exam/assessment Center);
create an account on our Website.
subscribe to a service or publication;
subscribe, register, take part in or view any Firebrand webinar;
are captured on closed circuit television or other audio/visual recordings when attending our premises;
request marketing to be sent to you;
enter a competition, promotion or complete a survey; or
give us feedback.

If you are a candidate

As we do not invite applications from Candidates directly, the initial information about a Candidate will come from the prospective Employer. We may collect additional personal information from you. The information we receive from the prospective Employer or collect from you may include your title, name, date of birth, gender, how long you have been resident in the UK/EU, ethnicity, learning and/or health problems, whether you have ever been in care, whether you have an education, health and care (also known as EHC) plan, qualifications, apprenticeship aims, functional skills and your prospective Employer’s details. We will also obtain your unique learner ID number for funding from you or, if you do not have it, from the UK Government Gateway.

We will also ask for your preferences for further communications (about courses or learning opportunities, surveys and research) and your preferred methods of contact (post, telephone, email, SMS).

If you are an apprentice

If you commence a training programme we work with we may also collect additional personal information about you, either directly from you or via your Employer, including the details of the address at which you work, your manager and workplace mentor, details of your placement, your employer record number (also known as ERN) and other learner information such as the details set out in the commitment statement which is provided to you at the start of your training, your individual learning plan (also known as ILP), progress reports and college reports.

If you are an apprentice or have just completed your apprenticeship, you may ask us to help you find job opportunities. If we identify an opportunity that suits you then we will discuss with you first and then transfer you contact details and profile to a potential employer. We transfer this data under legitimate interest.

Information about criminal convictions

If you provide us with information about any criminal convictions, we shall use it only in accordance with the laws governing the use of such information.

Through your Studies.

You may give us your Student Data throughout your time on a course or programme. This includes personal data you provide when you:

attend lectures, seminars, webinars or other learning sessions (including where these are online);
submit work for assessment (including mocks);
take exams or other forms of assessment (including mocks);
submit any applications or complaints relating to your studies (for example, mitigating circumstances applications);
raise any issues or questions with your lecturer / personal tutor/mentor; or
contact one of our student advice teams for support.

Automated technologies or interactions.

As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data using cookies, server logs and similar technologies. Please see our Cookie Policy for further details.

Third parties.

We may receive personal data about you from various third parties as set out below:

Contact, Eligibility, Employment and Identify Data from your employer where your employer/future employer is sponsoring your place on a Firebrand course or programme (including apprenticeships and traineeships) ∆;
Identity, Contact, Transaction and Student Data from any third-party survey/review organisation or portal provider, such as Metrics that Matter, SurveyMonkey, Eventbrite and Trustpilot.
Contact, Eligibility, Employment, Identity, Next of Kin and Student Data from third-party training providers/employers where Firebrand is acting as a subcontractor for any element of your course or programme teaching from a third-party training provider/employer. This is particularly relevant to apprenticeships;
Contact, Eligibility, Employment, Identity, Transaction and Student Data from third-party training providers or resellers where such third party has purchased courses (including online courses) from Firebrand to resell;
Contact, Eligibility, Employment, Identity, and Student Data from a third party which Firebrand collaborates with to create, and/or marketing, and/or delivering tailored programmes or courses.
Contact, Eligibility and Identity Data from third-party apprenticeship/traineeship recruiters (including Get My First Job, LinkedIn, Job Train, the Prince’s Trust, Career Connect and Talent Match);
Identity, Contact, Eligibility, Transactional and Student Data from any external awarding bodies or professional membership bodies which you may be registered with to enroll on or complete the course or programme you are studying with Firebrand (including, ICAEW, IAPP etc.) ∆;
Identity and Student Data from any third-party assessment/examination center, online exam provider (examples include Pearson VUE, BCS or PSI Testing Solutions), external exam marker or invigilator (for example where you request to sit a Firebrand exam abroad; or your course or programme requires an external assessment organisation to provide your final examination/assessment (including end point assessment organisations for apprenticeships); or any organisations which review assessment submissions for plagiarism such as Turnitin) ∆;
Contact, Identity, Marketing and Communications, Profile, Recruitment, Student, Technical and Usage Data from any third-party portals used to provide student services.
Student Data from any freelance tutor, external presenter or third-party platform engaged by Firebrand to deliver teaching/training to you as part of your course or programme.
Contact, Eligibility and Identity Data from overseas agents, engaged by Firebrand who assist overseas students in submitting applications for courses or programmes to Firebrand ∆;
Identity, Contact, Transaction and Student Data from any third-party survey/review organisation or portal provider, such as Metrics that Matter, Microsoft 365, SurveyMonkey, Evasys, Qualtrics, Eventbrite and Trustpilot;
Identify and Contact Data from advertising networks; and search information providers (such as Companies House or LinkedIn);
Contact, Financial and Transaction Data from providers of technical, payment and delivery/courier services (e.g., where you order hard copy study materials) such as PayPal.

HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights, do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Where we have your consent.

Click here to learn more about the types of lawful basis we will rely on to process your personal data.

Where we are relying on your consent as a legal basis for processing your personal data, for example where we collect voluntary “special category” personal data (as set out in this Policy above) you may withdraw your consent to this processing at any time by contacting us.

Purposes for which we will use your personal data

In a table format, we have set out below a description of all the ways we plan to use your personal data, and which legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please get in touch with us if you need details about the specific legal ground we rely on to process your personal data, where more than one ground has been set out in the table below.

Please be aware that, if you are a student with Firebrand, in the majority of cases, we will have a contract in place with you in respect of the course or programme you are undertaking. Therefore, our lawful basis for processing your personal data will be to perform our contract with you.

However, sometimes, we will have a contract with your employer or prospective employer. For example, some businesses will ask Firebrand to deliver a bespoke course or programme to a group of its employees. In these cases, Firebrand has a contract with your employer, not you. In these scenarios, Firebrand will process your personal data as necessary for our legitimate interests, i.e. the delivering services to your employer under a contract between Firebrand and your employer. This would also apply where you attend Firebrand courses via a third-party tuition provider or reseller, or where Firebrand acts as a subcontractor to your employer or main training provider.

We will use our collected personal information to facilitate the recruitment and training services we provide.

If you are a Candidate

If you are a Candidate, we may use your personal information for the following purposes and on the basis that we have a legitimate interest in doing so, i.e. in order to provide recruitment services to your prospective Employer (or, in the case of any special category personal data, you have consented to us doing so:

Progressing your application, including verifying your eligibility for funding. This includes carrying out background checks and ensuring that your attainment meets the minimum standards for the training programme you want to enrol on. We do this using the UK Government Gateway and through the evidence of the qualifications you provide.
Shortlisting and selecting you to be put forward for a particular opportunity.
Coordinating interview arrangements and job offers.
Obtaining references from your named referees
We may also use such information for internal administration and reporting on the basis that this is compatible with these primary purposes.

If you are an Apprentice

If you are an Apprentice, we may use your personal information to provide our services to your Employer (managing, administering and assessing your training and dealing with its funding) and support you through your learning journey. This will include sharing your personal information with your mentor and Ofsted, so that Ofsted can review your prior attainment and the progress you make through your learning journey against its framework standards. We do so on the basis of our contractual obligations to your Employer and our legal obligations to the ESFA and Ofsted. We may also use such information for internal administration and reporting on the basis that this is compatible with those primary purposes.

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
Students or prospective students
To respond to enquiries or requests for information	a. Identity b. Contact	Performance of a contract with you; or Consent
To assess your eligibility to be enrolled onto a particular course or programme with Firebrand	a. Contact b. Eligibility. Employment* (if sponsored by an employer) d. Identity e. Audio/Visual	Performance of a contract with you; or *Necessary for our legitimate interests (to deliver services to your employer under a contract in place between Firebrand and your employer)
To recruit you for apprenticeships/traineeships with Firebrand’s selected employer clients	Recruitment	Consent; or Necessary for our legitimate interests (to recruit apprentices/trainees for our employer clients)
To register/enrol you as a student with Firebrand	Contact Eligibility Employment* (if sponsored by an employer) Identity	Performance of a contract with you; or *Necessary for our legitimate interests (to deliver services to your employer under a contract in place between Firebrand and your employer)
To deliver the course or programme to you (including the delivery of events)	Audio/Visual Contact Identity Profile Student	Performance of a contract with you; or *Necessary for our legitimate interests (to deliver services to your employer under a contract in place between Firebrand and your employer)
To: Manage payments, fees Collect and recover money owed to us Keep records for audit/accounting purposes Defend any legal claims brought against Firebrand	Identity Contact Financial Transaction Student	Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us or defend legal claims) Necessary to comply with a legal obligation
To participate in surveys or similar research and analysis exercises undertaken by governmental or other agencies (including but not limited to the Department for Education, Higher Education Funding Council for England, the Office for Students, the Greater London Authority or the Higher Education Statistics Agency) (or any successor body to them) or by third parties engaged by such bodies.	Identity Eligibility Student	Necessary for our legitimate interests (to study how students use our services, to develop them, to grow our business and to inform our strategy) Necessary to comply with a legal obligation
Customers (or prospective customers) of learning materials
To process and deliver your order, including: Manage payments, fees Collect and recover money owed to us Keep records for audit/accounting purposes Defend any legal claims brought against Firebrand	Identity Contact Financial Transaction Marketing and Communications	Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us or defend legal claims) Necessary to comply with a legal obligation
Clients of Firebrand (including employer clients)
To register you as a client of Firebrand	Identity Contact	Performance of a contract with you
To process and deliver the service: Manage payments, fees and charges Collect and recover money owed to us Keep records for audit/accounting purposes Defend any legal claims brought against Firebrand	Identity Contact Financial Transaction Marketing and Communications	Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us or defend legal claims) Necessary to comply with a legal obligation
Suppliers to Firebrand
To register you as a supplier of Firebrand	Identity Contact	Performance of a contract with you
To process and receive goods/services: Manage payments, fees and charges Keep records for audit/accounting purposes Defend any legal claims brought against Firebrand	Identity Contact Financial Transaction Marketing and Communication	Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us or defend legal claims) Necessary to comply with a legal obligation
For All
To manage our relationship with you which will include: Notifying you about changes to our terms or policies Asking you to provide a review or take a feedback survey	Identity Contact Profile Marketing and Communications	Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or complete a survey	Identity Contact Profile Usage Marketing and Communications	Performance of a contract with you Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, hosting of data, support, reporting, CCTV surveillance and audit/visual call recording.	Identity Contact Technical	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, physical security and to prevent fraud and also in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation
To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	Identity Contact Profile Usage Marketing and Communications Technical	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our Website, products/services, marketing, student/ customer/client relationships and experiences	Technical Usage	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods, services or events that may be of interest to you	Identity Contact Technical Usage Profile	Necessary for our legitimate interests (to develop our products/services and grow our business)

How we use particularly sensitive personal information

“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances:

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
Students or prospective students
To confirm that you have the correct immigration status to be enrolled as a student with Firebrand	Data relating to nationality and immigration status (copies of passports and visas)	Performance of a contract with you Complying with our legal obligations to the UK Home Office
To provide reasonable adjustments to students with disabilities and to provide learning support to students who have learning needs	Data relating to disabilities and/or learning needs	Performance of a contract with you Complying with our legal obligations (under the Equality Act 2010) Your explicit consent (this information is voluntary)
To: Monitor periods of absence* Deal with applications for mitigating circumstances or academic appeals Deal with applications for interruptions of study or deferrals Confirm any dietary requirements for Firebrand catered events	Medical data (may include doctors notes or medical records)	Performance of a contract with you Your explicit consent (this information is voluntary) *Where it is a condition of a visa that a student must maintain a minimum attendance level, we will request medical data to justify any absence to avoid being in breach of our obligations to the UK Home Office.
To carry out equal opportunities monitoring and reporting	Data relating to race and ethnic origin (and other special category personal data)	Your explicit consent (this information is voluntary) It is in the public interest to process such data.

Less commonly, we may also process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent (for example if you suffer a medical problem whilst on Firebrand’s premises).

Consent

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations.

In limited circumstances (as set out above), we ask you for your written consent to allow us to process certain particularly sensitive data. When we do, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

You should be aware that it is not a condition of your contract/right to study with us that you agree to any request for consent from us. However, we may not be able to provide you with certain services (such as learning support) if you do not agree to provide such data to us.

Information about criminal convictions

We may only use information relating to criminal convictions where the law allows us to do so. This will be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy.

Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent.

We will only collect information about criminal convictions if it is appropriate given the course or programme you are seeking to be enrolled onto. For example, students seeking to enrol on courses or programmes which relate to nursing or other medical professions are required to undergo enhanced criminal records checks as these courses will involve students being placed in hospitals and other healthcare environments.

Where appropriate, we will collect information about criminal convictions as part of the application process or we may be notified of such information directly by you in the course of you studying with us. We will use information about criminal convictions and offences in the following ways:

To ensure our compliance with relevant safeguarding legislation in relation to clinical placements.

We are allowed to use your personal information in this way to comply with our legal obligations. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data.

Automated decision-making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

Where we have notified you of the decision and given you 21 days to request a reconsideration
Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights
In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights. If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

We do use automated technologies and decision-making when deciding what marketing messages you receive. However, we do not envisage that any other decisions will be taken about you using automated means, however we will update this Policy if this position changes.

We do also use “bots” to automate some of Firebrand’s administrative services. Bots are computer programmes made from a series of algorithms that allow them to carry out tasks without specific instructions. These bots are used to carry out repetitive tasks and attempt to mimic human behaviours. Therefore, they may be used to collect information for student registration or on boarding (or other administrative tasks). The personal data collected by these bots is processed in accordance with this Privacy Policy and is processed in the same way as if it had been collected by a member of Firebrand staff.

Marketing and opting out

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

You can opt out of receiving marketing at any time by replying to the sender of the marketing communication with the word “UNSUBSCRIBE” or simply by following the opt out link included in each mail.

If you do not agree to receive marketing from us, but change your mind at a later date, you can contact us and update your marketing preferences.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of you entering into a contract with us.

Promotional offers from us

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, Services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or purchased goods or Services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.

Third party marketing

We will get your express opt-in consent before we share your personal data with any company outside the Firebrand group of companies for marketing purposes.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

DISCLOSURES OF YOUR PERSONAL DATA

We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 5 above.

Internal Third Parties as set out in the Glossary.
External Third Parties as set out in the Glossary.
Specific third parties marked with ∆ listed in paragraph 4 above (under the ‘Third parties’ heading).
Specific third parties listed in paragraphs 7 to 13 below.
Your parent or next of kin if there any immediate concerns regarding your physical health/safety or mental wellbeing.
External venues where some element of a course or programme (including assessments), or an event, is delivered (Firebrand may share Identity Data with the venue for registration and health and safety purposes).
Counselling services, where you make a specific request via the Student Advice Team (Firebrand may share Identity and Contact Data).
Recruitment services, where you make a specific request via XYZ – for example Firebrand passing your name, phone number and email address to getmyfirst job or another similar job site. Once Firebrand has passed your details to the recruitment service, they will become the controller of your personal data for the purposes stated in their privacy notice - https://www.getmyfirstjob.co.uk/privacypolicy.aspx
Turnitin, an academic plagiarism checker (Firebrand may share Identity and Student Data with Turnitin).
Future employers or education providers where you specifically request that we provide confirmation of Identity or Student Data to those parties for reference purposes.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

COMPLIANCE WITH BRIBERY ACT AND RELEVANT LEGISLATION

In this Privacy Policy, we have explained that your personal data may be used for the purpose of ensuring compliance with legal obligations and that it may be disclosed to Firebrand’s group companies’ service providers or governmental departments. This includes for the purpose of enabling Firebrand’s group companies to comply with the US Foreign and Corrupt Practices Act 1977 (“FCPA”) and enabling Firebrand to comply with its obligations under the UK Bribery Act 2010 (the “Bribery Act”), the Criminal Finances Act 2017, The Money Laundering, Terrorist Financing and Transfer of Funds(Information on the Payer) Regulations 2017, Proceeds of Crime Act 2002 and any other local laws or regulations relating to similar purposes which relate to fraudulent, illegal or unethical behaviour (the “Conduct Legislation”).

Firebrand’s parent group companies (BPP Professional Education Group) may appoint one or more service providers to assist them in managing a whistleblowing helpline and a webpage which acts as a reporting mechanism (“Helpline”) to ensure compliance with Conduct Legislation.

It is possible that a Firebrand staff member or student may report matters of concern through the Helpline and that your personal data may be used by Firebrand’s group companies, its service provider(s) which manage the Helpline and by Firebrand for the purpose of investigating any such report and taking remedial action thereafter. For example, if a Firebrand employee suspects that another employee is misusing company records for his own purposes or is committing fraud involving your personal data, they may report this through the Helpline.

Should this happen, your personal data will only be used for the purpose of ensuring compliance by Firebrand’s group companies with the relevant laws and regulations. Wherever reasonably possible, your personal data will be anonymised prior to use for the purpose of investigations and remedial action so that it does not relate to you. However, in some specific circumstances this may not be possible as it may prohibit a full investigation and prevent compliance with a relevant regulation or Conduct Legislation. Any transfers to Firebrand’s group companies and their service provider(s) which manage the Helpline and which may also be in the US or elsewhere in the world will be carried out in accordance with the law.

A limited number of specially trained employees from Firebrand’s group companies will only have access to your personal data which is disclosed through the Helpline where and to the extent that this is necessary for the purposes of carrying out their roles and for the purpose of compliance. In any event, their access will be limited, secure, controlled and justified as Firebrand considers is fair and necessary in the circumstances. These employees will be subject to appropriate confidentiality obligations.

We encourage our employees to use the Helpline in good faith and only for serious or substantial issues which cannot properly be reported via other means.

Provided reports are made through the Helpline in good faith, we try to protect the confidentiality of your identity as far as is reasonably possible. However, we cannot guarantee this (especially in subsequent court or tribunal proceedings) and we are required to inform the subject of the reports about the allegation(s). Those subjects have the right to request their own personal data, as do you, as set out under Your Legal Rights.

ONLINE LEARNING AND ASSESSMENT

As a result of the Covid-19 pandemic, Firebrand has had to adapt in order to provide its services remotely. A key part of this has been the introduction of online learning across all courses and programmes as well as rolling out more online assessments.

Firebrand uses a suite of platforms and software to provide students with online learning and assessment services. The most notable of these is Microsoft Teams

Students should be aware that, whilst taking part in online learning sessions your tutor and other students in the session will be able to see you (if you enable video), hear you (if you enable your microphone) and see any text that you have typed into the chat box. Although it is optional to have these features enabled, some tutors may request that these are enabled to improve the experience of all students (to make it more like traditional classroom learning); or to ensure you are able and actively participating in the session (including any group work).

You should also be aware that online sessions may be recorded and shared as a revision aid or used by Firebrand for training and monitoring purposes, including (where applicable) with specific regulators in the field of education as part of their monitoring/audit functions.

Online Assessments

Students should be aware that some online assessment platforms include remote proctoring (you will be made aware in advance where your exam will be proctored remotely and provided with further information and instructions for use). This means that you will be filmed (video and audio) for the duration of your exam and will be required to provide a video of your surroundings at the start of the exam. Therefore, please ensure you remove anything from view that you would not want recorded (such as personal photographs, documents or other members of your household).

You will be asked to show a form of photographic ID at the start of the online exam (this may also include end point assessments where you are an apprentice). Where you have a Firebrand student ID you must use this as your ID document. If you do not have a Firebrand ID you may use a passport, driver’s licence or other national ID card (which has a photograph). Please be aware that any information contained in your form of ID will be captured so may include data such as your nationality and if applicable, biometric data.

Recordings of your exam may be used in formal procedures (such as any allegation of academic misconduct, mitigating circumstance applications, academic appeals or formal complaints).

Your exam answers will be processed in the same way as hard copy exam scripts would be.

INTERNATIONAL TRANSFERS

As set out in this Policy, we share your personal data within the Firebrand Group (including outside of the UK). We may also share your personal data with our parent group companies the BPP Professional Education Group. (UK).

We may also share your personal data with suppliers of IT services (including Firebrand’s IT support and third party software and learning platform providers). Therefore, we will transfer some of your data outside the UK.

The Websites, and/or any products and/or Services may be hosted on servers located outside of the UK and maintenance and support services for the Websites, and/or those products and/or Services may be provided from outside the UK. This means that your personal data may be transferred to, stored and processed in other countries apart from the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data;
We may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

As set out in paragraph 9 above, your personal data may be held on the IT system of Firebrand, Firebrand’s group companies (e.g. for the purpose of providing training or educational services to you) and/or on the IT system of another third party company (within or outside of Firebrand) within or outside the UK which is providing IT hosting or other data processing services, in accordance with Firebrand’s arrangement in place with that company.

All information that you provide to us is stored on secure servers. Any payment transactions will be encrypted using SSL technology.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Websites or apps, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

DATA RETENTION

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our Retention Policy which you can request by contacting us.

As an education provider Firebrand will hold details of your transcript (i.e. your name, years of study, course or programme name, sponsoring employer, assessment and/or exam marks and final grade or award) indefinitely.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

The Firebrand Training Privacy Policy continues on page 2.