This Policy will also inform you of what we do with personal data, how we look after personal data and tell you about your privacy rights and how the law protects you.
Firebrand Training Limited is registered in the UK. It operates as a wholly separate business but is part of the BPP Professional Education Group. (UK). We may share personal data within our group companies in order to provide our goods and services to you and for the other purposes outlined in this notice. You can read BPP's privacy notice here.
In addition to its presence in the UK Firebrand Training Limited is also the parent of companies in Germany, the Netherlands and Denmark.
For ease of reference, this Policy shall refer to all companies within the Firebrand Group (including Firebrand Ltd (UK) and those Firebrand companies located in Europe) as Firebrand.
This Policy shall apply to any Firebrand website, including any subdomains that may be made available by us from time to time, including websites with the ending ‘. Firebrand.com’; and all Firebrand social media channels (“Website(s)”):
FAO of the Data Protection Officer
Firebrand Training Limited
27 Old Gloucester Street London England WC1N 3AX
You have the right to make a complaint at any time to:
We would, however, appreciate the chance to deal with your concerns before you approach the ICO (or other relevant authority) so please get in touch with us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
The law requires that “special categories” of particularly sensitive personal information require higher levels of protection than other personal data.
In some circumstances we may also collect, store and use the following “special categories” of more sensitive personal information:
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to enroll you onto a relevant course or programme or provide goods or services to you). In this case, we may have to withdraw your application or cancel/restrict a product or service you have with us, but we will notify you if this is the case at the time.
We use different methods to collect data from and about you including through:
You may give us your Identity, Contact, Eligibility, Employment, Financial and Marketing and Communications Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
As we do not invite applications from Candidates directly, the initial information about a Candidate will come from the prospective Employer. We may collect additional personal information from you. The information we receive from the prospective Employer or collect from you may include your title, name, date of birth, gender, how long you have been resident in the UK/EU, ethnicity, learning and/or health problems, whether you have ever been in care, whether you have an education, health and care (also known as EHC) plan, qualifications, apprenticeship aims, functional skills and your prospective Employer’s details. We will also obtain your unique learner ID number for funding from you or, if you do not have it, from the UK Government Gateway.
We will also ask for your preferences for further communications (about courses or learning opportunities, surveys and research) and your preferred methods of contact (post, telephone, email, SMS).
If you commence a training programme we work with we may also collect additional personal information about you, either directly from you or via your Employer, including the details of the address at which you work, your manager and workplace mentor, details of your placement, your employer record number (also known as ERN) and other learner information such as the details set out in the commitment statement which is provided to you at the start of your training, your individual learning plan (also known as ILP), progress reports and college reports.
If you are an apprentice or have just completed your apprenticeship, you may ask us to help you find job opportunities. If we identify an opportunity that suits you then we will discuss with you first and then transfer you contact details and profile to a potential employer. We transfer this data under legitimate interest.
If you provide us with information about any criminal convictions, we shall use it only in accordance with the laws governing the use of such information.
You may give us your Student Data throughout your time on a course or programme. This includes personal data you provide when you:
We may receive personal data about you from various third parties as set out below:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Click here to learn more about the types of lawful basis we will rely on to process your personal data.
Where we are relying on your consent as a legal basis for processing your personal data, for example where we collect voluntary “special category” personal data (as set out in this Policy above) you may withdraw your consent to this processing at any time by contacting us.
In a table format, we have set out below a description of all the ways we plan to use your personal data, and which legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please get in touch with us if you need details about the specific legal ground we rely on to process your personal data, where more than one ground has been set out in the table below.
Please be aware that, if you are a student with Firebrand, in the majority of cases, we will have a contract in place with you in respect of the course or programme you are undertaking. Therefore, our lawful basis for processing your personal data will be to perform our contract with you.
However, sometimes, we will have a contract with your employer or prospective employer. For example, some businesses will ask Firebrand to deliver a bespoke course or programme to a group of its employees. In these cases, Firebrand has a contract with your employer, not you. In these scenarios, Firebrand will process your personal data as necessary for our legitimate interests, i.e. the delivering services to your employer under a contract between Firebrand and your employer. This would also apply where you attend Firebrand courses via a third-party tuition provider or reseller, or where Firebrand acts as a subcontractor to your employer or main training provider.
We will use our collected personal information to facilitate the recruitment and training services we provide.
If you are a Candidate, we may use your personal information for the following purposes and on the basis that we have a legitimate interest in doing so, i.e. in order to provide recruitment services to your prospective Employer (or, in the case of any special category personal data, you have consented to us doing so:
If you are an Apprentice, we may use your personal information to provide our services to your Employer (managing, administering and assessing your training and dealing with its funding) and support you through your learning journey. This will include sharing your personal information with your mentor and Ofsted, so that Ofsted can review your prior attainment and the progress you make through your learning journey against its framework standards. We do so on the basis of our contractual obligations to your Employer and our legal obligations to the ESFA and Ofsted. We may also use such information for internal administration and reporting on the basis that this is compatible with those primary purposes.
|Type of data
|Lawful basis for processing including basis of legitimate interest
|Students or prospective students
|To respond to enquiries or requests for information
|To assess your eligibility to be enrolled onto a particular course or programme with Firebrand
|To recruit you for apprenticeships/traineeships with Firebrand’s selected employer clients
|To register/enrol you as a student with Firebrand
|To deliver the course or programme to you (including the delivery of events)
|To participate in surveys or similar research and analysis exercises undertaken by governmental or other agencies (including but not limited to the Department for Education, Higher Education Funding Council for England, the Office for Students, the Greater London Authority or the Higher Education Statistics Agency) (or any successor body to them) or by third parties engaged by such bodies.
|Customers (or prospective customers) of learning materials
To process and deliver your order, including:
|Clients of Firebrand (including employer clients)
|To register you as a client of Firebrand
To process and deliver the service:
|Suppliers to Firebrand
|To register you as a supplier of Firebrand
|To process and receive goods/services:
To manage our relationship with you which will include:
|To enable you to partake in a prize draw, competition or complete a survey
|To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, hosting of data, support, reporting, CCTV surveillance and audit/visual call recording.
|To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
|To use data analytics to improve our Website, products/services, marketing, student/ customer/client relationships and experiences
|To make suggestions and recommendations to you about goods, services or events that may be of interest to you
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances:
|Type of data
|Lawful basis for processing including basis of legitimate interest
|Students or prospective students
|To confirm that you have the correct immigration status to be enrolled as a student with Firebrand
|Data relating to nationality and immigration status (copies of passports and visas)
|To provide reasonable adjustments to students with disabilities and to provide learning support to students who have learning needs
|Data relating to disabilities and/or learning needs
|Medical data (may include doctors notes or medical records)
|To carry out equal opportunities monitoring and reporting
|Data relating to race and ethnic origin (and other special category personal data)
Less commonly, we may also process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent (for example if you suffer a medical problem whilst on Firebrand’s premises).
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations.
In limited circumstances (as set out above), we ask you for your written consent to allow us to process certain particularly sensitive data. When we do, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
You should be aware that it is not a condition of your contract/right to study with us that you agree to any request for consent from us. However, we may not be able to provide you with certain services (such as learning support) if you do not agree to provide such data to us.
We may only use information relating to criminal convictions where the law allows us to do so. This will be where such processing is necessary to carry out our obligations and provided we do so in line with our data protection policy.
Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent.
We will only collect information about criminal convictions if it is appropriate given the course or programme you are seeking to be enrolled onto. For example, students seeking to enrol on courses or programmes which relate to nursing or other medical professions are required to undergo enhanced criminal records checks as these courses will involve students being placed in hospitals and other healthcare environments.
Where appropriate, we will collect information about criminal convictions as part of the application process or we may be notified of such information directly by you in the course of you studying with us. We will use information about criminal convictions and offences in the following ways:
We are allowed to use your personal information in this way to comply with our legal obligations. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
We do use automated technologies and decision-making when deciding what marketing messages you receive. However, we do not envisage that any other decisions will be taken about you using automated means, however we will update this Policy if this position changes.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
You can opt out of receiving marketing at any time by replying to the sender of the marketing communication with the word “UNSUBSCRIBE” or simply by following the opt out link included in each mail.
If you do not agree to receive marketing from us, but change your mind at a later date, you can contact us and update your marketing preferences.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of you entering into a contract with us.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, Services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or purchased goods or Services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any company outside the Firebrand group of companies for marketing purposes.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 5 above.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Firebrand’s parent group companies (BPP Professional Education Group) may appoint one or more service providers to assist them in managing a whistleblowing helpline and a webpage which acts as a reporting mechanism (“Helpline”) to ensure compliance with Conduct Legislation.
It is possible that a Firebrand staff member or student may report matters of concern through the Helpline and that your personal data may be used by Firebrand’s group companies, its service provider(s) which manage the Helpline and by Firebrand for the purpose of investigating any such report and taking remedial action thereafter. For example, if a Firebrand employee suspects that another employee is misusing company records for his own purposes or is committing fraud involving your personal data, they may report this through the Helpline.
Should this happen, your personal data will only be used for the purpose of ensuring compliance by Firebrand’s group companies with the relevant laws and regulations. Wherever reasonably possible, your personal data will be anonymised prior to use for the purpose of investigations and remedial action so that it does not relate to you. However, in some specific circumstances this may not be possible as it may prohibit a full investigation and prevent compliance with a relevant regulation or Conduct Legislation. Any transfers to Firebrand’s group companies and their service provider(s) which manage the Helpline and which may also be in the US or elsewhere in the world will be carried out in accordance with the law.
A limited number of specially trained employees from Firebrand’s group companies will only have access to your personal data which is disclosed through the Helpline where and to the extent that this is necessary for the purposes of carrying out their roles and for the purpose of compliance. In any event, their access will be limited, secure, controlled and justified as Firebrand considers is fair and necessary in the circumstances. These employees will be subject to appropriate confidentiality obligations.
We encourage our employees to use the Helpline in good faith and only for serious or substantial issues which cannot properly be reported via other means.
Provided reports are made through the Helpline in good faith, we try to protect the confidentiality of your identity as far as is reasonably possible. However, we cannot guarantee this (especially in subsequent court or tribunal proceedings) and we are required to inform the subject of the reports about the allegation(s). Those subjects have the right to request their own personal data, as do you, as set out under Your Legal Rights.
As a result of the Covid-19 pandemic, Firebrand has had to adapt in order to provide its services remotely. A key part of this has been the introduction of online learning across all courses and programmes as well as rolling out more online assessments.
Firebrand uses a suite of platforms and software to provide students with online learning and assessment services. The most notable of these is Microsoft Teams
Students should be aware that, whilst taking part in online learning sessions your tutor and other students in the session will be able to see you (if you enable video), hear you (if you enable your microphone) and see any text that you have typed into the chat box. Although it is optional to have these features enabled, some tutors may request that these are enabled to improve the experience of all students (to make it more like traditional classroom learning); or to ensure you are able and actively participating in the session (including any group work).
You should also be aware that online sessions may be recorded and shared as a revision aid or used by Firebrand for training and monitoring purposes, including (where applicable) with specific regulators in the field of education as part of their monitoring/audit functions.
Students should be aware that some online assessment platforms include remote proctoring (you will be made aware in advance where your exam will be proctored remotely and provided with further information and instructions for use). This means that you will be filmed (video and audio) for the duration of your exam and will be required to provide a video of your surroundings at the start of the exam. Therefore, please ensure you remove anything from view that you would not want recorded (such as personal photographs, documents or other members of your household).
You will be asked to show a form of photographic ID at the start of the online exam (this may also include end point assessments where you are an apprentice). Where you have a Firebrand student ID you must use this as your ID document. If you do not have a Firebrand ID you may use a passport, driver’s licence or other national ID card (which has a photograph). Please be aware that any information contained in your form of ID will be captured so may include data such as your nationality and if applicable, biometric data.
Recordings of your exam may be used in formal procedures (such as any allegation of academic misconduct, mitigating circumstance applications, academic appeals or formal complaints).
Your exam answers will be processed in the same way as hard copy exam scripts would be.
As set out in this Policy, we share your personal data within the Firebrand Group (including outside of the UK). We may also share your personal data with our parent group companies the BPP Professional Education Group. (UK).
We may also share your personal data with suppliers of IT services (including Firebrand’s IT support and third party software and learning platform providers). Therefore, we will transfer some of your data outside the UK.
The Websites, and/or any products and/or Services may be hosted on servers located outside of the UK and maintenance and support services for the Websites, and/or those products and/or Services may be provided from outside the UK. This means that your personal data may be transferred to, stored and processed in other countries apart from the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
As set out in paragraph 9 above, your personal data may be held on the IT system of Firebrand, Firebrand’s group companies (e.g. for the purpose of providing training or educational services to you) and/or on the IT system of another third party company (within or outside of Firebrand) within or outside the UK which is providing IT hosting or other data processing services, in accordance with Firebrand’s arrangement in place with that company.
All information that you provide to us is stored on secure servers. Any payment transactions will be encrypted using SSL technology.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Websites or apps, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our Retention Policy which you can request by contacting us.
As an education provider Firebrand will hold details of your transcript (i.e. your name, years of study, course or programme name, sponsoring employer, assessment and/or exam marks and final grade or award) indefinitely.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.