TLM Privacy Notice
GDPR
What information we require from you and how we use it.
By signing this statement you are confirming that you are aware that in order for TLM to carry out its duties as an Awarding Organisation TLM requires you to upload onto the TLM Centre Management Site:
Your name and school email address. Learners' name, date of birth and Unique Learner Number. TLM do not require any other information.
Who do we share data with:
The learner data is only shared with one organisation.
The Learning Records Service (LRS).
LRS use the data to keep a permanent record of every learner's achievements and to inform the Department of Education so as to award Performance Points to schools.
Data is uploaded to this service using their secure methods.
TLM employs moderators and markers.
The moderators have access to your school email address in order to contact you. The moderator sees the name of the learner when they request work.
Exam markers who mark the online exams see only the internally issued ID number of the candidate. Exam markers who mark paper exams see the name of the candidate and the internally issued ID number on the front of the exam paper.
We do not share the data the school provide us with any other organisations.
All data is securely saved on the TLM servers and cannot be seen by any other school or organisation. Moderators and markers only see their pieces of work.
THE LEARNING MACHINE LTD (“TLM”) TLM Centre Management Site Contract
You must agree to these contract terms in order to create an account on this Site.
TLM – TERMS OF CONTRACT
1. Account Holder
1.1 In consideration of the facilities granted by TLM through the websites on the domains https://theingots.org/community/user (“the Learning Site”) and https://awards.theingots.org/ (“the TLM Centre Management Site”) you agree to these terms of Contract and TLM will grant to you and the organisation that you properly represent a limited non-exclusive non-transferable revocable licence to access the TLM Centre Management Site. If you do not agree to these terms then you may not access the TLM Centre Management Site and should not attempt to do so.
1.2 You confirm that you are a person authorised to create an account with The Learning Machine Ltd and you are acting on behalf of yourself as a representative of the learning centre (“the Centre”) that you have identified in your profile. All information provided by you to TLM through this account or otherwise is true and accurate in all respects.
1.3 You confirm that you will make known the terms of this Contract to each person who adopts a role as an Assessor, an Assessor Trainer or a Principal Assessor.
1.4 You also confirm that you are authorised on behalf of the Centre to bind the Centre and its employees, servants or agents to the terms of this Contract that may become involved in providing information to be uploaded to the TLM Centre Management Site. You have the authority and consent of the Centre to accept the terms upon which TLM processes personal data which is gathered through the TLM Centre Management Site.
2. Assessors
2.1 An Assessor must uphold the TLM standards in all aspects of assessment by following the criteria found on this site and on the Learning Site [insert link to standards page(s)] (“the Standards”).
2.2 An Assessor will only enter any assessment grades into TLM Centre Management Site site which are accurate and are based on evidence that witnessed by that person.
2.3 An Assessor shall ensure that assessments made will be a fair reflection of each Learner's attainment levels based on the assessment criteria and the support for their interpretation given in the Assessors' guides and the general descriptions of attainment at this level.
2.4 Each Assessor agrees to co-operate fully with the Principal Assessor at the Centre and the Account Manager at TLM with the intention of maintaining the Standards and ensuring and (where necessary) improving the consistency of assessment judgements. This co-operation will include attending such meetings as are reasonably required by TLM to assess overall Standards at the Centre and to compare and contrast the performance of the Centre as against other TLM Centres.
2.5 An Assessor must ensure that a selection of evidence from a body of candidate's work is available in web pages and other formats in order to evidence quality assurance.
2.6 The Centre may only use the official certificate templates supplied by TLM to print certificates and will only do so when authorised by TLM when a learners' assessment records are complete.
2.7 As the Account Holder I will ensure that the certificate templates for any purpose other than to award certificates related to TLM qualifications as described and supported on this web site.
2.8 I will make available a means of electronic communication, e-mail or SMS text message so that I can be contacted by the Account Manager at The Learning Machine Ltd and I will respond to such contacts within 2 working days. (Contact can be made through our contacts page at https://tlm.org.uk/contact-us/.)
3. Assessor Trainer
3.1 Assessor Trainer status is only to be conferred on colleagues at the Centre that the Principal Assessor judges to have the experience and competence to make sound judgements at the appropriate level.
3.2 The Principal Assessor or a person nominated by the Principal Assessor (“the Assessor Trainer”) will support and supervise those that are appointed as Assessors particularly in their first year of assessing to ensure that their judgements are consistent.
4. The Principal Assessor
4.1 The Centre will nominate and appoint a Principal Assessor and inform TLM as to the name of the person appointed.
4.2 The Principal Assessor will review and critique a cross section of the work of each Assessor Trainer in the Centre on a minimum of one occasion each academic year.
4.3 Each Assessor shall have their work formally reviewed and critiqued by an Assessor Trainer on a minimum of one occasion per academic year in keeping with the Centre’s existing internal quality assurance procedures.
4.4 The outcomes of the review and critique will be reported in writing together with any recommendations made by the Assessor Trainer or agreed points of action.
4.5 Where points of action are related directly to maintaining assessment standards, the action points a target date (which is reasonable in all the circumstances) will be set by the Assessor Trainer for further evaluation of that Assessor’s work and the outcome of that further evaluation shall be summarised in writing by the Assessor Trainer for the information of the Principal Assessor.
4.6 In the first instance, the Principal Assessor will arrange further training for any Assessor whose evaluation reveals any failure to follow recommendations or where agreed action points have not been carried out in whole or there are concerns that the Assessor is not achieving consistency of assessment with other Assessors.
4.7 The Principal Assessor shall be under an obligation to report to the Account Manager at TLM any cases where there exists a real risk that assessment standards are inconsistent or uncertain as between the Centre’s Assessors. In such cases, the Principal Assessor will keep samples of work or written commentary on observation as evidence of the issues involved.
4.8 The Principal Assessor will convene an annual meeting of Assessors for the Centre at which consistency of assessments in making judgements about learner’s outcomes shall be discussed. A summary of the annual meeting, to include any action points arising, shall be forwarded to the Account Manager at TLM.
4.9 The Centre shall keep evidence demonstrating the monitoring of its own quality assurance schemes in assessments of learners work and shall provide such evidence of the quality assurance schemes on written request to TLM.
4.10 The Principal Assessor will be responsible for compliance with the terms of this contract on behalf of the Centre.
4.11 The Centre will keep basic statistical evidence such as the number of candidates each year achieving each of the levels and the number of candidates each year progressing between levels for the purpose of measuring institutional performance and to record any improvement in pupil outcomes and assessing methodology.
5. Personal Data collected through the TLM Centre Management Site
5.1 By use of the Account as set up by an Account Holder through the TLM Centre Management Site we will collect personal data from each Centre from which it will be possible to identify the following categories of persons:
(a) Learners
(b) Assessors
5.2 In the case of Learners, we will know the Centre which they attend as a student and we will collect each Learner’s full name, their date of birth, the school year in which they are then currently engaged in studying for a TLM qualification, their Unique Learner Number and the details of the TLM qualification being studied. We will also receive the scores or marks applicable to each Learner’s assessed performance in examinations or coursework undertaken in the course of their study.
5.3 In the case of Assessors, we will know the Centre which they represent, will well collect their name, a contact phone number (which may be personal or a main Centre number, a description of their Assessor role, an email address and a preferred language for communications.
5.4 The personal data collected through the TLM Centre Management Site will be kept in line with the TLM Centre Management Site Personal Data policy:
6. TLM’s Obligations
6.1 By executing this Contract each Centre is providing documented instructions to process personal data received from that Centre in accordance with the policy at clause 5 above and permits TLM to sub-contract any duties or obligations arising under this Contract without the further prior written consent of that Centre.
6.2 TLM shall:
(a) only process the personal data in accordance with the terms of this Contract or any further documented instructions from a Centre and solely in relation to the performance of the Contract. If in the reasonable opinion of TLM any such term or instruction infringes GDPR TLM shall immediately inform Account Holder at the Centre of such infringement;
(b) ensure that persons employed to process personal data have been required to commit themselves in writing via an employment Contract or some other contractual document to confidentiality or are under an appropriate statutory obligation of confidentiality;
(c) assess and implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk to a data subject represented by the processing, including as appropriate:
(i) the pseudonymisation and / or encryption of personal data;
(ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services;
(iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
(iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
6.3 In assessing the appropriate level of technical and organisational measures required to undertake the processing and ensure security as per clause 6.2 above, TLM shall take account in particular of the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data of the type being stored or otherwise processed.
6.4 TLM shall, taking into account the nature of the processing, assist each Centre by appropriate technical and organisational measures, insofar as this is possible, to enable the fulfilment of the each Centre’s obligation to respond to requests for exercising a data subject's rights laid down in Chapter III of the GDPR.
6.5 TLM shall assist each Centre in the compliance of its own obligations pursuant to Articles 32-36 of the GDPR.
6.6 TLM shall, at the request of a Centre, delete and / or return all the Centre’s personal data to it following the termination of this Contract and delete existing copies save for the personal data that are required to be retained for compliance with any obligations of TLM arising by reason of any applicable law or regulation.
Any learner who has their data deleted from our system will no longer be able to request a copy of their certificates as we will no longer have any record of their achievements.
6.7 TLM shall make available to a Centre all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and, if requested, contribute to audits, including inspections, conducted by a Centre or another auditor mandated by the Centre.
6.8 Where TLM engages a sub-processor to carry out specific processing activities on behalf of a Centre, it shall first engage the sub-processor in the terms of a written contract, which terms shall mirror those contained in this Contract between the Data Controller and TLM in so far as they relate to data processing. In such a case TLM shall remain fully liable to the Data Controller for the performance of sub-processor's obligations.
6.9 TLM must keep electronic records of its processing activities performed on behalf of the Data Controller, including:
(a) TLM’s details, the details of any sub-processors and any representatives and data protection officers of any such party;
(b) the categories of processing activities performed;
(c) information regarding cross-border data transfers of that Centre’s data, if any; and
(d) a description of the technical and organisational security measures implemented in respect of the processed data.
6.10 TLM must notify any breach a Centre as soon as possible after it becomes aware of the same. Such a notice (“Breach Notice”) can be given verbally but must be followed up in writing within 24 hours with the following details:
(a) the nature of the personal data breach including where possible;
(b) the categories and approximate number of data subjects concerned: and
(c) the categories and approximate number of personal data records concerned.
6.11 Regarding transfers of personal data to a country outside of the EU or to an organisation which is represented in jurisdictions outside of the EU, such transfers shall only be undertaken on the instruction of the Centre save where TLM is required to do so by law. In a case where TLM is obliged by any legislation or is required to do so by a body having lawful authority to make such a requirement, then TLM shall inform the Centre of that legal requirement before processing unless that law prohibits such information on important grounds of public interest.
7. Data Protection Warranties, Indemnities and Survival
7.1 Notwithstanding any other provision of this Contract, the parties warrant that, upon receipt of personal data, each shall duly observe all its obligations as a data controller and/or a data processor under the GDPR which arise in connection with the processing of that data and the performance of its respective rights and obligations under this Contract.
7.2 Each party (the "Defaulting Party") shall indemnify and keep indemnified the other party in full and hold harmless against all claims and proceedings and all liability, loss, costs, fines and expenses (including reasonable legal fees) suffered or incurred by the other party arising from or in connection with the Defaulting Party's proven unauthorised and / or unlawful processing or destruction and / or damage to any personal data processed by the Defaulting Party, its employees or agents and / or the Defaulting Party's failure to comply with its obligations under this Contract (“Data Processor Obligations”).
7.3 The provisions of this Contract (Data Processor Obligations) are expressly agreed by the Parties to survive any termination of this Contract, however arising.
TLM Centre Management Site DATA POLICY
Personal data collected through the TLM Centre Management Site will be processed and stored in accordance with the following policy:
(1) No personal data shall be kept longer than is necessary and no personal data which is not necessary will be kept.
(2) Regarding a Learner’s assessed results for all work carried out in the study for a TLM qualification and for the final grade achieved following completion of a TLM qualification, subject to (3) below, we shall keep that record (the “Achievement Record”) for an unlimited period.
(3) We may be required to delete personal data or be required to delete it or surrender it by a person or body having authority to make such a requirement. An Achievement Record is personal to the Learner.
(4) We will keep each academic year’s worth of the personal data of the Assessors for a period of 6 years from the end of the academic year in which the assessments were carried out for the purposes of cross-checking and verifying information concerning an Assessor’s assessment, for the purposes of providing information about Centre’s performance and for the purpose of maintaining evidence in the event of any claim or appeal regarding the assessment of a Learner.
(5) Personal data and other confidential information are handled in accordance with our policy on Data Protection and Confidential Information of which this policy for the TLM Centre Management Site forms part.
(6) Personal data is kept in electronic format on servers belonging to [TLM] managed by United Hosting which is located at [Canary Warfe]. Those servers are maintained and (when necessary) repaired by [employees of TLM] and United Hosting which is retained under a written contract complying with the General Data Protection Regulation (“GDPR”)]. The servers are maintained in a secured location to which access is restricted to members of TLM staff.
(7) All computers onto which personal data may be transferred (including the servers) are TLM computers used by TLM staff or TLM’s contractors. Each computer benefits from a robust firewall and security suite of software which is continually updated by the program settings.
(8) TLM’s contractors are persons who have entered into a written contract with TLM which is compliant with GDPR. Those persons are engaged to provide services to TLM such as assessment of the services provided, assessment of Assessors, financial accounting and audit services, statistical analysis and quality assurance services, assessment services where 3rd parties provide some elements of the TLM qualification. Because these contractors may be engaged by TLM for short periods only or may be engaged for short periods from time to time, their identity will be constantly changing. Where a data subject (or any authorised person on behalf of a Centre) wishes to know the identity of such contractors, we will provide the details on following the making of a request made to [email address]. We would not want to provide the name of a marker because
this could be someone from a rival school. Surely also the marker has the right under GDPR for their name to not be released?
(9) TLM is a recognised body under the Apprenticeships, Skills, Children and Learning Act 2009 and is regulated by The Office of Qualifications and Examinations Regulation (“Ofqual”) under-recognition number RN5273. As a recognised body, TLM will be required to forward details to the following bodies which co-ordinate educational statistics on behalf of the government of the United Kingdom:
(a) Learning Records Service, a part of the Education & Skills Funding Agency
(b) Department of Education
(c) Ofqual
(d) QW - Qualifications in Wales
(10) TLM regards its role under this TLM Centre Management Site policy as that of a data processor which processes data for each Centre.