Data Protection Policy

Hornbill is committed to a policy of protecting the rights and privacy of candidates in accordance with the Data Protection Act. Hornbill needs to process certain information about its candidates and other individuals it has dealings with for administrative purposes (e.g. to administer courses, to record progress, to agree awards, to collect fees, and to comply with obligations to external agencies). To comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed to any third party unlawfully.

The policy applies to all candidates. Any breach of the Data Protection Act 1998 or Hornbill Data Protection Policy is considered to be an offence and in that event, Hornbill disciplinary procedures will apply. As a matter of good practice, other agencies and individuals working with Hornbill, and who have access to personal information, will be expected to have read and comply with this policy. It is expected that departments/sections who deal with external agencies will take responsibility for ensuring that such agencies sign a contract agreeing to abide by this.

Data Protection Principles:

If you are processing personal information covered by the Act you must comply with the data protection principles.

The Data Protection Act governs the use of personal information through the eight data protection principles.

These principles require that personal information is:

  • Processed fairly and lawfully
  • Processed for one or more specified and lawful purposes, and not further processed in any way that is incompatible with the original purpose
  • Adequate, relevant and not excessive
  • Accurate and, where necessary, kept up to date
  • Kept for no longer than is necessary for the purpose for which it is being used AAAA Processed in line with the rights of individuals
  • Kept secure with appropriate technical and organisational measures taken to protect the information
  • Not transferred outside the European Economic Area (the European Union member states plus Norway, Iceland and Liechtenstein) unless there is adequate protection for the personal information being transferred

Russell Scaplehorn
Managing Director
January 2008

Get in touch