At Quest Professional we take our responsibilities as a data controller seriously and we are committed to using the personal data we hold in accordance with the law.
We process personal data about prospective, current and past students and their parents, staff, suppliers and contractors and other individuals connected to or visiting the company.
The personal data we process takes different forms – it may be factual information, expressions of opinion, images or other recorded information which identifies or relates to a living individual. Examples include:
As a training establishment, we need to process special category personal data (e.g. concerning health or biometric data) and criminal records information about some individuals (particularly staff). We do so in accordance with applicable law (with respect to safeguarding or employment) or by explicit consent.
We collect most of the personal data we process directly from the individual concerned (or in the case of students, from their parents). In some cases, we collect data from third parties (for example, referees, previous schools, the Disclosure and Barring Service, or professionals or authorities working with the individual) or from publicly available resources. Any third party information is obtained after consent from the individual in question has been provided.
Where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
We will treat all your Personal Information as confidential. We will keep it on a secure server and we will fully comply with all applicable Data Protection and consumer legislation. The server Quest Professional uses to store this information is accessible to authorised staff only, is further connected to the Internet through a firewall and is therefore not accessible to the public.
When you submit an enquiry or make an enrolment on our website www.questprofessional.co.uk, we will ask you to input and we will collect personal information from you such as your name, e-mail address, address and telephone number or other information.
We may also collect information about where you are on the internet (e.g. the URL you came from, IP address, domain types like .co.uk and .com), your browser type, the country and telephone area code where your computer is located, the pages of our website that were viewed during your visit, the advertisements you clicked on, and any search terms that you entered on our website (‘User Information’). We may collect this information even if you do not submit an enquiry or make a booking with us.
If you don't want our cookies, you can change the settings on your browser to block them. The Quest Professional website will still work.
If you email us making a request for course information, we will collect your name, email address and the contents of your email.
If you call us making a request for course information, we will collect the information that we need from you in order to answer your query or deliver the product and services you have requested.
If you speak to one of the Quest team at an event and chose to opt in to receiving information from us (e.g. our monthly newsletter) we will collect your name and email address.
We use a third party provider, Provide Support, to supply and support our LiveChat service, which we use to handle customer enquiries in real time.
If you use the LiveChat service we will collect your name, email address, telephone number (optional) and the contents of your LiveChat session. You can request a transcript of your LiveChat session if you provide your email address at the start of your session or when prompted at the end.
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Personal data held by us is processed by appropriate members of staff for the purposes for which the data was provided. We take appropriate technical and organisational steps to ensure the security of personal data about individuals, including policies around use of technology and devices, and access to Quest systems. We do not transfer personal data outside of the EEA.
Some of our systems are provided by third parties, e.g. Quest’s website or cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with our specific directions.
We do not share or sell personal data to other organisations for their own purposes.
We process personal data to support Quest’s operation in training and recruitment for students aged 16+ and in particular for:
All information provided during the recruitment process will only be used for the purpose of progressing an application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information provided during the recruitment process with any third parties for marketing purposes or store any of your information outside of the EEA. The information provided will be held securely by us whether the information is in electronic or physical format.
We will use the contact details provided to us to contact a candidate to progress their application. We will use the other information provided to assess suitability for the role.
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to assess suitability for employment. Applicants do not have to provide what we ask for but it might affect their application if they do not.
We ask for personal details including name and contact details. We will also ask about previous experience, education, referees and for answers to questions relevant to the role being applied for. Our recruitment team will have access to all of this information.
Our hiring managers shortlist applications for interview. They will not be provided with names or contact details.
Candidates who are unsuccessful following assessment for the position they have applied for may be asked if they would like their details to be retained in our talent pool for a period of six months. If the candidate says yes, we would proactively contact them should any further suitable vacancies arise.
If we make a conditional offer of employment we will ask for information so that we can carry out pre-employment checks. These must be successfully completed in order to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
We therefore require the following to be provided:
If we make a final offer, we will also ask for the following:
We keep in touch with past students, current or former parents or other members of the Quest community. We will use your contact details to keep you updated about our activities and to invite you to events which may be of interest to you by email or by post. We ask you to let us know your data preferences so that we can ensure our communications are relevant to you. You can update your data preferences at any time using the link on our emails. Your data preferences will not affect our contact with you as a current parent or fee-payer.
We retain personal data only for a legitimate and lawful reason and only for so long as necessary or required by law. We have adopted Records Retention Guidelines, which set out the time period for which different categories of data are kept. If you have any specific queries about our record retention periods, or wish to request that your personal data is considered for erasure, please contact us.
You have various rights under Data Protection Law to access and understand the personal data we hold about you, and in some cases to ask for it to be erased or amended or for us to stop processing it, but subject to certain exemptions and limitations.
If you would like to access or amend your personal data, or would like it to be transferred to another person or organisation, or have some other objection to how your personal data is used, please make your request in writing to us.
We will aim to respond to any such written requests as soon as is reasonably practicable and in any event within statutory time limits, which is one month in the case of requests for access to information. We will be better able to respond quickly to smaller, targeted requests for information. If the request is manifestly excessive or similar to previous requests, we may ask you to reconsider or charge a proportionate fee, but only where Data Protection Law allows this.
You should be aware that certain data is exempt from the right of access. This may include information which identifies other individuals, or information which is subject to legal privilege. We are also not required to disclose any confidential reference given by Quest for the purposes of the education, training or employment of any individual.
The rights under Data Protection legislation belong to the individual to whom the data relates. However, we will often rely on parental consent to process personal data relating to students (if consent is required) unless, given the nature of the processing in question, and the student's age and understanding, it is more appropriate to rely on the student's consent.
Parents should be aware that in such situations they may not be consulted, depending on the interests of the student, the parents’ rights at law or under their contract, and all the circumstances.
In general, we will assume that students’ consent is not required for ordinary disclosure of their personal data to their parents e.g. for the purposes of keeping parents informed about the student's activities, progress and behaviour, and in the interests of the student's welfare, unless, in Quest’s opinion, there is a good reason to do otherwise.
However, where a student seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, we may be under an obligation to maintain confidentiality unless, in our opinion, there is a good reason to do otherwise; for example where Quest believes disclosure will be in the best interests of the student or other students, or is required by law.
Students can make subject access requests for their own personal data, provided that they have sufficient maturity to understand the request they are making. Our students are generally assumed to have this level of maturity. A person with parental responsibility will generally be entitled to make a subject access request on behalf of a student, but the information in question is always considered to be the student’s by law.
A student of any age may ask a parent or other representative to make a subject access request on their behalf. Moreover (if of sufficient maturity) their consent or authority may need to be sought by the parent making such a request.
We try to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Please notify firstname.lastname@example.org of any significant changes to important information, such as contact details, held about you.
Our privacy notice should be read in conjunction with our other policies and terms and conditions which make reference to personal data, including our Safeguarding Policy, Health & Safety Policy, Acceptable Use Policy and IT Policy.
If you believe that we have not complied with this Policy or have acted otherwise than in accordance with Data Protection Law, you should notify us. You can also make a referral to or lodge a complaint with the Information Commissioner’s Office (ICO), although the ICO recommends that steps are taken to resolve the matter with us before involving them.