Privacy Policy

Mission EmployAble is a data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Notice explains how we collect, use, share and retain personal data relating to individuals who engage with our education-sector activities.

Who this notice applies to

This notice applies to young people participating in our programmes, parents or carers where relevant, staff, volunteers, trustees, partners, applicants and other individuals whose personal data we process.

The personal data we hold

Depending on the nature of our relationship with you, we may process the following categories of personal data:

  • Personal identifiers (name, date of birth, contact details)
  • Education, training and placement information
  • Safeguarding and child protection information where necessary
  • Special category data (for example health or disability information) where lawful
  • Recruitment and vetting information, including DBS status where applicable
  • Correspondence and engagement records
  • Technical data where individuals interact with our systems or websites

Why we process personal data

We process personal data to deliver education and employability programmes, meet safeguarding duties, manage recruitment and volunteering, communicate with participants and partners, monitor and improve our services, and comply with legal and regulatory obligations.

Lawful bases for processing

Our lawful bases for processing under UK GDPR include:

  • Legal obligation - where processing is required by law or statutory guidance
  • Public task - where processing supports education-related functions
  • Contract - where processing is necessary to deliver a programme or service
  • Legitimate interests - where processing is necessary for our charitable purposes
  • Vital interests - particularly in safeguarding situations
  • Consent - where no other lawful basis applies

Safeguarding and KCSIE

Where our work involves children or young people, we follow safeguarding and information-sharing principles consistent with Keeping Children Safe in Education (KCSIE). This includes lawful sharing of information where necessary to protect individuals from harm.

Who we share data with

We may share personal data with trusted partners where necessary, including:

  • Education providers and placement hosts
  • Local authorities and safeguarding partners
  • Funding bodies, including the Department for Education
  • Professional advisers and auditors
  • IT and system providers acting as processors

International transfers

Where personal data is transferred outside the UK, appropriate safeguards are in place in accordance with UK GDPR requirements.

Data retention

We retain personal data only for as long as necessary. Where record types are comparable, retention periods are aligned with the Department for Education Data Retention Schedule. Where different periods apply, the rationale is documented.

Your data protection rights

You have rights under data protection law, including the right to access, rectify, erase, restrict or object to processing, and the right to lodge a complaint with the ICO.

Automated decision-making

We do not make decisions about individuals solely by automated means.

Contact details

Data Protection Officer: dpo@missionemployable.co.uk
You may also complain to the Information Commissioner's Office (www.ico.org.uk).