Data Protection and Privacy
Updated 14th April 2023.
At ICS Learn we are committed to protecting and respecting your privacy.
This policy explains who we are, what, when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
Any questions regarding this policy and our privacy practices should be sent:
By post to ICS Learn, 7 West Nile St, Glasgow G1 2PR
Who are we?
We’re ICS Learn, the world's most experienced distance learning organisation. Our aim is to make learning as accessible as possible in a way that lets you decide when, where and how you learn.
International Correspondence Schools Limited trading as ICS Learn is a company incorporated under the laws of Scotland (registered number SC434382) having its registered office and address for service at ICS Learn, 7 West Nile St, Glasgow G1 2PR. We are registered as a data controller with the UK Information Commissioner's Office (ICO) under registration number Z3410565.
How do we collect information about you?
Information is provided to ICS Learn by:
- Filling out an enquiry form on the ICS Learn website
- Filling out an enquiry form for one of our courses on a third-party website, such as an awarding body, online job noticeboard website, or a generic course enquiry website, which is then automatically sent to us
- Correspondence by phone, email or chat
- Requests to join our social media channels such as Facebook, LinkedIn and Twitter
- Information provided when contact is made with the Student Service team to report a problem, resolve a query or provide general system advice and support
- Surveys to support continuous improvements in the student experience
- Career development tools to support your continued learning
- Completion of an Apprenticeship enrolment form
- Any pre-enrolment diagnostic test that may be required
What information do you provide?
When you submit your details to us through an enquiry on our website [or a trusted third party], we’ll collect the following information:
- Your full name
- Your email address
- Your telephone number
When you speak to our course advisors or enrol on a course, we may ask for the following information:
- Your full name
- Your email address
- Your telephone number
- Your education and work experience, where relevant to the course
- Your postal address
- Your date of birth
- Payment information including credit card number and bank account details
- Company Name and Address
- Copy of your identification, either passport or driving license.
If a third party is paying for your course then we will ask them for the following information:
- Full name
- Email address
- Postal address
- Date of Birth
- Payment information including credit card number and bank details
When you are studying, we may collect the following information about you:
- Service queries or problems
- Academic tutor queries
- Coursework or assessments submissions
- Student event or survey
- Career development plans
When you enrol as a student, we’ll ask if you have any special educational requirements that might require us to make adjustments to the course or assessments. We ask this so that we can take reasonable steps to accommodate your needs and give you the best student experience possible. Any such health information is known as special category personal data under data protection laws. We may share this with our Awarding bodies so that they can take your requirements into consideration when setting assignments or exams.
This information will only be used to help you.
As with all your data, you can ask us to delete or modify this information at any time. Please see further information about your privacy rights below.
How and why we use your personal information
Under data protection law, we can only use your personal information if we have a proper reason for doing so, e.g.:
to comply with our legal and regulatory obligations;
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party; or where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The list below explains what we use (process) your personal information for and our legal basis for doing so:
Students: If you are a student, our processing of your personal data is necessary for the performance of our contract with you, i.e. to provide you with the course you have enrolled on. If you do not provide us with certain personal information that we request when you apply for one of our courses, then we may not be able to offer this course to you. We will seek your consent to process any special categories of personal data (such as health information) that we may request when you apply for one of our courses.
Enquiries and Feedback: We use personal information submitted to us when you make an enquiry or when you provide feedback to us for our legitimate interests of engaging with potential students and identifying how we can improve our services.
Job Applications: We collect personal information in the context of processing job applications as necessary to comply with our legal and regulatory obligations to ensure that our application processes comply with applicable laws, and also for our legitimate interests to ensure that candidates are appropriately qualified and suitable for working with us. Such processing may also be necessary for us to take steps before entering into an employment contract with a candidate.
Business Contacts: We use personal contact details of business contacts (including agents, contractors and individuals that represent our suppliers and business partners) for our own legitimate interests of running our business.
Marketing: We may use your personal information to send you updates about our services, including exclusive offers, promotions or new courses. We have a legitimate interest in processing your personal information for marketing purposes. This means we do not usually need your consent to send you marketing communications. However, where consent is needed, we will ask for this consent separately. You have the right to opt out of receiving marketing communications at any time (please see "How to unsubscribe from marketing communications" below). We will always treat your personal information with utmost respect and never share it with other organisations for marketing purposes.
How long do we keep your data?
If you submit your details as a prospective student, we’ll store this data for 3 years.
If you enrol as a student, we’ll store your data for 7 years after the completion of your course in line with regulatory and governing body requirements, where there may be a requirement to hold your data to evidence the completion of your studies or for audit purposes.
Technical information about your visit to our website may be kept for the following retention periods:
- Google unique visitor tracking - 2 years.
- Google analytics session - 30 minutes.
- Google referral - 6 months.
For more information about how long we keep your data, please contact us at the details above.
How do we keep your data secure?
We take your privacy and security very seriously and take appropriate measures to ensure that your data is protected from misuse.
We have an ongoing programme of improvement and development in order to protect your personal data from unauthorised access, accidental loss and/or destruction.
We use the following security measures to protect your data:
- Industry standard secure sockets layer (SSL) technology, to protect personal information, as well as the use of specific logins and secure passwords
- Our web servers and database servers are held in a securely managed data centre and are further protected with a personal firewall and inherent security layers
- firewalls, anti-virus, secure file transfers as used where required
- encryption of emails is used where required
- office security
- access to personal data is granted on an "as-needed" basis
- an incident and disaster recovery protocol framework is in place to help us manage any data security breaches
Please be aware that communications over the internet, such as e-mails/instant messaging, are not secure unless they have been encrypted. We cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
Who do we share your data with?
In order to provide and improve our services, we may share relevant information with the following third parties. All of our third parties are trusted and take appropriate measures to ensure your data is secure.
- Contracted Apprenticeship Partners including Realise Training to support enrolment on funded courses for Apprentices
- Examination and Workshop venues – for arrangement of workshops and exams
- The National Apprenticeship Service for Apprenticeships
- Your personally assigned tutor(s) and assessor(s)
- Publishers – to supply textbooks relevant to your studying
- Buyapowa - if you enrol as a student, we will share your data with Buyapowa who run our refer-a-friend programme
- Abintegro – if you enrol as a student or sign up for a free trial of our Career Hub, we will share your data with Abintegro who host the Career Hub service
We may also share your information if:
- It’s necessary to enforce our Terms & Conditions or other policies
- It’s necessary to protect our rights, property, employees or students
- It’s necessary to protect ourselves or others against fraud or credit risk
- We’re required to by law
- You’ve given us your consent to pass your details to additional third parties
Coursework and assessment submissions will only be shared securely based on the terms of the student agreement; for example, with a designated person or department in the relevant Awarding Organisation.
Transferring your data across borders outside the EEA and UK
This is relevant as countries outside the EEA and UK are not bound by the same data protection regulations as those within the EEA and UK.
The European Economic Area (EEA) includes the EU member states plus Iceland, Norway, and Liechtenstein, and is covered by the General Data Protection Regulations (GDPR).
Your data might be shared with the non-EEA or UK companies below contracted to provide a service to us. We trust these companies with your data because they’ve ensured that their data protection measures are at least as extensive as those required within the EEA and UK by GDPR.
- Bizible – MS Azure – to support the efficiency of our marketing campaigns
- Adobe E-sign – AWS US – to support electronic signatures
- VWO – US – A/B testing tool
You can view these companies’ privacy policies here:
Your rights regarding your personal data
Under data protection laws, you have many rights regarding your personal data which may generally be exercised free of charge. These include the right to:
- fair processing of information and transparency over how we use your use personal data (as contained in this policy)
- require us to correct mistakes in your information which we hold
- require us to delete your personal information in certain situations
- receive a copy of the personal information you’ve provided to us in a structured, commonly-used and machine-readable format
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
- claim compensation for damages caused by our breach of any data protection laws
For full information on your rights, including how and when they apply, please contact us or seek guidance from the ICO.
You can exercise any of these rights by emailing email@example.com, by phoning 0800 056 3983 or by writing to ICS Learn, 7 West Nile St, Glasgow G1 2PR and providing the following information:
- Your name
- Your postal address
- A telephone number where you can be reached
- A photocopy of your passport or driving license
- Your signature and the date of the request
- Signed authority from the individual whose data is required if you are applying on their behalf
How to delete or modify your personal information
If for any reason you’d like us to delete or modify your data, or opt-out of any communications, you can do this for free. Contact us at firstname.lastname@example.org and we’ll meet your request within one month.
However, you should be aware that we may not be able to delete your personal data if there is a legitimate reason for us to continue to hold your data; for example, we may continue to hold personal data where we are under a legal obligation to do so, or where such information may need to be used by us in the exercise or defence of any legal claim.
How to request a copy of your personal information
You can ask us for a copy of the information we hold on you at any time, free of charge, by contacting us on email@example.com. We’ll respond within one month.
How to unsubscribe from marketing communications
To opt out of our emails or other marketing communications, click the ‘unsubscribe’ button at the bottom of any email or text "STOP" in response to any marketing text message we send you.
To opt out of us sharing details with Facebook that you have submitted through our website or as part of your enrolment process, email firstname.lastname@example.org.
How to make a complaint
We’ll do our best to resolve any complaint or question you have about the data you store with us.
If you believe we’ve breached data protection laws, you have the right to lodge a complaint with the relevant supervisory body where you work, live, or where the alleged breach occurred.
In the UK, this is the ICO, which can be reached here or by phone on 0303 123 1111.
How and when we may change this policy
We will keep this policy under review and any changes made from time to time will be posted on this page.
Please check back regularly to keep informed of updates or changes to this privacy statement. We will notify any significant changes via an announcement on our website.