DPA Act 1998
The Data Protection Act 1998 (DPA) gives individuals the right to know what information is held about them, and provides a framework to ensure that personal information is handled properly.
The Act came into force on 1 March 2000 and covers personal data held on computer and in manual files. It also imposes restrictions on the transfer of data outside the European Economic Area, which has particular implications for placing material on the web. The EtP must comply with eight data protection principles, which make sure that personal information is:
Anyone holding information relating to individuals in the course of their work must therefore consider:
The Information Commissioner’s Office is the UK’s independent authority set up to promote access to official information and to protect personal information. Every organisation that processes (i.e. holds and uses) personal information must be registered with the Information Commissioner’s Office (ICO), unless they are exempt. The Educate The Planet’s registration number is ZA151759.
The legislation is complex and more detailed guidance is available on this website, from the EtP’s Data Protection team and on the Information Commissioner’s website.
Data controller the person (or organisation) who determines the purposes for which and the manner in which any personal data are, or are to be, processed (e.g. the EtP).
Data subject any living individual who is the subject of personal data (e.g. student, applicant, member of staff, supervisor, referee etc).
Duty of confidentiality in the case of some subject access requests, the Data Protection Officer may have to take a decision on whether a document containing third party data was written in confidence and whether the breach of that confidence in releasing the document outweighs the requirement to comply with a subject access request.
Fair and lawful processing means one of the following conditions must be met:
(1) for the performance of a contract to which the data subject is a party; or
(2) for the taking of steps at the request of the data subject with a view to entering into a contract.
In the case of processing sensitive data, at least one of the following conditions must be satisfied (in addition to at least one of the conditions outlined above):
Information Commissioner’s Office the UK’s independent authority set up to promote access to official information and to protect personal information.
Personal data data which relate to a living individual who can be identified from that information, or from that and other information which is in the possession of or is likely to come into the possession of, the data controller. It includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual (subject to very limited exceptions).
Processing obtaining, recording, holding or using the information or data (which includes, in relation to personal data, obtaining or recording the information to be contained in the data) or carrying out any operation or set of operation on the information or data. Under the new Act, processing is very widely defined, to the extent that guidelines produced by the Information Commissioner suggest that it is difficult to envisage any action involving data which does not amount to processing within this definition.
Sensitive data information relating to race or ethnic origin, political opinions, religious beliefs, physical/mental health, trade union membership, sexual life or criminal activities. Special conditions apply to the processing of this type of information, including an obligation to obtain the explicit consent of the individual (except in limited circumstances).
Third Party Information information relating to another individual (other than the data subject) who can be identified by that information.
Organisations processing personal data must comply with the principles below:
Amongst the key conditions in Schedule 2 are that either the data controller has the consent of the data subject or the processing is necessary to fulfil a contract with the data subject or to comply with other legal obligations.
Special conditions apply to sensitive personal data, which is defined as information relating to race or ethnic origin, political opinions, religious beliefs, physical/mental health, trade union membership, sexual life or criminal activities. These data cannot be processed in most circumstances unless the data subject has given explicit consent to the processing, or the processing is necessary for strictly limited purposes which are defined (e.g. the administration of justice).
It is important to be aware of the discipline that this implies. Material in a file may in the normal course of events be used for a number of purposes. It is now clear that use must adhere strictly to the purposes to which the attention of the data subject has been drawn.
Thus in future information obtained for the purpose of EtP’s applications records cannot be used for other purpose, unless the applicant has given prior consent.
This implies not only that compiling too much information should be avoided, but also that sufficient information should be obtained for the proper performance of the operation.
This principle requires that the data controller take reasonable steps to ensure the accuracy of data or, where the data subject has expressed a view that the data is inaccurate, that the data records that view.
Thus data must be kept secure. It is the responsibility of the data controller to take reasonable steps to ensure the reliability of any employees who have access to personal data. In addition, if the data controller is using a third party processor then he must ensure that there is a contract in place with that data processor which provides for appropriate security measures.
Central administration, departments and faculties should consider the way in which manual as well as electronic data are held, to ensure that they comply with the requirements as to security.
Of particular note is the fact that material placed on the world wide web is in effect available to any country and thus personal data should not be placed on the web unless the subject has consented (subject to very limited exceptions). The European Commission has now approved the US “Safe Harbor” arrangement, which will involve organisations in the States committing themselves to comply with a set of data protection principles. Commitment to “safe harbours” will provide an adequate level of protection for transfers of personal data to the US from EU Member States. This will of course provide a basis for compliance with the 8th Principle of the DP Act in the UK in relation to transfers to US organisations that have signed up to the scheme.
By choosing to submit your registration to the online application system, you agree to the processing of your personal data as set out below and in accordance with the EtP’s notification to the Information Commissioner under the Data Protection Act (DPA) 1998 by the EtP, which is the ‘data controller’ for the purposes of the DPA.
Your personal data will be used to assess your suitability and verify your eligibility for an EtP Scholarship and to complete all necessary procedures of the selection process, including notifying you of the result. Your personal data may also be used in the collation of statistical information, relating to EtP applicants, which will assist the EtP and the EtP Scholarship Committee (‘EtPSC’) in the management and administration of the EtP scholarship programme.
It is impossible to apply for an EtP Scholarship (‘EtPS’) without providing the personal data requested in the application form. Only data necessary for these purposes will be collected and application data will be stored for a limited period of no more than 24 months.
You will be able to correct the information inputted into the form up until the time of submission. After submission you will need to contact the Help Desk to request an amendment. You will be able to check the progress of your application and view your application at any point.
The information you provide when you apply for an EtP Scholarship (‘EtPS’) will be used in the following ways:
If you are not willing to provide all the information requested, we will be unable to process your application.
You may correct the information entered onto the application form up until the time of submission. After submission, corrections are only permitted to personal data (name, contact details etc.) and you must contact the helpdesk to request an amendment.
The information you provide will also be used to collate statistics and may be used for research (although no information that could identify you as an individual shall be published).
The information will be protected in accordance with the UK’s Data Protection Act 1998.
Where necessary your information will be shared with people and organisations involved in the assessment of your application or administration of the scholarship scheme, including:
If your application is successful:
On your application form you have the opportunity to say that you do not want your information used in the following ways, and we will do everything we can to respect these preferences:
You may change these optional data preferences at any point during your award by informing your Programme Officer of the change you wish to make.
If notice that any documentation you receive from your programme officer contains incorrect information, please notify them immediately so that they can correct the records.
If your application is unsuccessful your application will be held for two years and then destroyed.
If your application is successful, your data will be transferred to the EtP Scholarship Committee for the purposes of administering your award and will then be held for the EtP indefinitely.
Records held about you for immigration purposes will be held for a period of two years only before they are destroyed.
The Freedom of Information Act 2000 provides a right of access to information held by public authorities and sets out exemptions to that right of access. Any person or body who makes a request in writing to a public authority for access to recorded information must be informed whether the public authority holds that information and be supplied with it, subject to the application of various exemptions specified within the Act. The public authority must normally respond within 20 working days of the receipt of the request.
The EtP proactively publishes a wide range of information, the majority of which is available on its website.
If the information is not already available on the website or has not yet been published it will facilitate the response process if requests could be submitted on the Request for Information form below and sent to the EtP at the above address.
Request form – pdf format (100 kb)
Request form – Word format (60 kb)
The Data Protection Act 1998 governs the processing of personal data (information relating to living individuals). This legislation makes it possible for you to request access to personal data that the EtP may hold about you. A request for disclosure of such information is called a subject access request. Any such requests should be addressed to the Data Protection Officer, at the same address as above.
Should you wish to know more about your rights under the Data Protection Act 1998 you should consult the Office of the Information Commissioner.
The Educate the Planet will disclose information wherever possible. However, in certain limited circumstances, it will be necessary to employ one of the exemptions to the general requirement to release information. In any case where information is refused, the Educate the Planet will specify which exemption is being claimed and why. All requests for information will be carefully considered on their own merits and with close regard to the public interest.
The fees chargeable under the Fees Regulations will be operated according to those regulations. Given the limits set out in those regulations it is expected that many requests for information will be met without charge; however a charge may be made for costs of postage, photocopying, tapes, disks or computer runs.
Last updated November 2015