Privacy Notice

Introduction

Cenit College Ltd is incorporated under the laws of Ireland and complies with the EU’s GDPR (General Data Protection Regulation) and Ireland’s Data Protection Acts 1988-2018 and relevant guidance issued by the Data Protection Commission (DPC). This privacy policy sets out the legal basis and explains how and when Cenit College uses personal information. The Personal Data provided by you will be held by Cenit College as a controller, unless we are acting as a data processor, in which case we process your personal information in accordance with the instructions of our clients (e.g. state funded educational bodies). Cenit College respects user privacy and is committed to ensuring its protection. We assure you that any personal data provided to us when using our website or services will be used only in accordance with this privacy policy.

Data Queries Contact Information

All personal data enquires should be made to the Cenit College Data Protection Manager at the following email address: dataprotection@cenitcollege.ie
If a data subject is not satisfied with the information provided by Cenit College or you believe that your rights as a data subject have not been addressed, then that data subject can make a formal complaint to Ireland’s Data Protection Commissioner, who can be contacted as follows.
Post: Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.
Phone: +353 (0761) 104800, or
Email: info@dataprotection.ie

How Personal Information is Collected

Personal Data is collected when a user registers for a course or asks a question via email/chat or phone (or similar means of communication). A user may visit our sites without going through the registration process. Where learners apply and register for programmes of study further personal information is required to be collected, dependent on the programme of study. Cenit College will collect personal data required to fulfil the learner journey within the college.

Cenit College may also acquire data from its clients to subprocess data and provide the required service to the client.

The primary sources of most learner data collected are the information you submit during the application, enrolment, or registration process, the information your manager or supervisor supplies, and your academic data, such as test scores and other qualifications.

The Purpose of Personal Data Collection

Personal data may be collected for the following purposes:

Staff recruitment, selection, and employment.
Register learners so that Cenit College can administer learners for their programme of study.
Record learner achievements.
Health Information needed to provide learner supports.
Record learner payments (bank details – this is held for 1 month only and not on Cenit Colleges records permanently).
Communication (email, phone, web communication): Cenit College will collect personal data to communicate with learners to advise them of our services, which include learner supports, timetables, assessments and to respond to any communications Cenit College may have received from users.

Quality Assurance and Monitoring: Cenit College will collect personal data for the purpose of quality assurance and monitoring and reporting in respect of evaluating the learner journey and experience within Cenit College along with learner satisfaction, progression, completion, and achievement. We monitor and evaluate learner experiences to provide feedback.

Internal and external audits.
Disciplinary matters, appeals, complaints, and other grievances.
To respond to any information requests made under the Data Protection legislation or other regulators or law enforcement.
Marketing (website activity such as IP address, geo-location, page activity). Google analytics and Hotjar are examples of such mechanisms for data collection. To send promotional emails about new offers or services. Please see our Cookie Overview here for further information.
To customise the website in accordance with chosen preferences.

To supply customers with any certifications or awards Certification: Cenit College will collect personal data to allow us to process any relevant certifications with the relevant vendors (such as QQI, ILM etc).
Cenit College will collect personal data to monitor the attendance of learners on programmes (online and in the classroom) and for attendance at examinations. This is collected in order to fulfil the Cenit College obligation to funding agencies or awarding bodies in providing the best possible learner support for programmes of study.
Cenit College may record webinars for future access by the learners.
Learner ID’s are viewed in the legitimate interest of Cenit College to verify the identity of learners for examinations and assessments. Some examination bodies also require photograph of learners but these are not held by Cenit College. The taking of the photograph is facilitated by Cenit College and is only held by the relevant examination body.
Using CCTV Cenit College captures images of individuals entering our premises. This is the legitimate interest of the security, health and safety of all visitors, learners and staff attending the Cenit College premises.

Lawful Basis Under GDPR Legislation

Data Protection law requires that Cenit College must have a valid lawful basis to process personal data as outlined under the section Purpose of Personal Data Collection. Cenit College relies on several such lawful bases as follows:

1. The provision of a contract (core services)

Much of the personal information processes are necessary to meet our commitments to you, for example, processing your personal data in relation to teaching, assessment, and associated administration. The following sets out the main purposes for which we may process your data in the provision of a contract:

Dealing with enquiries/recruitment and admission of learners
Provision of teaching and academic services including examinations
Progression and related administration
Recording and managing learner conduct (including disciplinary procedures)
Maintaining learner records
Management and administration of learner finance (including fees and funding)
Delivering plagiarism checking and academic validation services
Providing services necessary for the learner experience (including IT and communication services)
Safeguarding and promoting the welfare of learners
Dealing with grievances and disciplinary actions
Dealing with complaints and enquiries
Providing careers and placement advice and services
Service improvement via feedback and surveys
Internal reporting and record keeping
Responding to data access requests
Providing learner support services

2. The fulfilment of a legal obligation

Cenit College must process your data when required to do so under Irish/EU law, for instance:

Sharing information with statutory bodies
Monitoring equal opportunities
Providing safety and operational information
Performing audits
Preventing and detecting crime
Administration of insurance and legal claims
Garda vetting
Employment law

3. To protect the vital interest of you or another person – under extreme circumstances

Cenit College would share your data with third parties to protect your interests or those of another person, for example:

Providing medical or emergency contact information to emergency services personnel
Contacting you or your next of kin, in case of an emergency

4. Consent – under certain circumstances

Cenit College will only process your data with your explicit consent. When you consent to receiving information about us, you can opt out at any time by contacting us via email on dataprotection@cenitcollege.ie We may provide you with the following:

Providing information on Cenit College courses and other programmes of study that may be of interest and benefit to you.
References: We may agree to provide a reference for you if you apply for a job or further study.
To send promotional emails about new offers or services that Cenit College you believe you may be of benefit.
To customise the website in accordance with your chosen preferences

5. Legitimate Interests: the processing is necessary for Cenit College’s legitimate interests or the legitimate interests of a third party, except where this interest overrides the protection of the data subject’s fundamental rights and freedom of their personal data.

This would be where we would use CCTV on our premises for your own protection and where we record training session for your benefit.

Generally, within Cenit College, data (especially sensitive data) is not shared with third parties. However, the following instances may give rise to the sharing of personal or sensitive data.

Where Cenit College has a legitimate reason or obligation to share the data (for example, to awarding bodies, tutors, or external companies/bodies).
The data subject consents to sharing the data.
Cenit College enters a contract with a third party to act as the data processor (for example employee benefits). In such instances, there must be a clear written contract with the roles and responsibilities clearly defined.

Types of Personal Data Collected

Human Resources: CVs, employee records, employee payment information, Name, date of birth, emails, Phone records, health information, employment history, next of kin references, benefits, performance history, PPSN, interview notes, CCTV footage and gender.
Accounts: Name of Tutor, Name of trainees, disciplinary Report, Terminations, Medical certs, Incident reports, course visitors, contact information, payroll and attendance logs, payment information, tax information
Certification: Some certifying and examination bodies require us to ask learners for ID and take a photo, but we do not keep this data on our systems, we merely have sight of this data.
Learner and training records: Names of learners and Trainers, email address, phone, DOB, Work experience, Level of education and other professional memberships, health data, PPSN redacted, Nationality and other contact information/history, grades and results including assessments, signatures and gender and diversity information.
Attendance: attendance of learners in programmes (online and in the classroom) and for attendance at examinations.
Webinar Video recordings and IP addresses
CCTV images of individuals entering our premises.

Recipients or Categories of Recipients of Personal Data

Third parties who may have access to personal data are:

State Education bodies
CommSec, LearnSkills,
Microsoft, Sage, uCertify, Measureup, Gmetrix, Percipio
Exam bodies such as Certiport, ICDL, CompTia, Xvoucher, ACCA, Pearsonvue

Data Retention

Retention periods, deletion, archiving, or destruction methods are documented in the Cenit College Record of Processing and Retention schedule. Where Cenit College act as processor, data may be returned to our clients or we act on their instructions to retain data in line with their own regulatory obligations.

HR recruitment data is mainly kept for up to 12 months, whereas some employee data may be kept up to 6 years . Most requirements in relation to learner record keeping span 2 years but may increase to 7 years in limited circumstances. CCTV footage is deleted within 3 months of each recording. Further details on our retention schedule can be found here. Details on our cookie retention can be found here.

How We Protect Your Personal Information

We follow industry standards on information security management and safeguarding sensitive information. Our information security systems apply to people, processes, and information technology systems on a risk sensitive basis.
Your data may be shared between members of staff within Cenit College for us to fulfil our functions and objectives. Cenit College will employ reasonable and appropriate administrative, technical, personnel, procedural, and physical measures to safeguard your information against loss, theft, and unauthorised users’ access, uses, loss, destruction or modifications.
Our principles are applied as follows:

Confidentiality: only people who are authorised to use the data will be authorised to access it. Staff are required to maintain the confidentiality of any of your data to which they have access.
Integrity: All reasonable efforts are made to ensure that your personal data is maintained accurately and remains suitable for the purpose for which it is processed.
Availability: Only authorised users should be able to access the data if they need it for authorised purposes.
Security: We are committed to ensuring that your personal data is secure with us and with the data processors who act on our behalf. We are continuously taking technical and organisational steps to better protect your information.

User’s personal information is stored on secure servers. Although Cenit College is committed to ensuring that data is secure, Cenit College cannot guarantee the security of any information sent to them via the Internet, as no Internet data transmission can be guaranteed to be absolutely secure. To prevent unauthorised access, Cenit College has taken all reasonable physical, electronic, and managerial steps to protect personal information.

Cenit College has a range of measures that it implements to safeguard the personal data of the data subject. These include.

Access to data is restricted to certain roles that are relevant to the purpose for which the data is collected.
Technical security measures such as password protection, encryption, firewalls, back-ups, etc.
Regular security audits and penetration testing.
The creation of policies and procedures to protect personal data. These are published implemented and monitored on an organisation-wide basis.
Use of physical storage which is locked and has limited access and electronic storage that is password protected with limited access.
Staff training.
Data Protection audits.
Risk assessments of any third-party data processing on behalf of Cenit College.
Incident Management Procedure for acting on data breaches to minimise the impact.
Retention and destruction schedule of personal data.

Rights of the Data Subject

Under articles 12 to 23 of the GDRP legislation, data subjects have increased rights, and data controllers are required to facilitate and notify data subjects of their rights. Individuals have the right to:

Right of Access to personal information. This includes information as to whether personal data has been processed and information about that processing. Prior to releasing any personal data Cenit College requires verification of the identity of the applicant. Where the request has been made in electronic form the data will subsequently be provided in electronic form. Where a large amount of data is involved Cenit College may ask the data subject to specify the precise data they wish to access. In many instances, Cenit College may not be the controller and will pass the access request to the relevant party.
Rectification, erasure, and restriction of data processing.
- Rectification: Where you ask for your personal data to be rectified or completed, we will act on your instructions unless we are the processor.
- Erasure: This applies in the following instances:
  - Where the personal data is no longer necessary in relation to the purpose for which it was collected.
  - The data subject withdraws consent and there are no other legal grounds for processing the data.
  - The data subject objects to the processing and there are no overriding legitimate grounds for the processing.
  - The personal data is being processed for direct marketing purposes and the individual has objected to that processing
  - The personal data has to be erased to comply with an EU or Member State legal obligation; or
  - The personal data has been collected in relation to the offer of information society services (online business) to a child. Cenit College does not offer information society services to children.
Request the restriction or suppression of their personal data, in certain circumstances. A data subject’s right to restrict processing applies in four scenarios:
- - The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify its accuracy.
  - The processing is unlawful, and the data subject opposes erasure and requests restriction instead.
  - The controller no longer needs the personal data, but the data subject requires the data to exercise or defend a legal claim; or
  - The data subject has objected to the processing. It should be restricted pending verification of whether the legitimate interest’s grounds or public interest tasks of the controller override those the rights of the data subject.
- When processing is restricted, Cenit College will store the personal data but not further process it. Where the data are processed automatically, the restriction will be affected through technical methods and Cenit College will make a note on the IT system.
Data portability. Allowing individuals to reuse their data across different services, where feasible.
Object to personal data processing and automated individual decision making. Individuals have the right to object to processing of personal data in certain instances. Individuals also have the right not to be evaluated on the basis of automated processing.

There is a small number of instances where your right to access personal data may be limited, particularly in protecting the rights and freedoms of others.

If you make a data access request, we have one month to respond to you if this is data that we are the controller of. Data requests that are the responsibility of our clients (which we are the processor of) will be sent to the controller and they in turn will be in contact with the user.
If you would like to exercise any of these rights or ask any questions, please contact us:
Write to us: dataprotection@cenitcollege.ie
Or call us at 01 901 2019

Processing Personal Data Outside the EEA

Exam vendors may be based in the United States and so names and email addresses may be shared with these bodies. We ensure that equivalent security measures are applied accordingly.

Right to Lodge a Complaint with the Data Protection Commission

Our Company website may contain links to other websites. Our privacy policy applies only to our website, so you should read their privacy policy if you click on a link to another website.

Marketing

Cenit College will collect personal data for the purpose of marketing. This is used to inform the data subjects of programmes, information, and events that may be of interest to them. The website utilises Google Analytics to generate reports and insights of users visiting the Cenit College website. Visitors to the Cenit College website can opt out of this by using the Privacy Toolbar when they first enter the website. Alternatively, visitors may opt out by contacting the Cenit College Data Protection Manager. The college would like to send users information about products and services that we think they might like. If you have agreed to receive marketing, you may always opt out later. You have the right at any time to stop Our Company from contacting you for marketing purposes or giving your data to other members of our Company Group.

Cenit College Careers

Please note it is our policy to store submitted CVs electronically for one year, after which they will be securely deleted. During this period, we will only contact you if we feel you are a potentially suitable candidate for a position with Cenit College.

Changes to our privacy policy

Our Company keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 12/12/2024.

Cookie	Duration	Description
__stripe_mid	1 year	Stripe sets this cookie to process payments.
__stripe_sid	1 hour	Stripe sets this cookie to process payments.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Analytics".
cookielawinfo-checkbox-functional	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
m	1 year 1 month 4 days	Stripe sets this cookie for fraud prevention purposes. It identifies the device used to access the website, allowing the website to be formatted accordingly.
PHPSESSID	session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
rc::a	never	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c	session	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.

Cookie	Duration	Description
_fbp	3 months	Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.n
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
last_pys_landing_page	7 days	PixelYourSite plugin sets this cookie to manages the analytical services.
last_pysTrafficSource	7 days	PixelYourSite plugin sets this cookie to manage the analytical services.
pbid	6 months	PixelYourSite plugin sets this cookie to manage the analytical services.
pys_first_visit	7 days	PixelYourSite plugin sets this cookie to manage the analytical services.
pys_landing_page	7 days	PixelYourSite plugin sets this cookie to manages the analytical services.
pys_session_limit	1 hour	PixelYourSite plugin sets this cookie to manage the analytical services.
pys_start_session	session	PixelYourSite plugin sets this cookie to manage the analytical services.
pysTrafficSource	7 days	PixelYourSite plugin sets this cookie to manage the analytical services.
vuid	1 year 1 month 4 days	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.

Cookie	Duration	Description
__cf_bm	1 hour	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_cfuvid	session	Calendly sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services
li_gc	6 months	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
wcml_client_currency	2 days	WordPress uses this cookie to determine the user's currency preference.
wcml_client_currency_language	2 days	WordPress uses this cookie to determine the user's language preference.
wp-wpml_current_language	session	WordPress multilingual plugin sets this cookie to store the current language/language settings.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
NID	6 months	Google sets the cookie for advertising purposes; to limit the number of times the user sees an ad, to unwanted mute ads, and to measure the effectiveness of ads.