Privacy Policy

1. AlphaPlus Privacy Statement

AlphaPlus are committed to safeguarding the privacy of all the data we process in the course of our work. We are registered with Information Commissioner’s Office (ICO) as data controllers and processors. Our technical protection measures are certified against the UK Governments Cyber Essential Plus Scheme. AlphaPlus ensures every staff member is trained in the principles of data protection and signs and adheres to our data security policy. Data we process and store is accessed only by those with authority to use it (confidentiality), that the systems where data is held and manipulated are operating correctly and that information is accurate and complete (integrity), and that information is available only to those who have authorised access when they need it (availability). Furthermore, all AlphaPlus staff undertake annual training in the general data protection regulation (GDPR).
This privacy statement explains what information we collect, what we do with it, how we collect it and keep it secure.

1.1.   Who are AlphaPlus?

AlphaPlus Consultancy Ltd are a registered company in England & Wales 04801609.  The registered address is Aqa, Devas Street, Manchester, England, M15 6EX.

AlphaPlus are part of the AQA Group, which is made up of the following legal entities:

  • AQA Education (registered office: Devas Street, Manchester, M15 6EX).
  • AQA Milton Keynes (registered office: 4 Garamonde Drive, Wymbush, Milton Kenes, Buckinghamshire, MK8 8DF).
  • AC3 Solutions Limited (registered office: Devas Street, Manchester, M15 6EX).
  • AlphaPlus Consultancy Ltd (registered office: Aqa, Devas Street, Manchester, England, M15 6EX).
  • Blutick Ltd (registered office: Unit 109 Birdwood Road, Cambridge, United Kingdom, CB1 3TB).
  • Doublestruck Ltd (registered office: Devas Street, Manchester, M15 6EX).
  • GradeMaker Ltd (registered office: Devas Street, Manchester, M15 6EX).
  • Oxford International AQA Examinations (registered address: Oxford University Press, Great Clarendon Street, Oxford, England, OX2 6DP).
  • Training Qualifications UK Ltd (registered office: Crossgate House, Cross Street, Sale, M33 7FT).

1.2.   Reasons for processing data

We process personal information, as a data controller and a data processor on behalf of our customers and clients, to enable us to provide consultancy and training to our customers and clients; to promote our services, to maintain our own accounts and records, and to support and manage our employees.

1.3.   Personal data that we process

We process personal and sensitive information, as defined under the UK GDPR, relevant to the above reasons/purposes.  This may include:

  • personal details
  • family details
  • education and employment details
  • lifestyle and social circumstances
  • training details
  • business activities of the person whose personal information we are processing
  • financial details
  • goods and services
  • health details
  • racial or ethnic origin
  • religious or other beliefs
  • trade union membership

If you have provided us with the personal data of another person (“Third Party Personal Data”) you confirm that they consent to the processing of their personal data by us and that you have informed them of our identity and the purposes (as set out herein and in any agreement between us) for which their personal data will be processed.

1.4.   Who the information is processed about

We process personal information for our customers about:

  • pupils/students/learners/candidates
  • trainers
  • practitioners
  • staff
  • suppliers
  • local authorities

1.5.   Who we share personal data with

We sometimes need to share the personal information we process with the individual themselves and with other organisations.  Where this is necessary, we are required to comply with all aspects of the relevant UK and EU Data Protection legislation.  What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with:

  • business associates and other professional advisers
  • educators and examining bodies
  • family, associates and representatives of the person whose personal data we are processing
  • suppliers and service providers;
  • persons making an enquiry or complaint
  • other companies in the same group
  • central government

1.6.   How we store personal data

We take your privacy and the security of personal data very seriously.  We strive to ensure that your information is always protected in accordance with applicable data protection laws.  Any third party we work with must have security measures in place to process your personal data.

We use securely configured cloud-based systems (including SharePoint and Dynamics CRM) to store and process data, by giving permission for AlphaPlus to use your data, you are also giving permission for us to store and process your data on those systems which are provided as 3rd party products to us.

We shall not pass your personal data to any third party for marketing purposes (including our marketing affiliates and partners) unless we have procured your express consent to do so.

1.7.   How we transfer personal data

It may sometimes be necessary to transfer personal information e.g. from AlphaPlus to a customer on the completion of analysis.  This will be done securely, taking the necessary precautions to ensure that your data is kept safe.

On the 28 June 2021, the UK was granted ‘adequacy’ by the European Commission in GDPR terms.  International transfers to the UK and AlphaPlus from the European Economic Area (EEA) and other adequate countries can continue to take place with no additional safeguards. This is alongside existing measures we have in place for international transfers outside of the EEA.

1.7.1. Data transfers from AlphaPlus to countries within the EEA

We can still send personal data to the EU/EEA, Gibraltar and other countries deemed adequate by the EU.  They have adequate protection by the UK Government under the new arrangements. We’ll always do so securely in line with the GDPR principles.

1.7.2. Data transfers to AlphaPlus from countries within the EEA

Because the UK is now an ‘adequate country’ in data protection terms, the EEA do not require additional safeguards for transferring data to the UK.

1.7.3.  Data transfers from AlphaPlus to countries outside the EEA (incl. USA and the rest of the world)

Some of the services and products we use, use service providers outside of the EEA.  We may have to transfer some of your data to these providers so you can use our websites, services and products.

Appropriate measures and controls are in place to protect the transfer of your data.

Transfer of data is made in accordance with the requirements of the UK GDPR and DPA 2018 and may be based on the use of the European Commission’s Standard Contractual Clauses (SCC) for transfers of personal data outside the EEA.  AlphaPlus may also utilise the Information Commissioners Office’s (ICO) International Data Transfer Agreement (IDTA) addendum for transfers to none adequate third countries outside of the UK and EEA.

By using our websites, services, products or by interacting with us in the ways described in this privacy notice, you consent to the transfer of your data outside the EEA in the circumstances set out in this privacy notice.

1.8. Retention of your personal data

AlphaPlus will retain personal data for the required time to complete our contractual requirements with our customers and clients, adhering to any legal requirements set out.  Our retention schedule sets out the amount of time records are required to be kept for, this applies to all formats, including paper and electronic information.

1.9. Your rights

Individuals have several rights under the UK GDPR, under certain circumstances, this includes the:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision making including profiling

1.10. How to contact us?

To contact AlphaPlus regarding data access requests, the right to erasure, the right to be forgotten, or any other data related rights queries, please email dataaccessrequest@alphaplus.co.uk or write to us at AlphaPlus, c/o AQA Education Ltd, Devas Street, Manchester, M15 6EX.

1.11    Cookies and and IP addresses

We may store information about you in a cookie (a small file that is sent by our web server to your computer), which we can access when you make return visits to www.alphaplus.co.uk or other AlphaPlus registered domains (the “Website”).  Storing cookies is usual practice for any web site that needs to remember what its users’ preferences are and we use cookies to keep track of your choices in the Website.

If you would like to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that cookies are stored in.  If you would like to stop cookies being stored on your computer in the future, please refer to your browser manufacturer’s instructions by clicking “Help” in your browser menu.  Further information about deleting or controlling cookies is available at www.aboutcookies.org.

Please note that when you visit our site, we may also log your IP address, a unique identifier for your computer or other access device.

1.12.   Changes to our privacy policy

Any changes we make to our privacy policy will be published to our website.