Terms And Conditions


Paula Muran takes its duties under the Data Protection Act 2018 (the Act) and related rules on the Continent of Europe extremely seriously. These limitations restrict our ability to utilise personal information.

This policy outlines the roles and obligations of workers and firms within the Paula Muran regarding the handling of personal information.

Everyone has rights regarding the handling of their personal information. During the course of our activities, we will collect, store, and process (i.e. utilise) the personal information of our employees, customers, suppliers, and anyone with whom we contact, and we recognise the need to do so in a safe, lawful, and confidential manner.

Personal information, whether stored on paper, an electronic device, or another medium, is protected by law. These are defined in the Act and additional rules that implement the EU Directive on Data Protection in the United Kingdom.

We may process all of the information we collect from you in order to fulfil our contractual obligations to you, and we may request additional information from third parties or disclose your information to other carefully selected third parties, such as the Education and Skills Funding Agency, Awarding Organisations, the Learner Record System, and Ofsted.

Access to all paper-based and electronic data systems is highly restricted, with access to either system permitted only when the required security procedures have been performed and a GLP Systems Access Form has been authorised.

Representatives of employers, Ofsted, ESFA, ESF, and awarding bodies will only be granted access to data systems upon completion of a GLP Systems Guest Access form. This form must be completed and approved prior to access being granted, and access will be limited to the time duration requested by the guest or deemed necessary by Paula Muran’s Head of Quality. The amount of access allowed will depend on the visitor seeking access, e.g., ESFA will have full access, while Awarding Body EQA will only have access to proof portfolios.

Once the allocated period has expired, the permitted access will be withdrawn and documented as such.

By providing us with your personal information, you consent to our processing and, in particular, disclosure of the following data:

  • as required by law to any third parties;
  • to selected third parties who may process personal data on our behalf;
  • to third parties such as the Education and Skills Funding Agency, Awarding Organisations, Learner Record System or Ofsted, who may use your personal data or sensitive personal data (as applicable) to allow us to fulfil our contractual obligations to you.
  • do statistical analysis
  • transmit to their regulators or industry organisations for the following reason

(1) monitor equal opportunity with relation to race or disability, or for other monitoring reasons, or

(2) account for candidates when it is required to do so; or (3) when it is required to do so.

for such agencies to contact a candidate personally when the information is not widely available through other ways.

This policy will give you with the necessary knowledge, guidance, and training to recognise personal information and correctly handle it. You should also study Paula Muran’s policy about the usage of social media and comprehend her information security requirements.

You should ensure that you completely understand this policy and adhere to its instructions.
Individuals may be held personally accountable in certain situations if we fail to comply with the Act.

You should be informed that any violation of this policy will be regarded severely and may result in disciplinary action or the incident being reported to the appropriate external authorities.

This policy conforms to the Paula Muran Ltd Management Handbook’s description of the DBS policy on data protection.

Data protection: fundamental concepts

The Act establishes eight fundamental principles that govern the general use of personal information. These clauses stipulate that private information must be:

  • treated with fairness and legality;
  • processed for restricted reasons and in a suitable manner; acquired solely for one or more defined and legitimate purposes, and not processed in a manner inconsistent with that purpose or those purposes;
  • ALL GLP system users must be approved before access is granted at the appropriate level for the user’s scope of operations; access is granted only after a GLP Systems Access Form has been completed, submitted, and approved by the Head of Quality or Managing Director; approval can only be granted by the Head of Quality or Managing Director. Guest access for employers or external auditors is provided using the GLP Systems Guest Access form and follows the same approval path as outlined above; guest access is revoked after the specified access period expires.
  • adequate, relevant, and not excessive in relation to the purpose or reasons for which they are processed;
  • precise and, where necessary, kept up-to-date;
  • not be kept for longer than is necessary for the reason or reasons for which they are processed;
  • filtered in accordance with the rights of Data Subjects under the Act;
  • secure, meaning that appropriate organizational and technological measures should be taken against non – authorized or unlawful processing of personal information and against accidental loss, destruction, or damage to personal data. If you adhere to Paula Muran’s policy, you will likewise adhere to the aforementioned principles and remain within the law.
  • The Skills Funding Agency and Awarding Organisations may also transfer your personal information outside the European Economic Area, but Paula Muran will make all reasonable efforts to ensure that any transferred information is afforded the same level of protection and security as if it were being processed in the United Kingdom.

Important meanings of “personal data”

consists of information on a living person who can be identified: –

  • based on the data; or
  • from the data and other information in the Data Controller’s possession or likely to enter the Data Controller’s possession.

Personal information comprises any expression of opinion about an individual and any indication of the Data Controller’s or any other individual’s intentions towards the individual. Note that the term does not include corporations (but it does include persons within companies) or deceased individuals.

“private and confidential information”

Includes information about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition, or sexual life, as well as information about the commission or proceedings for any criminal offense or alleged to have been committed by that person, the disposition of such proceedings, or the sentence of any court in such proceedings. Sensitive personal information may only be treated under stringent conditions, often with the full agreement of the individual concerned.

archiving of data

Learner information that must be maintained is rigorously governed. ALL personal information is maintained in the learner’s file, which is secured in locked cabinets. Access is tightly restricted to GLP individuals who have a need to access said data and who have requested the appropriate cabinet key. All files are returned promptly to their respective locked cabinet, and the key is returned to the key box.

All of Paula Muran’s computer systems are protected by a password. Workstation passwords are highly regulated and are known only to the Administration Manager and system operator, the Managing Director, and the applicable workstation operator. The Head of Quality safeguards the passwords for all computer systems, internal and external software programmes, and financing partner system access. The distribution of these credentials is highly regulated and restricted to people who require access to these services. Account system credentials are restricted to the Managing Director and the Chief Financial Officer.
The GLP Employee Access and GLP Guest Access approval system administers hosted data systems, Pellcomp “PICS” MIS systems, and Smart Assessor e-Portfolio systems. Only the Head of Quality and the Head of Administration has master administration privileges for these systems.
Any redundant or unneeded paper documentation containing personal data, whether company, employee, funding partner, or learner, is placed in the confidential document storage bin pending secure destruction by the secure document destruction contractor. Paula Muran Ltd has a contract with “Shreddit Ltd” for secure document destruction. In all operating offices, there are locked document receptacles whose keys are managed by the head of administration.

This policy will be reviewed on a regular basis to ensure that any modifications to the Data Protection Act are implemented and that Paula Muran Ltd complies with such Act.