+965 23927867  
info@tutistraining.com  
Data Protection Policy

TUTIS holds and processes information about employees, contractors, and other data subjects for personal, administrative and commercial purposes. When handling such information, the company, and all staff or others who process or use any personal information, must comply with the Data Protection Principles. In summary these state that personal data shall:

  • Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with the purpose
  • Be adequate, relevant and not excessive for the purpose
  • Be accurate and up-to-date
  • Not be kept for longer than necessary for the purpose
  • Be processed in accordance with the data subject's rights
  • Be kept safe from unauthorized processing, accidental loss or damage


Definitions:

  • "Data Controller" further information about company data controllers is available from the Data Protection Officer
  • Staff, Trainees and other data subjects may include past, present and potential members of those groups
  • Other data subjects and third parties may include contractors, suppliers, contacts, invigilators, assessors or friends
  • Processing refers to any action involving personal information, including obtaining, viewing, copying, amending, adding, deleting, extracting, storing, disclosing or destroying information.


Notification of Data Held:

The Company shall notify all staff contractors and other relevant data subjects of the types of data held and processed by the company concerning them, and the reasons for which it is processed.


Staff Responsibilities:

  • "All staff shall ensure that all personal information which they provide to the company in connection with their employment is accurate and up-to-date
  • Inform the company of any changes to information
  • Check the information which the company shall make available from time to time, in written or automated form, and inform the Company of any errors or, where appropriate, follow procedures for up-dating entries on computer forms.
  • Personal information is kept securely and is not disclosed either orally or in writing, accidentally or otherwise to any unauthorized third party. Unauthorized disclosure may be a disciplinary matter, and may be considered gross misconduct in some cases.


Rights to Access Information

Staff, Contractors and other data subjects in the Company have the right to access any personal data that is being kept about them either on computer or in structured and accessible manual files. Any person may exercise this right by submitting a request in writing to the appropriate designated data controller.

The Company aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 30 days unless there is good reason for delay. In such cases, the reason for the delay will be explained


Subject Consent

In some cases, such as the handling of sensitive information or the processing of confidential data, the Company is entitled to process personal data only with the consent of the individual.

The Company may process sensitive information about a person's health, disabilities, criminal convictions, race or ethnic origin, or trade union membership in pursuit of the legitimate interests of the Company.

The Company also asks for information about particular health needs, such as allergies to particular forms of medication, or conditions such as asthma or diabetes. The Company will only use such information to protect the health and safety. The Company will keep different types of information for differing lengths of time, depending on legal, academic and operational requirements


Compliance

Compliance with the Act is the responsibility of all concerned and members of staff. Any deliberate or reckless breach of this Policy may lead to disciplinary, and where appropriate, legal proceedings. Any individual, who considers that the policy has not been followed in respect of personal data about him or herself, should raise the matter with the designated data controller initially. If the matter is not resolved it should be referred to the staff grievance or complaints procedure.

Copyright © 2024 TUTIS Training Web design & SEO by  vWave