GDPR

Our GDPR Policy

Outset ePortfolios provides a web-based portfolio service outseteportfolios.com. This system collects personal data. The functionality of this system is determined by Outset ePortfolios; however, the purposes for which the data is used are determined by the clients of Outset ePortfolios. Outset ePortfolios does not collect data on its own behalf; it collects data on behalf of its clients.

The nature of the business between Outset ePortfolios and its clients means that there is not a straightforward Data Controller/Data Processor relationship. The overall functionality of outseteportfolios.com means that Outset ePortfolios has determined the overall nature of the data that is put into the system, making it the Data Controller. However, the organisations that are its clients do not process that data on behalf of Outset ePortfolios; rather they process the data on their own behalf. They also determine the precise nature of the data that is collected on the system (e.g. Evidence Types). This means that they also act as Data Controller for the data.

The nature of the relationship between Outset ePortfolios and its clients, therefore is one between Joint Controllers, as determined by Article 26 of the GDPR (https://gdpr-info.eu/art-26-gdpr/).  Both parties have responsibility for control of the data. This document sets out the various responsibilities for both parties.

Outset ePortfolios' responsibilities as Data Controller

  1. Outset ePortfolios determines the overall nature of the data to be collected on its website outseteportfolios.com. It is responsible for maintaining the integrity of the site and ensuring the data is secure and private under the terms of the GDPR. The site is hosted on the Microsoft Azure cloud-based platform. The data centre is in southern England.
  2. Outset ePortfolios collects and shares data with the organisations which are its clients. Data subjects give consent for their data to be shared with the organisations on whose courses they enrol when they register on the website outseteportfolios.com by agreeing to our Terms and Conditions.
  3. Outset ePortfolios will not share personal data with any third party other than the organisations nominated by those registering on the site, unless it gains the permission of the data subject.
  4. Outset ePortfolios does not process the personal data of its data subjects on its own behalf.
  5. Outset ePortfolios is not responsible for decisions taken by the Client over whom the personal data of the data subject is shared with or the purposes for which the data is used.
  6. Personal data will be stored on this website for a maximum period of 3 years following registration. The Data subject may request to have all data removed at any time.
  7. The Data Controller for Outset ePortfolios is Neil Brading, email neil.brading@outseteportfolios.com, telephone 07904 284436. The address is as registered with Companies House: Company number 09670807. Complaints over compliance with the GDPR may be raised at any time.

The Client's responsibilities as Data Controller

  1. The Client determines the purposes for which the data on outseteportfolios.com is used. The Client will make these purposes clear to the Data subject.
  2. The Client determines with whom the data collected on outseteportfolios.com will be shared. The Client makes clear to the Data subject through its own GDPR and privacy policies the circumstances under which personal data may be shared.
  3. The Client may use outseteportfolios.com to process the personal data of its data subjects.
  4. The Client is responsible for nominating any data processors it uses.
  5. Where data held on outseteportfolios.com is used to inform individual decision making, the Client will be mindful with regard to its responsibilities under Article 22 of the GDPR (https://gdpr-info.eu/art-22-gdpr/).
  6. The Client is responsible for its decisions concerning with whom the personal data of the data subject is shared. The Client undertakes to ensure the security and privacy of the data for which it is responsible.
  7. The Client is not responsible for any loss or breach of data due to any technical failure of the website outseteportfolios.com, unless it can be determined that this has been caused as a direct result of the actions of one of its employees.

The Data Subject

  1. The Data subject consents to their data being made available to the Clients (the organisations on whose courses they enrol). This is made clear in the Terms and Conditions when registering on outseteportfolios.com.
  2. The Data subject enters into a separate agreement with the Client over whom their data may be shared with (e.g. mentors, verifiers etc.) and the purposes for which their data may be used.
  3. The Data subject undertakes to ensure the security and privacy of her/his data (e.g. ensuring the password is not shared or known to others).

Breach or loss of data

  1. In the event of any breach or loss of data or alleged breach or loss of data, the first step is to try to ascertain whether the data breach has been the responsibility of Outset ePortfolios, the Client or the Data subject.
  2. Outset ePortfolios takes its responsibilities for data security very seriously and will report to the Client and the Data subject the outcomes of its investigations into any data breach or loss of data or alleged data breach or loss of data.
  3. In accordance with Article 77 of the GDPR, Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.