Data protection policy

This is FutureLearn’s data protection policy. The Partner Institution’s further responsibilities are detailed in section 4.2 of this policy.  Please read in conjunction with the Privacy Policy.

1. Aims of this Policy

The Data Protection Policy sets out FutureLearn’s overall principles concerning the collection and use of personal data and the responsibilities of FutureLearn and its Partner Institutions. For the purpose of this policy a Partner Institution is a Content provider that has signed a Course Distribution Agreement with FutureLearn.

2. Data Control

FutureLearn is the Data Controller for personal information submitted by enquirers and learners in relation to the FutureLearn Platform (for the purposes of this policy the “Personal Data”).  Personal Data is shared with the relevant Partner Institutions as soon as the learner identifies their learning partner. From that stage, FutureLearn and the relevant partner are Data Controllers in Common for this Personal Data.

In some instances, FutureLearn will be a Data Processor and process some Personal Data on behalf of the Partner Institution and in accordance with their instructions. This includes when a learner enrols on a Course that bears credit, formal certification or other forms of recognition of prior learning by the Partner Institution.

3. Data Collection Principles

FutureLearn and its Partner Institutions are required to observe good Personal Data handling practice by:

• complying with applicable data protection legislation
• collecting and using the Personal Data fairly and lawfully
• transferring the Personal Data within their institution and to any authorised third-parties only on a need-to-know basis
• ensuring that the Personal Data is up to date and accurate
• establishing appropriate retention periods for the Personal Data
• ensuring that learners’ rights as data subjects can be appropriately exercised and that contact details are available to learners wishing to exercise their rights
• providing adequate security measures to protect the Personal Data
• ensuring that all staff handling Personal Data receive adequate training and are made aware of good practice in data protection
• complying with their own internal data protection policies and guidelines

4. Further Responsibilities

4.1 Further Responsibilities of FutureLearn

• To provide an appropriate privacy statement which learners are required to read and accept before becoming an enrolled learner
• To provide the mechanism by which personal data is transferred to the appropriate partner
• To nominate a data protection contact and provide their details to the nominated contacts in Partner Institutions
• To liaise with data protection contacts in Partner Institutions when necessary in order to address any issues promptly
• To enter into agreements with learners which support the licenses granted to partner institutions by FutureLearn.

4.2  Further Responsibilities of partners

• To nominate a data protection contact and provide their details to the FutureLearn nominated contact
• To liaise with the FutureLearn data protection contact when necessary in order to address any issues promptly
• Where they are sole Data Controller, to provide an appropriate privacy statement which learners are required to read and accept before becoming an enrolled learner.