Privacy Statement
How TESS Group Handles Your Personal Data
Introduction
At TESS Group, we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Statement explains what personal data we collect, how we use it, who we share it with, and your rights under UK law.
We process personal data in accordance with:
- The UK General Data Protection Regulation (UK GDPR)
- The Data Protection Act 2018
- Apprenticeship funding and regulatory requirements
Who We Are
Data Controller
TESS Group is the data controller responsible for your personal data.
ICO Registration Number: Z3020377
Contact: 01604 210 500 or [email protected]
Data Protection Contact: For data protection queries, contact our office on the number above.
What Personal Data We Collect
From Your Enrolment and Training
We collect personal information when you enrol with us, including:
- Your name, date of birth, and contact details
- Your employment and training history
- Information about your qualifications and skills
- Details about any learning support needs or disabilities
- Emergency contact information
- Bank details (if applicable for payments)
From Learning and Assessment Systems
We collect information through the systems and software we use to deliver and monitor your training:
- OneFile: Your learning portfolio, progress records, and assessment submissions
- BKSB: English, maths, and IT assessment results
- Tracker MIS (Management Information System): Your attendance, progress, and overall apprenticeship record
From Communications and Feedback
We also collect:
- Email and telephone communications with our team
- Feedback from surveys and learning feedback forms
- Information from your end-point and exit reviews
Special Categories of Personal Data
Some of the information we collect is treated as "special category" data under data protection law. This includes:
- Information about learning difficulties or disabilities
- Health information you disclose to us
- Information that reveals racial or ethnic origin
- Information about your religious or philosophical beliefs
How We Protect Special Data
We handle special category data with extra care. We only collect and use this information where we have a lawful basis to do so, such as for providing you with reasonable adjustments and support, or where you have explicitly consented. Your special data is kept secure and shared only with those who need to know.
How We Use Your Personal Data
Lawful Bases for Processing
We process your personal data on one or more of the following lawful bases:
| Lawful Basis | How We Use It |
|---|---|
| Performance of a Contract | To deliver your apprenticeship training, assess your learning, and track your progress |
| Legal Obligation | To meet apprenticeship funding, quality assurance, and regulatory requirements (e.g., DfE, Ofsted) |
| Legitimate Interests | To improve our services, prevent fraud, ensure health and safety, and manage complaints |
| Your Consent | To send you marketing information or to process special category data where required |
| Vital Interests | To protect your health, safety, or well-being in an emergency |
Special Category Data Processing
We process special category data (such as information about disabilities or health) on the following bases:
- To provide you with appropriate learning support and reasonable adjustments
- Compliance with employment law and apprenticeship regulations
- Protecting vital interests (health and safety)
- Where you have given us explicit consent
- Where information is manifestly made public by you
- For legal claims or substantial public interest
Who We Share Your Data With
To deliver your apprenticeship and meet funding requirements, we share your personal data with:
| Organisation | Why We Share |
|---|---|
| Department for Education (DfE) | Apprenticeship funding, Individual Learner Record (ILR) reporting, and quality monitoring |
| Ofsted | Quality assurance inspections and monitoring of training delivery |
| Department for Education (DfE) — Funding | Funding administration and assurance (formerly ESFA, now part of DfE) |
| Awarding Bodies (City & Guilds, ILM, NCFE, VTCT, and others) |
Qualification assessment, moderation, and certification |
| End-Point Assessment Organisations (EPAOs) | Final apprenticeship assessments |
| OneFile (Learning Platform) | Hosting your learning portfolio and progress records |
| Tracker MIS | Recording attendance, progress, and apprenticeship data |
| Your Employer | Progress updates, attendance records, and relevant performance information |
| Internal Audit Company | Compliance and quality assurance review |
We only share the personal data that is necessary for each organisation's specific purpose. We do not sell your data to third parties.
How Long We Keep Your Data
We retain your personal data for:
Standard Retention Period
Duration of your apprenticeship plus 6 years after completion or withdrawal.
This is required by the Department for Education for compliance, audit, and regulatory purposes. After this period, your data will be securely deleted or anonymised.
We may retain certain information for longer if required by law or for legitimate purposes such as:
- Responding to legal claims or complaints
- Meeting tax or financial obligations
- Archive or historical purposes
Your Rights Under Data Protection Law
You have the following rights regarding your personal data:
Right of Access
You can request a copy of your personal data that we hold.
Right to Rectification
You can ask us to correct inaccurate or incomplete information.
Right to Erasure
You can request deletion of your data in certain circumstances.
Right to Restrict Processing
You can ask us to limit how we use your data in certain situations.
Right to Portability
You can request your data in a structured, commonly-used format.
Right to Object
You can object to certain types of processing, including for marketing.
Rights Regarding Automated Decisions
You have rights if we make automated decisions about you with legal effects.
Right to Lodge a Complaint
You can complain to the Information Commissioner's Office (ICO).
Exercising Your Rights
To exercise any of these rights, please contact us:
Email: [email protected]
Telephone: 01604 210 500
We will respond to your request within one calendar month. We will not charge a fee unless your request is manifestly unfounded, repetitive, or excessive.
External Complaints
If you are not satisfied with how we handle your data, or if you believe we have breached data protection law, you can lodge a complaint with:
Information Commissioner's Office (ICO)
Website: ico.org.uk/concerns/
Telephone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Data Security
We take data security seriously. We use:
- Secure password protection and user authentication
- Encrypted connections for online services
- Regular security updates and maintenance
- Limited access to personal data (staff only access data they need)
- Secure storage facilities and backup systems
- Staff training on data protection and handling
While we do everything we can to protect your data, no system is 100% secure. We will inform you of any security breaches that affect your data, as required by law.
Cookies and Website Data
Our website uses a small number of cookies. We only set analytics cookies after you give your consent via the cookie banner that appears when you first visit the site. If you decline, no analytics cookies are set and no data is shared with third parties.
Cookies We Set
- tess_cookie_consent (strictly necessary) — stores your cookie consent choice so the banner is not shown again. Duration: 1 year.
- Google Analytics cookies (_ga, _ga_*, _gid, _gat) — only set if you click "Accept Cookies". These help us understand how visitors use the site. Data is aggregated and anonymous.
We use Google Analytics 4 and Google Tag Manager to collect analytics data. Google's privacy policy is available at policies.google.com/privacy.
You can change your cookie preference at any time by visiting our Cookie Policy page, which includes a button to reset your choice.
Third-Party Data Minimisation
We have taken steps to minimise third-party data sharing on our website:
- Fonts: We self-host all web fonts (Inter, Space Grotesk). No font data is loaded from external CDNs, so your IP address is not shared with Google or other font providers.
- Analytics: Google Analytics scripts are only loaded after you consent. If you decline, no data is sent to Google.
- Forms: Our contact form is processed via Formspree. When you submit an enquiry, Formspree processes your data to deliver the message to us.
For full details about the cookies we use, please see our Cookie Policy.
Changes to This Privacy Statement
We may update this Privacy Statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes and ask for your consent where necessary. The "Last Updated" date at the top of this statement shows when it was last revised.