Semta Ltd and The STEM Exchange website will ensure the protection of all information assets within the custody of the business. High standards of confidentiality, integrity and availability of information will be maintained at all times.
Information is a major asset that Semta Ltd and The STEM Exchange has a responsibility and requirement to protect.
Protecting information assets is not simply limited to covering the stocks of information (electronic data or paper records) that the Organisation maintains. It also addresses the people that use them, the processes they follow and the physical computer equipment used to access them.
This Information Protection Policy addresses all these areas to ensure that high confidentiality, quality and availability standards of information are maintained. The following policy details the basic requirements and responsibilities for the proper management of information assets at Semta Ltd and The STEM Exchange. The policy specifies the means of information handling and transfer within the Business.
This Information Protection Policy applies to all the systems, people and business processes that make up the Business's information systems. This includes all Executives, Committees, Departments, Partners, Employees, contractual third parties and agents of the Organisation who have access to Information Systems or information used for Semta Ltd purposes.
This policy should be applied whenever Business Information Systems or information is used. Information can take many forms and includes, but is not limited to, the following:
- Hard copy data printed or written on paper.
- Data stored electronically.
- Communications sent by post / courier or using electronic means.
- Stored tape or video.
Semta Ltd recognises that there are risks associated with users accessing and handling information in order to conduct official business. This policy aims to mitigate the following risks:
- Breaches in confidentiality
- Non-reporting of information security incidents
- Inadequate destruction of data
- The loss of direct control of user access to information systems and facilities
- The misuse of data by and individual agent of the organisation
- Failure to comply with statutory or regulatory requirement
Non-compliance with this policy could have a significant effect on the efficient operation of the organisation and may result in financial loss and an inability to provide necessary services to our customers.
Use of Data
Semta Ltd collects and uses your personal information to operate the STEM Exchange website and deliver the services you have requested. Semta Ltd will also provide you with the opportunity to consent to opt in to provide feedback on the STEM Exchange (so we can make service enhancements and improvements) and receive news and product updates.
Semta Ltd will not sell, rent, license or lease its customer lists to third parties. Semta Ltd does not use or disclose sensitive personal information, such as race, religion, or political affiliations, without your explicit consent.
Transfer of Data
The STEM Exchange is operated by Semta Ltd. Teachers and Young People’s registered users data is shared with the employers offering STEM opportunities.
If any user is found to have breached this policy, they may be subject to Semta Ltd disciplinary procedure. If a criminal offence is considered to have been committed further action may be taken to assist in the prosecution of the offender(s).
The following table identifies who within Semta Ltd is Accountable, Responsible, Informed or Consulted with regards to this policy. The following definitions apply:
- Responsible – the person(s) responsible for developing and implementing the policy.
- Accountable – the person who has ultimate accountability and authority for the policy.
- Consulted – the person(s) or groups to be consulted prior to final policy implementation or amendment.
- Informed – the person(s) or groups to be informed after policy implementation or amendment.
Responsible: Joanne Iceton – Head of Commercial
Accountable: Andrew McLachrie – Finance DirectorConsulted: Alison Parkes – Chief Operating Officer
and Ann Watson – Chief Executive Officer Informed: All employees involved in the STEM Exchange
Review and Revision
This policy will be reviewed as it is deemed appropriate, but no less frequently than every 12 months. Policy review will be undertaken by Joanne Iceton
Subject Access Requests
All individuals who are the subject of personal data held by Semta Ltd are entitled to:
- Ask what information the company holds about them and why
- Ask how to gain access to it
- Be informed how to keep it up to date
- Be informed how the company is meeting its data protection obligations
If an individual contacts the company requesting this information, this is called a subject access request.
Subject access requests from individual should be made by email to the data controller at firstname.lastname@example.org
The data controller will aim to provide the relevant data within one month. The data controller will always verify the identity of anyone making a subject access request before handing over any information.
Disclosing data for other reasons
In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances Semta Ltd will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the company’s legal advisors where necessary.
The STEM Exchange website uses "cookies" to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalise pages, or register with websites or services, a cookie helps The STEM Exchange to recall your specific information on subsequent visits. This simplifies the process of recording your personal information. When you return to the same website, the information you previously provided can be retrieved, so you can easily use the features that you customised.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the services or websites you visit.
Security of your Personal Information
The STEM Exchange secures your personal information from unauthorised access, use or disclosure. Semta Ltd secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When personal information is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.