Policy Version: 5.1

Prepared by: Eureka Online College

1. Introduction

Eureka Online College is committed to protecting the privacy of individuals whose personal data we process. We act as a data processor under the Subject Knowledge Enhancement (SKE) programme, delivering courses on behalf of Department for Education (DfE)-approved framework providers. The DfE is the data controller.

This privacy policy describes how we handle personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Our Role and Contact Details

• Data Controller: Department for Education (DfE)

• Framework Providers: Accredited SKE Framework Providers (e.g., MBITT, Leicestershire Secondary SCITT)

• Data Processor: Eureka Online College (acting as a subcontractor for framework providers)

Contact us: hello@eurekaonlinecollege.co.uk

3. What Data We Process

We process personal data of individuals participating in SKE courses, including:

• Full name and contact details

• Date of birth and gender

• Educational background and eligibility evidence

• Course engagement, progress and completion data

• Complaints and feedback records

We also collect limited anonymised data from website visitors for performance optimisation.

4. Purpose of Processing

We process data to:

• Deliver DfE-funded SKE courses

• Confirm trainee eligibility (including verifying with ITT providers)

• Provide access to course platforms and tutor support

• Maintain audit trails and training records

• Report progress and completion data to ITT/HPITT providers, framework providers and the DfE

• Report engagement data to Framework Providers, for the purposes of calculating monthly bursary payments (for eligible participants)

We do not use personal data for marketing or sell it to third parties.

5. Legal Basis for Processing

Our processing is carried out under the lawful bases established by the DfE, typically:

• Public task – delivering government-funded education programmes

• Legal obligation – fulfilling contractual and reporting duties

6. Data Sharing

We may share personal data with:

• Framework providers

• The Department for Education (DfE)

• ITT providers (for eligibility and progress updates)

• Course tutors (for training delivery)

• Technology sub-processors (e.g., Moodle, cloud storage - in order to deliver the course)

7. Data Security

We apply robust technical and organisational safeguards, including:

• Encrypted cloud storage and devices

• Role-based access controls

• Staff training in data protection

• Secure communication systems

8. Data Retention

We retain data only as long as necessary to meet legal and contractual obligations:

• Application and enrolment data: 7 years

• Eligibility evidence: 7 years

• Key course engagement data: 7 years

• Emails with safeguarding: up to 3 years

• Key emails (e.g. with funding relevance): up to 7 years

• Emails sent to support or technical mailboxes that do not relate to safeguarding, funding or complaints: routinely deleted after resolution, as they are not considered key records

• Moodle access logs: deleted 1–2 years after course ends

If a trainee is withdrawn from the course, their access to the Moodle platform is removed immediately to ensure data minimisation and security.

Annual reviews ensure compliance with retention policies.

9. Subject Access Requests

As a data processor, Eureka Online College does not directly handle Subject Access Requests (SARs). If a SAR is received, we:

• Inform the requester that we act only as a processor

• Refer them to the relevant data controller (usually the DfE)

• Notify the associated framework provider

10. International Data Transfers

We do not transfer personal data outside the UK/EEA unless appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

11. Your Rights

If you wish to exercise your rights under UK GDPR (e.g. access, correction, erasure), please contact the DfE at: SKE.INBOX@education.gov.uk

12. Policy Updates

This policy may be updated periodically. The latest version will always be published on our website.

For general questions about this policy or how we handle your data, contact us at: hello@eurekaonlinecollege.co.uk