Data Protection and Privacy Policy

General Statement
  • This statement is CMIT’s Data Protection and Privacy Policy for all CMIT websites and eLearning services.
  • The statement will be updated in line with changes in legislation, best practice and enhancements by CMIT to improve data protection and privacy.
We will obtain and process information fairly
  • CMIT fully respects your moral and legal right to privacy, and will not collect any personal information about you on this website without your clear permission.
  • Any personal information which you volunteer will be treated with the highest standards of security and confidentiality, strictly in accordance with General Data Protection Regulation (2018).
  • Agreement to this policy must be explicit.
    Visitors to our open websites must click on a ‘popup’ button to accept the use of cookies: “This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Accept. Read More.”
    Before commencing a course with CMIT, users must formally click acceptance with our Terms and Conditions CMIT’s Data Protection and Privacy Policy, otherwise they will not gain access the eLearning site.
  • Any queries in relation to the above may be made to info@cmitstudyhub.com
We will keep information only for specified purposes and use and disclose it only in ways compatible with these purposes
  • Form data
    If we collect information on a form on our website or in paper, we will explain the purpose of the form.
    Your data may also be anonymised and used for statistical purposes.
  • Cookies:
    Our websites use “cookie” technology. Cookies are small text files sent from a website and stored in the user’s web browser while the user is browsing a website. When users visit the same website again, the browser sends cookies back to the website allowing the website to recognise the user and remember things like personalised details or preferences. CMIT uses two different types of cookies.
    “Session” cookies help users to navigate through our website. They are deleted once you leave our website. Session cookies do not contain anything other than a session identification number which allows the web server to “remember” where you are on the website.
    “Performance” cookies are used by CMIT to provide statistics and reports on the usage of our website (details in relation to which pages on our website users visited, how they got there etc.). Some of these cookies are saved to your computer so that we know when you revisit our website. All information these cookies collect is aggregated and used anonymously. We use these cookies to understand what content is popular which helps us to improve our website.
    Web traffic dataYour data may also be anonymised and used for statistical purposes, for example, to identify visitor trends to the website.
  • Emails
    Emails sent to CMIT are stored securely for the purpose of verification, and are used only for the original intended purpose.
  • Assessments on eLearning site
    All assessment work is uploaded securely to the CMIT eLearning platform which is password protected and fully encrypted.
    Assessment data is only used and stored by CMIT for the purpose of completion of your course. We may collect personal data in order to assist you in completing your course. This data will be collected, stored and communicated in accordance with the principles outlined in the Data Protection Acts.
    Assessment work is deleted in line with data retention policies.
    Assessment data is only used and stored by CMIT for the purpose of completion of your course, with exception of the following: (1) Learners agree that in the event of CMIT ceasing to provide a QQI programme, which is 3 months or longer in duration, that learner data (including registration data and assessments) may be transferred to QQI or QQI registered organisations to assist in the completion of your programme. You may request for this information not to be transferred, however, this may result in you not completing your course and not receiving your certificate, and (2) Where a course is paid for by a third party (such as an employer or funding body) on behalf of a learner, then learners agree that CMIT may provide information, if requested, by the third party, regarding participation on the course and submission of assessments, by the learner.
  • Grades
    Grades are only used for certification purposes.
    CMIT will not provide grade information to any third party, with the exception of the accreditation body, who require this information for certification.
  • Any queries in relation to the above may be made to info@cmitstudyhub.com
We will keep information accurate, complete and up-to-date
  • You have the right to obtain the rectification of inaccurate personal data held about you.
  • Any queries in relation to the above may be made through info@cmitstudyhub.com
We will give you a copy of your personal data on request
  • You have a right to obtain a copy of any data we hold, free of charge, in an electronic format.
  • Any access request will be concluded within one month.
  • Any queries in relation to the above may be made through info@cmitstudyhub.com
Your right to erasure
  • You have the right to be forgotten and we will erase any personal data held on request.
  • Any queries in relation to the above may be made through info@cmitstudyhub.com
Your right to object to direct marketing
  • You have the right to object at any time to the use of personal data (e.g. email addresses) for marketing purposes
  • All marketing communications are opt-in and will contain the ability to opt-out at any time.
  • Any queries in relation to the above may be made to info@cmitstudyhub.com
Who do we share personal data with?
  • We may share your personal data with relevant third parties, where necessary, in relation to completion of your course, assessment, or certification; for example QQI and ILM.
  • We never share personal data with others for marketing purposes.
  • We may also share personal data with law enforcement or other authorities if required by applicable law.
We will retain only relevant information for not longer than necessary
  • We regularly purge our databases of data which we no longer need, including personal data relating learners or staff members.
  • We have a systematic process in place for the deletion of data from all of our systems.
  • Data will be classified to indicate sensitivity level.
  • The purpose associated with holding all data has been defined. We will ensure that we retain only the minimum amount of personal data which we need to achieve our purpose.
  • Responsibility has been assigned for maintaining/deleting data.
  • We will retain personal data relating to your learning, assessment, and certification to enable us to provide information about your learning or a replacement certificate. We have clearly defined times for how long various types of data are to be retained. Retention times are based on: (1) the need to delete personal data as soon as the purpose for which we obtained the data has been completed. (2) the need to hold data in order to undertake our commercial function (i.e. training and education), and (3) the need to comply with regulatory requirements (e.g. tax, accounting and accreditation body requirements).
  • Please note that accreditation bodies (such as QQI and ILM) will hold your details (name, PPS, date of birth) indefinitely.  Many award holders contact them for verification of their qualifications, for a variety of reasons e.g. commencing new employment and proof of qualification to access a college programme. QQI provide additional guidance here.  ILM provide additional guidance here.
  • Any queries in relation to the above may be made to info@cmitstudyhub.com
We will keep your data safe and secure
  • Payment processing
    All sensitive cardholder data stored and handled by CMIT and its employees is securely protected against unauthorised use at all times. Detailed procedures are in place for both offline and online card processing.
    CMIT uses Stripe™ for online card processing. Stripe™ is a global leader in online payment processing and is certified as a PCI Level 1 Service Provider.
    CMIT has received PCI compliance from Ulster Bank Ltd. for offline card/credit card terminal processing. Ulster Bank are approved and regulated by the Central Bank of Ireland.
  • eLearning system security controls
    Our website make use of HTTPS/TLS security to verify that users are communicating with the correct server. HTTPS/TLS encrypts and verifies the integrity of traffic between the client and our servers.
    We contract a certified Moodle™ Partner to manage our Moodle application.
    We use global Tier 3+ (99.982% uptime) datacentres to host our sites. Security features deployed include penetration testing, firewalls, advanced fire/electrical/ mechanical monitoring, network redundancy, brute force defence mechanisms, daily backups, regular updates and access monitoring.
  • Open website security controls
    Our website make use of HTTPS/TLS security to verify that users are communicating with the correct server. HTTPS/TLS encrypts and verifies the integrity of traffic between the client and our servers.
    We use global Tier 3+ (99.982% uptime) datacentres to host our websites. Security features deployed include penetration testing, firewalls, advanced fire/electrical/mechanical monitoring, network redundancy, brute force defence mechanisms, daily backups, regular updates and access monitoring.
  • Physical security
    We have procedures for preventing unauthorised individuals from obtaining sensitive data in our physical locations, including alarm systems (sensor, contact, smoke, fire), CCTV, restricting visitor/contractor access, ensuring workstations and devices are encrypted, secure disposal of hardcopy paper document and secure disposal of devices after use (including device shredding).
  • Network and PC security
    We use hardware and software firewalls to secure our resources.
    All PC workstations/laptops/mobile devices and external drives are encrypted.
    Restrictions and controls are in place around software installation.
    Up to date enterprise level anti-virus, malware and email scanning is in place.
  • Passwords and system access permissions
    Policies and procedures are in place to control each employee’s access to device, networks and systems.
    The job function of the user decides the level of access the employee has to cardholder data.
    A range of protocols are in place to control access to including strong password design protocol, 2FA, forced password change, email verification, audit logs.
  • Any queries in relation to the above may be made to info@cmitstudyhub.com

V-151018