Eureka Online College: Privacy Policy
Policy Version: 5.0
Prepared by: Eureka Online College
1. Introduction
Eureka Online College is committed to protecting the privacy of individuals whose personal data we process. We act as a data processor under the Subject Knowledge Enhancement (SKE) programme, delivering courses on behalf of Department for Education (DfE) approved framework providers. The DfE is the data controller.
This privacy policy describes how we handle personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Our Role and Contact Details
- Data Controller: Department for Education (DfE)
- Framework Provider: Accredited SKE Framework Provider Mersey Boroughs ITT Partnership (MBITT)
- Data Processor: Eureka Online College (acting on instructions from framework providers)
Contact us: hello@eurekaonlinecollege.co.uk
3. What Data We Process
We process personal data of individuals participating in SKE courses, including:
- Full name and contact details
- Date of birth and gender
- Educational background and eligibility evidence
- Course engagement, progress and completion data
- Complaints and feedback records
We also collect limited anonymised data from website visitors for performance optimisation.
4. Purpose of Processing
We process data to:
- Deliver DfE-funded SKE courses
- Confirm trainee eligibility (including verifying with ITT providers)
- Provide access to course platforms and tutor support
- Maintain audit trails and training records
- Report progress and completion data to framework providers and the DfE
We do not use personal data for marketing or sell it to third parties.
5. Legal Basis for Processing
Our processing is carried out under the lawful bases established by the DfE, typically:
- Public task – delivering government-funded education programmes
- Legal obligation – fulfilling contractual and reporting duties
6. Data Sharing
We may share personal data with:
- Framework providers
- The Department for Education (DfE)
- ITT providers (for eligibility and progress updates)
- Course tutors (for training delivery)
- Technology sub-processors (e.g., Moodle, cloud storage)
All third parties are contractually required to meet data protection standards.
7. Data Security
We apply robust technical and organisational safeguards, including:
- Encrypted cloud storage and devices
- Role-based access controls
- Staff training in data protection
- Secure communication systems
8. Data Retention
We retain data only as long as necessary to meet legal and contractual obligations:
- Application and enrolment data: 7 years
- Eligibility evidence: 7 years
- Course engagement data: 7 years
- Emails with safeguarding/funding relevance: up to 3 years
- Emails sent to support or technical mailboxes that do not relate to safeguarding, funding or complaints: routinely deleted after resolution, as they are not considered key records
- Moodle access logs: deleted 1–2 years after course ends
If a trainee is withdrawn from the course, their access to the Moodle platform is removed immediately to ensure data minimisation and security.
Annual reviews ensure compliance with retention policies.
9. Subject Access Requests
As a data processor, Eureka Online College does not directly handle Subject Access Requests (SARs). If a SAR is received, we:
- Inform the requester that we act only as a processor
- Refer them to the relevant data controller (usually the DfE)
- Notify the associated framework provider
10. International Data Transfers
We do not transfer personal data outside the UK/EEA unless appropriate safeguards (e.g., Standard Contractual Clauses) are in place.
11. Your Rights
If you wish to exercise your rights under UK GDPR (e.g. access, correction, erasure), please contact the DfE at: SKE.INBOX@education.gov.uk
12. Policy Updates
This policy may be updated periodically. The latest version will always be published on our website.
For general questions about this policy or how we handle your data, contact us at: hello@eurekaonlinecollege.co.uk