Full policy

Fire Service College (Capita Public Service)

Effective date: 12 March 2026

Last reviewed: 12 March 2026

Next review due: On Updates

 

1. Purpose and scope

This policy explains how personal data is processed within Ignite (the Fire Service College learning platform built on Moodle Workplace).

It is intended to be consistent with the Fire Service College public Privacy Notice and Capita group privacy governance.

2. Relationship to the FSC website Privacy Notice

The Fire Service College publishes a public Privacy Notice covering learner, customer, and website processing activities. This Ignite policy applies specifically to personal data processed within the Ignite/Moodle learning platform and should be read alongside the FSC Privacy Notice and the FSC Cookies information.

3. Data Controller and contacts

Data Controller: Fire Service College (Capita Public Service), part of Capita plc.

Fire Service College Compliance Officer (privacy queries/complaints/rights requests): ComplianceOfficer@fireservicecollege.ac.uk; Reception 01608 650 831; Fire Service College, London Road, Moreton-in-Marsh, Gloucestershire, GL56 0RH.

Capita Data Protection Officer (group-level contact): privacy@capita.com; Capita plc, First Floor, 2 Kingdom Street, Paddington, London, W2 6BD.

You may also raise concerns with the Information Commissioner’s Office (ICO): www.ico.org.uk.

4. Personal data we process in Ignite

Ignite may process (depending on the course/programme and what you or your employer provide):

·       Identity and contact data: name, email address, organisation/employer, telephone number, address (where provided).

·       Learner administration data: date of birth, unique learner ID, enrolments, attendance/progress, assessment submissions, feedback, results, completion and certification records.

·       Welfare and operational data (where required): dietary requirements; PPE sizes; accessibility or mobility information; medical information relevant to participation/safeguarding.

·       Technical data: login and activity logs required to operate and secure the platform.

5. Why we use this data

To register and enrol learners, deliver learning and assessment, manage progress and completion, and issue/verify certification.

To meet contractual, quality assurance, awarding body and regulatory obligations.

To operate, support, secure and improve the platform (including audit trails and troubleshooting).

6. Lawful bases

We rely on lawful bases including contractual necessity, legal obligation and legitimate interests. In some situations processing may also be necessary for tasks carried out in the public interest, for medical purposes, to protect vital interests, or where explicit consent has been provided (for example where a specific consent is requested for a defined purpose).

7. Special category data

Where Ignite processes special category data (for example ethnicity, health, disability/accessibility, dietary requirements), it is handled with additional safeguards and restricted access.

The lawful condition will depend on the purpose (for example equality monitoring, safeguarding, or participation requirements) and will be applied in line with UK GDPR requirements.

8. Sharing and disclosures

Personal data may be shared with recipients where necessary and proportionate, including:

·       FSC staff and associate trainers involved in delivery, assessment and support.

·       Catering/venue partners where required for dietary requirements and onsite arrangements.

·       Employers/sponsors where they have a legitimate interest in tracking attendance/progress.

·       Professional and regulatory/awarding bodies for confirmation of qualifications and accreditation.

·       Authorities where legally required (e.g., safeguarding, crime prevention/detection).

·       Capita group functions for legitimate internal reporting, invoice/payment processing, and service administration.

9. International access and transfers

Ignite data is primarily processed in the UK. Where data is accessed or processed internationally (for example by support or group functions), appropriate safeguards and controls are applied.

10. Retention

The FSC public Privacy Notice states personal data may be retained for seven (7) years after a learner’s association ends, or in line with FSC retention schedules.

Ignite operationally may archive accounts at the end of a course and remove user accounts and associated platform data after a defined period post-certification (for example 12 months), where appropriate.

To align these positions: account removal/archiving is treated as an access/operational control, while core learner record evidence (e.g., certification outcome and required audit evidence) is retained in accordance with FSC retention schedules.

11. Cookies and tracking

Ignite uses essential cookies for authentication and session management. FSC’s website also publishes a Cookies notice describing cookies and analytics used on www.fireservicecollege.ac.uk.

Where optional analytics are used for Ignite, this will be configured and communicated in line with FSC privacy governance.

12. Security

We use appropriate technical and organisational measures, including role-based access controls, secure hosting, monitoring/audit logging, and staff privacy training.

13. Your rights and how to exercise them

You have rights under UK GDPR, including access, rectification, erasure (where applicable), restriction, objection, and data portability.

Requests can be made to the FSC Compliance Officer. FSC may request evidence of identity and clarification of the information sought to process a Subject Access Request.

14. Updates to this policy

This policy is reviewed periodically. Where material changes are made, users may be required to re-confirm acknowledgement through the platform policy/consent mechanism.