avatar picture

Alba Mateos

(Web developer)

arrow right
Logout

Completing your application to become a Victvs Invigilator

Thank you for your interest in becoming a Registered Victvs Invigilator.

To complete your application to become a Victvs Invigilator, there are 5 steps that you must work through.

Once you have completed this process, we will contact you to progress your application to the next stage.

  1. Reviewing our Policies and Procedures

    As part of your application to become a Victvs Invigilator, you must read through our Anti-Money Laundering and Anti-Bribery policies. When you have read through these policies you must confirm that you agree to the conditions of these policies by clicking on the box and then pressing ‘CONFIRM’.

    You can visit our Policies and Procedures page here.

    Once you have completed this step, you can move on to the Invigilator Training Course

  2. Completing our Invigilator Training Course

    Our Invigilator Training Course has been designed to teach you about the work that you will be doing, your role and responsibilities, and how we expect you to behave as a registered Victvs Invigilator.

    All registered Victvs Invigilators have to complete this basic training, and to pass the assessment at the end of the course.

    This course should take you less than 40 minutes to complete.

    When you have completed the Invigilator Training Course, we will contact you to take your application on to the next stage.

    You can begin the Invigilator Training Course here.
  3. Additional Training

    Depending on the type of examinations that you will be invigilating, we may require you to undertake a short additional training module.

    You may also be required to work through annual ‘refresher’ training.

    If this is required, we will activate your training for you once you have completed the Victvs Invigilator Training course.

  4. Signing an agreement

    Once you have successfully completed all of your training and we have all of your personal details, we will send you a personal Invigilator Agreement document for you to sign and return to us.

    This document sets out the terms and conditions of how we will work with you, confidentiality and data protection rules, and your fees.

  5. Approval as a Victvs Invigilator

    When you have completed your application, training and have returned a signed agreement to us, we will approve you as a Registered Victvs Invigilator.

    You will be provided with your own unique Invigilator Number and an identification card to use when you visit examination centres.

    Only Registered Victvs Invigilators can provide examination invigilation services on behalf of Victvs Global.

Help

If you need any help with your application to become a Victvs Invigilator, please contact us at victvs@victvsglobal.com and we will be happy to assist you.

Please now complete steps 1 and 2.

Our Policies and Procedures

Please take the time to read through the policy information below. When you are happy that you have read, understood and agree to abide by these policies, please sign to confirm and click SEND.

  1. Anti-Money Laundering Policy
    1. Introduction

      1. VICTVS (the Company) is committed to the highest possible standards of professional conduct. This Anti-Money Laundering Policy sets out our commitment to ensuring compliance with our legal obligations and supports our wider zero tolerance approach to fraud, corruption and bribery.

      2. Changes to the legislation concerning money laundering (the Proceeds of Crime Act 2002 and the Money Laundering Regulations 2007) have broadened the definition of money laundering and increased the range of activities caught by the statutory framework. As a result, obligations impact on certain areas of our business and require us to establish internal procedures to prevent the use of our services and resources for money laundering.

    2. Specified Persons

      1. This policy applies to:

        • All Company Employees (permanent, temporary or casual)
        • All members of the VICTVS Global Network
        • Consultants and Contractors
        • Our Partners
    3. What is Money Laundering?

      1. There are two main types of offence which may be committed:

        • Money laundering offences
        • Failure to report money laundering offences

      2. The main types of money laundering offences are

        • Acquiring, using or possessing criminal property
        • Handling the proceeds of crimes such as theft, fraud and tax evasion
        • Being knowingly involved in any way with criminal or terrorist property
        • Entering into arrangements to facilitate laundering criminal or terrorist property
        • Investing the proceeds of crime in other financial products
        • Investing the proceeds of crime through the acquisition of property / assets
        • Transferring criminal property

      3. The Legislation and Regulations relating to Money Laundering are:

        • The Terrorism Act 2000
        • The Proceeds of Crime Act 2002
        • The Money Laundering Regulations 2007
    4. The Obligations of the Company

      1. It is important that all persons identified in 2.1 are familiar with their legal responsibilities as serious criminal sanctions may be imposed for breaches of legislation. In addition, anyone who conspires or assists someone to commit the offence is also guilty of an offence.

      2. The Company Chief Executive Officer (CEO) is the nominated Money Laundering Reporting Officer (MLRO) and should be notified of any activity or suspicion of money laundering.

      3. The Company and persons specified in 2.1 must:

        • Maintain robust record keeping procedures
        • Make those staff members and employees who are likely to be exposed to or suspicious of money laundering activities, aware of the requirements and obligations placed on VICTVS, and on themselves as individuals, by anti-money laundering legislation
        • Provide targeted training to those most likely to encounter money laundering activities, e.g. how to recognise and deal with money laundering offences
        • Implement formal systems for Members and employees to report money laundering suspicions to the MLRO
        • Establish internal procedures appropriate to forestall and prevent money laundering and make relevant individuals aware of the procedures
        • Report any suspicions of money laundering to the relevant authorities
    5. Identification Procedures

      1. Persons identified in 2.1 should pay particular attention to all company transactions. These may be individual transactions or a series of transactions which appear to be linked, or where there is a suspicion that the transaction involves money laundering. Cash means notes, coins or travellers’ cheques in any currency. Non-cash transactions means (cheques/bank transfers etc.)

    6. Disclosure Procedures

      1. Where any persons specified in 2.1 know or suspect that money laundering activity has taken place or become concerned about their involvement in potential money laundering practices they should formally contact the MLRO. Referrals should be made on the Incident Report Form available on the Company website.

      2. The MLRO will consider and investigate the facts of the case and if appropriate make a referral to the relevant authorities.

      3. There should be no discussions with colleagues as confidentiality is paramount and the person that is suspected of being involved with money laundering must not be ‘tipped off’. At no time and under no circumstances should any suspicions be voiced to the person(s) suspected of money laundering.

  2. Anti-Bribery Policy Statement and Procedures
    1. What is Bribery?

      Bribery is an inducement or reward offered, promised or provided to gain personal, commercial, regulatory or contractual advantage.

    2. The Bribery Act

      There are four key offences under the 2010 Bribery Act:

      • Bribery of another person (section 1)
      • Accepting a bribe (section 2)
      • Bribing a foreign official (section 6)
      • Failing to prevent bribery (section 7)

      The Bribery Act 2010 (http://www.opsi.gov.uk/acts/acts2010/ukpga_20100023_en_1) makes it an offence to offer, promise or give a bribe (Section 1). It also makes it an offence to request, agree to receive, or accept a bribe (Section 2). Section 6 of the Act creates a separate offence of bribing a foreign public official with the intention of obtaining or retaining business or an advantage in the conduct of business. There is also a corporate offence under Section 7 of failure by a commercial organisation to prevent bribery that is intended to obtain or retain business, or an advantage in the conduct of business, for the organisation. An organisation will have a defence to this corporate offence if it can show that it had in place adequate procedures designed to prevent bribery by or of persons associated with the organisation.

    3. Penalties

      An individual guilty of an offence under sections 1, 2 or 6 is liable:

      • On conviction in a UK magistrates’ court, to imprisonment for a maximum term of 12 months, or to a fine not exceeding £5,000, or to both
      • On conviction in a crown court, to imprisonment for a maximum term of ten years, or to an unlimited fine, or both
      • Organisations are liable for these fines and if guilty of an offence under section 7 are liable to an unlimited fine.
    4. Policy Statement – Anti-Bribery

      Bribery, either directly between two parties or using a third party as a conduit to channel bribes to others, is a criminal offence. VICTVS (the Company) does not, and will not, pay bribes or offer an improper inducement to anyone for any purpose, nor does it or will it, accept bribes or improper inducements or engage indirectly in or otherwise encourage bribery.

      The Company is committed to the prevention, deterrence and detection of bribery. We have a zero-tolerance approach towards bribery.

    5. Objective of this policy

      This policy provides a coherent and consistent framework to enable the Company’s employees (and other ‘specified persons’) to understand and implement arrangements enabling compliance. In conjunction with related policies and key documents it will also enable employees to identify and effectively report a potential breach.

      The Company requires that all specified persons, including those permanently employed, temporary staff, agency staff, consultants, contractors, volunteers and partners:

      • Act honestly and with integrity at all times and to safeguard the Company’s resources for which they are responsible

      • Comply with the spirit, as well as the letter, of the laws and regulations of all jurisdictions in which the Company operates, in respect of the lawful and responsible conduct of activities

    6. Scope of this policy

      This policy applies to all of the Company’s activities. For partners, joint ventures and suppliers, it will seek to promote the adoption of policies consistent with the principles set out in this policy.

      Responsibility to control the risk of bribery occurring resides at all levels of the organisation. It does not rest solely within assurance functions, but in all business units and corporate functions.

      This policy covers all personnel, including all levels and grades, those permanently employed, temporary agency staff, contractors, non-executives, agents, volunteers and consultants.

    7. The Company’s commitment to action

      The Company commits to:

      • Setting out a clear anti-bribery policy and keeping it up to date

      • Making all employees aware of their responsibilities to adhere strictly to this policy at all times

      • Training all employees so that they can recognise and avoid occurrences of bribery by themselves and others

      • Encouraging its employees to be vigilant and to report any suspicions of bribery, providing them with suitable channels of communication and ensuring sensitive information is treated appropriately

      • Rigorously investigating instances of alleged bribery and assisting police and other appropriate authorities in any resultant prosecution

      • Taking firm and vigorous action against any individual(s) involved in bribery

      • Provide information to all employees to report breaches and suspected breaches of this policy

      • Include appropriate clauses in contracts to prevent bribery.

    8. Bribery is not tolerated

      It is unacceptable to:

      • give, promise to give, or offer a payment, gift or hospitality with the expectation or hope that a business advantage will be received, or to reward a business advantage already given

      • give, promise to give, or offer a payment, gift or hospitality to a government official, agent or representative to “facilitate” or expedite a routine procedure

      • accept payment from a third party where it is known or suspected that it is offered with the expectation that it will obtain a business advantage for them

      • accept a gift or hospitality from a third party where it is known or suspected that it is offered or provided with an expectation that a business advantage will be provided by the Company in return

      • retaliate against or threaten a person who has refused to commit a bribery offence or who has raised concerns under this policy

      • engage in activity in breach of this policy

    9. Gifts and Hospitality

      This policy is not meant to change the requirements of the Company’s gifts and hospitality policy. This makes it clear that:

      • Reasonable, proportionate gifts and hospitality made in good faith and that are not lavish are often acceptable.

      In general terms, however, an employee must:

      • Treat any offer of a gift or hospitality if it is made to them personally with extreme caution

      • Not receive any reward or fee other than their salary

      • Never accept monetary gifts of any kind

      • Always refuse offers of gifts or services to them (or their family members) from organisations or persons who do, or might, provide work, goods or services, to the Company or who require a decision from the Company

      • Always report any such offer to their line manager

    10. Staff responsibilities

      The prevention, detection and reporting of bribery and other forms of corruption are the responsibility of all those working for the organisation or under its control. All staff are required to avoid activity that breaches this policy.

      As individuals you must:

      • ensure that you read, understand and comply with this policy

      • raise concerns as soon as possible if you believe or suspect that a conflict with this policy has occurred, or may occur in the future

      As well as the possibility of civil legal action and criminal prosecution, staff that breach this policy will face disciplinary action, which could result in dismissal for gross misconduct.

    11. Raising a concern

      The Company is committed to ensuring that there is a safe, reliable, and confidential way of reporting any suspicious activity. All incidents and concerns should be reported using the Incident Reporting Form (available on the Company website).

      All specified persons have a responsibility to help detect, prevent and report instances of bribery. If you have a concern regarding a suspected instance of bribery or corruption, please speak up – your information and assistance will help. The sooner it is brought to attention, the sooner it can be resolved.

      Staff who raise concerns or report wrongdoing, including those staff who reject an offer made to them that could be perceived as bribery, could understandably be worried about the repercussions. The Company aims to encourage openness and will support anyone who raises a genuine concern in good faith under this policy, even if they turn out to be mistaken.

      The Company is committed to ensuring nobody suffers detrimental treatment through refusing to take part in bribery or corruption, or because of reporting a concern in good faith.

  3. Allowable Expenses Policy
    1. Scope

      All employees, contractors, associates of, consultants and advisors to VICTVS.

    2. UK Law and Allowable Expenses

      VICTVS has no statutory obligation to reimburse expenses. Expenses are reimbursed at our discretion to support to the work of our employees and international contractor workforce.

    3. Reasonable Expenses

      At VICTVS we work in over 170 countries worldwide and as a consequence we deal with a wide variety of different expense claims and justifications. Therefore, there is no ‘one size fits all’ solution that we can apply to this policy.

    4. Our Policy

      VICTVS will consider all reasonable expenses incurred by employees or contractors who are engaged in company work in all countries and territories in which we operate provided they are approved in writing, in advance of them being incurred. We will reimburse you for all expenses that we agree are reasonable and that you have incurred during your work for our company.

      All allowable expense claims will be treated in accordance with UK HM Revenue and Customs (HMRC) tax regulations.

      As a member of the VICTVS Global Network you are expected to act responsibly in the carrying out of your duties and you should endeavour to keep any expenses that you do incur, to a reasonable level.

      We trust you to make the decision regarding what is a reasonable expense in your area, however if you are unsure about something, then please contact us for advice.

    5. Travel Expenses

      Other than in exceptional circumstances, we do not pay for time spent travelling to and from your place of work or vehicle mileage rates.

      VICTVS will pay for all pre-approved travel expenses necessarily incurred whilst you are carrying out Victvs Global business.

    6. Accommodation

      Any VICTVS business that requires you to arrange overnight accommodation will be eligible for additional expense payments. Any overnight accommodation charges must be pre-approved and supported by receipts.

      If you have any questions about overnight accommodation, please contact us.

      You are expected to make your own arrangements for lunch when working for VICTVS.

    7. Expense Receipts

      Receipts for any expenses must be submitted with your expense claim. No payment will be made without a valid receipt.

    8. Submitting Expense Claims

      You can submit a claim for any allowable expenses when you submit your claim for your fee on the Victvs Global website. If you need to submit copies of receipts to support your claim, you should attach these to an email and send to accounts@victvsglobal.com.

    9. Payment of Expenses Claimed

      Payment of your expense claims will be made at the same time as payment for your fees for the services provided. Typically, these payments will be made within 22 days of receipt of your claim. Payments are made via direct bank transfer. International payments can take several days to reach your account once they have been sent. Please be patient.

    10. Additional Advice

      For any additional advice or clarification on this policy or your individual expense claims, please speak to your immediate supervisor or contact our accounts department on accounts@victvsglobal.com.

  4. Cryptocurrency Payments Policy

    This policy sets out the terms and conditions under which VICTVS Ltd. will make available to members of the VICTVS Global Network, the option to claim and receive payments in cryptocurrency(s) in return for professional services provided under the terms and conditions of the individual agreement maintained between VICTVS Ltd and the individual member of the VICTVS Global Network.

    1. About Cryptocurrencies

      Cryptocurrencies including Bitcoin exist through the internet and do not have a physical form. They are de-centralised – meaning that no one country, organisation or bank owns or controls them. They are owned and regulated by the people who are using them and they rely on the cooperation of the community of users in order to keep working successfully.

      Cryptocurrencies are growing in value and in usability and we believe that they have the potential to contribute massively to the evolution of the connected global workplace. Therefore, the use of cryptocurrencies fits perfectly with our core purpose – changing the way the world works together.

      As with any innovative technology, it is important that you understand the risks and rewards involved and we encourage all members of our Global Network to familiarise yourselves with cryptocurrencies.

      An important note. Cryptocurrencies are currently very volatile and their value can fluctuate rapidly. Nevertheless, we believe that the use of cryptocurrencies will continue to grow and we have chosen to play our small part in this quiet revolution.

      Cryptocurrencies are currently unregulated in most jurisdictions. This policy reflects this. If, as expected, various jurisdictions implement cryptocurrency regulation, then VICTVS will immediately upon notice of this, amend this policy to conform with the new legislation. This may include immediate cessation of payments using cryptocurrencies in a particular country, state or jurisdiction.

    2. Term

      The conditions set out in this policy will come into effect on 01 December 2017 and will continue indefinitely or until amended by us with a minimum of one month’s notice.

    3. Payments

      Upon successful delivery of any agreed professional services and following our receipt and approval of a valid expense claim form or invoice, payment in the agreed currency (including Bitcoin – BTC – from 01 December 2017) will be due within 30 business days of receipt of the claim form or invoice.

      All claim forms and expense claims submitted by members of the VICTVS Global Network for reimbursement by VICTVS must be in keeping with our Allowable Expense Policy document. Expense claims considered to be not in keeping with this policy will not be approved and will not be reimbursed.

    4. Sanctions and criminal activity

      VICTVS will make all reasonable efforts to ensure that no member of the VICTVS Global Network is able to misuse our payment systems.

      In accordance with our anti money laundering and bribery policy, VICTVS may conduct additional identification checks on members of the VICTVS Global Network in order to ensure our compliance with UK Government requirements. Transactions made in cryptocurrencies are subject to exactly the same scrutiny by financial authorities as all other currencies and we will support all requests to prevent misuse of this emerging technology.

    5. Tax

      Cryptocurrencies including Bitcoin are subject to tax. As per the terms and conditions of your agreement with us, you are responsible for ensuring that you report your income and manage your taxes in accordance with your tax authorities.

    6. More information

      If you have specific questions for us about how we are integrating cryptocurrencies into our operations, please email us on victvs@victvsglobal.com

  5. Information Security Policy
    1. Introduction

      The purpose of this policy is to protect all information assets within the company from all internal and external threats, whether deliberate or accidental. This policy aims to protect the confidentiality, integrity and availability of information in all forms, whether stored electronically, transmitted across networks, or printed on paper.

      This ISMS applies to the following functional areas of the company:

      • All Directors, Employees, and contractors of the company

      • The Internal IT function

      • All IT systems used by the company to manage the business

      • Internal application development

      • The Finance and Operations functions, including Human Resources

      • The Managed Services function

      The Chief Operating Officer is the ISMS owner and has overall responsibility for maintaining and implementing this policy. All managers whose business areas fall within scope have a direct responsibility for implementing applicable policies and procedures within those areas. It is also the responsibility of each employee and sub-contractor to adhere to the policies and procedures in place in their part of the business.

      The Appendix to this policy details specific information security responsibilities of key roles within the company.

    2. Policy

      It is the policy of the company that:

      • Information is protected against unauthorised access

      • The confidentiality of information is assured

      • The integrity of information is maintained

      • Information should be available to authorised users when needed

      • Regulatory and legislative requirements are met

      An Information Security Management System is maintained comprising policies, processes and procedures that have been approved by the Directors of the company. This ISMS has been designed to comply with the ISO 27001:2013 standard and is based on best practice as identified in ISO 27002.

      The ISMS is published and communicated to all employees, and relevant external parties, and has the full support of the Directors and management of the company.

      The Company will provide all employees with information security training to facilitate awareness of the ISMS and competence to deliver the company’s services in line with the policies, processes and procedures therein.

      All staff will be made aware of the importance of reporting any actual or suspected information security incidents, or breaches of the ISMS, to line management and onward communication to the COO.

      Any wilful breach of the ISMS or failure to report a suspected or actual information security incident constitutes a disciplinary matter and will be dealt with through the company’s formal disciplinary process.

      This policy and the associated ISMS will be regularly reviewed at Management Review remains appropriate and is updated based on operational feedback and changes in the overarching Information Security climate. Reviews will be undertaken annually as a minimum, and as a result of legislative, business or technology changes.

      Compliance with the ISMS will be subject to internal and external audit in line with the ISO 27001 governance processes.

      The company is committed to continually improving its information security performance and management system

      • The company will set and review information security objectives at appropriate intervals at Management Review

      Benjamin Clayson

      CEO

      Date: 17th January 2022

    3. Appendix

      ISMS owner – Chief Operating Officer

      • Overall responsibility for the ISMS including conformity to ISO 27001 and reporting on its performance

      • Responsibility to notify formal bodies

      • Set information security objectives

      Finance, HR and Admin Manager

      • HR Responsibilities

      IT Team / External IT Services Provider

      • Vulnerability Management

      • Technology reviews

      • Secure management of data

      Senior Managers and Line Managers

      • Implement the ISMS in their parts of the business

      • Communicate policies and monitor the adherence to procedures

      • Report information security incidents

      System Users (all staff and contractors)

      • Adhere to the policies that are in place

      • Follow the processes and procedures relating to those systems that they use

      • Report information security incidents to Chief Operating Officer

      Internal Audit

      • Facilitate the review of the ISMS

  6. GDPR and Data Protection Policy
    1. Context and Overview
      1. Introduction

        VICTVS Ltd. needs to gather and use certain information about individuals. These can include customers, employees and other individuals the organization has a relationship with or may need to contact.

        This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards and to comply with good practice and current legislation.

      2. Why this policy exists

        This data protection policy ensures VICTVS Ltd.:

        Complies with General Data Protection Regulation (GDPR) and follows good practice

        Protects the rights of staff, customers and partners

        Is open about how it stores and processes individuals’ data

        Protects itself from the risks of a data breach

      3. The General Data Protection Regulation

        VICTVS Ltd. seeks to ensure that all personal data is processed in compliance with this Policy and the Principles of the Data Protection Act 1998, AND Data Protection Act 2018 (UK GDPR). The Freedom of Information Act 2000 and the Protection of Freedoms Act 2012 are also relevant to parts of this policy. VICTVS Ltd. shall so far as is reasonably practicable comply with the Data Protection Principles to ensure all data is:

        • Fairly and lawfully processed

        • Processed only for specific, lawful purposes

        • Adequate, relevant and not excessive

        • Accurate and up to date

        • Not kept for longer than necessary

        • Processed in accordance with the data subject’s rights

        • Secure

    2. Definitions
      1. Business purposes

        The purposes for which personal data may be used by us:

        • Personnel, administrative, financial, regulatory, payroll, routine business operations and business development.

        • Business purposes include the following:

        • Compliance with our legal, regulatory and corporate governance obligations and good practice

        • Ensuring business policies are adhered to (such as policies covering email and internet use)

        • Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting

        • Investigating complaints

        • Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments

        • Monitoring staff conduct, disciplinary matters

        • Marketing our business

        • Improving services

      2. Personal data

        Information relating to identifiable individuals, such as job applicants, current and former employees, agency, contract and other staff, clients, suppliers, marketing and processors contacts.

        Personal data we gather may include: individuals’ contact details, educational background, financial and pay details, details of certificates and diplomas, education and skills, marital status, nationality, job title, photos, passports, and CV.

      3. Sensitive personal data

        Personal data about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings – any use of sensitive personal data should be strictly controlled in accordance with this policy.

      4. Scope

        The Policy applies to:

        The Head Office of VICTVS Ltd.

        All branches of VICTVS Ltd.

        All staff and interns VICTVS Ltd.

        All contractors, suppliers and other people working on behalf of VICTVS Ltd.

        This policy supplements our other policies relating to internet and email use. We may supplement or amend this policy by additional policies and guidelines from time to time. Any new or modified policy will be circulated to staff once it has been adopted.

        It applies to all data the company holds relating to identifiable individuals, even if that information technically falls outside the Data Protection Act 1998. This can include:

        • Names of individuals

        • Postal Addresses

        • Email addresses

        • Telephone numbers

        • Plus, any other information relating to individuals

        • Our procedures

      5. Data protection risks

        This policy helps to protect VICTVS Ltd. from some very real data security risks, including:

        • Breaches of confidentiality. For instance, information being given out inappropriately

        • Failing to offer choice. For instance, all individuals should be free to choose how the company uses data related to them

        • Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data

      6. Fair and lawful processing

        We will process personal data fairly and lawfully in accordance with individuals’ rights. This generally means that we will not process personal data unless the individual whose details we are processing has consented to this happening, or processing is necessary for the performance of either their contract of employment or their agreement with VICTVS Ltd.

      7. Responsibilities

        Everyone who works for or with VICTVS Ltd. has some responsibility for ensuring data is collected, stored and handled properly.

        Each team and individual that handles personal data must ensure that is handled and processed in line with this policy and data protection principles.

        However, these people have key areas of responsibility:

        The board of directors is ultimately responsible for ensuring that VICTVS Ltd. meets its legal obligations.

        Data Protection Officer (DPO) will have overall responsibility for the day-to-day implementation of this policy and more specifically:

        To keep the board updated about data protection responsibilities, risks and issues

        To review all data protection procedures and policies on a regular basis

        To arrange data protection training and advice for all staff members and those included in this policy

        To answer questions on data protection from staff, board members and other stakeholders

        To respond to individuals such as clients and employees who wish to know which data is being held on them by VICTVS Ltd.

        To check and approve with third parties that handle the company’s data any contracts or agreement regarding data processing

        IT services provider

        Ensures all systems, services, software and equipment meet acceptable security standards

        Checks and scans security hardware and software regularly to ensure it is functioning properly

        Researches third-party services, such as cloud services the company is considering using to store or process data

      8. Marketing manager

        Approves data protection statements attached to emails and other marketing copy

        Addresses data protection queries from clients, target audiences or media outlets

        Coordinates with the DPO to ensure all marketing initiatives adhere to data protection laws and the company’s Data Protection Policy

      9. Processing data

        The processing of all data must be:

        Necessary to deliver our services

        In our legitimate interests and not unduly prejudice the individual’s privacy

        In most cases this provision will apply to routine business data processing activities

        Our Terms of Business contains a Privacy Notice to customers, members, employees, contractors and interns on how VICTVS Ltd. will gather, use, disclose, and manage their personal data.

        The notice:

        Sets out the purposes for which we hold personal data on customers, contractors, employees and interns

        Highlights that our work may require us to give information to third parties such as expert witnesses and other professional advisers

        Provides that customers have a right of access to the personal data that we hold about them

        It can be seen at https://www.victvs.co.uk/privacy-policy/.

      10. Sensitive personal data

        In most cases where we process sensitive personal data we will require the data subject’s explicit consent to do this unless exceptional circumstances apply, or we are required to do this by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will need to clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed.

      11. Accuracy and relevance

        We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this.

        Individuals may ask that we correct inaccurate personal data relating to them. If any member of staff believes that information is inaccurate they should record the fact that the accuracy of the information is disputed and inform the DPO as soon as they are aware of it.

      12. Your personal data

        You must take reasonable steps to ensure that personal data we hold about you is accurate and updated as required. For example, if your personal circumstances change, please inform the relevant department so that they can update your records.

      13. Data security

        You must keep personal data secure against loss or misuse. Where other organisations process personal data as a service on our behalf, the DPO will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third-party organisations.

      14. General Staff Guidelines and Data Use

        The only people able to access data covered by this policy should be those who need it for their work.

        Data should not be shared informally. When access to confidential information is required, employees can request it from their line managers

        VICTVS Ltd. will provide training to all employees to help them understand their responsibilities when handling data

        Employees should keep all data secure, by taking sensible precautions and following the guidelines below

        In particular, passwords must be used, and they should never be shared

        Personal data should not be disclosed to unauthorized people, either within the company or externally

        Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of

        Employees should request help from their line manager or the DPO if they are unsure about any aspect of data protection

        When working with personal data, employees should ensure the screens of their computer are always locked when left unattended

        Data, when transferred electronically, must always be sent through our secure network and only from VICTVS’ accounts

        Personal data should never be transferred outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relations to the processing of personal data

        Employees should not save copies of personal data to their own computers

      15. Data Storage

        These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the DPO or COO.

        In cases when data is stored on paper or printed paper, it should be kept in a secure place where unauthorised personnel cannot access it

        Printed data should be shredded when it is no longer needed

        Data stored on a computer should be protected by passwords.

        Data must not be stored on CDs or memory sticks

        Only store data on the VICTVS DropBox Cloud.

        Should they be used, servers containing personal data must be kept in a secure location, away from general office space

        Data should be regularly backed up in line with the company’s backup procedures.

        Data should never be saved directly to mobile devices such as laptops, tablets or smartphones

        Should they be used, servers containing data must be approved and protected by security software and strong firewall

      16. Data Retention

        We must retain personal data for no longer than is necessary. What is necessary will depend on the circumstances of each case, taking into account the reasons that the personal data was obtained, but should be determined in a manner consistent with our data retention guidelines. See Appendix 2

      17. External Processors

        VICTVS Ltd. will ensure that data processed by external processors, for example, service providers, Cloud services including storage, web sites etc. are compliant with this policy and the relevant legislation.

      18. Secure Destruction

        When data held in accordance with this policy is destroyed, it must be destroyed securely in accordance with best practice at the time of destruction.

      19. Enforcement

        If an individual believes that VICTVS Ltd. has not complied with this Policy or acted otherwise than in accordance with this policy and the GDPR, the member of staff should notify the DPO as soon as they are aware of this.

      20. Transferring data internationally

        There are restrictions on international transfers of personal data. You must not transfer personal data anywhere outside the European Economic Area unless that country or territory has an adequate level of protection for the rights and freedoms of data subjects in relations to the processing of personal data which is recognised by the ICO.

      21. Date Accuracy

        The law requires VICTVS Ltd. to take reasonable steps to ensure data is kept accurate and up to date. It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.

        Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets

        Data should be updated as inaccuracies are discovered. For instance, if a freelancer can no longer be reached on their stored email, it should be removed from the database.

        It is the marketing’s manager responsibility to ensure marketing databases are checked against industry suppression files every six months.

      22. Conditions for processing

        Victvs Ltd. will ensure any use of personal data is justified using at least one of the conditions for processing and this will be specifically documented. All staff who are responsible for processing personal data will be aware of the conditions for processing. The conditions for processing will be available to data subjects in the form of a privacy notice.

      23. Subject Access Request

        Please note that under the GDPR, individuals are entitled to:

        Ask what information the company holds about them and why

        Ask how to gain access to it

        Be informed how to keep it up to date

        Be informed how the company is meeting its data protection obligations

        Any subject access request, must be referred immediately to the DPO.

        Any data subject wishing to access their personal data should put their request in writing to the DPO by completing the contact form in our site: https://www.VICTVS.co.uk/contact/

        VICTVS Ltd. will endeavour to respond to any such written requests as soon as is reasonably practicable and, in any event, within at least 30 days of receiving the request. Where requests are complex or numerous, VICTVS Ltd. will be able to extend the deadline for providing the information to three months. However, VICTVS Ltd. will still respond to the request within a month, explaining why the extension is necessary.

      24. Exemptions

        Certain data is exempted from the provisions of the GDPR which includes the following:

        National security and the prevention or detection of crime

        The assessment of any tax or duty

        Where the processing is necessary to exercise a right or obligation conferred or imposed by law upon VICTVS Ltd., including Safeguarding and prevention of terrorism and radicalisation

        The above are examples only of some of the exemptions under the Regulation. Please see Appendix 3 for the full list. Any further information on exemptions should be sought from the DPO.

        Processing data in accordance with the individual’s rights

        You should abide by any request from an individual not to use their personal data for direct marketing purposes and notify the DPO about any such request.

        Do not send direct marketing material to someone electronically (e.g. via email) unless you have an existing business relationship with them in relation to the services being marketed. Please note this applies to individuals only and not companies. Please contact the DPO for advice on direct marketing before starting any new direct marketing activity.

      25. Training

        All staff will receive training on this policy. New joiners will receive training as part of the induction process. Further training will be provided at least every two years or whenever there is a substantial change in the law or our policy and procedure.

        Training is provided through an in-house seminar on a regular basis and will cover.

        The law relating to data protection

        Our data protection and related policies and procedures

        Completion of training is compulsory.

      26. GDPR Provisions

        Where not specified previously in this policy, the following provisions will be in effect on or before 25 May 2018.

        Privacy Notice – transparency of data protection

        Being transparent and providing accessible information to individuals about how we will use their personal data and how to exercise their rights is important for VICTVS Ltd. To these ends, the company has a privacy statement setting out how data relating to individuals is used by the company.

        The privacy statement will be available on the company’s website (https://www.victvs.co.uk/privacy-policy/).

        Conditions for processing

        We will ensure any use of personal data is justified using at least one of the conditions for processing and this will be specifically documented. All staff who are responsible for processing personal data will be aware of the conditions for processing. The conditions for processing will be available to data subjects in the form of a privacy notice.

        Justification for personal data

        We will process personal data in compliance with all relevant data protection principles. We will document the additional justification for the processing of sensitive data and will ensure any biometric and genetic data is considered sensitive.

        Consent

        The data that we collect to send newsletters by emails is subject to active consent by the data subject. This consent can be revoked at any time.

        Criminal record checks

        Any criminal record checks must be justified by law. Criminal record checks cannot be undertaken based solely on the consent of the subject.

        Data portability

        Upon request, a data subject should have the right to receive a copy of their data in a structured format. These requests should be processed within 30 days, provided there is no undue burden and it does not compromise the privacy of other individuals. A data subject may also request that their data is transferred directly to another system. This must be done for free.

      27. Privacy by design and default

        All data subject interactions and touch points have privacy designed right into them and their default mode is one of compliance. More specifically:

        Processing activities will be planned, designed and performed with data security and, more generally, compliant with the GDPR in mind.

        By default, only personal data which is necessary for each specific purpose of the processing will be processed.

        By default, personal data is not made accessible without the individual’s intervention to an indefinite number of individuals.

      28. International data transfers

        No data may be transferred outside of the EEA without first discussing it with the DPO.

      29. Reporting breaches

        All members of staff have an obligation to report actual or potential data protection compliance failures. This allows us to:

        Investigate the failure and take remedial steps if necessary

        Maintain a register of compliance failures

        Notify the Supervisory Authority (SA) of any compliance failures that are material either in their own right or as part of a pattern of failures

        Please refer to our Information Security Incident Management Policy for our reporting procedure.

      30. Monitoring

        Everyone must abide by the terms of this Data Protection policy. The DPO has overall responsibility for this policy and will monitor it regularly to make sure it is being adhered to.

      31. Consequences of failing to comply

        We take compliance with this policy very seriously. Failure to comply puts both you and the organisation at risk. The importance of this policy means that failure to comply with any requirement may lead to disciplinary action.

        If you have any questions or concerns about anything in this policy, please raise them with the DPO by completing the contact form in our site: https://www.VICTVS.co.uk/contact/.

      32. Appendix 1

        Transfers Abroad – Adequate Standard of Data Protection

        No restriction Restriction
        European Economic Area (EEA): All EU members plus Norway, Iceland and Liechtenstein. Third Countries (a country outside of the European Economic Area) – with exemptions
        Third countries in EU’s approved list: Switzerland, Guernsey, Argentina, Isle of Man, Faroe Islands, Jersey, Andorra, Israel, New Zealand and Uruguay, Canada (for organisations that are subject to Canada’s PIPEDA law), the US-EU Safe Harbour is no longer deemed adequate. It has effectively been replaced by the EU-US Privacy Shield.
      33. Appendix 2

        Data Retention

        Type or Record Retention Period
        Pay & tax: HMRC correspondence, PAYE records, maternity and paternity pay records 6 years from end of fiscal year
        Employment records: redundancy, equal opps; health & welfare records; pay & tax: pay deductions, tax forms, payroll, loan 6 years after last action
        Mailing lists, mailing proofs, interview records, unsuccessful job applications 2 years after last action
        Accounting & financial management information, personal data, complaints, employment records, legacies, intellectual property, pay & tax, pension information, risk & insurance 6 years from end of fiscal year
        Litigation dossiers, agreements/ contracts, declarations of interest, superannuation registers 10 years from last action
        Pensioner records, investment policies, statements of investments principles and policies 12 years after benefit ceases or adoption
        Asset registers, receipts, purchase orders, invoices – revenue, petty cash, creditor’s & debtor’s records; benefits in kind; draw results; standard T&Cs, itts, software licenses, management accounts, successful grant applications and correspondence, trade marks 6 years after last action
        Disclosures & Barring Service data Unsuccessful applicants – 6 months Successful candidates – 3 years.
      34. Appendix 3

        Exemptions and restrictions to the Right of Access

        Individuals have a right of access to see their personal data. However, the Data Protection Act provides that individuals do not have a right to see information relating to them where any of the following circumstances apply.

        If the information is kept for the purpose of preventing, detecting or investigating offences, apprehending or prosecuting offenders, or assessing / collecting any taxes or duties: but only in cases where allowing the right of access would be likely to impede any such activities

        If granting the right of access would be likely to impair the security or the maintenance of good order in a prison or other place of detention.

        If the information is kept for certain anti-fraud functions: but only in cases where allowing the right of access would be likely to impede any such functions.

        If granting the right of access would be likely to harm the international relations of the State.

        If the information concerns an estimate of damages or compensation in respect of a claim against the organisation, where granting the right of access would be likely to harm the interests of the organisation.

        If the information would be subject to legal professional privilege in court.

        If the information is kept only for the purpose of statistics or carrying out research, but only where the information is not disclosed to anyone else, and where the results of the statistical work or research are not made available in a form that identifies any of the individuals involved.

        If the information is back-up data.

        Comment: It would be unreasonable to expect an organisation to retrieve back-up copies of its personal information in responding to an access request. However, it should be noted that back-up data is not necessarily the same as old or archived data. Such archive data is subject to an individual’s right of access in the normal way.

  7. Quality policy

    The objective of VICTVS is to provide global exam management and External Quality Assurance services to international awarding bodies. We are committed to delivering global services of the highest quality to our clients.

    In order to achieve this objective, the Company will maintain an effective and efficient Quality Management System based upon the requirements of ISO 9001:2015.

    In particular, the Company will:

    • Set measurable objectives that will help achieve customer requirements, including:
      • Providing outstanding customer service
      • Meeting or exceeding client expectations
      • Assessing our social and environmental impact as a global company
    • Monitor and measure the effectiveness of its business processes and objectives through Management Reviews and the internal audit process
    • Proactively seek feedback from customers on how well its services meet their requirements and set objectives for continual improvement
    • Analyse the causes of any complaint or problem, and take appropriate action to prevent recurrence
    • Select and work closely with contractors who enable the Company to create and deliver a reliable performance
    • Recruit employees and contractors who are customer focused and support them with appropriate training and systems to ensure their competence always meets the Company’s requirements
    • Provide a work environment that promotes the wellbeing of its employees and encourages positive teamwork
    • Encourage all employees to identify problems and make suggestions to improve all aspects of the Company’s services and business processes
    • Ensure that all employees and people doing work for us are aware of the Quality Policy and are committed to the effective implementation of the Quality Management System
    • Ensure that the Company complies with all necessary regulatory and legal requirements

    The continual improvement of the Company’s Quality Management System is fundamental to the success of its business and must be supported by all employees and people doing work for us as an integral part of their daily work.

    Benjamin Clayson

    CEO

    Date: June 2020

Agreement