THE LEARNING COLLECTIVE GROUP LIMITED

Privacy Statement

GDPR: Data Privacy Notice for Clients

1.   Introduction

1.1          The Learning Collective Group is a limited company providing academic tuition and counselling to children. The company is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data is collected from you, or that you provided to the company and how will be processed by the company.  

1.2          The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

2.   Definitions

Data Controller is the organisation or authority which determines how and for what purpose the Personal Data is processed. When operating CCTV, a Director of The Learning Collective Group Ltd is the relevant Data Controller and is responsible for ensuring compliance with the Data Protection Laws.

Data processor is the processor responsible for processing personal data on behalf of the controller.

Data Protection Laws means:

a)     Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (the “GDPR”) and any equivalent or implementing legislation;

b)    all other applicable laws, regulations or court judgements relating to the processing of personal data, data privacy, electronic communications, marketing and/or data security; and

c)     any and all legally binding guidelines, recommendations, best practice, opinions, directions, decisions, or codes issued, adopted or approved by the European Commission, the Article 29 Working Party, the European Data Protection Board, the UK’s Information Commissioner’s Office and/or any other supervisory authority or data protection authority from time to time in relation to the processing of personal data, data privacy, electronic communications, marketing and/or data security; in each case as from time to time in force and as from time to time amended, extended, consolidated, re-enacted, replaced, superseded or in any other way incorporated into law and all orders, regulations, statutes, instruments and/or other subordinate legislation (including the Data Protection Bill 2017 when in force) made under any of the above in any jurisdiction from time to time.

Data Subject means any individuals who can be identified directly or indirectly from CCTV Data (or other Data in our possession). Data Subjects include members of the public and clients.

Categories of data is personal data and special categories of personal data

Personal data means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example, name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.

Special categories personal data include genetic data, and biometric data, where processed, to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Site means the Company’s premises at 16 Arley Road, Pandy, Wrexham, LL12 8PQ. 

The Company means The Learning Collective Group Limited, a private limited company (10233825) under the Companies Act 2006, registered in Cardiff.

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

3.   Who are we?

3.1       The Learning Collective Group Ltd. is the data controller. This means we decide how your personal data is processed and for what purposes.

3.2       For all data matters contact:

Full name of legal entity: The Learning Collective Group Ltd.

For the attention of: The Data Privacy Manager

Email address: learningcollective@icloud.com

Postal address: 16 Arley Road, Pandy, Wrexham, LL12 8PQ

3.3       The company’s website and social media may include links to third-party websites or the company may give you links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. The company does not control these third-party websites and are not responsible for their privacy statements. When you leave the company’s website or our social media, the company encourage you to read the privacy notice of every website you visit.

4.   The purpose(s) of processing your personal data

4.1       The company will not sell your data to other commercial organisations. 

4.2       The company use your personal data for the following purposes:

·     To respond to your enquiries, including call back request or when you call the company.

·     To register you as a customer.

·     To maintain company accounts and records.

·     To inform individuals of news, events, activities, offers or information about the company’s services.

·     When you give the company explicit permission, the company may also interview, photograph and or video you and your child for newspaper or magazine articles, blogs, or other written media including advertising and marketing.

4.3       You may give the company information about you by filling in forms on the company’s website or filling out forms manually or by corresponding with the company by phone, e-mail, in person or otherwise.

4.4       This includes information you provide when you register to use the company’s website, subscribe to company services, request a call back, participate in discussion boards or other social media functions on the company’s website/social media, enter a competition, promotion or survey, and when you report a problem with the company’s site.

5. The categories of personal data concerned

5.1       With reference to the categories of personal data described in the definitions section, the company may collect, use, store and transfer different kinds of personal data about you which the company has grouped together as follows:

i.        Personal data: which may include name; phone; email; address; child’s name; age; year group; school; and educational needs

ii.        Technical data: the company may also use cookies and record your IP address. If you pay the company electronically, third parties might share your partial bank details with the company

iii.        Special categories of data: medical Information and medical conditions.

6.   What is our legal basis for processing your personal data?

a)         Personal data (article 6 of GDPR)

The company’s lawful basis for processing your general personal data is:

•          consent of the data subject. Consent is obtained from the company’s website online forms, on the telephone or in person.

            •          performance of a contract with you

            •          necessary for the company’s legitimate interests (to recover debts due to us)

b)         Special categories of personal data (article 9 of GDPR)

The company’s lawful basis for processing your special categories of data:

            •          Explicit consent of the data subject

            •          Performance of a contract with you

7.   Sharing your personal data

7.1       Your personal data will be treated as strictly confidential.

7.2       Your data is transferred onto the company’s computerised systems managed by the company. 

7.3       The company uses third party suppliers to perform business functions such as accounting, bookkeeping, financial, banking, and survey collection, mailing lists, email clients, computerised file sharing and other computerised business functions. 

7.4       The company will share your information with legal, regulatory or professional bodies where the company has a legal or regulatory obligation to do so.

7.5       Some of the company’s third-party payment providers might pass partial bank or card details to the company, for verification purposes.

7.6       Sometimes, with your explicit permission, the company may share your data and images with individual contractors, writers or editors of magazines or newspapers, for the purposes of writing an article which may be shared in magazines, newspapers or other printed material on our website, blog or social media.

8.   How long do we keep your personal data?

8.1       The company will not retain this Data indefinitely but will permanently delete it once there is no reason to retain the recorded information. Exactly how long the Data will be retained for will vary according to the purpose for which it was recorded. 

8.2       At the end of its useful life and, in any event, within 7 years, all Data stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs or hard copy photographs will be promptly disposed of as confidential waste.

9.   Providing us with your personal data

9.1       The company require your personal data initially to return your initial enquiry or call back request. 

9.2       When you choose to become a customer, the company requires your personal data as it is a regulatory and contractual requirement.

10.   Your rights and your personal data

10.1     Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

·     The right to request a copy of the personal data which the company holds about you;

·     The right to request that the company corrects any personal data if it is found to be inaccurate or out of date;

·     The right to request your personal data is erased where it is no longer necessary to retain such data;

·     The right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data;

·     The right to request that the company provides you with your personal data and where possible, to transmit that data directly to another data controller;

·     The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

·     The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).

11.     Transfer of Data Abroad

11.1     The company does not pass data outside of the EEA directly. 

12.    Automated Decision Making

12.1     The company does not use any form of automated decision making in our business. 

13.    Further processing

13.1     If the company wishes to use your personal data for a new purpose, not covered by this Data Privacy Notice, then the company will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

14.     Changes to our privacy policy

14.1    Any changes the company makes to its privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this privacy policy.

15.      How to make a complaint

15.1     To exercise all relevant rights, queries or complaints please in the first instance contact: The Data Privacy Manager, 16 Arley Road, Pandy, Wrexham, LL12 8PQ or learningcollective@icloud.com

15.2     If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office:

Telephone:                  0303 1231113 

Email:                          https://ico.org.uk/global/contact-us/email/

Postal address:            Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Policy to be reviewed:             30 June 2020