Helen Youngman Education Ltd (“We”) are committed to protecting and respecting your privacy, in accordance with General Data Protection Regulation.
We commit to:
· comply with both the law and good practice
· respect individual’s rights
· be open and honest with individuals whose data is held
· provide training and support to staff who handle personal data, so that they can act confidently and consistently
· register our details with the Information Commissioners Office (ICO)
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Helen Youngman Education Ltd of 41 Southwold Road, Wrentham, Beccles, Suffolk NR34 7JE).
This policy only applies to our site. If you leave our site via a link or otherwise, you will be subject to the policy of that website provider. We have no control over that policy or the terms of the website and you should check their policy before continuing to access the site.
Information we may collect from you
We may collect and process the following data about you:
· Information that you provide by filling in forms on our site www.helenyoungman.co.uk (our site). This includes information provided at the time of registering to use our site, subscribing to our service or requesting further services. We may also ask you for information when you report a problem with our site.
· If you contact us, we may keep a record of that correspondence.
· We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
· Details of your visits to our site including, but not limited to, traffic data, location data, weblogs, operating system, browser usage and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
· Data protection Principles
· There are six data protection principles that are core to the General Data Protection Regulation. We will make every possible effort to comply with these principles at all times in our information-handling practices. The principles are:
· Lawful, fair and transparent – Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used
· Limited for its purpose – Data can only be collected for a specific purpose
· Data minimisation – Any data collected must be necessary and not excessive for its purpose
· Accurate – The data we hold must be accurate and kept up to date
· Retention – We cannot store data longer than necessary
· Integrity and confidentiality – The data we hold must be kept safe and secure
· Key risks – The main risks are in two areas;
· information about individuals getting into the wrong hands, through poor security or inappropriate disclosure of information
· individuals being harmed through data being inaccurate or insufficient
· Helen Youngman Education Ltd is the data controller for all personal data held by us and is responsible for:
· Analysing and documenting the types of personal data we hold
· Checking procedures to ensure they cover all the rights of the individual
· Identifying the lawful basis for processing data
· Ensuring consent procedures are lawful
· Implementing and reviewing procedures to detect, report and investigate personal data breaches
· Storing data in safe and secure ways
· Assessing the risk that could be posed to individual rights and freedoms should data be compromised
IP addresses and Cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual and we will not collect personal information in this way.
We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service.
They enable us:
· To estimate our audience size and usage pattern.
· To store information about your preferences, and so allow us to customise our site according to your individual interests.
· To speed up your searches.
· To recognise you when you return to our site.
Data recording, security and storage
We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it is obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this. We will retain personal data for no longer than is necessary.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
In cases when data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it. Printed data will be shredded when it is no longer needed.
Data stored on CDs, memory sticks or portable hard drives will be encrypted or password protected and locked away securely when they are not being used. Cloud services used to store personal data will be assessed for compliance with GDPR Principles. Data will be regularly backed up. All servers containing sensitive data must be protected by security software. All possible technical measures will be put in place to keep data secure.
Accountability and Transparency
We will ensure accountability and transparency in all our use of personal data. We will keep written up-to-date records of all the data processing activities we do and ensure that they comply with each of the GDPR principles.
We will regularly review our data processing activities, and implement measure to ensure privacy by design including minimisation, transparency and continuously improving security and enhanced privacy procedures.
Uses made of the information
We use information held about you in the following ways:
• To ensure that content from our site is presented in the most effective manner for you and for your computer.
• To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
• To carry out our obligations arising from any contracts entered into between you and us.
• To allow you to participate in interactive features of our service, when you choose to do so.
• To notify you about changes to our service.
We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by post or telephone.
If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data.
Disclosure of your information
We may disclose your personal information to third parties:
• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Consent and your rights
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com or 41 Southwold Road, Wrentham, Beccles, Suffolk NR34 7JE.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We will ensure that consents are specific, informed and plain English such that individuals clearly understand why their information will be collected, who it will be shared with and the possible consequences of them agreeing or refusing the proposed use of the data. We will seek explicit consent wherever possible. We will maintain an audit trail of consent by documenting details of consent received including who consented, when, how, what, if and when they withdraw consent. We may hold details of consent in an encrypted, secure format online and may also maintain the consents in a spreadsheet. We will regularly review consents and seek to refresh them regularly or if anything changes.
We will comply with both data protection law and Privacy and Electronic Communications Regulations (PECR) when sending electronic marketing messages. PECR restricts the circumstances in which we can market people and other organisations by phone, text, email or other electronic means.
Subject Access Requests
An individual has the right to receive confirmation that their data is being processed, access to their personal data and supplementary information which means the information which should be provided in a privacy notice. We will provide an individual with a copy of the information requested within one months of receipt of the request. We will provide the data in a structured, commonly used and machine readable format. This would normally be a PDF file although other formats are acceptable. We must provide this data either to the individual who has requested it, or to the data controller they have requested it be sent to. Once a subject access request has been made, we will not change or amend any of the data that has been requested.
Any subject access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. If complying with the request is complex or numerous, the deadline can be extended by two months, but the individual will be informed within one month.
We can refuse to respond to certain requests, and can, in circumstances of the request being manifestly unfounded or excessive charge an additional fee. If the request is for a large quantity of data, we can request the individual specify the information they are requesting.
Helen Youngman Education Ltd
Riverside Business Centre
or email firstname.lastname@example.org