DATA PRIVACY STATEMENT
1. ABOUT THIS POLICY
1.1 This policy explains when and why we collect personal information about our tutors, students and their parents and guardians, how we use it and how we keep it secure and your rights in relation to it.
1.2 We may collect, use and store your personal data, as described in this Data Processing Policy and as described when we collect data from you.
1.3 We reserve the right to amend this Data Processing Policy from time to time without prior notice. You are advised to check our website www.mooreeducation.co.uk regularly for any amendments.
1.4 We will always comply (and be able to demonstrate our compliance) with relevant data protection legislation, including the General Data Protection Regulation (“GDPR”) when processing your personal data. Further details on the GDPR can be found at the Information Commissioner’s Office website (https://ico.org.uk/). For the purposes of data protection legislation, we will be the “controller” or “data controller” of all personal data held in respect of this Policy.
2. WHO ARE WE?
2.1 Moore Education (“we”/“us”/“our” etc) is committed to protecting the privacy of your personal data collected in the course of our business. W
3. DATA PROCESSING
3.1 In this Policy we use certain terms from the relevant data protection legislation;
(a) “data subject” - anyone who can be identified from personal data;
(b) “controller/data controller” - a business which holds personal data and decides how it should be processed;
(c) “processor/data processor” - a business which holds personal data on behalf of a controller and processes it in accordance with the controller’s instructions;
(d) “personal data” - recorded information we hold about you from which you can be identified. It may include contact details, other personal information, photographs, expressions of opinion about you or indications as to our intentions about you;
(e) “special categories of personal data” - personal data relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health, sex life or sexual orientation;
(f) “processing” - doing anything with personal data including collecting, using, storing, accessing, disclosing and destroying it.
5. HOW WE PROTECT YOUR PERSONAL DATA
5.1 We will only process your personal data to the extent that it is necessary for the purposes specified in this Policy and we will keep the personal data we store about you accurate and up to date. Where it is inaccurate or out of date, it will be destroyed - please let us know if your personal details change or if you become aware of any inaccuracies in the personal data we hold about you.
5.2 We will not keep your personal data for longer than is necessary for the purposes specified in this Policy. Where it is no longer required, it will be pseudonymised, anonymised, destroyed or erased as appropriate.
5.3 We will never sell your personal data or make it available to any third parties without your prior consent (which you are free to withhold) except:
(a) where we use a processor, in which case we will ensure that the processor complies with this Policy and all relevant data protection legislation;
(b) where we are required to do so by law;
(c) as set out in the table above
(d) if we sell any part of our business or assets (in which case we may disclose your personal data confidentially to the prospective buyer as appropriate in accordance with our legitimate interests).
5.4 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
6. HOW LONG WE KEEP YOUR INFORMATION
6.1 We will hold your personal data on our systems for three years and for as long afterwards as it is in our legitimate interests to do so or for as long as necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except we will retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions and the establishment, exercise or defence or legal claims.
6.2 We securely destroy all financial information once we have used it and no longer need it.
7. YOUR RIGHTS
7.1 You have the following rights in respect of your personal data held by us. Please send all requests in respect of these rights to us:
(a) to access your personal data;
(b) to be provided with information about how your personal data is processed (this information is set out in this Policy);
(c) to have your personal data corrected where necessary (please contact us promptly should you become aware of any incorrect or out-of-date information);
(d) to have your personal data erased in certain circumstances;
(e) to object to or restrict how your personal data is processed;
(f) to have your personal data transferred to yourself or to another business.
7.2 If you consider that we have not complied with this Policy or the relevant data protection legislation in respect of your personal data, you should raise the matter with us. Any such breach will be taken seriously and will be dealt with in accordance with the relevant data protection legislation.
7.3 You have the right to take any complaints about how we process your personal data to the Information Commissioner:
Information Commissioner’s Office
0303 123 1113
7.4 For more details, please address any questions, comments and requests regarding our data processing practices to us.