GDPR Privacy Policy (Updated 14/06/24)
Introduction
Bedford Tutor collects, stores and uses personal information in accordance with our understanding of the General Data Protection Regulation (GDPR)(EU) 2016/678, and the Privacy & Electronic Communication Regulations 2003.
We respect your privacy and will hold your data responsibly and securely; we will not disclose any of your details to a third party without prior explicit permission.
Who Are We?
Bedford Tutor provides one-to-one tuition to children aged 5-16 years. The business is a limited company and has two directors: Annabel Louise Walker and Helena Judith Walker; Annabel Louise Walker is the data controller for processing information from both customers and prospective customers. We can be contacted by email at bedfordtutor@outlook.com or by telephone on 07757 355484.
What Information Do We Collect?
The following information is collected via this website through a secure web form; the Bedford Tutor website is hosted by NetNerd which is a UK-based company and the web builder used is Weebly, based in The USA.
This additional information is collected over the telephone and/or at an introductory meeting:
The following information is collected during the one-to-one tuition process:
How Do We Use Personal Information?
Personal data is used exclusively for the purposes of operating Bedford Tutor, including:
What Legal Basis Do We Have For Processing Your Personal Data?
We will be asking you for personal data about you and your child/ren in order to deliver a tuition service to you. We must have a legal basis for collecting this data, and there are six lawful bases:
(a) Consent: The individual has given clear consent for you to process their personal data for a specific purpose
(b) Contract: The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: The processing is necessary for you to comply with the law (not including contractual obligations)
(d) Vital interests: The processing is necessary to protect someone's life.
(e) Public task: The processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests.
Sharing Personal Data
We will not share your personal data without prior explicit consent unless required to by a government authority (e.g. police, HMRC). In rare circumstances we may ask your permission to share your personal data, but you have the right to refuse permission and we will respect your decision.
Where Do We Store And Process Personal Data?
Website:
Paper-Based Records
Progress & Planning Records
Customer Communications
Client & Student Details
In accordance with the General Data Protection Regulation (GDPR), we will process any personal data according to the seven principles below:
Transfers Of Data Outside The UK/EEA?
Client data may be transferred to countries outside the UK or European Economic Area that may not have the same laws to protect personal data. This may occur for example if the business' computer servers are hosted outside of the UK/EEA or if there is a client enquiry from outside the UK/EEA. Clients should not submit any personal data unless in acceptance of this position.
How Long Do We Keep Personal Data For?
We are required by law to keep some data for some time after a student has left tuition. The business has a review plan in place and ensures that any data is disposed of appropriately and securely.
If There Is A Suspected Breach
If we suspect that data has been accessed unlawfully, we will inform the relevant parties immediately and report to the Information Commissioner's Office within 72 hours. We will keep a record of any data breach.
Your Rights In Relation To Personal Data
Under the GDPR, you have the right to access and control your personal data. You can contact the data controller to:
Requests will be acknowledged within 14 days and processed within 28 days. It will not be possible to delete data if we are required to retain it by UK/EU legislation.
If you have questions about how Bedford Tutor is processing your personal data, please contact Annabel Louise Walker who will endeavour to resolve your concerns.
Changes To This Policy
This policy may be changed or amended at the business' absolute discretion, so clients should review it from time to time for any changes
How To Contact Us?
We can be contacted via email on bedfordtutor@outlook.com or by telephone on 07757 355484.
Introduction
Bedford Tutor collects, stores and uses personal information in accordance with our understanding of the General Data Protection Regulation (GDPR)(EU) 2016/678, and the Privacy & Electronic Communication Regulations 2003.
We respect your privacy and will hold your data responsibly and securely; we will not disclose any of your details to a third party without prior explicit permission.
Who Are We?
Bedford Tutor provides one-to-one tuition to children aged 5-16 years. The business is a limited company and has two directors: Annabel Louise Walker and Helena Judith Walker; Annabel Louise Walker is the data controller for processing information from both customers and prospective customers. We can be contacted by email at bedfordtutor@outlook.com or by telephone on 07757 355484.
What Information Do We Collect?
The following information is collected via this website through a secure web form; the Bedford Tutor website is hosted by NetNerd which is a UK-based company and the web builder used is Weebly, based in The USA.
- Full name of the client booking tuition
- Full name of the student receiving tuition
- Date of birth of the student receiving tuition
- Client e-mail address(es)
- Client mobile telephone number(s)
This additional information is collected over the telephone and/or at an introductory meeting:
- Student's school
- Student's special educational needs (if any)
- Student's medical conditions/allergies (if any)
The following information is collected during the one-to-one tuition process:
- Changes to personal/contact details
How Do We Use Personal Information?
Personal data is used exclusively for the purposes of operating Bedford Tutor, including:
- Personalising the individual student's tuition experience
- Improving Bedford Tutor
- Communicating with clients (for example to report progress, arrange appointments and share useful resources for the student)
- Satisfying the conditions of our business insurance
What Legal Basis Do We Have For Processing Your Personal Data?
We will be asking you for personal data about you and your child/ren in order to deliver a tuition service to you. We must have a legal basis for collecting this data, and there are six lawful bases:
(a) Consent: The individual has given clear consent for you to process their personal data for a specific purpose
(b) Contract: The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: The processing is necessary for you to comply with the law (not including contractual obligations)
(d) Vital interests: The processing is necessary to protect someone's life.
(e) Public task: The processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests.
Sharing Personal Data
We will not share your personal data without prior explicit consent unless required to by a government authority (e.g. police, HMRC). In rare circumstances we may ask your permission to share your personal data, but you have the right to refuse permission and we will respect your decision.
Where Do We Store And Process Personal Data?
Website:
- Any records stored using the our website will be compliant with GDPR.
Paper-Based Records
- All paper-based records of students' progress will use their first name only, with a single initial for their surname, if needed.
Progress & Planning Records
- All records related to student progress and planning; lessons in credit; and lesson dates and timings will use first names only, with a single initial for their surname, if needed. These records will be backed up to Microsoft OneDrive and Google Drive, which are based outside of the UK. No information other than a student's first name, and initial of their surname (if needed), will be used in the above instances.
Customer Communications
- WhatsApp will be used for most of our communications with customers and has been chosen because it uses end-to-end encryption to keep data safe. Customer receipts (with the child's full name) are sent through WhatsApp, as well as weekly progress reports (sent as an audio message).
- Emails (through this website's webmail account at: enquiries@bedfordtutor.co.uk, or Microsoft Outlook at: bedfordtutor@outlook.com) are only used for initial enquiries, letters and official documents. Bedford Tutor does a through audit of emails every four weeks.
Client & Student Details
- The below records will be kept in a separate Pages/PDF document for each student. These documents will be stored on our two password-protected business computers and backed up to a password-protected external hard drive. In addition, it will be backed up to the cloud service: KnowHow Cloud, which uses enhanced encryptions and has servers based in the UK. For more information, please refer to: https://www.currys.co.uk/services/repairs-maintenance/cloud-storage.html
- Full name of the client booking tuition
- Full name of the student receiving tuition
- Date of birth of the student receiving tuition
- Client e-mail address(es)
- Client mobile telephone number
- Student's school
- Student's special educational needs (if any)
- Student's medical conditions/allergies (if any)
- Format of the tuition (visiting, online, or hybrid tuition)
In accordance with the General Data Protection Regulation (GDPR), we will process any personal data according to the seven principles below:
- We must have a lawful reason for collecting personal data, and must do it in a fair and transparent way. We will be clear about what data we are collecting, and why.
- We must only use the data for the reason it is initially obtained. This means that we may not use a person's data to market a product or service to them that is unconnected to the reasons for which they shared the data with us in the first place.
- We must not collect any more data than is necessary. We will only collect the data we need to hold in order to do the job for which we have collected the data.
- We will ensure that the data is accurate, and ask parents to check annually and confirm that the data held is still accurate.
- We will not keep data any longer than needed. We must only keep the data for as long as is needed to complete the tasks it was collected for.
- We must protect the personal data. We are responsible for ensuring that we, and anyone else charged with using the data, processes and stores it securely.
- We will be accountable for the data. This means that we will be able to show how we (and anyone working with us) are complying with the law.
Transfers Of Data Outside The UK/EEA?
Client data may be transferred to countries outside the UK or European Economic Area that may not have the same laws to protect personal data. This may occur for example if the business' computer servers are hosted outside of the UK/EEA or if there is a client enquiry from outside the UK/EEA. Clients should not submit any personal data unless in acceptance of this position.
How Long Do We Keep Personal Data For?
We are required by law to keep some data for some time after a student has left tuition. The business has a review plan in place and ensures that any data is disposed of appropriately and securely.
If There Is A Suspected Breach
If we suspect that data has been accessed unlawfully, we will inform the relevant parties immediately and report to the Information Commissioner's Office within 72 hours. We will keep a record of any data breach.
Your Rights In Relation To Personal Data
Under the GDPR, you have the right to access and control your personal data. You can contact the data controller to:
- Request a report of the personal information currently stored
- Request correction or deletion of personal data
Requests will be acknowledged within 14 days and processed within 28 days. It will not be possible to delete data if we are required to retain it by UK/EU legislation.
If you have questions about how Bedford Tutor is processing your personal data, please contact Annabel Louise Walker who will endeavour to resolve your concerns.
Changes To This Policy
This policy may be changed or amended at the business' absolute discretion, so clients should review it from time to time for any changes
How To Contact Us?
We can be contacted via email on bedfordtutor@outlook.com or by telephone on 07757 355484.