TT Education (“We”) are committed to protecting and respecting your privacy, in accordance with General Data Protection Regulation. We commit to:
This policy (together with our Terms & Conditions and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. We keep certain basic information when you visit our website and recognise the importance of keeping that information secure and letting you know what we will do with it.
For the purpose of the Data Protection Act 2018 (the Act), the data controller is TT Education of 103 Whitehall Road, Colchester, Essex CO2 8HA (registration number 08329294).
This policy only applies to our site. If you leave our site via a link or otherwise, you will be subject to the policy of that website provider. We have no control over that policy or the terms of the website and you should check their policy before continuing to access the site.
Information we may collect from you
We may collect and process the following data about you:
Data protection Principles
There are six data protection principles that are core to the General Data Protection Regulation. We will make every possible effort to comply with these principles at all times in our information-handling practices. The principles are:
Key risks - The main risks are in two areas;
TT Education is the data controller for all personal data held by us and is responsible for:
IP addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual and we will not collect personal information in this way.
We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
Data recording, security and storage
We will ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it is obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this or would otherwise reasonably expect this. We will retain personal data for no longer than is necessary.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
In cases when data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it. Printed data will be shredded when it is no longer needed.
Data stored on CDs, memory sticks or portable hard drives will be encrypted or password protected and locked away securely when they are not being used. Cloud services used to store personal data will be assessed for compliance with GDPR Principles. Data will be regularly backed up. All servers containing sensitive data must be protected by security software. All possible technical measures will be put in place to keep data secure.
Accountability and Transparency
We will ensure accountability and transparency in all our use of personal data. We will keep written up-to-date records of all the data processing activities we do and ensure that they comply with each of the GDPR principles.
We will regularly review our data processing activities, and implement measure to ensure privacy by design including minimisation, transparency and continuously improving security and enhanced privacy procedures.
Uses made of the information
We use information held about you in the following ways:
We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by post or telephone.
If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data.
Disclosure of your information
We may disclose your personal information to third parties:
Consent and your rights
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org or 103 Whitehall Road, Colchester, Essex CO2 8HA.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We will ensure that consents are specific, informed and plain English such that individuals clearly understand why their information will be collected, who it will be shared with and the possible consequences of them agreeing or refusing the proposed use of the data. We will seek explicit consent wherever possible. We will maintain an audit trail of consent by documenting details of consent received including who consented, when, how, what, if and when they withdraw consent. We may hold details of consent in an encrypted, secure format online and may also maintain the consents in a spreadsheet. We will regularly review consents and seek to refresh them regularly or if anything changes.
We will comply with both data protection law and Privacy and Electronic Communications Regulations (PECR) when sending electronic marketing messages. PECR restricts the circumstances in which we can market people and other organisations by phone, text, email or other electronic means
Subject Access Requests
An individual has the right to receive confirmation that their data is being processed, access to their personal data and supplementary information which means the information which should be provided in a privacy notice. We will provide an individual with a copy of the information requested within one months of receipt of the request. We will provide the data in a structured, commonly used and machine readable format. This would normally be a PDF file although other formats are acceptable. We must provide this data either to the individual who has requested it, or to the data controller they have requested it be sent to. Once a subject access request has been made, we will not change or amend any of the data that has been requested.
Any subject access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. If complying with the request is complex or numerous, the deadline can be extended by two months, but the individual will be informed within one month.
We can refuse to respond to certain requests, and can, in circumstances of the request being manifestly unfounded or excessive charge an additional fee. If the request is for a large quantity of data, we can request the individual specify the information they are requesting.