Paths to Learning Ltd - Privacy Policy February 2019

This policy is made in accordance with the General Data Protection Regulation (“GDPR”).

It explains how PATHS TO LEARNING Limited collects, records, stores, uses and discloses personal information about clients, prospective clients and those referring business to PATHS TO LEARNING Limited.

PATHS TO LEARNING Limited is a “Data Controller.”  It is responsible for deciding how personal information is “processed” which includes its being collected, recorded, stored, used and disclosed.

WHAT PERSONAL DATA MAY BE PROCESSED?

PATHS TO LEARNING may collect, record, store, use and disclose personal information including

  • Personal contact details such as title, name, address, e-mail addresses and telephone numbers 
  • Gender
  • Nationality
  • Religion
  • Date of birth
  • Job title and employment details
  • Details about your family members including your children
  • Medical information
  • National insurance number
  • Criminal convictions and immigration history
  • Photographs
  • Passports, biometric residence cards and other documentation which may contain biometric details 

Please let PATHS TO LEARNING Limited, referred to below as PATHS TO LEARNING, know if your personal information changes so that the data stored and used will be accurate and up to date.

WHY IS PERSONAL DATA PROCESSED BY PATHS TO LEARNING?

Personal data will be processed only for legitimate purposes including:

To enter into or to perform a contract:

  • To enable the provision of a quote for educational advice  
  • To enable the provision of educational advice
  • To enable the submission of information to Schools and Colleges and educational professionals
  • To be able to correspond on behalf of clients with Schools and Colleges and educational professionals or individuals relevant to assistant with educational advice

To comply with legal obligations

To protect the legitimate interests of the business:

  • To defend the business against legal action
  • To comply with the requirements of the insurance providers to the business

Where explicit consent has been provided

HOW WILL PERSONAL DATA BE PROCESSED?

Data will be collected from clients, prospective clients and those who refer business to PATHS TO LEARNING and will be stored on hard copy files and on PATHS TO LEARNING’s computer data base.

Once a client’s case is concluded the hard copy file and the computer file will be archived for 6 years after which they will be destroyed /deleted unless they have been requested by the client in the interim. A prospective client’s data will be stored for no longer than six months should they not become a client.

No data will be transferred to a server outside of the EEA without PATHS TO LEARNING having an agreement in place to ensure that any organisation involved in the processing of the business’s data has provided appropriate safeguards, that the data subject has enforceable rights and effective legal remedies and that an adequate level of protection is provided to any personal data transferred.

WILL PERSONAL DATA BE SHARED WITH THIRD PARTIES? – CONFIDENTIALITY

PATHS TO LEARNING will keep all information which you provide confidential and will not generally pass it on to third parties except with your permission or as required by law – to include the undertaking of Anti-Money Laundering Checks.

PATHS TO LEARNING may need to share information with third parties in order to carry out its contract to provide services to its clients.

PATHS TO LEARNING may outsource the typing or administration work on your file and will obtain a confidentiality agreement from anyone to whom work is outsourced.

PATHS TO LEARNING outsources it technical support and will obtain a confidentiality agreement from all relevant employees of the relevant company.

SECURITY

PATHS TO LEARNING has taken appropriate steps to try and ensure the security of data processed but please be aware of the below:

When you provide PATHS TO LEARNING with fax or e-mail addresses for the sending of material to you it will be assumed that your arrangements are sufficiently secure and confidential to protect your interests.

The internet is not secure and there are risks if you send PATHS TO LEARNING sensitive information by e-mail or if your request that PATHS TO LEARNING sends information by e-mail. Data sent by e-mail is not routinely encrypted. Please tell PATHS TO LEARNING if you do not wish for communications to be sent by e-mail. If PATHS TO LEARNING becomes aware of actual or threatened interception of messages sent by e-mail you will of course be notified.

PATHS TO LEARNING uses filtering and firewall software for incoming e-mail and internet communications so you should not assume that e-mails sent by you are received.

FOR HOW LONG WILL PERSONAL DATA BE STORED?

Clients’ hard copy files will be archived once a case is concluded and will be stored for 6 years after which they will be destroyed unless a client has requested them.

Clients’ electronic records will be stored for 6 years after which they will be destroyed.

Prospective clients’ details will be deleted or shredded after 6 months.

The details of those who refer business to PATHS TO LEARNING will be stored until such storage is no longer valid or until PATHS TO LEARNING is asked to delete them.

WHAT RIGHTS DO YOU HAVE?

In certain circumstances you have the right to:

  • Request access to your personal data – “Subject Access Requests.”  You have the right to ask what personal detail is stored about you
  • Request the correction of personal data
  • Withdraw your consent to the processing of data where consent has been requested and obtained 
  • Restrict the processing of data
  • Request the erasure of personal data
  • Move, copy and transfer your personal data without affecting its usability (portability of personal data)
  • Object to the processing of personal data
  • A request can be made verbally or in writing.  A response must be provided free of charge within one month.

If compliance with a request would prevent compliance with PATHS TO LEARNING’s legal obligations, would harm the legitimate interests of the business or is clearly unfounded or excessive PATHS TO LEARNING may refuse to comply with all or part of a request.

PATHS TO LEARNING has in place a system for reporting data breaches.

You have the right to complain to the Information Commissioners’ Office (“ICO”) which is the UK supervisory authority for data protection issues. They can be contacted on 03031231113.

OUR WEBSITE

Please note that although this website may provide links to other websites it only applies to the webpages hosted under PATHS TO LEARNING’s domain (i.e. pages with URLs containing pathstolearning.com).

COOKIES:

A website cookie is a piece of text that a web server can store on a user’s system for later retrieval. For example, a website might generate a unique ID number for each visitor and store the ID number on each user’s machine using a cookie file.

Your web browser will have options to show you all the cookies stored and will allow you to delete some/all of them as you wish.

Cookies may be:

Fundamentally necessary for the delivery of the web service you are using

Necessary to benefit from the full functionality of the service, but not essential for some level of service

For the benefit of the service provider or to allow the service provider to better understand its users and thus provide a better service e.g analytical tools so a site can produce statistics on the types of users it has or the sections of its site that are most popular.

For a wide range of other purposes.

Our Content Management System

Set by our content management system in order to provide basic functions

Google Analytics

Used site-wide to help us tracking visitor usage. This is a web analytic service provided by Google.Inc. Google Analytics sets a cookie in order to evaluate use of those services and compile a report for us.