The EU General Data Protection Regulation (GDPR) includes rules on giving privacy information to those whose data is held (data subjects) by an organisation (the data controller).
These rules place an emphasis on making privacy notices understandable and accessible. Data controllers are expected to take ‘appropriate measures’ to ensure that this is the case.
Cambridge Academic Performance (Company Number: 09508524), as the data controller and also a data processor, interprets this as using very clear language to outline each of the responsibilities for each of the data subject groups.
The purpose of this policy is to inform you on how Cambridge Academic Performance collects and uses personal data on pupils and clients. This notice will also inform you which other organisations Cambridge Academic Performance may share your personal data with.
The responsibility for Data Protection belongs to the Director of Cambridge Academic Performance, Liz Parker, who can be contacted via email firstname.lastname@example.org or via the telephone: 07933 151 828.
2. How we use your information:
Cambridge Academic Performance takes it duties and responsibilities under the Legislation extremely seriously and will only keep your data for as long as necessary bearing in mind the purposes for which your personal data is collected.
We are registered with the Information Commissioner’s Office (ICO) with the registration number ZA061736.
This notice may be updated from time to time to ensure continued compliance with current legislation and to reflect best practice.
- What information is being collected about pupils and their parents/guardians
The types of personal and sensitive personal data we may process includes:
- Name and contact information such as address, email and telephone number of students, their Parents or guardians and/or fee payer where appropriate.
- For our outcomes measures we collect specific data which includes students age, gender, country of birth, ethnicity and/or national identity.
- Information relating to pupil educational history such as previous schools and education institutions, courses completed, dates of study, attendance records and examination results.
- Information relating to fees such as banking details of the fee payer.
- Information which may assist with the provision of our services such as any disability, medical or dietary issues and GP or mental health practitioner address and contact details. This may also include information about family or personal circumstances where this is relevant.
- How and why information is collected
How we collect your personal information throughout your journey with our service:
- The ‘Contact us today’ form on the website
- By email
- By phone call and in an initial free chat
- From parents or fee payers
- From schools and educational establishments who refer students to us
- From mental health professionals
- From you during our sessions
- Assessment forms that we give you
Why we collect your personal information throughout your journey with our service:
We collect personal information about you to enable us to care for you and to provide you with an effective service. It may also be collected to fulfill legal obligations which would include our safeguarding obligations as a clinical practitioner (for our independent students who come directly to us) or to fulfil our safeguarding obligations to schools and educational institutions who refer their students to us. We have a duty of care to disclose personal information if a client of ours is at risk to themselves, others or is at risk from someone else.
We also collect your personal information in order to write reports on your behalf.
- How personal data is used/processed
The primary use of the personal data we collect is to support the development of our clients whilst ensuring their wellbeing and safeguarding.
We will process personal data because it is necessary for the performance of our contract with you and in order to take steps towards entering into a contract with you.
We will use your data in order to:
- Communicate with you before entering into a contract with you.
- Provide suitable provision and services for the the client and fee payer.
- Deal with any feedback or concerns you may have.
- Provide services which may not be set out in our consent form but which are nevertheless a part of our academic and wellbeing mission for example a school may provide us with personal information about you in order for us to write a report on your behalf.
- Monitor and evaluate the performance and effectiveness of our service, for example outcome measures.
- Carry out research and statistical analysis.
- Promote equality and diversity.
- Seek advice on our rights and obligations, for instance, where we require our own legal advice.
- Recover monies owed to us.
To comply with our legal obligations we may use your personal data in order to:
- Meet our compliance and regulatory obligations such as safeguarding requirements.
- For the prevention and detection of crime.
- To assist with investigations, including criminal investigations carried out by the police and other competent authorities.
We may also process your personal data where:
- It is necessary for medical purposes e.g. medical diagnosis, provision of health or social care or treatment, or a contract with a health professional.
- It is necessary to protect the vital interests of the student or client or another person.
- We have a legitimate business interest to do so.
- We have the specific or where required, explicit consent of the data subject to do so.
If we ask for consent to use personal information the individual can take back this consent at any time. Any use of information before consent is withdrawn remains valid. Please contact Liz Parker by email: email@example.com if you would like to withdraw any consent that you have given.
Sensitive Personal Data
Some of the personal data Cambridge Academic Performance processes will be “sensitive personal data”. This category of personal data will be subject to additional protections. Sensitive personal data is defined as information about racial or ethnic origin, political opinions, religious or similar beliefs, physical or mental health conditions past or present, family history, sexual life and any criminal history. Much of this very sensitive information will be provided either by the client during sessions or their parents or referring institution in order to support the clients care and wellbeing. Maintaining the confidentiality of this information is a legal obligation under the GDPR and as a registered clinician and it will only be processed for one of the reasons set out in the previous section.
Information concerning a client’s physical or mental health may be disclosed with a parent/guardian, school/college or clinical professional so that a proper level of care may be provided. It will only be sent to individuals who need to know this information to provide support.
In addition, sensitive personal data may be collected to meet government requirements, to monitor our equal opportunities policies and to ensure that under-represented groups receive appropriate support. This information may also be collected and retained in anonymised format for statistical purposes.
- Who personal data may be shared with:
In processing personal data and/or sensitive personal data our service may have reason to share personal data and/or sensitive personal data with a third party. Where this is required the third party will have been assessed to ensure they have appropriate procedures in place to protect the data and only the data required to fulfil the specific purpose shall be passed on.
Some of these circumstances are as follows:
- Disclosures connected with safeguarding and SEN support – e.g. local authorities, educational psychologist or speech therapist.
- School nurse.
- CAMHS (Child and Adolescent Mental Health Service).
- The Local Authority as and when required under education and safeguarding legislation.
- Other agencies or organisations when required under regulatory legislation only.
- Where we consider there to be a risk to yourself or others we may share limited information with relevant third parties (e.g Ambulance, Police, NHS trusts etc) to ensure appropriate support is available.
- Exit/destination schools at your request.
Sensitive personal data will never be shared outside our service without the explicit permission of the data subject other than under those conditions specified under Data Protection Law such as to protect the vital interests of the data subject, another person, or under law or court order.
- What happens after you leave our service
By law as clinical professionals we are required to maintain your personal data for seven years. After this date it will be destroyed in a confidential manner. As personal data is mainly kept in an electronic form by this service, this will mean deleting your files. Where there are paper copies they will be shredded. Your data will be subject throughout that period to the same legislation and safeguards to your conf. We would not share your data without your consent after you have left our service.
- Your right to access your personal data
You have a number of rights in relation to your data under the data regulation.
The right of access
You may request a copy of the personal data that we hold on you.
The right to rectification
You may ask us to correct any information we have about you that you believe is incorrect.
The right to erasure
You may ask us to delete information that we hold on you. Please note that we cannot
delete data required to be kept for our legislative and regulatory compliance.
The right to restrict processing
You may ask us to not process or limit the use of your data in some instances. Please note
that we may not be able to comply with requests that contravene our legal and regulatory
The right to data portability
You may ask us to transfer the data to another organisation in a format that makes it easy
for them to use.
The right to object
You may object, on grounds relating to your particular situation, to any of our particular
processing activities where you feel this has a disproportionate impact on your rights.
To exercise any of these rights please contact us at firstname.lastname@example.org giving details of your request. Please note that the above rights are not absolute and we may be entitled to refuse requests where exceptions apply under existing Data Protection regulations.
- Your rights if you are unhappy with the way your data is being handled
Where you have given consent to our processing data and wish to withdraw it, please contact Liz Parker. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide some or all of our services to you and/or it may affect the provision of those services.
Cambridge Academic Performance will endeavour to be transparent about its processing of your personal data. However, should you have any queries you may address them to Liz Parker via email email@example.com
You also have the right to complain to the Information Commissioner (https://ico.org.uk/concerns) if you have any concerns in respect of the handling of your personal data by Cambridge Academic Performance.
What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address or other details to help you with your experience.
When do we collect information?
We collect information from you when you fill out a form or enter information on our site.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
• To personalize user’s experience and to allow us to deliver the type of content and product offerings in which you are most interested.
• To allow us to better service you in responding to your customer service requests.
• To send periodic emails regarding your order or other products and services.
How do we protect visitor information?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
Do we use ‘cookies’?
Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.
If you disable cookies off, some features will be disabled It won’t affect the users experience that make your site experience more efficient and some of our services will not function properly.
However, you can still place orders .
Third Party Disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Third party links
We do not include or offer third party products or services on our website.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We use Google AdSense Advertising on our website.
We have implemented the following:
- Google Display Network Impression Reporting
- Demographics and Interests Reporting
We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions, and other ad service functions as they relate to our website.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising initiative opt out page or permanently using the Google Analytics Opt Out Browser add on.
California Online Privacy Protection Act
According to CalOPPA we agree to the following:
Users can visit our site anonymously
- Users are able to change their personal information: By emailing us
How does our site handle do not track signals?
We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third party behavioral tracking?
It’s also important to note that we allow third party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under 13.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
- Within 7 business days .We will notify the users via in site notification
- Within 1 business day
We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred
To be in accordance with CANSPAM we agree to the following:
- NOT use false, or misleading subjects or email addresses
- Identify the message as an advertisement in some reasonable way
- Include the physical address of our business or site headquarters
- Monitor third party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly
- Allow users to unsubscribe by using the link at the bottom of each email
If at any time you would like to unsubscribe from receiving future emails, you can
• Follow the instructions at the bottom of each email.
and we will promptly remove you from ALL correspondence.
Last Edited on 2015-03-15