Privacy Policy
Privacy Policy
Last Updated 20/11/2023
1. Introduction
Welcome to TheUKCATPeople. As part of our commitment to your privacy, we want to ensure you are fully informed about how we handle your personal data.
This privacy policy, in conjunction with our Website Terms of Use, Product Terms and Conditions and any other referenced documents, clearly lays out the methods and reasons behind our data processing activities. We collect certain information from you, and it's important to us that you understand not only what we collect but also how we use it, safeguard it, and what your rights are in this process.
As required under the Data Protection Legislation, including the General Data Protection Regulation (GDPR) 2016/679, we are the primary controller of your data.
We encourage you to read this policy thoroughly. It's designed to provide you with crucial information and to give you confidence in how we manage the personal information you entrust to us.
2. Data Controller
For the purpose of the Data Protection Legislation, including the GDPR, the data controller is TheUKCATPeople. Our Data Protection Officer is Dr. Akash Gandhi. For any questions regarding your data or this privacy policy, please contact our Data Protection Officer at info@theukcatpeople.co.uk.
3. Information We May Collect
At TheUKCATPeople, we handle a range of personal data categories to provide and improve our services, ensure a seamless user experience, and maintain the highest standards of business operations. Below are the types of personal data we may collect, use, store, and transfer:
Identity Data: This includes your first name, last name, and date of birth. We may also collect other identifiers that help us personalise your experience with us.
Contact Data: Includes your email address and telephone numbers, along with billing and, if different, your residential address. This information is vital for us to communicate with you effectively and process transactions.
Financial Data: We collect payment card details and other relevant financial information necessary for processing payments for our services.
Transaction Data: This encompasses details about the services you have purchased from us, including any correspondence or interactions related to those transactions.
Technical Data: When you use our website, we collect technical information such as your IP address, login data, browser type and version, time zone setting, location, and other technologies on your devices. This helps us ensure our website's compatibility with your devices and improve our online platforms.
Profile Data: This includes your username and password for our site, details of your interests, preferences, feedback, and responses to surveys. We use this data to tailor our services to your needs and preferences.
Usage Data: We gather information about how you use our website and services to understand customer behaviour, preferences, and patterns. This data assists us in improving our website and services.
Marketing and Communications Data: Your preferences in receiving marketing materials from us and our third parties, as well as your general communication preferences, are collected to provide you with more relevant offerings and interactions.
We collect only essential personal data for our student users, including Identity Data (names and dates of birth), Contact Data (email addresses and phone numbers), and, in some cases, Educational Data (year of study or course details).
Additionally, we may use Aggregated Data for statistical or demographic analysis, which does not reveal individual identities. It's important to note that we do not collect Special Categories of Personal Data, such as details about race, ethnicity, religious beliefs, sexual orientation, or health information.
Our services are not intended for children under 14, and we do not collect data from children without parental consent. If such data is collected inadvertently, it will be promptly removed from our servers.
4. How Is Your Data Collected?
At TheUKCATPeople, we employ a variety of methods to collect data about you, ensuring the integrity of our services and tailoring our offerings to your preferences.
The data collection occurs through:
Direct Interactions: Your engagement with us is a primary source of data collection. You provide us with Identity, Contact, and Financial Data in several ways:
Applications for Products/Services: When you apply to use our services.
Account Creation: As you create an account on our website.
Marketing Requests: If you opt-in to receive marketing communications.
Form Submissions: By filling out forms on our website for various purposes.
Competitions and Surveys: Participation in our competitions, promotions, or surveys.
Feedback and Communication: When you provide feedback, contact us, or interact with us via post, phone, email, or other channels.
Third Parties and Publicly Available Sources: We also receive personal data about you from different external sources.
Technical Data from Analytics Providers: Such as Google, which operates outside the UK, helps us understand how you use our website and services.
Advertising Networks: For example, Google Ads based outside the UK, assists in delivering relevant advertisements to you.
Contact, Financial, and Transaction Data: From payment and delivery service providers like Stripe, which operates within the UK. This helps us process transactions efficiently.
Identity and Contact Data: From data brokers or aggregators, including those based outside the UK like AHREFS and SEMRUSH, to enrich our understanding of customer needs and market trends.
This comprehensive approach to data collection enables us to maintain a high standard of service delivery, develop new offerings, and ensure customer satisfaction.
5. Cookies
Our website uses cookies to provide you with a better experience.
Cookies are small files that are placed on your computer when you visit our website. They are used to collect information about your browsing habits and to improve the functionality of our website.
We use cookies to:
Remember your preferences, such as your language and location.
Keep track of your shopping cart.
Analyse how you use our website so that we can improve it.
Target advertising that is relevant to you.
You can control the use of cookies by changing your browser settings. However, if you disable cookies, you may not be able to use all of the features of our website.
For more information on the cookies we use and the purposes for which we use them, please see our Cookies Policy.
5. Uses Made of the Information
At TheUKCATPeople, we use your personal data responsibly and in accordance with legal provisions.
Our primary uses of your data are:
Contractual Necessities: We process your data to fulfil our contractual obligations when you register as a customer, make a purchase, or engage in transactions with us.
Legitimate Interests: We use your data where it aligns with our legitimate business interests. This includes managing our relationship with you, conducting marketing activities, enhancing our services, and ensuring the security of our business and website. In doing so, we carefully consider and balance any potential impact on you and your rights.
Legal Obligations: We also process data as required by law, such as for compliance with regulatory requirements.
Specific Purposes for Data Usage:
Customer Management: This includes registering new customers and communicating about account or service-related matters.
Order Processing: Handling payments, and fees, and managing order-related queries and requirements.
Business Administration and Protection: This includes troubleshooting, data analysis, testing, system maintenance, support, and fraud prevention.
Marketing and Personalisation: Delivering targeted content and advertisements, understanding marketing effectiveness, and making suggestions tailored to your interests.
Basis for Processing:
Our processing activities are based on:
The performance of a contract with you.
Legitimate interests, ensuring they do not override your rights.
Compliance with legal obligations.
We are committed to using your personal data transparently and responsibly, always considering your privacy and rights.
6. Disclosure of Your Information
At TheUKCATPeople, we take your privacy seriously. However, there are circumstances where we may share your personal data with specific third parties, as detailed below:
External Service Providers: This includes but is not limited to partners such as Apple Pay, FreeAgent, Google Analytics, Google Pay, Mailchimp, MailerLite, Microsoft Teams, Paypal, Stripe, Trustpilot, Wix and Zoom. These service providers support our IT, system administration, payment processing, and digital marketing efforts.
Professional Advisers: Our collaboration with professional advisers including but not limited to lawyers, bankers, auditors, and insurers is crucial. They provide consultancy, banking, legal, insurance, and accounting services, and therefore may need access to your personal data for these purposes.
Regulatory Authorities: HM Revenue & Customs, regulators, and other authorities in the United Kingdom may require reports on processing activities for certain circumstances, such as tax and legal compliance.
We store most personal data within the UK. However, for operational efficiency, we use third-party companies and software solutions, like cloud storage and applications, which may store data on servers abroad, including in the USA, Canada, and the EU. These entities, which are not educational or marketing agencies but essential service providers, are selected based on their adherence to GDPR or equivalent data protection standards.
This means that while we do not directly transfer data, it may be stored internationally due to the nature of these global services. We conduct rigorous due diligence to ensure these providers meet strict data security and privacy standards, in line with UK and EEA requirements. Our major partners, such as Google Analytics and Wix, are chosen for their proven GDPR compliance and commitment to data security. We regularly monitor their adherence to these standards, ensuring the ongoing protection of your personal data.
7. Data Protection Impact Assessment (DPIA) Approach
At TheUKCATPeople, we are committed to safeguarding our students' data. In line with this, we align our data protection strategies with the ICO’s recommendations and EDPB guidelines, particularly focusing on areas most relevant to our services.
We concentrate our DPIA efforts on areas involving:
Innovative Technology: If new technologies are adopted in our educational tools, we evaluate the necessity for a DPIA to ensure data protection.
Student Data Profiling: For any activities involving the profiling of student data, a DPIA will be considered to mitigate risks.
Use of Tracking in Educational Tools: Implementation of tracking technologies in our educational platforms will prompt us to assess the need for a DPIA.
Processing Data of Children: Special attention is given to any data processing involving children, with DPIAs conducted as needed to ensure their safety and privacy.
Our DPIAs, conducted for internal assessment and risk mitigation, form part of our confidential data governance framework. While we maintain detailed records of these assessments, they are proprietary documents and are not generally disclosed externally to maintain operational security.
Recognising the vulnerability of our student users, particularly those under the age of 16, we conduct Data Protection Impact Assessments (DPIAs) for any data processing activities involving minors. These assessments help us identify and mitigate any potential risks to their privacy and security, ensuring our handling of their data is both responsible and compliant with relevant data protection standards.
Our DPIA process is integral to our data governance strategy, ensuring that we consistently meet our data protection obligations and safeguard student data.
8. Ensuring Data Security
At TheUKCATPeople, we prioritise the security of your personal data. To prevent accidental loss, unauthorised access, use, alteration, or disclosure, we have implemented robust security measures. These include:
Controlled Access: Access to your personal data is strictly limited to our employees, agents, contractors, and third-party service providers who require this information to perform their job responsibilities. Their processing of your data is carried out strictly according to our instructions, and they are bound by confidentiality obligations.
Secure Storage: Your data is securely stored on our servers. We employ advanced measures to ensure data integrity and protection.
Encryption of Sensitive Information: Sensitive details such as payment transactions and passwords are encrypted to maintain data confidentiality and security.
Password Responsibility: In instances where a password is provided or chosen by you, which allows access to certain parts of our website, the responsibility for keeping this password secure rests with you. We advise against sharing your password with anyone.
We continuously review and update our security practices to safeguard your personal information against unauthorised access and breaches. Our commitment to data security ensures that your personal information is handled safely and responsibly.
In the event of a data breach, we will promptly notify affected individuals and relevant authorities in accordance with legal requirements by email. Notification will include the nature of the breach, the categories and approximate number of individuals concerned, and the measures taken to address the breach.
9. Data Retention Approach
TheUKCATPeople adheres to a principled approach regarding the retention of your personal data. We retain your information only as long as necessary to fulfil the specific purposes for which it was initially collected. This includes meeting our obligations under various legal, regulatory, tax, accounting, and reporting frameworks. In certain scenarios, such as in the event of a complaint or if there is a possibility of legal action related to our interactions, we may hold onto your data for a longer duration.
Our retention period determination is based on several key factors:
Nature and Sensitivity of the Data: We carefully assess the type and sensitivity of the personal data we collect.
Risk of Harm: The potential risks arising from unauthorised use or disclosure of your data are critically evaluated.
Purpose of Processing: We consider the reasons for which we process your data and whether these objectives can be achieved by other means.
Legal and Regulatory Requirements: Compliance with relevant legal, regulatory, tax, accounting, and other requirements significantly influences our retention periods.
Regarding our course offerings, it's important to note that our 1-1 tutoring sessions are not recorded. However, some of our live group courses may be recorded. These recordings are used for training and safeguarding purposes and are managed under strict data protection protocols to ensure security and confidentiality. Students and parents will always be notified in such cases.
The personal data of our student users is retained for a duration that aligns with the necessity to provide our educational services effectively, manage administrative tasks, and fulfil our legal obligations. This retention period typically extends for the length of the student's active engagement with our services. Beyond this, we retain the data for an additional four months following the student's anticipated university start date. This extension allows us to adequately handle any post-service inquiries, re-application services or support needs.
For example, if a student is utilising our services for university entry in August 2025, we would retain their personal data until December 2025. After this period, unless there are specific legal requirements mandating extended retention, all personal data is securely deleted to ensure privacy and data protection compliance
We regularly review our data retention policies and practices to ensure they remain in line with legal requirements and best practices, ensuring the responsible and secure management of your personal data throughout its retention period.
10. Your Data Protection Rights at TheUKCATPeople
As a user of TheUKCATPeople's services, you have specific rights under data protection laws in relation to your personal data. Understanding and exercising these rights is crucial for maintaining control over your information. Here's a summary of your key rights:
Access to Your Data: You can request a copy of the personal data we hold about you to verify our lawful processing.
Correction of Your Data: If you find that any data we hold about you is incomplete or inaccurate, you have the right to have it corrected. We may need to verify the accuracy of the new data you provide.
Erasure of Your Data: You can ask us to delete or remove your personal data in certain circumstances, such as where there is no longer a justification for us to continue processing it, or if you have successfully objected to processing. There may be legal reasons why we cannot always comply with your request of erasure, in which case we will inform you at the time of your request.
Objecting to Data Processing: If we are processing your data based on a legitimate interest and you feel this impacts your fundamental rights and freedoms, or if you object to us using your personal data for direct marketing, you have the right to object.
Restricting Data Processing: You have the right to request that we suspend the processing of your personal data under certain conditions, such as if you question its accuracy or our use of the data.
Data Portability: You can request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format. This right applies to automated information you provided consent for us to use, or when we used the information in the performance of a contract with you.
Withdrawal of Consent: If you have given us consent to process your personal data, you have the right to withdraw it at any time. This won’t affect any processing already carried out before your withdrawal. If you withdraw your consent, there may be services we cannot provide to you.
Marketing Preferences: You have the right to ask us not to process your personal data for marketing purposes. We will inform you if we intend to use your data for such purposes or disclose your information to any third party for these purposes. You can exercise your right to prevent such processing by opting out through specific checkboxes on our forms or by contacting us directly.
We are committed to upholding these rights and will handle any requests in line with applicable data protection laws, including GDPR. Under the UK General Data Protection Regulation (UK GDPR), you have additional rights including the right to rectify, erase, or restrict the processing of your personal data and the right to data portability. You also have the right to lodge a complaint with a supervisory authority, particularly in the UK.
For any concerns or to exercise these rights, please contact us at info@theukcatpeople.co.uk
12. Links to External Websites
Our website, TheUKCATPeople, may contain links to third-party websites, plugins, and applications. When you follow these links or establish connections, please be aware that third parties may collect or share data about you.
We want to clarify that these external sites have their own privacy policies, and we do not exert any control over them. Therefore, we cannot be held responsible for their policies or practices. We strongly advise you to review the privacy statements of any website you visit through our links to understand their data handling practices.
13. Updates to Our Privacy Policy
At TheUKCATPeople, we are committed to staying current with privacy laws and best practices. Consequently, our privacy policy is subject to periodic reviews and updates. This policy is Version 2.0 and is effective as of 21st November 2023.
We will notify you of any significant changes to our privacy policy through our website or through direct communication. The current version of the policy was last updated on 20th November 2023. We recommend that you review this policy periodically to stay informed about how we protect your personal data.
Maintaining the accuracy of your personal data is crucial. If there are any changes to your personal information, or if you notice any discrepancies in the data we have about you, please contact us promptly to update your records. Keeping your personal data up-to-date helps us ensure effective communication and service delivery.
This privacy policy is governed by and construed in accordance with the laws of the United Kingdom. Any disputes arising from this policy shall be resolved under the jurisdiction of the courts of the United Kingdom.
14. Contact
You are always entitled to lodge a complaint with the Information Commissioner's Office (ICO), the authority overseeing data protection in the UK, accessible at www.ico.org.uk.
However, we value the opportunity to address your concerns directly. Therefore, we kindly request that you reach out to us initially with any issues you may have, allowing us the chance to resolve them promptly.