Under data protection law, individuals have a right to be informed about how the PRC uses any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.
This privacy notice explains how we collect, store and use personal data about students.
The Priory Learning Trust is the ‘data controller’ for the purposes of data protection lay.
Our data protection officer is i-West (see ‘Contact us’ below)
The categories of information that we collect, hold and share include:
- Personal information provided by you on completion of our enquiry form (such as name, email address, date of birth and contact telephone number)
- Debit Card details for membership payment (debit card number and expiry date)
- We may also ask you for information when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- We may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site including, but not limited to, web server statistics, traffic data, location data and details of the web pages and resources that you access.
Whilst you are a paid member, all information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data that you transmit to our site; any transmission is therefore at your own risk. Once we have received your information, we will use strict internal procedures and security features to try to prevent unauthorised access. We also keep your information confidential. Our internal procedures cover the storage, access and disclosure of your information.
How we use your information
We use information held about you in the following ways:
- To administer your membership
- To improve the services we offer to you
- To process payments for membership
- To comply with our legal obligations (for example health and safety issues)
We may also use your data to provide you with information about goods and services which may be of interest to you and we may contact you about these by email, SMS, post or telephone. If you do not want us to use your data in this way, please contact our Data Protection Officer (see below).
Collecting membership payments
We use E-Z and Netbanks to process payments for monthly membership fees. Members’ names, debit card numbers and expiry date of debit card are shared with these companies to enable membership monies to be collected, and you agree to this when you first sign up for membership to PRC. We do not share membership information with any third party except to the extent necessary to answer your enquiry if that enquiry requires the involvement of a third party. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.
When we might disclose your data to third parties
- We may disclose your personal information to third parties in a very limited number of circumstances:
- where we engage the business services of a third party to provide services directly to PRC. For example, we may use a mailing house to email promotional materials such as our email newsletter. We will ensure that any Data Sharing Agreement drawn up with such a company will ensure that any third parties are strictly prohibited from using your personal data for any other purposes.
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- if PRC or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- to protect the rights, property, or safety of PRC, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Our use of IP addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to analyse aggregate information. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service.
They enable us:
- to estimate our audience size and usage pattern.
- to store information about your preferences, and so allow us to customise our site according to user needs.
- to speed up your searches.
- to recognise you when you return to our site.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us. Our site may, from time to time, contain links to and from the websites of our clients and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
You have the right to withdraw this consent at any point and can do so by contacting the PRC directly on email@example.com or by contacting our Data Protection Officer (see contact details below).
Requesting access to your personal data
Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information contact our Data Protection Officer, i-West. E-mail i-West@bathnes.gov.uk.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact our Data Protection Officer, i-West. E-mail i-West@bathnes.gov.uk.