The Eleven Plus Tutors Ltd GPDR Policy
GDPR Policy for The Eleven Plus Tutors Ltd Website
1. Introduction
The Eleven Plus Tutors Ltd is committed to protecting the privacy and personal data of individuals who visit and interact with our website. This GDPR (General Data Protection Regulation) Policy outlines our approach to data protection and our compliance with GDPR and other applicable data protection laws. By using our website, you consent to the practices described in this policy.
2. Data Collection and Processing
2.1. Lawful Basis:
a. We will only collect and process personal data when there is a lawful basis to do so, such as the necessity to perform a contract, compliance with legal obligations, or the legitimate interests pursued by The Eleven Plus Tutors Ltd.
b. Personal data will be collected and processed in a fair, transparent, and lawful manner.
2.2. Purpose and Data Minimization:
a. Personal data will be collected for specific and legitimate purposes and will not be further processed in a manner that is incompatible with those purposes.
b. We will ensure that the personal data collected is adequate, relevant, and limited to what is necessary for the intended purposes.
2.3. Consent:
a. Prior to collecting personal data, clear and informed consent will be obtained from individuals.
b. Consent will be obtained through affirmative actions and individuals will have the right to withdraw consent at any time.
2.4. Children’s Data:
a. If our website collects personal data from children under the age of 16, appropriate parental consent will be obtained.
b. We will implement measures to verify the age of individuals and obtain parental consent where necessary.
3. Data Security and Retention
3.1. Security Measures:
a. We will implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction.
b. Data security measures will include encryption, access controls, regular security assessments, and staff training.
3.2. Data Retention:
a. Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law.
b. A data retention policy will be established to determine the appropriate retention periods for different types of data.
3.3. Data Transfer:
a. Personal data will not be transferred to countries outside the European Economic Area (EEA) unless appropriate safeguards, such as Standard Contractual Clauses, have been implemented to ensure an adequate level of data protection.
4. Individual Rights
4.1. Right to Access:
Individuals have the right to request access to their personal data held by The Eleven Plus Tutors Ltd and receive information on how it is processed.
4.2. Right to Rectification:
Individuals have the right to request the correction or updating of their personal data if it is inaccurate or incomplete.
4.3. Right to Erasure:
Individuals have the right to request the deletion of their personal data when it is no longer necessary or when consent is withdrawn.
4.4. Right to Restriction of Processing:
Individuals have the right to request the restriction of processing of their personal data under certain circumstances, such as disputing its accuracy.
4.5. Right to Data Portability:
Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
5. Third-Party Processors
5.1. Data Processing Agreements:
a. When engaging third-party processors to handle personal data on our behalf, appropriate data processing agreements will be established.
b. These agreements will ensure that the processors comply with GDPR requirements and provide sufficient guarantees regarding the security and confidentiality of the data.
5.2. Due Diligence:
a. We will conduct due diligence and assessments of the data protection practices of third-party processors to ensure they meet GDPR standards.
b. Only reputable and trustworthy processors that can provide adequate data protection measures will be selected.
6. Data Breach Response
6.1. Incident Response Plan:
a. We have implemented an incident response plan to detect, respond to, and recover from any data breaches or security incidents.
b. The plan includes procedures for assessing and mitigating the impact of a data breach and notifying the relevant supervisory authority and affected individuals, where required.
6.2. Data Breach Notification:
a. In the event of a data breach that is likely to result in a risk to individuals’ rights and freedoms, we will notify the affected individuals and the relevant supervisory authority within the required timeframe, as mandated by GDPR regulations.
7. Cookie Policy and Consent
7.1. Cookie Usage:
a. Our website may use cookies or similar technologies to enhance user experience, analyze website usage, and personalize content.
b. We will provide a clear and concise cookie policy explaining the types of cookies used, their purpose, and how users can manage their preferences.
7.2. Cookie Consent:
a. For non-essential cookies, we will obtain user consent through a cookie banner or pop-up, allowing users to provide or withdraw their consent easily.
b. Users will have the option to manage their cookie preferences through browser settings or other provided mechanisms.
8. Privacy Policy
8.1. Transparent Information:
a. We have a comprehensive privacy policy that explains how personal data is collected, processed, and protected.
b. The policy includes information about individuals’ rights, the purpose of data processing, and contact details for data protection inquiries.
8.2. Review and Updates:
a. We will regularly review and update our privacy policy to ensure compliance with GDPR and any other applicable data protection laws.
b. Users will be informed of any material changes to the privacy policy through appropriate channels.
9. Compliance and Training
9.1. GDPR Compliance:
a. We are committed to maintaining ongoing compliance with GDPR regulations and other relevant data protection laws.
b. We will conduct regular assessments and reviews to identify and address any areas of non-compliance.
9.2. Staff Training:
a. Our staff members who handle personal data will receive training on GDPR principles, data protection practices, and their responsibilities.
b. Training sessions will be conducted periodically and whenever there are significant updates to data protection policies or procedures.
10. Contact Information
If you have any questions or concerns regarding our GDPR Policy or data protection practices, please contact us at:
The Eleven Plus Tutors Ltd
Address: Church Gate Lodge, The Village, Great Waltham, CM3 1DE
Phone: 01206 214109
By using The Eleven Plus Tutors Ltd website, you acknowledge that you have read, understood, and agree to comply with our GDPR Policy. If you do not agree with any part of this policy, please refrain from using our website.
