SENsational Tutors Ltd (we/us/our/the Company) are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, stored and disclosed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.sensationaltutors.co.uk, www.sensationaltutors.com or www.sensationaltutors.org (the Site), requesting our services or confirming you would like to book a session with us, you are deemed to have accepted and consented to the practices described in this policy. If you do not agree to this Privacy and Cookie Notice, you agree to not use our Site or engage our services.
The Site is owned and operated by SENsational Tutors Ltd (10749192) of 8 Main Street, Bilton, Rugby, Warwickshire CV22 7NB.
The Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates or to websites shared by other users. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
SENsational Tutors Ltd processes personal data as a Data Controller, as defined in the Directive and the General Data Protection Regulation (GDPR). SENsational Tutors Ltd has a Data Protection Officer (“DPO”) who is responsible for matters relating to privacy and data protection. This Data Protection Officer is Joanna Gibbs and they can be reached at the following address: 19 Kalfs Drive, Cawston, Rugby, CV22 7FD.
INFORMATION WE COLLECT FROM YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We collect and process the following data about you: Name, Personal Identification Numbers, Email Address, Login Details, Telephone Numbers, Bank / Credit Card Information, Spatial Data (Location Data), Family and Spousal Data, Education History, Personal Characteristics (photographs, fingerprints, handwriting), Medical History, Date of Birth, Business Information, Gender, Employment Information, Age, and other information regarding specific needs/ requirements of clients, tutors and client’s children.
Information you give us
You may give us information about you by filling in forms on the Site or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use the Site, request a quote, subscribe to our marketing database, subscribe to our services, search for a service, place a booking request on our site, book a tuition session, book a behavioural support session, book any other academic and/ or behavioural support for your child or family, book an assessment, register for your child to attend the camp, and when you report a problem with the Site.
The information you give us may include: adults and child names, address, email address or login details, phone number, age, date of birth, place of birth, financial and credit card information, personal description and characteristics (including photographs, videos, testimonials and reviews), educational history, tutor’s skills and experience, tutor’s CV, medical history, references, enhanced Disclosure and Barring Service information, proof of identity and other information needed for business purposes.
We rely upon your express consent to use and process the data described above.
Information we may collect about you
With regard to each of your visits to the Site we automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, location, network data, browser plug-in types and versions, languages, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Site (including date and time); pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Information we receive from other sources
We receive information about you if you use any of the other websites we operate or the other services we provide. We also work closely with and receive information about you from and send information about you to the Tutors.
We collect and process this information in order to provide our service to you. We will only keep this information for as long as is necessary for the performance of the original legitimate purpose for collecting the information or for as long as we have your permission to keep it.
What are cookies?
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required to save your session and to carry out other activities that are strictly necessary for the operation of the Site. They include, by way of general example, cookies that enable you to log into secure areas of the Site, use a shopping cart or make use of e-billing services. These cookies are session cookies, which are temporary and will expire when you close your browser.
- Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around the Site when they are using it. This helps us to improve the way the Site works by, for example, ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to the Site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your region).
- Targeting cookies. These cookies record your visit to the Site, the pages you have visited and the links you have followed. We will use this information to make the Site and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
- We use third party cookies on the Site for Facebook and Instagram marketing. The following first and third party cookies may be placed on your computer or device: Facebook and Instagram cookies.
Before any cookies are placed on your device, you will be shown a pop-up message requesting your consent to setting those cookies. By default, most internet browsers accept cookies, but this can be changed. You can choose to enable or disable some or all cookies via the settings on your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Site.
For further details, please consult the help menu in your internet browser.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
Information you give to us
We use this information:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us;
- to respond to communications from you and to provide you with information about other services we offer that are similar to those that you have already enquired about;
- to notify you about changes to our service;
- to ensure that content from the Site is presented in the most effective manner for you and for your device.
With your express opt-in consent and/or where permitted by law, we also use this information to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you.
We will not send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under applicable Data Protection Laws (meaning (i) unless and until it is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) (GDPR) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and (ii) any successor legislation to the GDPR or the Data Protection Act 1998).
If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about services similar to those which were the subject of a previous enquiry by you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have expressly consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please notify us in writing or by email at firstname.lastname@example.org.
You can ask us or third parties to stop sending you marketing messages at any time by contacting us at any time.
Information we collect about you
We will use this information:
- to administer the Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve the Site to ensure that content is presented in the most effective manner for you and for your device;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep the Site safe and secure, e.g. by conducting analysis required to detect malicious data and understand how this may affect your IT system;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of the Site about goods or services that may interest you or them.
Information we receive from other sources.
We may combine this information with information you give to us and information we collect about you.
We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
We will ensure that your personal data is processed lawfully, fairly, and transparently and that it will only be processed if at least one of the following basis applies:
- you have given your clear consent to the processing of your personal data for a specific purpose;
- processing is necessary for the performance of a contract to which you are a party (or are about to be a party);
- processing is necessary for our compliance with the law;
- processing is necessary to protect somebody’s life;
- processing is necessary for us to perform a task in the public interest or in the exercise of official authority and the task/function has a clear basis in law; and/or
- processing is necessary for our legitimate interests or the legitimate interests of a third party (except where there is a good reason to protect your personal data which overrides those legitimate interests) such as:
■ allowing us to effectively and efficiently manage and administer the operation
of our business;
■ maintaining compliance with internal policies and procedures;
■ monitoring the use of our copyrighted materials;
■ offering optimal, up-to-date security solutions for mobile devices and IT
■ obtaining further knowledge of current threats to network security in order to
update our security solutions and provide these to the market.
Kindly note that where you give any consent this will be entirely voluntary. However, if you do not grant the requested consent to the processing of your personal data, the use of the Site may not be possible.
We will always give you the ability to opt-out of receiving emails from us by unsubscribing using the links provided in those communications, or at the point of providing your details.
DISCLOSURE OF YOUR INFORMATION
We may share your personal information with any member of our group, which means any subsidiaries or any ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties (tutors, Paypal PSP Services, Recruitment Manager, Marketing Manager, Camp Director, Westminster City Council, Camp Staff, Camp volunteers) where they require access to your data to supply products and services to you on our behalf, including:
- Business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you. Your personal data will only be transferred to a business partner who is contractually obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality obligations;
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others;
- Analytics and search engine providers that assist us in the improvement and optimisation of the Site; and
- Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may disclose your personal information to third parties (without contacting you in advance or seeking your consent):
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- If the Company or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets where it is relevant to the part of the business being transferred and the purchaser shall be permitted to use the data for the purposes for which it was originally collected by us; and
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored and backed up in the cloud. We have put in place appropriate physical, electronic, and management procedures to safeguard and secure the data we collect. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your enquiries, the processing of your payment details and/or the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
We will take all steps reasonably necessary to ensure that your data is treated as securely as it would be within the EEA and under the GDPR. Such steps may include our entering into contracts with any third parties we engage and the use of Commission-approved Model Contractual Clauses. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We will notify you and any applicable regulator of a breach where we are legally required to do so.
You can obtain more details of the protection given to your personal data when it is transferred outside Europe (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us as described in the “Contact” paragraph below.
We have extensive controls in place to maintain the security of our information and information systems. Customer files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems.
Physical access to areas where personal data is gathered, processed or stored is limited to authorised employees.
Unfortunately, the transmission of information via the internet is not completely secure.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
HOW LONG WE STORE YOUR PERSONAL DATA
We will only keep this information for as long as is necessary for the performance of the original legitimate purpose for collecting the information and/or for as long as we have your permission to keep it and/or for any periods of time which are prescribed by law or regulation. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You have the right to ask us not to process your personal data for marketing purposes. We will get your express opt-in consent before we share your personal data with any third parties for marketing purposes.
You can exercise your right to prevent such processing by contacting us at the Company Address or at our email address email@example.com or by unsubscribing using the links contained in the marketing emails. See also the “Opting out” paragraph above.
You have the right to access information held about you and to ask for a copy of such information.
Please contact us for more details at the Company Address or at our email address at firstname.lastname@example.org.
Under the GDPR, you have the right to:
- Withdraw your consent to the processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason for doing so. E.g. we may need to retain personal data to comply with a legal obligation.
- Request access to, or deletion or correction of, the information that we hold about you.
- Be informed of what data we hold and the purpose for processing the data, as a whole or in parts.
- Be forgotten and, in some circumstances, have your data erased by ourselves and our affiliates (although this is not an absolute right and there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it).
- Correct or supplement any information we hold about you that is incorrect or incomplete.
- Restrict processing of the information we hold about you (for example, so that inaccuracies may be corrected). Again, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request.
- Object to the processing of your data.
- Obtain your data in a portable manner and reuse the information we hold about you.
- Challenge any data we use for the purposes of automated decision-making and profiling (in certain circumstances). As above, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request.
- Complain to a supervisory authority (e.g. the Information Commissioner’s Office (“ICO”) in the UK) if you think any of your rights have been infringed by us. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.