General Policy Statement
WisbechTutor.co.uk is committed to respecting the privacy of individuals and ensuring the personal information that has been entrusted to us is processed in accordance with the Data Protection Act (DPA) 1998 and General Data Protection Legislation (GDPR) 2018.
Definitions used in this policy
Data Subject: the individual whose data we hold or use (eg. A full church member, someone who has attended a course or event, someone who has filled in a card asking to be kept informed about the church and its events). A person becomes responsible for their own data at 13 years of age.
Data Controller: WisbechTutor.co.uk, who is Matthew McChlery (us).
Data Processor: this is any third party which process data on behalf of the Data Controller. (eg. LCN.com who hosts our email account).
How we collect personal information
We collect personal information directly from people when they
- fill in a contract or registration form
- sign up to receive emails
We collect personal information electronically when a person
- emails us via the website
- uses Facebook or Facebook Messenger to contact us
- Makes a payment electronically (with a card or Apple Pay etc.) via our Paypal account
The personal information we collect
- Personal identifiers such as a person’ s title, name and year of birth (to verify they are 18 years or over and also to take greater care when engaging with children and vulnerable adults).
- Contact details including postal address, postcode, email and telephone number.
- Financial information such as bank details (if making a donation or purchasing a ticket).
- Subscription to our website in order to be notified of a new blog post.
- Media – If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Special category data
Children under 13
Explicit permission will be sought from parents or legal guardians of children under 13 years of age for their personal details to be held and processed.
When a person is over 13 years old they themselves will be asked to give their own permission, as well as allowing us to keep holding the older data.
We will never contact children (under 18’s) directly. If we do need to make contact we will do so through their parent or guardian.
Why We Collect Personal Data
We collect personal information:
- To be able to communicate effectively with people who have engaged our services
- For the smooth running and administration of our business
- To keep parents (or adult clients) informed with their child’s (or their own) educational progress
- To process financial payments
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
All other data is retained for as long as our contract is in force. Upon termination of that contract we will hold personal data for a period of 6 months, after which it will be securely destroyed.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We have a dedicated email account for the running of WisbechTutor.co.uk and its associated business which is: email@example.com
Data Subject’s rights and choices
GDPR gives Data Subjects the right to:
- Be informed as to how their data is going to be stored, used and secured through our Privacy Notice available at every tutoring session.
- Request in writing and securely obtain copies of the personal information WisbechTutor.co.uk holds about them which we will give to the Data Subject concerned within one month.
- Correct or update their personal information held by us at any time. This can be done by a Data Subject contacting us and their data will be updated as soon as possible (within one month).
- Object to the use of their personal information for certain things (eg. Emailing you about a forthcoming course or event). Preferences will be updated once we receive a written request to do so and these will take effect as soon as possible (within one month).
- Request us to stop using their personal information at any time. Upon receipt of a written request we will delete all data held on a particular Data Subject as soon as possible (within one month) and all communication will stop at this time.
- Lodge a complaint with the Information Commissioner’s Office about how we manage your data.
Who we share your information with
We are absolutely committed to protecting your privacy. Our policy can be summarized in one sentence: we will not share your information with others without your consent.
Our data processors:
LCN.com Limited– we use this company to host our church email system so email addresses will be stored here as well as received and sent email. This is a lot safer and more secure than using domestic email and is encrypted with TLS encryption.
PayPal – We use PayPal to process payments made through the use of our card reader and when a payment is made directly through PayPal in response to an invoice generated through PayPal.
A data breach occurs whenever the security of personal data is compromised. This could be as simple as sending an email to the wrong person, leaving a folder containing paper financial records on the bus, or wiping a computer drive which contained important records.
If a Data Breach is serious in that there is a high risk of an adverse effect against the Data Subject’s rights and freedoms they will be notified of the breach within 72 hours.
If we experience a significant Data Breach we will notify the ICO within 72 hours and a record of the breach will be kept.
We will do everything possible to keep personal data safe and secure. Please refer to our Information Security Policy.
Our data protection lead
Please contact our Data Protection Lead with regard to any data protection matter.
Our Data Protection Lead is: Matthew McChlery
Address: 34 Windsor Drive, Wisbech, Cambridgeshire, PE13 3HJ
Phone: 07793 065 442
Contact us via email at firstname.lastname@example.org