* We only collect necessary information and ensure it is used lawfully, fairly, and transparently in accordance
with General Data Protection Regulation (GDPR*)
* Data Collection/The right to be informed: We collect and process personal data of our students and staff for the purposes of providing educational services.
* CS Tuition will be required to collect certain details from anyone wishing to register their child for a permanent or temporary class. For example: We will require name, date of birth, any medical information, and photographic/video permission, along with the parent’s name, email address, phone number, contact details in the case of an emergency and medical requirements.
* As an employer CS Tuition is required to hold data on its teaching staff, this includes names, addresses, telephone numbers, photographic ID (such as passports and driving licences) & bank details. The information is also required for Disclosure and Barring service checks (DBS) and proof of eligibility to work in the UK.
* Data Security/Right of Access: We implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, disclosure, alteration, and destruction. This includes encryption, password protection, and restricted access controls.
* At any point, an individual can make a request relating to their data and CS Tuition will need to provide a response with one month. CS Tuition can refuse a request, if they have a lawful obligation to retain data, but we will inform the individual of the reasons for the rejection.
* Data Retention/Right to Rectification: We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, considering legal and operational requirements.
* At any point, an individual can make a request relating to their data and CS Tuition will need to provide a response with one month. CS Tuition can refuse a request, if they have a lawful obligation to retain data, but we will inform the individual of the reasons for the rejection.
* Data Sharing/Right to Object: Personal data is strictly confidential and will not be shared with third parties unless required by law or with explicit consent from the individual.
* Individuals can object to the processing of their personal data in certain situations, such as direct marketing.
* Data Subject Rights/Right to erasure: Under certain circumstances, individuals have the right to access, rectify, or erase their personal data held by our tuition business. Requests for data access should be made in writing to the Data Protection Officer.
* Data Portability/Right to Data Portability. Individuals can request to receive their personal data in a structured, commonly used format for transfer to another organisation.
* We reserve the right to transfer personal data as part of the assets in the event of a sale of the business. We will ensure that any transfer is conducted in accordance with applicable data protection laws and regulations to maintain the confidentiality and protection of personal information.
* Data Breach Response: In the event of a data breach or security incident, we will promptly investigate, mitigate risks, notify affected individuals and authorities as required by law.
* Compliance: We comply with relevant data protection laws and regulations, including the General Data Protection Regulation (GDPR)*, to ensure the confidentiality and protection of personal information.
* This Data Protection Policy is reviewed regularly and updated as needed to ensure ongoing compliance and effectiveness in protecting personal data within our tuition business.
Revised 1 st September 2024