GDPR Policy (data protection)
Policy brief and purpose
Our data protection policy refers to our commitment to treat information about employees and customers with the utmost care and confidentiality.
This policy helps us to ensure that we gather, store and handle data fairly, transparently and with respect towards individual rights.
The policy refers to all parties who provide personal information to us.
What data do we keep?
We store the following essential information:
Enrolment forms: these contain the information given to us by parents when their children enrol for tuition. This usually includes names, addresses, phone numbers, email addresses and medical conditions that we may need to be aware of.
This information is stored in a locked cabinet, and also electronically.
Rules that we follow
Our data will be:
- Accurate and up-to-date
- Collected fairly and openly, and for lawful purposes only
- Used by Southampton Tuition Centre within legal, moral and necessary boundaries
- Protected against any unauthorised or illegal access by internal or external parties
Our data will not be:
- Communicated informally
- Stored once the student is beyond school age
- Transferred to any other organisations
- Distributed to any other party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities)
In addition to ways of handling data Southampton Tuition Centre has direct obligations towards the people to whom the data belongs. Specifically, we must:
- Let people know which of their data is collected
- Inform people about how we’ll process their data
- Inform people about who has access to their information
- Have provisions in cases of lost, corrupted or compromised data
- Allow people to request that we modify, erase, reduce or correct data contained in our databases
Actions
To exercise data protection, we’re committed to:
- Restrict and monitor access to sensitive data
- Develop transparent data collection procedures
- Train employees in online privacy and security measures
- Use secure networks to protect online data from cyberattacks
- Establish clear procedures for reporting privacy breaches or data misuse
- Include contract clauses or communicate statements on how we handle data
- Establish data protection practices (document shredding, secure locks, frequent backups, access authorization etc)
Our data protection provisions will appear on our website
Disciplinary Consequences
All principles described in this policy must be strictly followed. A breach of data protection guidelines will invoke disciplinary and possibly legal action