GCSE Classes GCSE Literature
All Courses
English Maths Science
Downloadables
Flashcards & Mindmaps Model Answers
Marking Login

DATA PROTECTION POLICY

 

INTRODUCTION

1.1 Purpose
This Data Protection Policy outlines First Rate Tutors' commitment to protecting the personal data of our students, parents, tutors, staff, and other stakeholders. It ensures compliance with the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, safeguarding individual privacy rights and maintaining data security.

1.2 Scope
This policy applies to all personal data processed by First Rate Tutors, including data related to current, past, and prospective students, employees, contractors, suppliers, and any other individuals. It encompasses all processing activities, whether conducted electronically or in paper-based formats.

 

DEFINITIONS

2.1 Personal Data: Any information relating to an identified or identifiable natural person ('data subject'), such as names, identification numbers, location data, or online identifiers.

2.2 Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, restriction, erasure, or destruction.

2.3  Data Subject: An individual whose personal data is processed by First Rate Tutors.

2.4 Data Controller: First Rate Tutors, which determines the purposes and means of processing personal data.

2.5 Data Processor: Any third party that processes personal data on behalf of First Rate Tutors.

2.6 Special Category Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, or data concerning an individual's sex life or sexual orientation.

 

DATA PROTECTION PRINCIPLES

First Rate Tutors adheres to the following principles when processing personal data:

3.1 Lawfulness, Fairness, and Transparency
Personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject.

3.2 Purpose Limitation
Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

3.3 Data Minimisation
Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

3.4 Accuracy
Personal data shall be accurate and, where necessary, kept up to date. Inaccurate data shall be erased or rectified without delay.

3.5 Storage Limitation
Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.

3.6 Integrity and Confidentiality
Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

3.7 Accountability
First Rate Tutors shall be responsible for, and able to demonstrate compliance with, these principles.

 

LAWFUL BASES FOR PROCESSING

First Rate Tutors processes personal data based on one or more of the following lawful bases:

4.1 Consent
The data subject has given clear consent for processing their personal data for specific purposes.

4.2 Contractual Necessity
Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.

4.3 Legal Obligation
Processing is necessary for compliance with a legal obligation to which First Rate Tutors is subject.

4.4 Vital Interests
Processing is necessary to protect the vital interests of the data subject or another individual.

4.5 Public Task
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in First Rate Tutors.

4.6 Legitimate Interests
Processing is necessary for the purposes of legitimate interests pursued by First Rate Tutors or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

 

RIGHTS OF DATA SUBJECTS

Data subjects have the following rights regarding their personal data:

5.1 Right to Be Informed
Data subjects have the right to be informed about the collection and use of their personal data, including the purposes for processing, retention periods, and who it will be shared with.

5.2 Right of Access
Data subjects have the right to access their personal data and supplementary information, allowing them to be aware of and verify the lawfulness of the processing.

5.3 Right to Rectification
Data subjects have the right to have inaccurate personal data rectified or completed if it is incomplete.

5.4 Right to Erasure
Data subjects have the right to have personal data erased, also known as the 'right to be forgotten,' under certain circumstances.

5.5 Right to Restrict Processing
Data subjects have the right to request the restriction or suppression of their personal data under certain circumstances.

5.6 Right to Data Portability
Data subjects have the right to obtain and reuse their personal data for their own purposes across different services.

5.7 Right to Object
Data subjects have the right to object to the processing of their personal data in certain circumstances, including direct marketing.

5.8 Rights in Relation to Automated Decision-Making and Profiling
Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

 

DATA SECURITY MEASURES

First Rate Tutors implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

6.1 Access Control
Restricting access to personal data to authorized personnel only.

6.2 Data Encryption
Encrypting personal data to protect it from unauthorized access during storage and transmission.

6.3 Regular Audits
Conducting regular audits and assessments of data processing activities and security measures.

6.4 Incident Response Plan
Establishing and maintaining an incident response plan to address data breaches promptly and effectively.

 

DATA BREACH MANAGEMENT

7.1 Reporting a Breach
All data breaches must be reported immediately to the Data Protection Officer (DPO).

7.2 Investigation and Containment
The DPO will investigate the breach, assess its impact, and implement measures to contain and mitigate any potential damage.

7.3 Notification
If a breach is likely to result in a high risk to the rights and freedoms of individuals, First Rate Tutors will notify the affected data subjects and the Information Commissioner's Office (ICO) without undue delay.

 

DATA RETENTION AND DISPOSAL

8.1 Retention Periods
Personal data shall be retained only for as long as necessary to fulfill the purposes for which it was collected, in accordance with our data retention schedule.

8.2 Secure Disposal
Personal data that is no longer required shall be disposed of securely, using methods such as shredding, pulping, or permanent deletion from electronic devices.

 

POLICY REVIEW AND UPDATES

9.1 Review Cycle
This policy shall be reviewed regularly, at least annually, or when there are significant changes in applicable data protection laws or processing activities.

9.2 Updates and Amendments
Any updates to this policy will be communicated to all relevant stakeholders, including employees, tutors, students, and parents, to ensure continued compliance and awareness.

 

CONTACT INFORMATION

For any queries, concerns, or requests regarding data protection, individuals may contact the 

First Rate Tutors
Barbara Njau
Email: [email protected]

 

POLICY ACCEPTANCE

By using the services of First Rate Tutors, individuals acknowledge and agree to the terms outlined in this Data Protection Policy.