1. Executive Summary
The protection and security of data is governed by the EU General Data Protection Regulations (GDPR) and UK Data Protection Act, 2018 (DPA), which require that organisations have in place controls and measures to identify and assess the impact of, or potential for harm to the individual, resulting from a data breach incident. Both lay down requirements for the mandatory reporting to the relevant Data Protection Authority and notification the individual(s) dependent on the likelihood of risk and potential harm.
At Edu Holdings Ltd (EHL), we are committed to protecting and respecting your privacy.
Everything that is done with data, including storing it, using it or even deleting it is referred to as “processing”.
This policy applies to all affiliates, officers, directors, employees, agents, contractors, consultants, vendors, hereinafter personnel, working for or on behalf of EHL and to all data owned, or used by EHL.
Throughout this privacy notice, references to ‘us’, ‘our’ or ‘we’ means Edu Holdings Ltd. References to ‘you’ or ‘your’ means you as an individual, and references to “data” or “personal data” relates to those elements that identify you as an individual amongst the many.
EHL is registered in England and Wales under registration number 13458404.
Our registered office is Suite 2020 Unit 3a, 34-35 Hatton Garden, Holborn, London, England, EC1N 8DX.
Due to the nature of our business, we are not mandated by law to have a Data Protection Officer. However, any data protection enquiries may be directed to firstname.lastname@example.org
EHL is committed to ensuring your privacy and your personal data is protected whenever and wherever we process it.
When it appears on our website this Policy is also our Privacy Notice.
4.1. The data: you provide, we collect. How we use it, and why?
4.1.1. Data you provide
When you contact us either via our “contact us” form on this website, email us directly, phone us or even correspond by letter you may provide us with, or be asked to provide, basic contact information so that we can respond to your query.
Unless you tell us not to, we’ll retain that information in case we need to contact you again in relation to that enquiry, or any of our related services that we feel may be of interest to you.
As part of services we are contracted to perform for you, you may be required to provide personal data about you, your employees, service providers and / or customers.
We process this data on the basis of:
· your consent in providing that information to contact you e.g. via the website or about potentially working for us
· legitimate interest – you contacted us about a service, and we believe there is a related service you may be interested in.
· contract – where we have entered into an agreement with you e.g. regarding delivery of services or employment
4.1.2. Data we collect
Whenever you visit our website, we collect small amounts of technical data about you; your IP Address, the pages you visited, when and how long you spent on each page.
This information helps us recognise you as a returning visitor and see which pages generate the most interest; either single or multiple visits. Using this data, we can refine our pages to provide a better user experience.
In delivering services to you as part of a contract, we take care to collect the minimum personal data as is necessary for the performance of the contract, and this may vary based on the services being provided.
For current and potential employees, contractors, associates and service providers, we may collect data e.g. references, which we will only do with your consent.
4.1.3. Data we receive
We don’t buy personal data from any data providers, any data not provided by you or collected by us, will have been provided by someone who knows you and believes that we have a service that could benefit you.
We take this information on trust that the person providing it has your consent to give it to us. If we use this information to contact you, and that contact turns out to be unwanted you can ask us to remove your details and not to contact you again; and we will comply with your requests.
4.1.4. Data we share with third parties
We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them. We may engage with several or all of the categories of recipients:
· Where necessary for administrative purposes and to provide professional services to our clients.
· Parties that support us as we provide our services (e.g. providers of telecommunication systems, IT system support, archiving services, document production services and cloud-based software services).
· Payment service provider.
· Law enforcement or other government and regulatory agencies (e.g. HMRC) where we have a legal obligation to do so.
4.1.5. Transferring personal data outside the EEA
We store data on servers / cloud platforms located in the European Economic Area (EEA). We may store personal data outside the EEA when we have business reasons to engage these organisations, but these organisations are required to safeguard personal data in accordance with our contractual obligations and data protection legislation.
Where we are not the Data Controller for that data, we will obtain the Data Controller’s authority to share the data, providing details of the transfer mechanism we will be using to share the data, and the assertions on appropriate data protection we obtain from the third-party.
4.1.6. Using cookies
You have the Right to withdraw consent to the use of non-essential cookies at any time and can update your cookie preferences through your browser settings. If you need information on how to do this please visit: https://www.allaboutcookies.org this site will also provide more details about the various types of cookies that may be used, on all sites not just ours, and how to manage them.
We use traffic log cookies to identify which pages are being used, to help us analyse data about web page traffic and improve our website in order to tailor it to customer needs. Overall cookies help us provide you with a better website.
4.1.7. Your Data Protection rights
Under the General Data Protection Regulation (GDPR) every individual within the EU region has rights in respect of their Personal Data. These rights are highlighted below, and more information on each can be found on the Information Commissioner’s Office (ICO):
· Access – You can ask us to verify whether we are processing personal data about you, and if so, to provide more specific information.
· Correction – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you.
· Erasure – You can ask us to erase (delete) your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.
· Processing restrictions – you can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
· Data portability – In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company if is technically feasible.
· Automated Individual Decision-making – You can ask us to review any decisions made about you which we made solely based on automated processing, including profiling, that produced legal effects concerning you or similarly significantly affected you.
· Right to Object to Direct Marketing including Profiling – You can object to our use of your personal data for direct marketing purposes, including profiling. We may need to keep some minimal information to comply with your request to cease marketing to you.
· Right to Withdraw Consent – You can withdraw your consent that you have previously given for one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
In seeking to exercise any of your Rights under the GDPR, you can contact us at email@example.com or our registered address: Office 111, 349 Muswell Hill Broadway, London, England, N10 1DJ.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
We are committed to ensuring that your information is secure. We have put in place appropriate technical and organisational security policies and procedures to protect personal data we collect from: loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.
If you have access to parts of our website or use our services, you remain responsible for keeping your user ID and password confidential. Please be aware that the transmission of data via the internet is not completely secure. Whilst we do all we can to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site; any transmission is at your own risk.
4.1.9. Links to other websites
5. Policy Effective Date
This is a non-technical policy that will not require any development or system changes to implement, it will therefore come into immediate effect from the time of publication. This document was updated and approved on 15/11/2023.