This document underpins the policies, promises and contracts we make with you. We are committed to protecting and respecting your privacy.
This Privacy Notice sets out the basis on which any personal information we collect from you, or that you provide to The Centre for Education and Youth, will be processed by us. We may change this Privacy Notice from time to time. You should check this notice occasionally to ensure you are aware of the most recent version.
Who are The Centre for Education and Youth?
We are The Centre for Education and Youth CIC (trading as “The Centre for Education and Youth”) a community interest company registered in England and Wales (Company No. 07003696) with its registered office at 12 Grange Gardens, Cambridge, CB3 9AT (hereinafter referred to as “We”, “Us” or “Our”).
We are a “data controller” for the purposes of the Data Protection Act 2018 and the General Data Protection Regulation ((EU) 2016/679) whilst operating our website (with address, cfey.org “Website”) and otherwise pursuing our community interest and other business objects.
What is this policy and who does it apply to?
Privacy and security are at the heart of everything we do at The Centre for Education and Youth. This statement explains the key measures we’ve put in place to ensure that all personal data collected by us is kept secure and processed appropriately at all times.
The purpose of this Privacy Notice is to let you know what kinds of information we may gather about you when you interact with us, how we may use that information, why your information will be used, namely for purposes of the performance of our contract with you as a user of our Website and/or any of our services, whether we disclose it to anyone, and the choices you have regarding our use of the information.
This Privacy Notice provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR).
It is important that you read this notice, together with any other Privacy Notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information
Privacy and Data Protection Statement
Our Data Protection Principles
- Adhere strictly to the terms of the Data Protection Act 2018, the General Data Protection Regulation, and any future amendments or applicable legislation
- Use your personal data lawfully, fairly and in a transparent way
- Collect data only for purposes that we have clearly explained to you and limited only to those purposes
- Only store and process the minimum data required to provide our services, and to inform you in advance of using any of our services what data that service requires.
- Ensure that all data is held securely by taking steps so that data is not corrupted or lost
- Only retain data for as long as required, and delete all data that we do not need to keep if you ask us to do so, or if your account becomes inactive for a certain period of time
- Ensure data is accurate and kept up to date
- Deal properly with all Data Subject Requests made relating to the data we store
- Always maintain adequate liability insurance
- Maintain measures equivalent to Cyber Essentials Security Compliance.
- Review this Privacy Notice against our services and data protection practices every 12 months and provide evidence of compliance to the you whenever requested
- Report any breaches of security to the Information Commissioner’s Office (ICO) and other authorities if required by law, and to data subjects
- Only share your data with third parties who are bound by contractual provisions and process your data in accordance with the GDPR and Data Protection Act 2018. Make this Privacy Notice clearly and publicly available on our website
We will not:
- Share your data with any third parties except where we have a legal basis for doing so, or where required by law
- Use your data for the purposes of advertising or marketing, or for any purpose other than the service explicitly provided to you, unless we have your explicit consent
Information we may collect from you
We collect and process the following personal information:
- information that you provide by registering to use certain parts of the Website or otherwise engaging with us. This includes information such as name, email address, address, job role;
- records of your correspondence with us if you contact us;
- any information you provided when participating in our research;
- staff details as part of their employment;
- information such as billing details that we need in order to fulfil our contract if you are a client; and/or
- details of your visits to the Site including, but not limited to, cookies, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access;
How we collect your information
We will collect your personal information through different methods including:
- Direct interactions with you by telephone, e-mail, phone or otherwise;
- Through the service we provide to you;
- Through research tools such as surveys, interviews and focus groups if you participate in our research;
- Automated technologies or interactions. As you interact with our Website, we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies; and
- Any other information you provide to us.
How we use your personal information
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform a contract we are about to enter into or have entered into with you;
- Where you have consented to participate in our research;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- Where we need to comply with a legal or regulatory obligation.
Our marketing communications
We rely on consent as a legal basis for processing your personal information in relation to sending direct marketing communications to you via email, or other methods. You have the right to withdraw consent to such marketing at any time.
Why we collect your personal information
We collect information about you for the following purposes:
- To ensure that content from the Website is presented in the most effective manner for you and for your computers;
- Where you agree, to provide you with information, products or services that you request from us or which we feel may interest you;
- To conduct research that you have explicitly consented to participate in;
- To carry out our obligations arising from any contracts, if applicable, entered into between us and you;
- To allow you to participate in interactive features of our service, when you choose to do so;
- To notify you about changes to our service or Website, which may affect you; and
- To operate and improve the Website.
We will only use your personal information for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose or where we are legally obliged to for example in the case of safeguarding concerns (see our safeguarding policy). If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
If you fail to provide personal information
If you fail to provide certain information when requested or required either by law, or under the terms of a contract we have with you we may not be able to perform the service or contract we have or are trying to enter into with you (for example, to provide you services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
Sharing your personal information
Where we are acting as a data processor we will only disclose information to third parties under the following circumstances:
- if we engage companies and individuals to perform functions on our behalf, we may need to disclose your personal information to these parties for the performance of the purposes set out in this Privacy Notice, or, for example, for sending postal mail and email, removing repetitive information from user lists, analysing data and providing marketing assistance;
- if we or all of our assets are, or a substantial part of our assets is, acquired by a third party; and/or
- if we have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings, or to protect the rights, property, or safety of us, our users or others.
- Where we are acting in our capacity as data controller we may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
Third Parties we might share your personal information with
The following are examples of third party providers with which we may share your personal data:
- Receipt bank
- Barclays bank
Any third parties will be bound by contractual provisions with us and only have access to personal data to perform the described purposes, and may not use it for other purposes. Further, they must process the personal data in accordance with this Privacy Notice and the GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the E-Privacy Regulations when they come into effect.
How we store your personal information
We have adopted appropriate technical and organisational measures necessary to ensure the security of the personal information we collect, use and maintain, and to prevent their alteration, loss, unauthorised processing or access, having regard to the state of the art technology available, the nature of the data stored and the risks to which they are exposed by virtue of human action or physical or electronic environment.
However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of any of our data.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, and we implement and maintain measures equivalent to Cyber Essentials Security Compliance, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access and these are set out in our staff data security policy.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area, provided that the destination country has been declared by the European Commission as having Adequate Levels of Protection or we have entered into an Agreement with the provider using standard contractual clauses as approved by the European Commission.
By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice and all applicable data protection law.
We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal information, we consider: the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through any other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see Right to request erasure of your personal information below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. In other cases, if you provide explicit consent for us to do so, we will archive your data for future research.
Right to request a copy of your information
You can request a copy of your information which we hold (this is known as a subject access request).
Right to correct any mistakes in your information
You can require us to correct any incomplete or inaccurate information.
Right to request erasure of your personal information
This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it.
Right to object to processing
You have the right to object to processing where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please contact us at [email protected].
Right to request the restriction of processing
You have the right to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Right to request the transfer of your personal information to another party
You have the right to request that certain of your personal data be transferred to another Controller in a structured, commonly used and machine-readable format.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact us using the contact details below. Please note, there are some specific circumstances where these rights do not apply and we can refuse to deal with your request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights) in most cases. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
General Website Information
Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computer hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
We take any complaints we receive about the collection and use of personal information very seriously. We would encourage you to bring it to our attention if you think that our collection or use of information is unfair, misleading or inappropriate. You can make a complaint at any time by contacting us (see contact details below).
If you think our collection or use of personal information is unfair, misleading or inappropriate or if you have concerns about the security of your personal information, you also have the right to make a complaint to the Information Commissioner’s Office.
You can contact the Information Commissioner’s Office at the following address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
How to contact us
If you have any questions or grievances in relation to security or privacy, please email Ellie Mulcahy on [email protected] or write to Ellie Mulcahy, The Centre for Education and Youth, The Ship of Adventures, 138 Kingsland High Street, E8 2NS.