(For both individual customers and Schools)
It is important that you read this policy, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information
Data Protection Principles
We are required by the GDPR to ensure that we follow six principles whilst we are processing your information and it is these principles that are central to our processing procedures. Your information will be:
Used lawfully, fairly and in a transparent way;
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
Relevant to the purposes we have told you about and limited only to those purposes;
Accurate and kept up to date;
Kept only as long as necessary for the purposes we have told you about; and
Data Protection Principles (relating to direct marketing for schools)
Companies of services or products marketing to Schools fall under the business to business marketing regulations. These are significantly different to the requirements for personal financial or other sensitive data, such as medical history.
The rules for business to business marketing will be largely the same under GDPR as they are at present. (i.e. we must give you the option to opt out of future marketing, but are not obliged to expressly ask for opting in – as with individuals)
Email marketing is currently governed by the Privacy and Electronic Communications Regulations (PECR) and this will stay the same until any subsequent revisions to E-Privacy Regulation are agreed and in force.
We must give you, as a school, the option to easily unsubscribe or opt-out from receiving further email marketing. This will be clearly stated at the bottom of all our email communications.
The product or service that we are promoting is relevant to you. In our case, we email only about our English courses that may be of interest to you as a school, either as a regular afternoon course, or as a project week.
Personal Information we Collect from You
Personal data, or personal information as we sometimes call it, means data which relates to an identifiable living person. You may from time to time provide us with personal data, such as the following:
Email address – and potentially postal address and telephone number(s);
Due to the nature of the service that we provide we do not normally collect postal addresses or other “special categories” of sensitive personal data.
Special category information includes; race or ethnicity, religion, sexual orientation, political views, trade union membership and physical or mental health. In the event you provide us with any special category data, we will take extra care to ensure your rights are protected, and this information will not be stored.
How is your personal information collected?
We collect your personal information through different methods including:
Direct interactions with you via our website, e-mail, phone or otherwise.
Automated technologies or interactions. As you interact with our website, we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies.
Cookies are small files which, depending on your browser settings, may be automatically stored on your computer's hard drive when your Web browser accesses a specific Web page.
Why is your information collected?
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
Where you have provided your consent.
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Any emails, or phonecalls, about our services, have been sent, or made, on the basis that there is a legitimate interest for us as a business, and you as an individual that has enquired in the past about our courses. Our emails, or calls, are specifically sent, made, to you with your past (or present) interests in mind. If the content of our emails is no longer relevant, please let us know by opting out from out email list.
There is no impact on the privacy of your email address or phone number, as it is only used by Kreativ English to keep you informed about any new, or upcoming courses that may be of interest to you.
Where we need to comply with a legal or regulatory obligation.
Your personal information will be collected, processed, stored and used only by us.
To provide customer support
We also use your personal information to provide emailed communications. We will retain your personal information only as long as is necessary, or as is required by applicable law, and then we will delete it.
Updates about new features, products and services we make available.
Each of the above emails will give you the opportunity of opting-out of receiving future similar communications from us.
Sharing your personal data
In our capacity as data controller we will share your personal information with third parties where required by law, or where it is necessary to administer the working relationship with you.
We take appropriate technical and organisational measures to guard against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data. While no computer system is completely secure, we believe the measures implemented by our site reduce the likelihood of security problems to a level appropriate to the type of data involved. We have security measures in place to protect our User and Student database and access to this database is restricted internally. However, it remains each User's responsibility.
What rights do you have?
Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a "data subject access request").
Once you have made a subject access request we are obliged:
To tell you whether we process any of your personal data
If so, to provide you with a description of the personal data we hold, the reasons it is being processed, and with whom we share it
To provide you with a copy of the personal data we process in an intelligible form, and (where this is available) to inform you about the source of the data
All Subject Access Requests must be in writing to firstname.lastname@example.org
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact email@example.com. Please note, there are some specific circumstances where these rights do not apply and we can refuse to deal with your request
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We take any complaints we receive about the collection and use of personal information very seriously. We would encourage you to bring it to our attention if you think that our collection or use of information is unfair, misleading or inappropriate. You can make a complaint at any time by contacting us (see contact details section below).
If you think our collection or use of personal information is unfair, misleading or inappropriate or if you have concerns about the security of your personal information, you also have the right to make a complaint to the Information Commissioner’s Office.
You can e-mail us at email@example.com or write to us at the following address
Kreativ English – Lustkandlgasse 4/10 – 1090, Wien