Please read it carefully, as by using our services, you will be deemed to have read and accepted its terms.
When referring to The Ardmore Group we are including all subsidiary companies, these being but not limited to:
Ardmore Language Schools Limited a company incorporated and registered in England and Wales with company number 01647636
Ardmore Educational Travel Limited a company incorporated and registered in England and Wales with company number 01848334
Ardmore Education Limited a company incorporated and registered in England and Wales with company number 10248866
ULT Limited a company incorporated and registered in England and Wales with company number 3285075
The Ardmore Group is the controller and responsible for your personal data.
INFORMING US OF CHANGES
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may process your data in order to enter into-and perform a contract with you, or based on our legitimate interest of fraud prevention, safety and security; error detection and rectification; marketing our services; or analytics in terms of visitors’ website use and their experience in order to improve the service. Sometimes we may seek your consent or get in touch based on the contact email you left on our website, of which you can always opt-out by clicking a link in our correspondence or emailing us at GDPR@theardmoregroup.com.
DATA WE GATHER
Information you have provided us with - this might be your e-mail address, name, home address etc – mainly information that is necessary for delivering you a product/service or to enhance your customer experience with us.
Information from our partners - we gather information from our trusted partners with confirmation that they have legal grounds to share that information with us. This is either information you have provided them directly with or that they have gathered about you on other legal grounds. See the list of our partners here.
Publicly available information
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel services you have with us but we will notify you if this is the case at the time.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
·Where we need to perform the contract we are about to enter into or have entered into with you.
·Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
·Where we need to comply with a legal or regulatory obligation.
WHO ELSE CAN ACCESS YOUR PERSONAL DATA
We do not share your Personal Data with strangers. Personal Data about you is in some cases provided to our trusted partners or to other companies within The Ardmore Group in order to either make providing the service to you possible or to enhance your customer experience.
We only work with Processing partners who are able to ensure adequate level of protection to your Personal Data. We disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it.
TRANSFERRING INFORMATION OUTSIDE THE EU
We may transfer the personal information we collect about you to the following countries outside the EU in order to perform our contract with you:
Republic of Ireland
There is an adequacy decision by the European Commission in respect of the following countries; Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework) as providing adequate protection. This means that these countries to which we transfer your data are deemed to provide an adequate level of protection for your personal information.
However, to ensure that your personal information does receive an adequate level of protection wherever it is transferred within The Ardmore Group, we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection. If you require further information about these protective measures, you can request it from the DPO.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We will only retain your personal information for as long as is necessary either to fulfil the purposes we collected it for or for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and any applicable legal requirements. After this period we will use our best endeavours to securely destroy your personal information.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
YOUR LEGAL RIGHTS
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
Right for the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
Right to withdraw consent – you have the right to withdraw any given consent for Processing of your Personal Data.
RIGHT TO ACCESS PERSONAL DATA
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
CHANGES TO THIS POLICY
Last modification was made 29thMay 2018.
CONTACT AND COMPLAINTS
Our full details are: The Ardmore Group, Berkshire College, Hall Place, Burchetts Green, Berkshire, SL6 6QR
Email address: GDPR@theardmoregroup.com
Tel No: 01628 826699
You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk), or another Data Protection Authority that may be competent in your case. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.