Katie’s Classroom Limited – Privacy Statement
Katie’s Classroom provides online Maths and English video tutorials for parents and children from Year 3 up to 11+. By visiting www.katiesclassroom.com you are accepting and consenting to the practices described in this policy.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Katie’s Classroom Limited whose registered office is at Braeside, Wormald Green, Harrogate, HG3 3PU.
Katie’s Classroom is committed to protecting your data and information. We believe it is important to look after your data and allow you to retain control over how it is used.
We want to ensure that your data is processed fairly, lawfully, and in accordance with your rights under the General Data Protection Regulation (GDPR; EU 2016/679). Please read the full Privacy Statement carefully to understand our policies and practices regarding your information.
Due to the nature of the services we provide to our clients, it may be necessary to hold and process personal data regarding our clients. This personal data is covered by the General Data Protection Regulations 2016 (“GDPR”). There are also some other key legal requirements with which we need to comply. The purpose of this Privacy Statement is to set out how we meet these requirements and to ensure that every client who provides data to us understands the legal basis on which that data is held, what the data is used for, how it is stored and who has access to it.
The Privacy Statement is one element of how we fulfil the obligations of GDPR. This document should be viewed in conjunction with the following policies and procedures:
- Data Breach Notification Procedure
- Data Processing Agreement
- Record Retention and Protection Policy
GDPR is an extensive piece of legislation that seeks to protect the right to privacy of individuals. There are some key terms in relation to the approach that we are using in relation to GDPR. These are:
- Data Subject – the individual to whom the data relates;
- Personal Data – any information relating to an identified or identifiable person;
- Processing – any action performed with the personal data (collection, recording, sharing, storing, etc.);
- Controller – the person or entity who determines what data to collect and the use of that data;
- Processor – the person/people who collects and processes the data as per instructions from the Controller.
Key roles in data use
For provision of our services, the following roles fulfil duties under this Privacy Statement:
- Controller – our directors and employees
- Processors – our directors and employees
The six privacy principles
GDPR sets out six privacy principles with which we must comply. These principles are:
- Purpose Limitation – we must clearly state the reason that data is being held and can then only process data for that reason. If we want to use the data for a different reason to that for which the data was collected, then we must inform the client
- Data Minimisation – we must only collect the data that is needed
- Accuracy – we must take all reasonable steps to ensure that the data held is accurate
- Storage Limitation – we must only keep the data for as long as it is necessary
- Integrity and Confidentiality – we must take all reasonable steps to ensure that the data held is kept securely and is only shared with people who have a legitimate need to have access to it
- Lawfulness, fairness and transparency – we must have a legal basis for processing data and must be transparent about the data held, why it is held, how it is held, who has access to it and for how long it is retained
Our legal basis for processing data and how we will use it
GDPR states that data can only be processed for one of six reasons – consent, contract, legal obligation, vital interests, public task and legitimate interests. Of these, the reasons that we hold data relating to our clients’ employees and customers are:
- “Consent”, where consent is defined as where an “individual has given clear consent for us to process their personal data for a specific purpose”
- “Contract”, where contract is defined as “a lawful basis for processing data if a company is required to hold the data to fulfil their contractual obligations”
- “Legal obligation”, where legal obligation is defined as “the processing necessary for us to comply with the law (not including contractual obligations)”.
We value your personal data and take security seriously. We therefore will not sell your data to third-parties nor use the information held about you (and information about others) to provide you with advertising or other services that are not directly relevant or linked to those that you have requested or previously bought from us.
The data that is typically held
- Website contact form
When you navigate our websites or contact us, we may request, or you may choose to provide us with certain information. This may include Personal Information, such as name and email address, and records and copies of your correspondence with us.
If you contact us through one of our contact forms, we will assume you have a legitimate interest to do so. We will continue to hold your information for 24 months after your last interaction with us. You can request for your data to be erased at any point by emailing email@example.com.
We use third party solutions, such as WordPress and MailChimp, to store and manage our contact and e-newsletter requests.
- Customer information
As a customer of our product, we may collect and process information about you. You may give us this information by filling in forms on www.katiesclassroom.com (our site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to access certain pages on our site, search for a product or service, place an order on or via our site (to the extent applicable), participate in discussion boards or other social media functions on our site (to the extent applicable), enter a competition, promotion or survey and when you report a problem with our site. The information you give us may include your name, age, address, e-mail address and phone number, and financial and credit card information.
With regard to each of your visits to our site, we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call us.
We will hold your information for 24 months past the point of your last interaction with us.
- Job application and employee information
We process and store Personal Information for the purpose of assessing your suitability for employment at Katie’s Classroom and/or to fulfil our statutory obligations as an employer. This may include information such as your name, date of birth, employment and education history, contact information and information of a sensitive nature that you chose to disclose to us.
We may use third-party processors, such as Workable and People HR, to manage our job applications and store our employee information.
We store relevant employee data for the duration of your employment and for the legally required amount of time after that.
We will hold your job application for a total of 12 months after our last communication. This does not affect your rights as an individual under GDPR.
- Usage details and cookies
When you visit www.katiesclassroom.com we may collect information about how our website is used. We do this to find out things such as the number of visitors to the various parts of the site so that we can improve our service to you.
We use a third-party service, Google Analytics, to collect standard internet log information and details of your behaviour patterns. This information is processed in a way which does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Any Personal Information collected on our website is obtained via our contact or order forms. We will make it clear when we collect Personal Information and will explain what we intend to do with it.
How we use your information
We will use information you give to us:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- to provide you, or permit selected third parties to provide you, with information about goods or services we feel may be directly relevant and of interest to you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please confirm / tick the relevant box situated on the form on which we collect your data (the registration form);
- to notify you about changes to our service; and
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
We will use information that we collect about you:
- to administer our site, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our site, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Information we receive from other sources
We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive.
‘Privacy by design’
We have adopted the principle of ‘privacy by design’ for our systems which collect or process personal data. We will ensure that the definition and implementation of all new or significantly changed systems (that collect or process personal data) will be subject to due consideration of privacy issues, including the completion of one or more data protection impact assessments. The data protection impact assessment will include:
- Consideration of how Personal Data will be processed and for what purposes;
- Assessment of whether the proposed processing of Personal Data is both necessary and proportionate to the purpose(s);
- Assessment of the risks to individuals in processing the Personal Data;
- Consideration of which controls are necessary to address the identified risks and demonstrate compliance with legislation.
Disclosure of your information
We may disclose your Personal Information to any partner, sub-contractor or supplier of Katie’s Classroom and/or a member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may also disclose information to:
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience; and
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
We may disclose your Personal Information to third parties:
- in the event that we sell or buy any business or assets;
- if Katie’s Classroom or substantially all of its assets are acquired by a third party;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of Katie’s Classroom, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection; or
- where previously mentioned in this policy.
Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating
outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in,
among other things, the fulfilment of your order, the processing of your payment details
and the provision of support services. By submitting your personal data, you agree to this
transfer, storing or processing. We will take all steps reasonably necessary to ensure that
All information you provide to us is stored on our secure servers. Any payment transactions
will be encrypted using SSL technology. Where we have given you (or where you have
chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the
security of your data transmitted to our site; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Data Protection Officer
A defined role of Data Protection Officer is required under the GDPR if an organisation is a public authority, if it performs large-scale monitoring, or if it processes particularly sensitive types of data on a large scale. Based on these criteria, at this time we have not appointed a Data Protection Officer, however we will continue to review this on a regular basis.
We always aim to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, we will inform the relevant Data Protection Authority within 72 hours. This will be managed in accordance with our Data Breach Notification Procedure which sets out the overall process of handling information security incidents.
Under the General Data Protection Regulation (GDPR), you have rights as an individual, which you can exercise in relation to the information we hold about you.
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to erasure – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to object or question automated processing or profiling.
- Right to judicial review – in the event that Katie’s Classroom refuses your request under rights of access, we will provide you with a reason as to why. You have the right to challenge this with the Information Commissioner Office.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
If you would like to exercise any of your rights as a data subject, you can do so by contacting us at firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partners networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Addressing compliance to the GDPR
To ensure that we comply with the accountability principle of the GDPR, we have ensured that:
- The legal basis for processing personal data is clear and unambiguous;
- There is appropriate communication with all clients regarding the data held;
- The Controllers and Processors involved in handling Personal Data understand their responsibilities for following good data protection practice;
- Routes are available to Data Subjects wishing to exercise their rights regarding personal data, and that such enquiries are handled effectively;
- Regular reviews of procedures involving Personal Data are carried out by our directors; and
- Privacy by design is adopted for all new or changed systems and processes.
Changes to this policy
Concerns and Questions
GDPR is new legislation and how the rules are interpreted will continue to evolve. We will continue to adopt best practices to ensure on-going compliance. Any concerns or questions relating to the way in which we process data should be raised via email to email@example.com. The issues will then be investigated, and a response will be sent within 28 days of receipt of the email.