Data Protection & Privacy Policy
At Edurium, we are committed to protecting the privacy and security of our students, parents, staff, and visitors. This policy explains how we collect, use, store, and protect personal information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Scope
This policy applies to all personal data processed by Edurium, including data relating to students, parents/guardians, staff, and third parties. It covers all tuition sessions, whether delivered at Whitton Centre, Twickenham Green Centre, or other hired venues.
2. Principles of Data Protection
Edurium adheres to the following principles in accordance with UK GDPR:
– Lawfulness, fairness, and transparency.
– Purpose limitation (data collected only for specified purposes).
– Data minimisation (only necessary data collected).
– Accuracy (data kept up to date).
– Storage limitation (data retained only as long as necessary).
– Integrity and confidentiality (data kept secure).
3. Data We Collect
We may collect and process the following categories of personal data:
– Student information: name, date of birth, school year, academic records, assessment results.
– Parent/guardian information: name, contact details (address, phone, email).
– Attendance records, progress reports, and payment information.
– Safeguarding and medical information where necessary for the safety of students.
4. How We Use Data
Personal data is used for the following purposes:
– Delivering tuition and academic support.
– Monitoring progress and providing feedback to parents.
– Communicating about schedules, fees, and events.
– Ensuring safeguarding and health and safety requirements are met.
– Meeting legal and regulatory obligations.
5. Data Sharing
We do not sell or share personal data with third parties for marketing purposes. We may share data with:
– Regulatory authorities where legally required.
– Venue providers, only where necessary for health and safety.
– Emergency services in the event of a safeguarding or medical incident.
6. Data Security
We implement appropriate technical and organisational measures to protect data against unauthorised access, alteration, disclosure, or destruction. This includes password protection, secure storage, and restricted access.
7. Data Retention
Personal data is only retained for as long as necessary to fulfil the purposes for which it was collected. For students, data is typically retained for up to 3 years after leaving Edurium, unless required longer by law.
8. Rights of Individuals
Under UK GDPR, individuals have the following rights:
– Right to access their personal data.
– Right to rectification of inaccurate data.
– Right to erasure (where applicable).
– Right to restrict processing.
– Right to data portability.
– Right to object to processing.
Requests should be made in writing to the Data Protection Officer (DPO).
9. Contact Details
For questions about this policy or to exercise your data rights, please contact:
Data Protection Officer (DPO): Dr Artin Backtash-Rad
Email: [email protected]
Phone: 07362 377831
10. Review of Policy
This Data Protection & Privacy Policy is reviewed annually or sooner if there are changes in data protection legislation or Edurium’s operations.