Our Privacy Policy

We at the pesspa education Ltd want to make sure all the personal information we have collected about you, is safe and secure whether we collect it through our website at [https://pesspa-education.co.uk] or from other sources. This Policy sets out our commitments to you, in compliance with and beyond the General Data Protection Regulation (commonly known as the GDPR) and explains how we collect, store and use your personal information.

We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we are not required to do so, but our Business Manager has overall responsibility for data protection compliance in our organisation. If you have any questions about this Policy or what we do with your personal information, their contact details are set out in the “Contact” section below.

DTCA – Group Ltd processes personal data relating to parents, children, staff and others, and therefore we act as a data controller.

DTCA – Group Ltd is registered as a data controller with the Information Commissioner’s Office and will renew this registration annually or as otherwise legally required.

This website

We are committed to safeguarding the privacy of visitors to this website. We are the data controller with respect to the personal data of visitors and users of this website. We may on occasions use a third party service who will operate as our data processor, further information regarding data processors is contained in this document.

Your Data

We may process your account data including your name, address, telephone number and email address and/or other information you supply to us. This account data may be processed for the purposes of operating our website, providing our services and ensuring the security of our website, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is consent or our legitimate interests, namely the proper administration of our website and business or the performance of a contract between you and us , for example when you make a booking through this website or enter your data into a form. We may process information that you post for publication on our website or through our services. The publication data may be processed for the purposes of enabling such publication and administering our website and services.

We may process information contained in any communication that you send to us via email, contact forms or booking forms. The correspondence data may include the communication content and metadata associated with the communication. The correspondence data will only be processed for the purposes of communicating with you and record-keeping.

When you visit this website, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be transparent about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

When you make a payment through this website

When you make a financial transactions via our website this payment transaction will be handled by stripe. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about Stripe’s privacy policies and practices here: https://stripe.com/gb/privacy

We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Your Rights and Right to Erasure (Right to be forgotten)

You may instruct us to provide you with any personal information we hold about you.
Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.

The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.

The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.

The personal data have been unlawfully processed.

The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by us, he or she may, at any time, contact any employee of the controller.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required.

You may instruct us to provide you with any personal information we hold about you.

When a request is made we will require:
1. Appropriate evidence of your identity, this will be a photo identity (passport or driving license and a copy of a utility bill)
2. We may withhold personal information that you request to the extent permitted by law.
3. You may instruct us at any time not to process your personal information for marketing purposes.

It is our policy that you will  either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.

Use of cookies
Find out more on our Cookies page

Search engine
Our website search facility is powered by WordPress. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by us or any third party.

Security and performance
This website uses a third party service to help maintain the security and performance of the website. To deliver this service it processes the IP addresses of visitors to this website. The third parties we use are 123-reg.co.uk and Google Analytics.

WordPress
We use a third party service, WordPress.com, to publish our Blog/Posts. These sites are hosted on our secure servers. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. Our WordPress platform requires visitors that want to post a comment to enter a name and email address.

People who contact us via social media
If you send us a private or direct message via social media the message will be stored by us for three months. It will not be shared with any other organisations.

People who call us
When you call us, we collect Calling Line Identification (CLI) information. We do not record calls.

People who email us
We use Transport Layer Security (TLS) to encrypt and protect email. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Complaints
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We may compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

We may have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
We do not identify any complainants unless required to do so by law.

People who use our services
We offer various services to individuals. We may use a third party to deal with some areas of our business, but they are only allowed to use the information at that time and duration of the work they carry out. They cannot share any information with any third party.

We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have requested a particular service and we may then carry out a survey to find out if they are happy with the level of service they received.

When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this.

Use of data processors
We may use data processors, they are third parties who may provide elements of our services such as recruitment or external suppliers of our products. They cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period as set out by UK law.

Service providers reporting a breach
Public electronic communications service providers are required by law to report any security breaches involving personal data to the ICO. We use 123-reg.co.uk to manage our servers and information that is contained on those servers.

CONTACT
In the event of any query or complaint in connection with the information we hold about you, please email us HERE.

Whilst our Privacy Policy and Cookie Policy sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/

Job applicants, current and former employees data

DTCA – Group Ltd is the data controller for the information you provide during the application and recruitment process unless otherwise stated. If you have any queries about the process or how we handle your information please contact us HERE

What will we do with the information you provide to us?
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

What information do we ask for, and why?
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t.

Application stage
We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our Human Resources department will have access to all of this information.

You will also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to any staff outside of our Human Resources team, including hiring managers, in a way which can identify you. Any information you do provide, will be used only to produce and monitor equal opportunities statistics.

Shortlisting
Our hiring managers shortlist applications for interview. They will not be provided with your name or contact details or with your equal opportunities information if you have provided it.

Assessments
We might ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by the us and not shared with anyone.

If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.

Conditional offer
If we make a conditional offer of employment or work under a freelance basis we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of all staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

You will therefore be required to provide:
• Proof of your identity – you will be asked to supply original documents, we will take copies.
• Proof of your qualifications – you will be asked to supply original documents, we will take copies.
• You may be asked to complete a DBS check, if the role is a relevant one.
• We will provide your email address for a Basic Criminal Record check via the Disclosure and Barring Service, which will verify your declaration of unspent convictions.
• We will contact your referees, using the details you provide in your application, directly to obtain references
• We will may ask you to complete a questionnaire about your health. This is to establish your fitness to work. If we make a final offer, we will also ask you for the following:
• Bank details – to process salary payments
• Emergency contact details – so we know who to contact in case you have an emergency at work

Personnel System
If you accept a final offer from us, some of your personnel records will be held on electronic personnel system which is an internally used HR records system.
How long is the information retained for?
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the campaign.

Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.

Equal opportunities information is retained for 6 months following the closure of the campaign whether you are successful or not.

How we make decisions about recruitment?
Final recruitment decisions are made by hiring managers and members of our Human Resources team. All of the information gathered during the application process is taken into account.
You are able to ask about decisions made about your application by speaking to your contact within our Human Resources team.

Your rights.
Under the General Data Protection Regulations, you have rights as an individual which you can exercise in relation to the information we hold about you.
You can read more about these rights here – https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent via contact@dtca-group.co.uk

If you want to make a complaint about the way we have processed your personal information, you can contact the ICO in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns.

Access to personal information
We try to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’. If we do hold information about you we will:
• give you a description of it;
• tell you why we are holding it;
• tell you who it could be disclosed to; and
• let you have a copy of the information in an intelligible form.

To make a request to us for any personal information we may hold you need to put the request in writing addressing it to our Governance department via this email address: contact@dtca-group.co.uk

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

If we do hold information about you, you can ask us to correct any mistakes by contacting us.

Disclosure of personal information
In many circumstances we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organisation or person concerned and with other relevant bodies.

Links to other websites
This privacy notice does not cover the links within this site linking to other websites. Please read the privacy statements on the other websites you visit.

Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 2nd June 2018.

How to contact us
If you want to request information about our privacy policy, you can email us here: contact@dtca-group.co.uk

Data Protection Policy

DTCA – Group Ltd is committed to complying with data protection law and to respecting the privacy rights of individuals. Our Data Protection Policy applies to all of our staff, workers, directors, volunteers and consultants.

The Data Protection Policy sets out our approach to data protection law and the principles that we will apply to our processing of personal data through any contact with us. The aim of the Policy is to ensure that we process personal data in accordance with the law and with the utmost care and respect.

If you would like to receive a copy of this policy please request it HERE.

Images

All the images contained within this website belong to DTCA – Group Ltd and may not be re-produced without specific written permission.

All children and adults that attend any DTCA – Group Ltd session or event may opt in or out of photographs being taken during events for use on this website and social media. When booking online there is an option to say Yes or No. In the case of other activities that are not booked via this site, the option of agreeing or declining will be clearly shown on a booking form. Any parent or carer must tell us immediately if they change their mind and their child should be excluded from such publicity. You can contact us here if you do not want images reproduced of your child for use on this website and social media.

Data logging

As is true with most websites, our server will automatically log data regarding each visit such as your IP address, browser type, referring/exit pages, and operating system. We may use this information to monitor server errors, server administration or to monitor visitor behaviour. It is not possible for this to be disabled on a per-user basis so you must leave this website (and the internet entirely) if you do not agree to this happening.

This privacy policy applies to this website only and does not apply to any websites that this website may link to.

0