Collingwood Learning Solutions Ltd
Data Privacy and Cookie Notice
At Collingwood Learning Solutions Ltd (“Collingwood”) we value the people we deliver our educational tools and materials to and understand the importance of the role of Data Privacy in creating trusted and respected relationships.
1. WHAT IS THE PURPOSE OF THIS POLICY?
1.1. To explain how your personal data will be handled by Collingwood for our purposes and to explain your rights in relation to your personal information.
Generally, Collingwood will use your personal data as part of its legitimate interests and in connection with your relationship with Collingwood. The purposes for which Collingwood uses your personal information are set out in this section but may also be in other communications which may be created or amended from time to time.
We may withdraw or modify this Policy at any time, and we may supplement or amend it by additional policies and guidelines from time to time.
2. WHO DOES THIS POLICY APPLY TO?
2.1. This policy applies to all individuals whose personal data (also known as Personally Identifiable Information, or PII) we process, which includes the creation, receipt, sharing, alteration and disposal of personal data.
The Smashed Programme
Note that for students who log on individually to the Smashed programme, randomly generated usernames will be used and as such the student’s personal data will not be collected.
The only personal data in the Smashed programme which will be collected is that of the teachers.
3. HOW DOES COLLINGWOOD HANDLE YOUR INFORMATION FAIRLY AND LAWFULLY? AND FOR WHAT PURPOSES?
3.1. For a list of the types of data that we may process about you, please see Appendix 1.
3.2. The processing described here can be based on one or more of a number of legal grounds.
3.3. Usually we will process your personal data on the basis of consent. If you are below the legal age to consent, we may process on the basis of the consent of your parent or guardian. Where you provide your consent, you are free at any time to withdraw it.
3.4. We may use the ground of legitimate interests we pursue. That legitimate interest is based on our aim to help educate young people on the risks of underage drinking.
3.5. The personal data we process may be held in in an unstructured way, such as paper records and in Outlook email. It may also be held in a structured way within various IT or other systems, applications, solutions and databases; some of which may be owned and/ or operated by third parties. Where we engage with such third parties, we impose contractual requirements to protect personal data on them.
4. WHY IS DATA PRIVACY IMPORTANT?
4.1 Collingwood respects the legal privacy rights of individuals.
The EU General Data Privacy Regulation 2016/679 and other related local legal regulations (the “GDPR”) sets out those rights for individuals with the European Economic Area (EEA) (the European Union plus Iceland, Lichtenstein and Norway). The GDPR applies whenever a data controller (or a data processor acting on behalf of the data controller) processes personal data of people in the EEA. It requires the controller to protect that personal data by complying with the Data Privacy Principles (see paragraph 6 below) and imposes restrictions on how the controller may process the personal data. Some key words have a specific meaning under the GDPR (see paragraph 5 below).
Collingwood also complies with local laws in the country in which it operates. For example, this notice is designed to take into account the Children’s Online Personal Protection Act in the USA.
5. WHAT DO THE KEY TERMS MEAN?
5.1. Data Controller is the person who determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This may be an employing company or an operating company. A data controller may choose to appoint a data processor to process personal data on its behalf.
5.2. Personal data (or Personally Identifiable Information, or PII) is any information which relates to a living individual. An “individual” is someone who can be identified, directly or indirectly. This can be done, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. The individual who is the subject matter of the information is a “data subject”.
5.3. Processing means almost any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
6. WHAT ARE THE DATA PRIVACY PRINCIPLES?
6.1. Collingwood complies with the Data Privacy Principles set out below:
6.2. Transparency: data must be processed lawfully, fairly and in a transparent manner
6.3. Purpose limitation: data must be collected for specified, explicit and legitimate purposes only
6.4. Data minimisation: data collected must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
6.5. Accuracy: data must be accurate and where necessary kept up to date
6.6. Data retention: data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
6.7. Data integrity, confidentiality and security: data must be processed in a secure manner including Privacy against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
6.8. International transfers: For personal data which is supplied or created within the EEA, data must not be transferred outside of the EEA without ensuing that appropriate contractual protections are in place with the recipient of that personal data. Please see paragraph 9 below for more details on this.
6.9. Finally, we will respect your rights as a data subject (see paragraph 12 below).
7. FOR WHAT PURPOSES WILL COLLINGWOOD USE MY PERSONAL DATA?
7.1 We process your personal data primarily in order to be able to provide our educational resources for you.
7.2 We may also need to process your personal data
7.2.1 for legal and /or regulatory purposes;
7.2.2 to communicate and provide you with information, news and updates;
7.2.3 for live transmission of images through use of applications including but not limited to Zoom and Microsoft Teams;
7.2.4 to monitor to ensure our network and information security and to meet our Information Management and Security
7.2.5 for the purposes of crime prevention and detection, including where it is necessary for the assessment of risk or the
prevention of fraud and Health and Safety issues;
7.2.6 for analytics or benchmarking activities on an aggregated or statistical level to support our legitimate business
interests and to monitor Performance;
7.2.7 routine management of day to day business and operational activities with you, such as contact information.
7.3 Processing as described above may continue following the termination of our arrangement with you (as appropriate and necessary) and in line with our records management policies from time to time. Examples include any litigation or dispute and when there is a requirement to do so.
8. IS MY DATA SHARED WITH THIRD PARTIES?
8.1. We may share personal data with third parties throughout the duration of our relationship with you including but not limited to the processing purposes described above or indeed afterwards, where this is necessary or reasonably required for the performance of our responsibilities under any arrangements we may have in place.
8.2. Such third parties include service providers, your school or colleges, and any potential purchasers of Collingwood.
8.3. Where we share personal data with service providers acting on our behalf, the service providers are classed under Data Privacy Law in the EEA as being data processors, and are subject to statutory obligations, as well as contractual obligations which are set out in a written agreement.
9. IS MY DATA TRANSFERRED OUTSIDE THE UK OR THE EEA?
9.1. If your data was provided or created within the EEA, we may need to transfer your data outside the UK or the EEA (as applicable) as part of Collingwood’s legitimate interests as described in this Policy and in other transparency notices and other policies, standards and guidance from time to time.
If your personal data is transferred outside the UK and/or the EEA, please be aware that you may have fewer rights under the local Data Privacy Law than you do in your country of residence. However, we will take all reasonable steps to ensure that your personal data is treated securely and in accordance with this policy and with relevant Data Privacy Law. This includes having agreements in place to ensure the security of your personal data and we will ensure that such transfers of data are subject to adequate and appropriate safeguards.
9.2. Where your personal data is handled by data processors, some of them may be located outside the UK and/or the EEA. We may have to use data centres and operations facilities that are operated from outside the UK and/or the EEA, for example, if servers are switched. Some service providers may store data in the cloud in various locations around the world.
10. HOW IS MY DATA KEPT SECURE?
10.1. We have a number of policies, procedures, standards and guidelines in place to keep your personal data secure.
10.2. We ensure that the personal data is being held securely, both technically and organisationally and is only disclosed to authorised recipients, whether it is on paper or electronically held.
10.3. We have put in place technical and organisational measures to ensure the security of the information we collect, and have decided on which measures to take by taking account of the nature of the information and what would be the most effective way to prevent unauthorised access.
11. FOR HOW LONG IS MY DATA KEPT?
11.1 We will continue to retain your personal information for three years after our educational tools have been delivered to you.
After this period, then we will securely destroy your personal data with due consideration of legal and regulatory requirements or guidance on retention.
11.2 We will not retain your personal data for any longer than is necessary for the purposes set out in this policy, nor will we retain any personal data about you which we know or which you have notified us is out of date.
12.2 This section explains what cookies are and gives details of the specific cookies we use on our website. It also sets out why we use these cookies and provides information on the cookie choices that you and all our website visitors have.
12.4 What is a cookie?
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your device’s hard disk. A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a randomly generated unique number. The other technologies we use serve a very similarly function but work slightly differently.
12.5 We use two broad types of cookies:
First party cookies, served directly by us to your device when you visit our website; and
Third party cookies, served by a third party on our behalf when you visit our website and certain third party websites with whom we have partnered.
These cookies can be divided into session cookies and persistent cookies. Session cookies are temporary cookies that remember your user choices and preferences and are then deleted as soon as you leave the site. Persistent cookies stay in one of your browser’s subfolders until you delete them manually or until they expire.
Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies at: www.allaboutcookies.org.
This website uses the following cookies for the following purposes:
Strictly Necessary cookies: These cookies are essential to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, our website cannot function properly and services you have asked for, like shopping baskets or e-billing, cannot be provided.
Examples of Strictly Necessary Cookies we may use on this website include Content Management Cookies which are required by the site for the content management system to work and Template Preference Cookies which are necessary for mobile sites and enable the site to look and feel the way it is intended to.
Functional cookies : These cookies allow the website to remember choices you make (such as your user name, language
or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or posting a comment. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
We may place a cookie to remember your preferences (Preference Cookie) so that you do not need to re-enter your details (country and language preferences) on our gateway page. You can choose this by selecting ‘Remember me on this device’, but it is not suitable if you share your computer with someone else. This cookie does not collect your date of birth.
12.7 We may also use certain service providers to set cookies on our behalf via third party partner websites. These cookies enable us to analyse visits to specific sections of those websites and collect certain information regarding purchases of our products. The types of information collected by such cookies may include: shopping cart information, what product pages have been viewed, whether a purchase of our product has been made, which of our products have been searched for.
12.8 How can you manage cookies?
If you are using a web browser (e.g. Google Chrome, Mozilla Firefox or Microsoft Edge), you have the ability to accept or decline cookies by modifying the settings in your browser. Please refer to your browser instructions or help screen to learn more about the functions which your browser provides to manage cookies. If you use different browsers and/or different devices you may need to ensure that each browser is adjusted to suit your cookie preferences. For instructions on how to manage cookies in your browser, please read the information available here. Please note that you may not be able to use all the interactive features of our site if all cookies are disabled.
13. WHAT ARE MY RIGHTS IN RELATION TO MY PERSONAL DATA?
You (or if you are below the legal age of consent for data privacy purposes, your parent or guardian) have the:
13.1. Right of access: access personal data held by us about you (please see section entitled “How can I access my personal data” below); you may request to see your personal data held by us and we will endeavour to respond to such requests within one month (or within a shorter period if such is required by local law). Please see paragraph 13 below on any exception to this right;
13.2. Right of data accuracy: ask us to correct (or update) any personal data about you that is inaccurate (or out of date) or incomplete;
12.3 Right of data deletion: ask us to stop using and/ or delete personal data about you;
12.4 Right to restriction or review of processing: ask us to restrict our processing of personal data held by us about you This right will only apply where we no longer need to use the personal data to achieve the purpose we collected it for and the underlying logic to processing is no longer relevant;
12.5 Right to receive/transfer data: you have a right to receive personal data which you provided to us and which we process on the basis of your consent or for the performance of a contract with you, in a structured, commonly used and machine readable format. You also have the right to transfer (or require us to transfer) this personal data to another organisation. For more information on how to access your information, please see paragraph 13 below;
12.6 Right to object: you have a right to object to our processing of personal data held by us about you (where our justification for processing the data is that the processing is necessary for the purposes of the legitimate interests we pursue, unless this interest is sufficiently compelling to override your objection).
13 HOW CAN I ACCESS MY PERSONAL DATA?
13.1 There are some exceptions to this general right, meaning that some of the personal data requested may be withheld in certain circumstances, including where:
13.1.1 the information is not your personal data and is not about you specifically;
13.1.2 the information relates or involves a third party where it is not reasonable in all the circumstances to disclose the information since it contains details of that third party and they have not given their consent to disclose;
13.1.3 you already have the information;
13.1.4 the information is subject to legal privilege; or
13.1.5 statutory law restricts disclosure.
13.2 Where you have made earlier requests, we will provide you with only the updates or additions to your information that have been made since the date of your last request.
If you would like to request access to your personal data, you can write to Collingwood Learning Solutions Ltd
with “Subject Access Request” in the subject line of the email or letter. You should set out the reason for the requests and specify exactly what data you would like to see and the periods of time you are referring to.
14. DOES COLLINGWOOD COLLECT MY PERSONAL DATA FROM ANY OTHER SOURCES?
14.1 We obtain your personal data from a number of sources, including from your school, or college.
14.2 We monitor communications on our networks, including office and mobile telephone networks. The information collected may be periodically reviewed by authorised staff to ensure compliance with our policies and to detect any unauthorised use of our IT infrastructure and systems.
15. HOW IS MY PERSONAL DATA KEPT ACCURATE AND UP-TO-DATE?
15.1 We want to ensure that personal data we hold is accurate and kept up-to-date. We need to do this both to comply with our obligations under Data Privacy Law, and for the practical day to day management of our relationship with you.
15.2 For these and other reasons related to administering your relationship with us, please notify us of any change in your information (see section 16 “What Steps Can I Take If I Have Any Concerns About My Personal Data” for details on contacting us) as soon as is practicable, so that records can be updated.
16. WHAT STEPS CAN I TAKE IF I HAVE ANY CONCERNS ABOUT MY PERSONAL DATA?
16.1 You can report any concerns or issues to Collingwood Learning Solutions Ltd
We will do our best to support resolution of your query.
16.2 If after this you are not satisfied by our response you have the right to lodge a formal complaint with your local regulator (e.g. the UK Information Commissioner’s Office in the UK).
CATEGORIES OF PERSONAL INFORMATION THAT MAY BE PROCESSED
1. name (first, middle and surname), school address, e-mail address;
2. where you are a natural person acting for a school or college, financial information (e.g. bank account details); and
3. your electronic identification data where required for the purpose of delivering educational tools (e.g. login, passwords, IP address, online identifiers/cookies, logs, access and connection times,).
During our relationship with you, Collingwood may collect and process additional categories of personal data which are not specified above, for example if you voluntarily disclose it to us. In accordance with our legal obligations, we will be transparent about any new processing of personal data.