Summary of how we use your personal data
Cotswold Guardians uses your personal data:
- where we need to perform the contract which we are about to enter into, or have entered into, with you;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- where we need to comply with legal obligations;
- where we have your consent.
Personal data is shared on occasion with third parties, such as:
- companies that assist us in performing our services;
- our insurance providers;
- companies carrying out background checks (where relevant and necessary).
Where we rely on your consent, such as for marketing purposes, you can withdraw this consent at any time. This policy sets out details of the processing, including details of your data protection rights and your right to object to certain processing.
What information do we collect?
We collect and process personal data about you when you interact with us and our website, and when you purchase services from us. This includes:
- your name / your child’s name;
- your / your child’s nationality and gender;
- your child’s age/date of birth;
- relevant medical information required for us to perform our service;
- your / your child’s home address, email address and phone number;
- details of your child’s school, academic progress and interests;
- your payment details where relevant;
- your marketing preferences, including any consents you have given us;
- communications that you may send to us;
- information related to the browser or device you use to access our website.
How do we use this information, and what is the legal basis for its use?
We process this personal data for the following purposes:
- To fulfil a contract, or take steps linked to a contract: this is relevant where you purchase services from us. This includes:
- verifying your identity;
- taking payments;
- communicating with you;
- providing customer services and arranging the provision of resources or services.
- As required to conduct our business and pursue our legitimate interests, in particular:
- we will use your information to provide details of resources and services you have enquired about or requested, and respond to any comments or complaints you may send us;
- we monitor use of our website and online services, and use your information to help us monitor, improve and protect our resources, content, services and website, both online and offline;
- we use information you provide to personalise our website, resources or services for you;
- where relevant, we may use third parties to check the validity of your payment details in order to prevent fraud (see data sharing below);
- we monitor customer accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law;
- we use information you provide to investigate any complaints received from you or from others, about our website or our resources or services;
- we will use personal data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation), for example we may need to share personal data with an inspection authority to comply with our regulatory obligations;
- we use personal data of some individuals to invite them to take part in market research.
- Where you give us consent:
- we will send you direct marketing in relation to our relevant resources and services, or other resources and services provided by us;
- we place cookies and use similar technologies in accordance with our cookies policy (see below paragraph Cookies and how we use them) and the information provided to you when those technologies are used;
- on other occasions where we ask you for consent, we will use the personal data for the purpose which we explain at that time.
- For purposes which are required by law:
- for DBS checks on suppliers such as host families and drivers;
- in response to requests by government or law enforcement authorities conducting an investigation.
Relying on our legitimate interests
We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on any of our balancing tests by contacting us using the email address set out later in this notice.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your personal data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, updating your preferences in any account or by contacting us using the details set out below.
Who will we share this personal data with, where and when?
Personal data will be shared with other organizations, such as insurers and organizations which conduct background checks, where necessary.
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
Personal data will also be shared with third party service providers, who will process it on behalf of Cotswold Guardians for the purposes identified above. For example, we use third party providers of website hosting and maintenance; DBS checking of employees and suppliers; providers of host family and driving services; educational consultants; business development consultants.
In the event that the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s advisers and will be passed to the new owners of the business.
Storing your personal data
Data provided is kept in a password protected encrypted electronic database which only our own staff can access. Where paper copies are needed of any data, these are stored in a locked cupboard in the lockable Cotswold Guardians office. The transmission of information via the internet is not completely secure and such transmission from you to us is therefore at your own risk. Any password protection used relies upon you keeping the password confidential.
Cookies and how we use them
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
What rights do I have?
You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this personal data with another controller.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the personal data to meet a contractual or other legal requirement, or where we are using the personal data for direct marketing).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in the Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, or to obtain other information, such as a copy of a legitimate interests balancing test, you can get in touch with us via our Data Controller using the email address set out below. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred. This is likely to be the Information Commissioner’s Office in the UK.
How long will you retain my personal data?
We only retain your personal data for as long as is required by law, or for as long as necessary for the purposes for which we process your personal data. Please ask for our Data Retention Policy for further information.
How do I get in touch with you?
We hope that we can satisfy queries you may have about the way we process your personal data. If you have any concerns about how we process your personal data, or would like to opt out of direct marketing, you can get in touch with our Data Controller at firstname.lastname@example.org.