Social Enterprise Academy (‘SEA’, ‘we’, ‘our’) respects the privacy of our learners, stakeholders and staff and recognises the need for appropriate protection, processing and retention of your personal information.
We will outline below what personal information we collect, what we do with it and how we will keep it protected in compliance with relevant legislation.
Who are we in relation to data?
We are the ‘data controller’ for the purposes of data protection legislation in respect of the personal information that we hold about you. Due to our size as an organisation, we do not employ a designated Data Protection officer, however if you have any questions, comments or suggestions regarding your personal information you can contact us at –
Social Enterprise Academy, Thorn House, 2 Rose Street, Edinburgh, EH2 2PR.
firstname.lastname@example.org | 0131 243 2670
If you contact us by telephone in the first instance, we will ask you to put your request in writing so that we can authenticate your identity. This is a security measure to ensure that personal data is not disclosed to anyone who has no right to receive it.
What is personal information?
Personal information relates to a living individual who can be identified from that information. Personal information includes things like your name, address, email address or IP address.
How we use your information
We use your information for the following purposes -
- To respond to any enquiries which you make to us
- To process and administer your payments
- To provide services to you
- To monitor site usage to develop and administer our websites. For further information see the ‘Cookies’ section below.
- To provide you with promotional information about our programmes, through our mailing list. This is an opt-in service and more details about how we manage this can be found here
Reasons we process your personal information and the legal basis for doing so
We may use your information in the following ways:
- Where it is necessary to perform our contract with you
- Where it is required by law
- Where you have provided consent, with the proviso that you can withdraw this consent at any time (e.g our Mailing list)
- Where it is necessary for our legitimate interests as a business including:
- responding to enquiries
- providing services to our learners
- improving and developing our services
- the administration of our business
- monitoring and maintaining standards
- promoting our business
- employing staff
- establishing, exercising or defending our legal rights
Retention of Personal Information
To the extent permitted by legislation, we typically retain personal information about you for as long as is needed –
As described in the ‘your rights and your personal data’ section below, unless subject to an exemption under legislation, you may request that we delete your information or restrict the processing of such information by contacting us as indicated above.
Your duty to inform us of changes
It is important that the personal data we hold is accurate and current – please keep us informed if your personal data changes.
Disclosure of your Personal Information
We share your personal information with the following third parties:
MailChimp – Mailchimp provides a marketing automation service. We will provide MailChimp with your email address to enable them to send out our email communications.
SurveyMonkey – SurveyMonkey provides online survey software. We provide them with your email address to enable them to contact you in relation to surveys we wish to conduct.
Sage – Sage provide accounting software. This is stored on the SEA server and is not a cloud-based system.
Triodos Bank – we bank with Triodos bank. In order to pay you, we will store your bank details on our online banking system. This is regularly reviewed and unused details removed.
Tutors – if you are a learner we will share your basic details with our tutors prior to you attending our programmes. Tutors are held to the same standard as our staff with regards to data protection and sign up to our data policy and procedure.
Examination Boards (ILM) – we will ask you for specific further consent prior to doing so.
Law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or as otherwise required by law
Where we store your Information
We will use technical and organisational measures to safeguard your personal data, for example, we store your personal data on secure servers and ensure access to your personal data is limited to authenticated and approved staff.
All information we collect from you may be stored inside the UK, the European Economic Area (“EEA”) or outside the EEA.
If you live or work outside of the UK or the EEA, we may need to transfer your personal data outside of the UK or the EEA to correspond with you. Where this applies, we will take all reasonable steps necessary to ensure that your data is treated securely and in accordance with this privacy notice.
We also transfer data outside the UK or the EEA where our service providers host, process, or store data outside the UK or the EEA. Where we do this, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- The country to which the personal data will be transferred has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to non-EU countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Your rights and your personal data
Unless subject to an exemption under legislation, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which we hold
- The right to request that we correct any personal data if it is found to be inaccurate or out of date
- The right to request your personal data is erased where it is no longer necessary for us to retain it
- The right to withdraw your consent to the processing of your Data at any time (where consent is applicable)
- The right to request that we provide you with your personal data
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing. You can do this by calling their helpline on 0303 123 1113.
Time limit to respond
We will try to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will keep you updated.
Change of Purpose
We will only use your personal data for the purpose for which we collect it. If we need to use your personal data for an unrelated purpose we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
What are cookies? A cookie is a small text file that is placed on your computer or mobile phone when you first visit a website. They are stored on your computer by your internet browser and are then sent back to the originating website. They store information such as the pages you visited and your preferences for that website.
These statistics help us to continuously measure and improve the performance of our website, and ultimately your experience.
Are cookies dangerous? No - cookies cannot be used to circulate viruses, and they cannot access your computer's hard drive, although they are stored on the hard drive. They only contain and transfer to the server as much information as the users themselves have disclosed to a certain website.
Why do people reject cookies if they are safe? A server cannot set a cookie for a domain that it is not a member of - however, users may discover cookies in their computer from websites that they have not visited. Cookies like these are usually used by companies that use internet advertising for other websites.
Find out more at www.bbc.co.uk/webwise/guides/about-cookies
Turning off cookies - You can do this by changing the settings in your browser, however, some features on this site might not work as well without them.