We aim to keep your personal data secure at all times.
Our Privacy Policy explains how we manage your data. It has been developed following the six principles outlined by the GDPR (General Data Processing Regulations) introduced in 2018.
We will be guided by the following GDPR principles when processing data:
INFORMATION WE MAY COLLECT FROM YOU
The data that we collect and process about you, may be supplied personally or we may collect this information from anyone acting your behalf, such as parents, teachers or educational agents. This information has normally been gathered using the following methods:
IP ADDRESSES AND COOKIES
If you accept cookies on our website, the cookie will collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate data. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual and we will not collect personal information in this way. The cookie will obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better, more personalised service. They enable us:
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. WHERE WE STORE AND USE YOUR PERSONAL DATA
The personal data that we collect from you will be primarily stored on our encrypted company computer. This data may also be stored within the servers of organisations we use to deliver our services. Please download this file for detailed information on the rationales for collecting your data and the different organisations we use for processing your data. All these organisations have their own privacy policies to protect your information and explain how they use it. Your data will be processed to support your education, health, travel, accommodation and welfare while studying at a Language Tree. This will include among other things, the processing of your application and visa, arranging your studies, teaching and any tests or exams. We will also use it for managing your education, processing your payments or reporting on your progress to you, your parents, sponsors or educational agents (where appropriate). Information may also be shared between staff as appropriate and as necessary to meet the needs of our business and to deliver your education. The data may also be used to meet our regulatory, legal, inspection or compliance responsibilities. By submitting your personal data, you agree to this transfer, storage or processing by Language Tree Ltd. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access and keep your information secure. DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to third parties:
LEGAL BASES FOR PROCESSING YOUR DATA
The GDPR establishes 6 legal bases for processing your data: these are Consent, Contract, Legal Obligation, Vital Interests, Public Task and Legitimate Interests. We use different legal bases for processing your data depending on the purpose for collecting your data in the first instance:
We will make it as easy as we can for you to opt out of unwanted processing under Consent, providing it does not restrict our ability to provide you with the primary service you have requested. We collect data for a wide range of purposes. Data is managed to ensure that it is either erased from our system when it is no longer required for the purpose for which it was collected, retained for legal reasons, or minimised and retained. In certain situations, we are co-processors of information relating to marketing and booking clients with partners overseas (for example ETOs, schools, government and national sponsors). As such, we may transfer some data outside of the EU, but this will be limited to data necessary for the performance of a contract made in the interests of the individual (which is an exemption to the 8th principle of the GDPR legislation). We remain responsible for the data held, processed or sent via our systems. We are not responsible for the security and processing of data which is held, processed or sent via our partners’ systems. However, we require all of our partners to confirm that they will process data securely in line with the requirements of GDPR or the equivalent in their country. We do not sell your data at any time. Special Category Data/Criminal Record Data We may request health data from potential students and employees. This data has special protection under the GDPR under the specific conditions listed in Article 9(2) of the GDPR that processing is necessary either to protect the vital interests of the data subject, (or of another natural person where the data subject is physically or legally incapable of giving consent), or where processing is necessary for the purposes of preventive or occupational medicine or the assessment of the working capacity of an employee. The school has safeguarding responsibilities and carries out DBS checks on all staff and other people who are likely to have direct supervisory responsibility for or unsupervised contact with young people under the age of 18. We may process and record securely risk assessments of these DBS checks where the disclosure is not clear. These risk assessments will be disposed of securely when that person no longer has supervisory responsibility or unsupervised contact with young people under the age of 18 on behalf of the school. Children under 18 We collect or store personal information about children under the age of 18 in the context of managing bookings and directly related products, and for safeguarding purposes. Permission is obtained directly from a legal adult guardian to collect this information through our Parental Consent Form. As part of this process, we request special category data relating to the health of the child, which we manage through Vital Interest. We also gain consent from parents for the use of photos or video taken during their child’s stay at Language Tree. HOW DO WE PROCESS YOUR FINANCIAL DATA
When you pay for your course, you will always have the following options:
What happens to my financial information? All transactions are processed through iZettle, Stripe, PayPal and/or your bank and are not stored or processed by us. HOW LONG DO WE HOLD YOUR DATA
Our insurers require us to hold all key documentation for 15 years. During this time, any person whose data we hold may request access to their personal data. We will provide this data free of charge. Any requests for data should be made in writing using the contact information below for Language Tree. At any time during the 15 years while we hold your data, you have a right to request that your data is permanently erased from our systems. As far as is possible, while also fulfilling our legal responsibilities, we will comply with your instructions. After 15 years, all personal data held by Language Tree will be destroyed in all the formats we hold it in whether digital or paper format. CONTACT / DATA CONTROLLER
Language Tree Limited is the data controller. This means we decide how your personal data is processed and for what purposes. Our UK contact details are:
Our EU GDPR representative is: Rickert Rechtsanwaltsgesellschaft mb - Language Tree - Colmantstraße 15 53115 Bonn Germany [email protected] Privacy Policy v3 - Updated on 13/03/2024 |