1. Our Intent
We are committed to safeguarding the privacy of our customers. Finito Education Limited will only use the information that we collect about you lawfully and in accordance with the Data Protection Act 1998 (the “Act”).
2. Changes to Data Protection Legislation
Data Protection legislation and the Act is currently going through a period of change. The introduction of the European Union’s General Data Protection Regulation (GDPR) and the new British Data Protection Bill, that will replace the Act and is currently passing through Parliament is the basis of this change. This Privacy Notice is therefore intended to comply with the Act and GDPR but may change over time.
3. Members’ & Prospective Members’ Terms & Conditions
This Privacy Notice forms part of Terms & Conditions for being a member or prospective member of Finito Education Limited. In legal terms, members are “Data Subjects,” i.e. “you.” However, we may also under this collect personal information regarding your spouse and dependents if appropriate.
4. The Data Controller
Finito Education Limited is from a legal perspective classed as the ‘Data Controller’.
5. Data Protection Officer (DPO)
Finito Education Limited DPO is the Managing Director. Finito Education Limited’s DPO fulfils a number of roles, one of which is to be the primary and independent point of contact for data protection matters. The formal mechanism for members to raise concerns regarding the processing of personal data is primarily to email: email@example.com; or send a letter by registered mail to: Finito Campus, Sutherland House, 3 Lloyd’s Avenue, London EC3N 3DS at which point the inquiry will be actioned. However, verbal enquiries from customers will treated appropriately by Finito Education Limited staff members, although a written follow up may be requested if appropriate.
6. Purpose of Processing Personal Data
We collect personal data primarily to run our tutoring and mentoring programmes, as well as ongoing support for customers. We also use it to improve service quality and understand customer needs.
7. Lawful Basis of Processing Personal Data.
The lawful basis of, processing your personal data are as follows:
Once you have agreed to this Privacy Notice of our Terms & Conditions, you will be registered for the processing of your personal data, based upon your Consent.
Categories of Personal Data Processed
The information we hold should be accurate and up-to-date. The personal information which we hold will be held securely in accordance with our internal data protection and security policies. The type or categories of personal data we will collect about you includes your:
2) Postal address
3) Email address
4) Mobile, and/or landline number
8. Category of Recipients of Personal Data
Your name and contact details will primarily only be used internally within Finito Education Limited.
9. Transfer of Personal Data Outside the EEA (European Economic Area)
Personal data will only be transferred outside the EEA or other areas of adequacy determined by the EU, for specific events. If this is required, consent will be explicitly requested from you.
10. Sensitive Personal Data
We will never collect sensitive personal data about you without your explicit consent and a clear explanation why it is required.
11. Spouse and Children Personal Data
If we hold personal data about a customer’s partner or child, we will ask for specific permission consent from the child or partner for this.
12. Sale or Passing of Personal Data to Third Parties
We will not sell or pass your personal data to any commercial or charitable organisation.
13. Retention of Personal Data
We will retain your personal data as follows:
Information Held Under Consent
We will hold your information whilst you are a client of Finito Education Limited. Following this, we will request your consent to continuing to hold your name and relevant details to support our historical records.
Data Subject’s Rights
Under the Act and in even more so under the GDPR you have a number of Rights which we have outlined below:
Right of Access
You are entitled to access your personal data so that you are aware of and can verify the lawfulness of the processing. This is achieved through the mechanism of a Subject Access Request (SAR) and you have the right to obtain:
1) Confirmation that your data is being processed (held)
2) Access to your personal data (a copy) and
3) Other supplementary information that corresponds to the information in this privacy notice.
14. Fees and Timings
Under GDPR and from 25 May 2018, this information will be provided without charge; without delay and within one month. If an extension is required or requests are considered manifestly unfounded or excessive, in particular because they are repetitive, Finito Education Limited may choose to charge a reasonable fee taking into account the administrative costs of providing the information; or refuse to respond.
15. Identify Verification
To protect your personal data, Finito Education Limited will seek to verify your identity before releasing any information, which will normally be in electronic format.
16. Right of Rectification
You are entitled to have personal data rectified if it is inaccurate or incomplete. Finito Education Limited will respond within one month of your request. In the unlikely event that Finito Education Limited does not take action to the request for rectification, we will inform you of your rights to complain or seek judicial remedy.
17. Right of Erasure
You may request the deletion or removal of personal data where there is no compelling reason for its continued processing. The Right to Erasure does not provide an absolute ‘right to be forgotten’. However, you do have a right to have personal data erased and to prevent processing in specific circumstances:
1. Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
2. When you withdraw consent.
3. When you object to the processing and there is no overriding legitimate interest for continuing the processing.
18. Right to Restrict Processing
Under the Act, you have a right to ‘block’ or suppress processing of personal data. The restriction of processing under the GDPR is similar. When processing is restricted, Finito Education Limited is permitted to store the personal data, but not further process it. In this event exactly what is held and why will be explained to you.
19. Right to Data Portability
You may request to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The Right to Data Portability only applies:
1. To personal data you have provided to Finito Education Limited.
2. Where the processing is based on your consent or for the performance of a contract
3. When processing is carried out by automated means.
In these circumstances Finito Education Limited will provide a copy of your data in CSV and/or PDF format free of charge within one month.
20. Automated Decision Making and Profiling
Finito Education Limited does not employ any automated decision-making or conduct profiling of Data Subjects. However, if you have consented to be held on our Customer Relationship Management (CRM) database we may periodically send you marketing information so that you are informed of upcoming events and job opportunities. These will be automated but they do not involve automated decision-making or profiling.