PURPOSE AND SCOPE OF THIS PRIVACY NOTICE
This privacy notice aims to give you information on how Curve Learn collects and processes your personal data through your use of this website, including any data you may provide through this website when you create an account.
We do not knowingly collect data relating to children. Parental supervision is required if children are to use this website.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Curve Learn Limited is the controller and is responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy notice).
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights under the GDPR, please contact the DPO at firstname.lastname@example.org.
CONTROLLER CONTACT DETAILS
Our full details are:
Postal address: 12 Boltro Road, Haywards Heath, RH16 1BB
Email address: email@example.com
Phone number: +44 7552 775 675
Data Protection Officer
Email address: firstname.lastname@example.org
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns before you approach the ICO so please contact us in the first instance.
PERSONAL DATA WE COLLECT
Contact Data includes your name, email address, telephone number.
Technical Data includes your IP address, browser details, operating system details, pages visited, actions taken.
Student Profile Data (only applicable to students) includes the subject in which you desire tutoring and your level of education.
Messaging Data includes any information provided by you to us by email.
Aggregate Data. Aggregate data may be derived from your personal data but this data does not directly or indirectly reveal your identity. For example, we may aggregate certain usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregate data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
IF YOU FAIL TO PROVIDE YOUR PERSONAL DATA
Where we need to collect personal data by law, under the terms of a contract we have with you, or where we will be otherwise unable to provide you with service, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the service we provide to you or our website may not work for its intended purpose, but we will notify you if this is the case.
HOW WE COLLECT PERSONAL DATA
We collect your personal data in several ways, but always in compliance with the law. We will collect your personal data in the following manners:
Online Forms. Most information collected from you is collected via an online form that you fill out.
HOW WE USE PERSONAL DATA
We will only use your personal data in compliance with the law. Most commonly, we will use your personal data in the following circumstances:
Internal record keeping.
To provide you with services.
To improve our products and services.
To customise the website according to your interests.
If you have opted to receive direct marketing materials, we will send you promotional email about new products, special offers, or other information which we think you may find interesting.
From time to time, we may also use your information to contact you by email or text regarding offers or promotions from carefully selected third parties if you have agreed to being contacted in this way.
The following table outlines the various purposes and activities for which we will use your data as well as the lawful basis that allows us to use the data:
Type of data
Lawful basis for processing
To improve the security of our website and protect against online attacks (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).
Legitimate Interests (provision of network and IT services, network security, and administration, to prevent fraud)
To use data analytics to improve our website, services, marketing, customer relationships, and experiences.
Legitimate Interests (to define types of users of our services, to keep our website updated with relevant content, to develop our business, and to inform our marketing strategy)
Enable all users to contact us via email.
To administer Student relationships, and use of the website, including statistical analysis to better understand their use of the website and website maintenance.
Tutor Profile Data
Student Profile Data
Legitimate Interests (comply with user requests, and ensure the integrity of the user’s experience)
Performance of a Contract
To administer payment processing.
Performance of a Contract
To provide Students with Tuition.
Student Profile Data
Academic Data (i.e. student work)
Performance of a Contract
HOW WE PROTECT YOUR PERSONAL DATA
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical, and physical safeguards to protect personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal data in our possession. All live servers utilise firewalls and the latest Linux security patches are installed and updated regularly. We also ensure data encryption, password protection, and other access and authentication controls.
WHEN PERSONAL DATA MAY BE SHARED
Third party businesses who process payments on our behalf.
Third party businesses who help us develop our business, inform our marketing strategy, and maintain our website with relevant services.
Third party businesses who provide cloud storage services.
Another organisation if we sell or buy (or negotiate to sell or buy) any business or assets.
With our professional advisers who have a reasonable need to see it.
We will disclose your information if we are required to by law. We may disclose your information to enforcement authorities if they ask us to, or to a third party in the context of actual or threatened legal proceedings, provided we can do so without breaching data protection laws.
TRANSFERRING PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
We respect your desire to maintain the privacy of your data, and will always work with you to ensure your data is being used responsibly. Please always feel free to contact us regarding any questions or concerns you may have regarding your data.
You will always have the following rights with respect to your personal data:
Right to Revoke Consent. You always have the right to revoke any consent you have given for us to use your data.
Right of Access. You have the right to access any of your personal data we hold. While you may always access your data via your account and account settings, we may also provide your information to you in a structured format, if you so choose.
Right to Object to Processing. You have the right to object to our processing of your data except where we can demonstrate that our compelling interests, or the compelling interests of a third party, override your interests.
Right of Rectification. You have the right to rectify or correct any of your data we hold that is incorrect or inaccurate.
Right of Erasure. Your right to erasure may be accomplished by deleting your account or by contacting us (and we can delete your account). After your account is deleted, any of your personal data we hold is deleted or anonymized except for a brief record demonstrating our compliance with your request.
Right to Restrict Processing. You have the right to prevent us from processing your data:
for a period to enable use to verify the data’s accuracy, if you believe the data is inaccurate or incorrect;
if our processing is unlawful;
if you require us to maintain the data for purposes of the establishment, exercise, or defence of a legal claim; or
for a period pending the verification of our legitimate interests, if you have objected to our legitimate interests in using your data.
Right of Data Portability. You have the right to request we provide you your data in a structured, commonly used, and machine-readable format and the right to transmit that data to another controller.
Right to Opt-Out of Marketing. You always have the right to opt-out of any marketing emails or other correspondence we may send to you.
Right to Opt-Out of Automated Profiling. Tutors have the right to opt-out of our automated profiling of tutors related to search result ranking. You may opt-out in your account settings.
You can exercise your rights in several ways:
By checking (or not checking) certain boxes on the forms we use to collect your data;
by opting out or exercising certain of your rights via the settings in your account; or
by contacting email@example.com
For further information on how your data is used, how we maintain the security of your data, and your rights to access information we hold on you, please contact: firstname.lastname@example.org
HOW LONG PERSONAL DATA IS KEPT
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. Please contact our DPO at email@example.com for more information.
Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
HOW TO CONTACT US
Any questions regarding this Policy and our privacy practices should be sent by email to us at firstname.lastname@example.org or by writing to Curve Learn Limited 12 Boltro Road, Haywards Heath, RH16 1BB
DATA PROTECTION POLICY
Goal of the data protection policy
The goal of the data protection policy is to depict the legal data protection aspects in one summarising document. It can also be used as the basis for statutory data protection inspections, e.g. by the customer within the scope of commissioned processing. This is not only to ensure compliance with the European General Data Protection Regulation (GDPR) and Data protection Act (DPA) 2018 but also to provide proof of compliance.
Brief description of the company and motivation to comply with data protection.
Security policy and responsibilities in the company
For a company, in addition to existing corporate objectives, the highest data protection goals are to be defined and documented. Data protection goals are based on data protection principles and must be individually modified for every company.
Determination of roles and responsibilities (e.g. representatives of the company, operational data protection officers, coordinators or data protection team and operational managers)
Commitment to continuous improvement of a data protection management system
Training, sensitisation and obligation of the employees
Legal framework in the company
Industry-specific legal or conduct regulations for handling personal data
Requirements of internal and external parties
Applicable laws, possibly with special local regulations
Conducted internal and external inspections
Data protection need: determination of protection need with regard to confidentiality, integrity and availability.
Existing technical and organisational measures (TOM)
Appropriate technical and organisational measures that must be implemented and substantiated, taking into account, inter alia, the purpose of the processing, the state of the technology and the implementation costs.
The description of the implemented TOM can, for example, be based on the structure of ISO/IEC 27002, taking into account ISO/IEC 29151 (guidelines for the protection of personal data). The respective chapters should be substantiated by referencing the existing guidelines.
Examples of such guidelines include:
Guideline for the rights of data subjects
Information classification (and handling thereof)
Physical and environmental-related security for end users such as:
Permissible use of values
Guideline for information transfer based on the work environment and screen locks
Mobile devices and telecommuting
Restriction of software installation and use
Protection against malware
Handling technical weak points
Privacy and protection of personal information
Supplier relationships: Noting regular inspection and evaluation of data processing, especially the efficacy of the implemented technical and organisational measures.