In accordance with applicable law, including the EU General Data Protection Regulation 2018 (“GDPR”), you will find the following types of information in this policy:
(a) the identity and the contact details of CEDT as a controller of your personal information
(b) the contact details of our information protection officer;
(c) the purposes and basis of our processing of your personal information;
(d) the legitimate interests of CEDT as a personal information controller;
(e) the recipients or categories of recipients of your personal information, if any;
(f) notice of any intention to transfer your personal information to a third party;
(g) the period for which the personal information will be stored;
(h) right to request access, rectification, erasure or portability of information and to processing restrictions or objection;
(i) your right to withdraw future consent at any time;
(j) your right to lodge a complaint with a supervisory authority;
(k) whether the provision of your personal information is a statutory or contractual requirement;
(f) the existence and information about the logic and significance of any automated decision-making in processing
And for personal information collected online from those aged 16 and under:
(h) the requirement for notice to parents (including guardians or authorised school representatives) and to obtain verifiable consent before collecting personal information;
(i) the choice for parents to consent to the operator’s collection and internal use of a child’s information (and only to third parties if integral to the site or service);
(j) parental access to their child's personal information to review and/or have deleted;
(k) parental choice to prevent further use or online collection of a child's personal information;
(l) maintain the confidentiality, security, and integrity of information collected from children, including reasonable steps to disclose information only to parties capable of maintaining its confidentiality and security; and
(m) retain personal information collected online from a child for as long as is necessary to fulfill the purpose for which it was collected and delete the information to protect against its unauthorised access or use.
Who are we and how do we collect information from you?
CEDT is a charity and company limited by guarantee registered in England and Wales with registered offices at 11 Madingley Road, Cambridge, United Kingdom CB3 0EG that develops, maintains and globally licenses affordable accessible education products and services. We obtain information about you when you use our Mediums (for example, when you contact us about products and services). ]
What type of information do we collect from you?
We collect, process and maintain information relevant to the products and services described in the above terms and this policy. This may include the following personal information: 1. Name; 2. Date of birth; 3. Gender; 4. Native language; 5. Proof of identity document type and details such as passport and number; 6. Postal and email addresses and other contact details; 7. Nationality and/or citizenship; 8. Country of residency; 9. Qualifications; 10. Occupation and job title;11. Employment and education details and history; 12. Demographic information such as postcode, preferences and interests and other information relevant to customer surveys and/or offers; 13. Where a CEDT test has been completed, test results including, without limitation, voice recordings; 14. IP address, and information regarding the Mediums accessed and when.
Why and how do we use your information?
CEDT may process personal information collected to allow us to:
1. Administer tests and scores to give test results (including any related registration processing).
2. Share the relevant information from tests, results and fraud reviews with your school, the person and representatives of the person whose personal information we are processing, our contractors, and law enforcement, when required to by law. Please be aware that, as set forth in detail elsewhere in this policy, this sharing may involve a transfer of your personal information outside the European Union (“EU”) and persons taking a test give their consent to such sharing and transfer.
3. Use applications, tests and results for research, statistical and training purposes and for the development of our tests.
4. Manage CEDT’s internal business operations.
5. Respond to enquiries and complaints.
6. Inform and give information on CEDT services, on events and opportunities to work with CEDT and for market research.
7. Analysis to improve our products and services and to customise our Mediums according to interests.
8. Notify you of changes to our services.
9. To detect and reduce fraud and credit risk.
Who has access to your information?
1. CEDT considers non-anonymised information and personal information from applications, preparation courses, tests and results confidential and only in exceptional circumstances (such as when fraud is suspected) will we make this available to a third party (except as directed by you) or as lawfully directed, and any of our contractors (if necessary). We will not sell or lease your personal information to third parties. We will not share your information with third parties for marketing purposes.
2. We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond CEDT essential service providers for them to use for their own purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
3. As part of the services offered to you through our Mediums, the information that you provide to us may be transferred to countries outside the EU. By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal information, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. If you use our services while you are outside the EU, your information may be transferred outside the EU to provide you with those services.
4. We will use reasonable endeavours to confirm the consent you have already provided here (by your access and use of our Mediums) as a courtesy notice before disclosing personal information to third parties (as listed above) unless we are required to do so by law or court order.
5. Users of preparation course and tests should be aware that we may share the relevant information from applications, preparation courses, tests, results and fraud reviews with the user, the person and representatives of the person whose personal information we are processing, our contractors and law enforcement agencies, when required to by law.
What are your choices and your rights?
1. You have a choice about whether or not you wish to receive non-essential information from us (i.e. information other than essential service emails such as for resting a password). We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent (which can be withdrawn on the relevant Medium or by contacting us at firstname.lastname@example.org.
2. If at any point you believe the information we process on you is incorrect you request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Officer who will investigate the matter. If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law you can complain to the Information Commissioner’s Office (ICO). Our Data Protection Officer is Dan Woolcott and you can contact him at email@example.com.
3. When processing or sharing of personal information is necessary CEDT will comply with the relevant parts of the GDPR. You may request details of personal information that we hold about you under the GDPR and may request a copy of the information held on you by writing to us at the address first set forth above. You will need to prove your identity and a fee for processing the request may be payable. If you believe that any information we are holding on you is incorrect or incomplete, please email or write to us as soon as possible, giving details of what you believe needs correcting. We will correct any incorrect information.
How you can access and update your information?
The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please email us at: firstname.lastname@example.org. You have the right to ask for a copy of the information CEDT hold about you, but we may charge for information requests to cover our costs in providing you details of the information we hold about you.
How do we protect against the loss, misuse or alteration of your information?
We are committed to ensuring that your personal information is secure. In order to prevent unauthorised access, alteration, deletion or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. CEDT processes personal information within the European Union although as described above at times a copy may be transferred outside. Information transmitted normally over the Internet can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems as described above. Where we have given (or where you have chosen) a password that enables you to access certain parts of our Mediums, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. If you purchase a product or service from one of our licensee organisations (e.g. your school, college or centre) your payment details will not be provided to or held by us, it is collected by the licensee or a third party payment processor specialising in the secure online capture and processing of credit/debit card transactions.
How do we protect personal information for those aged 16 and under?
We are concerned to protect the privacy of users aged 16 or under. If you are aged 16 or under‚ your parent/guardian/school's verifiable consent is required at the time of registration, as an integral step to you accessing our Mediums, when your personal information is provided. Your parent/guardian/school will have access to your personal information to review and/or have it deleted, and to prevent further use or online collection of your personal information. We will only retain personal information collected online from any person under 16 years old for as long as is necessary to fulfill the purpose for which it was collected and will then delete the information to protect against its unauthorised access or use.
What are ‘cookies’ and how do we use them?
CEDT’s Mediums do not use ‘cookies’ except those necessary to enable recording of your preferences (e.g. user’s language so that the correct language will be displayed on the relevant medium) and otherwise as may be needed to enable you to take a preparation course and test. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you. You can switch off cookies by setting your browser preferences. Turning cookies of may result in a loss of functionality on our website.
What about links to other websites and apps?
Our Mediums may contain links to other mediums of interest. However, once you have used these links to leave our sites, you should note that we do not have any control over other websites, apps or other mediums. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this policy. You should exercise caution and look at the privacy statement applicable to the mediums in question. We cannot be responsible for the privacy policies and practices of other mediums even if you access them using links from our Mediums. In addition, if you linked to our Mediums from a third party medium, we cannot be responsible for the privacy policies and practices of that third party and recommend that you check the policy of that third party medium.
How long do we keep your information?
We are required under applicable law to keep your basic personal information (name, address, contact details) for a minimum of six (6) years after which time it will be destroyed. The information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information. We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.