Client and Pupil Privacy Notice
Private Tutors ‘R’ Us is committed to protecting the privacy and security of personal information. This privacy notice describes how we collect and use personal information about pupils, in accordance with the General Data Protection Regulation (GDPR).
Who Collects This Information
Private Tutors ‘R’ Us (the Company) is an education service provider which provides education services for clients and work-finding services to its work-seekers whom it places with clients to provide tutoring for students.
We are a “data controller”, which means that we are responsible for deciding how we hold and use personal information about pupils and clients (including parents as well as data provided by schools and local authorities).
The Categories Of Personal Information That We Collect, Process, Hold And Share
We may collect, store and use the following categories of personal information about you: -
•Personal information such as name, pupil number, date of birth, gender and contact information
•Emergency contact and family lifestyle information such as names, relationship, phone numbers and email addresses
•Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility);
•Attendance details (such as sessions attended, number of absences and reasons for absence);
•Financial details (in order to ensure effective payment is made)
•Performance and assessment information
•Behavioural information (including exclusions)
•Special educational needs information
•Relevant medical information
•Special categories of personal data (including relevant medical information and special educational needs information)
•Recordings of pupils and/or parents from the Company’s video conferencing platform
•Information about the use of our IT, communications and other systems, and other monitoring information.
Collecting This Information
Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
How We Use Your Personal Information
We hold personal data and use it for: -
•Providing education services and extra-curricular activities to pupils, and monitoring progress and educational needs
•To provide tutoring and educational services as agreed
•Assessing performance and to set targets
•Safeguarding pupils' welfare and providing appropriate pastoral (and where necessary medical) care
•Support teaching and learning
•Giving and receive information and references about past, current and prospective pupils and to provide references
•Managing internal policy and procedure
•Enabling pupils to take part in assessments and to record pupil achievements
•To carry out statistical analysis for diversity purposes
•Legal and regulatory purposes (for example child protection, diversity monitoring and health and safety) and to comply with legal obligations and duties of care
•Enabling relevant authorities to monitor performance
•Monitoring use of the Company’s IT and communications systems
•Making use of photographic images on social media and on the website
•Security purposes; and where otherwise reasonably necessary for the Company's purposes, including to obtain appropriate professional advice and insurance.
The Lawful Basis On Which We Use This Information
We will only use your information when the law allows us to. Most commonly, we will use your information in the following circumstances: -
•Consent: the individual has given clear consent to process their personal data for a specific purpose
•Contract: the processing is necessary for a contract with the individual
•Legal obligation: the processing is necessary to comply with the law (not including
•Vital interests: the processing is necessary to protect someone’s life.
•Public task: the processing is necessary to perform a task in the public interest or for official functions, and the task or function has a clear basis in law; and
•Legitimate Interests – the processing is necessary for the purposes of the Company’s legitimate interests (or a third party_ provided those interests are not overridden by the rights and freedoms of the data subject.
We need all the categories of information in the list above primarily to allow us to comply with legal obligations. Please note that we may process information without knowledge or consent, where this is required or permitted by law.
Collecting Data For Test and Trace
In the current pandemic, we may need to store your data for test and trace purposes. This is in order for the Company to engage with the test and trace process, make decisions on safety and whether individuals are required to self-isolate or carry out a test. To do this we will be recording your name, contact number and date and time of arrival as well as time of departure.
To complement the above we may also ask for data that has not been previously supplied. This will allow us to assess an individual’s ability to attend services and what measures may need to be put in place to allow for safety. We, additionally, may need to collect data about individuals that you reside with in order to factor in appropriate considerations for their wellbeing.
All data collected by the Company will be processed in accordance with our retention, destruction, data protection and data security policies. All data collected for test and trace purposes will be retained for 21 days in accordance with government guidelines.
The legal bases for using your data in these circumstances will be for the reasons of substantial public interest and in the interests of public health. Dependant on circumstances the basis may be to assess the working capacity of an employee or to protect the vital interests of yourself or another person. We may need to share select data with others. This can be with the NHS and emergency services, public health, public authorities as well as other stakeholders. This will only be done where it is necessary and proportionate for us to do so.
We may need to share your data with third parties where it is necessary. There are strict controls on who can see your information. We will not share your data if you have advised us that you do not want it shared unless it’s the only way, we can make sure you stay safe and healthy or we are legally required to do so.
We share pupil information with: -
•The school attended by the pupil
•Welfare services (such as social services)
•Law enforcement officials such as police, HMRC
•Local Authority Designated Officer
•Professional advisors such as lawyers and consultants
•Support services (including insurance, IT support, information security);
•Providers of learning software; and
Information will be provided to those agencies securely or anonymised where possible.
The recipient of the information will be bound by confidentiality obligations, we require them to respect the security of your data and to treat it in accordance with the law.
We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
The Company keep information on computer systems and sometimes on paper.
Except as required by law, the Company only retains information for as long as necessary in accordance with timeframes imposed by law and our internal policy.
Automated Decision Making
Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision making in limited circumstances.
Pupils will not be subject to automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We have put in place measures to protect the security of your information (i.e. against it being accidentally lost, used or accessed in an unauthorised way).
Requesting Access To Your Personal Data
Under data protection legislation, data subjects (including parents and pupils) have the right to request access to information about them that we hold.
You also have the right to: -
•Object to processing of personal data that is likely to cause, or is causing, damage or distress
•Prevent processing for the purposes of direct marketing
•Object to decisions being taken by automated means
•In certain circumstances, have inaccurate personal data rectified, blocked, erased or
•Claim compensation for damages caused by a breach of the data protection regulations.
If you want to exercise any of the above rights, please contact Reena Bhambi at admin@firstname.lastname@example.org or in writing.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right To Withdraw Consent
In circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact Reena Bhambi at admin@email@example.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you would like to discuss anything within this privacy notice or have a concern about the way we are collecting or using your personal data, we request that you raise your concern with Reena Bhambi in the first instance.
If you have any questions about how we handle your personal information which cannot be resolved by Reena Bhambi you have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues at https://ico.org.uk/concerns.
Changes To This Privacy Notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
The Company is an education service provider which provides education services for clients and work-finding services to its work-seekers (aka tutors) whom it places with clients to provide tutoring for students. The Company must process personal data (including Special Category personal data) so that it can provide these services – in doing so, the Company acts as a data controller. This policy pertains to how Private Tutors ‘R’ Us processes data with respect to work-seekers. There is a separate policy which pertains to how Private Tutors ‘R’ Us processes client and student data.
You may give your personal details to the Company directly, such as on an application or registration form or via our website, or we may collect them from another source such as a jobs board. The Company must have a legal basis for processing your personal data. For the purposes of providing you with work-finding services and/or information relating to roles relevant to you we will only use your personal data in accordance with this privacy statement. At all times we will comply with current data protection laws.
1. Collection and use of personal data
a. Purpose of processing and legal basis
The Company will collect your personal data (which may include Special Category personal data) and will process your personal data for the purposes of providing you with work-finding services and related marketing. This includes for example, contacting you about job opportunities, assessing your suitability for those opportunities, updating our databases, putting you forward for job opportunities, arranging payments to you and developing and managing our services and relationship with you and our clients.
In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
The legal bases we rely upon to offer our work-finding services to you are:
•Where we have a legitimate interest
•To comply with a legal obligation that we have
•To fulfil a contractual obligation that we have
The Company will seek your specific consent to process data relating to your health, our ability to undertake regular and ongoing status checks with the Disclosure and Barring Service and any criminal convictions. If you have opted-in we may also send you various company and sector news, career development advice and courses, and job alerts via email/ text. You can opt-out from receiving these at any time by emailing admin@firstname.lastname@example.org
c. Legitimate interest
This is where the Company has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us. Where the Company has relied on a legitimate interest to process your personal data our legitimate interests are as follows:
•Managing our database and keeping work-seeker records up to date
•Providing work-finding services to you and our clients
•Contacting you to seek your consent where we need it
•Giving you information about similar products or services that you have used from us recently
d. Statutory/contractual requirement
The Company has certain legal and contractual requirements to collect personal data. These include, but not limited to:
•To comply with the Conduct of Employment Agencies and Employment Businesses Regulations 2003
•Immigration and tax legislation
•To carry out pre-engagement vetting checks, including but not limited to:
•To comply with the Safeguarding Vulnerable Groups Act2 006
•To comply with the Department for Education statutory guidance (Keeping Children Safe in Education) to verify your physical and mental fitness to teach and/or work with children
•To comply with the Education (Health Standards) (England)Regulations 2003 to verify your suitability to work in regulated activity with children
•Verify your right to work
Our clients may also require this personal data, and/or we may need your data to enter into a contract with you.
If you do not give us the personal data we need to collect then we will be unable to continue to provide work-finding services to you.
Recipients of data
The Company will process your personal data and/or Special Category personal data with the following recipients:
•Clients (whom we may introduce or supply you to)
•Former employers whom we may seek references from
•Named individuals you provided for seeking a reference from
•Payroll service providers who manage payroll on our behalf or other payment intermediaries whom we may introduce you to
•Third parties which provide, host and/or support our IT systems and software (subject to appropriate security measures)
•Capita plc for the purposes of carrying out DBS checks
•GOV.UK, the Disclosure and Barring Service and Department for Education for performing criminal records update checks, qualification checks, teacher sanction and restriction checks and the overall protection of vulnerable groups
•Teaching Regulation Agency and Education Workforce Council to perform teacher status checks
•HMRC for audit purposes and the provision of employment and payroll information
•UK Government’s Visas and Immigration and the Home Office for checking right to work status
•Overseas criminal records agencies and law enforcement agencies if you have been resident outside of the UK in the last 5 years for at least 6 months
•Audit and accreditation providers, such as The Recruitment and Employment Confederation (REC) and the International Organization for Standardization (ISO)
2. The Company may have collected the following personal data on you in addition to information you provided
•Contact details, CV, type of candidate, subject specialisms, focus areas and work preferences when provided on job boards and/or professional/social networks
•Online activity specific only to the Company’s web sites
Special category personal data
•Health information in accordance with the Education (Health Standards) (England) regulations 2003
•Criminal conviction and record checks strictly adhering to all established codes of conduct and processing
Source of the personal data: The Company sourced your personal data personal data:
•A referee whose details you provided to us
•Various Jobs boards and aggregators, such as indeed and Reed
•Various professional networks, such as LinkedIn
•Various applicant processing and job posting platforms, such as Indeed and Reed
This information did not come from a publicly accessible source.
3. Overseas transfers
The Company may transfer the information you provide to us to countries outside the European Economic Area (‘EEA’) for the purposes of providing you with work-finding services. We will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein.
4. Data retention
The Company will retain your personal data only for as long as is necessary for the purpose we collect it. Different laws require us to keep different data for different periods of time. For example, the Conduct of Employment Agencies and Employment Businesses Regulations 2003, require us to keep work-seeker records for at least one year from (a) the date of their creation or (b) after the date on which we last provide you with work-finding services.
We must also keep your payroll records, holiday pay, sick pay and pensions auto-enrolment records for as long as is legally required by HMRC and associated national minimum wage, social security and tax legislation. This is currently 3 to 6 years.
There is a legitimate interest to hold your personal data for no longer than 6 years after our work- finding service relationship ends.
Where the Company has obtained your consent to process your personal data and Special Category data, we will do so in line with our retention policy.
Where consent is not granted the Company will cease to process your personal data and Special Category personal data.
5. Your rights
Please be aware that you have the following data protection rights:
•The right to be informed about the personal data the Company processes on you
•The right of access to the personal data the Company processes on you
•The right to rectification of your personal data
•The right to erasure of your personal data in certain circumstances
•The right to restrict processing of your personal data
•The right to data portability in certain circumstances
•The right to object to the processing of your personal data that was based on a public or legitimate interest
•The right not to be subjected to automated decision making and profiling
•The right to withdraw consent at any time.
Where you have consented to the Company processing your personal data and Special Category personal data you have the right to withdraw that consent at any time by contacting us using the details above. Please note that if you withdraw your consent to further processing that does not affect any processing done prior to the withdrawal of that consent, or which is done according to another legal basis.
There may be circumstances where the Company will still need to process your data for legal or official reasons. Where this is the case, we will tell you and we will restrict the data to only what is necessary for those specific reasons.
If you believe that any of your data that the Company processes is incorrect or incomplete, please contact us using the details above and we will take reasonable steps to check its accuracy and correct it where necessary.
You can also contact us using the above details if you want us to restrict the type or amount of data we process for you, access your personal data or exercise any of the other rights listed above.
We may obtain data about you from cookies. These are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies also enable us to deliver more personalised content.
7. Log files
We use IP addresses to analyse trends, administer the site, track users’ movements, and to gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
8. Links to external websites
The Company’s website may contain links to other external websites. Please be aware that the Company is not responsible for the privacy practices of such other sites. When you leave our site we encourage you to read the privacy statements of each website that collects personally identifiable information. This privacy statement applies solely to information collected by the Company’s website.
9. Sale of business
If the Company’s business is sold or integrated with another business your details may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
10. Data security
The Company takes every precaution to protect our users’ information. Security measures include, but are not limited to, the use of firewalls and endpoint protection, browser certification technology, encryption, limited access principle, malware protection, and use of artificial intelligent based ransomware and exploit protection.
Only employees who need the information to perform a specific job (for example, consultants, our accounts clerk or a marketing assistant) are granted access to your information.
The Company uses all reasonable efforts to safeguard your personal information. However, you should be aware that the use of email/ the Internet is not entirely secure and for this reason the Company cannot guarantee the security or integrity of any personal information which is transferred from you or to you via email/ the Internet.
If you share a device with others we recommend that you do not select the “remember my details” function when that option is offered.
11. Changes to this privacy statement
We will update this privacy statement from time to time. We will post any changes on the statement with revision dates. If we make any material changes, we will notify you.
12. Complaints or queries
If you wish to complain about this privacy notice or any of the procedures set out in it please contact the Data Protection Officer using the details above.
You also have the right to raise concerns with Information Commissioner’s Office on 0303 123 1113 or at https://ico.org.uk/concerns/, or any other relevant supervisory authority should your personal data be processed outside of the UK, if you believe that your data protection rights have not been adhered to.