General Data Protection Regulation (GDPR) Policy for Tuition
Introduction
This GDPR policy outlines how I, Miss Catherine Norris – Literacy/English Tutor, collect, use, store, and protect personal data. I am committed to safeguarding the privacy of my clients and complying with the General Data Protection Regulation (GDPR).
1. Data Controller
Miss Catherine Norris
ICO registered
catherinenorris1982@yahoo.co.uk
07847343744
2. Data Collection
I collect personal data to provide effective tutoring services. The types of data I collect include:
- Personal Information: Name, address, phone number, email address.
- Educational Information: Academic records, school reports, EHCPs.
- Health Information: SEND diagnoses, allergies, health conditions.
- Payment Information: Bank details, payment history
3. Purpose of Data Collection
I collect and process personal data for the following purposes:
- To provide and manage my tutoring services.
- To communicate with clients regarding scheduling, progress, and feedback.
- To process payments and manage billing.
- To comply with legal obligations.
4. Legal Basis for Processing Data
I process personal data based on the following legal grounds:
- Consent: When you provide explicit consent for specific purposes.
- Contract: To fulfil my contractual obligations with you.
- Legal Obligation: To comply with applicable laws and regulations.
- Legitimate Interest: To conduct my business, provided that your rights and interests do not override these interests.
5. Data Sharing
I do not share personal data with third parties except in the following cases:
- Service Providers: I may share data with third-party service providers who assist me in delivering my services (e.g., payment processors, IT support).
- Legal Requirements: When required by law or to protect my legal rights.
- Safeguarding: When it is necessary to safeguard you, your child, a child in your care or another child/young person.
6. Data Security
I implement appropriate technical and organisational measures to protect personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:
- Secure storage of data.
- Access controls to limit data access to authorised personnel.
- Regular security assessments and updates.
7. Data Retention
I retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. The retention periods are:
- Client Data: Retained for the duration of the tutoring relationship and for 2 years thereafter.
- Financial Records: Retained for 7 years to comply with tax regulations.
8. Your Rights
You have the following rights regarding your personal data:
- Right to Access: You can request access to your personal data and obtain a copy.
- Right to Rectification: You can request correction of inaccurate or incomplete data.
- Right to Erasure: You can request the deletion of your personal data, subject to certain conditions.
- Right to Restriction: You can request the restriction of data processing under certain circumstances.
- Right to Data Portability: You can request the transfer of your data to another organisation.
- Right to Object: You can object to data processing based on legitimate interests or direct marketing.
9. Exercising Your Rights
To exercise your rights, please contact me at:
Miss Catherine Norris – Literacy/English Tutor
catherinenorris1982@yahoo.co.uk
07847343744
I will respond to your request within one month of receipt.
10. Changes to This Policy
I may update this GDPR policy from time to time. Any changes will be posted on my website, and where appropriate, notified to you by email.
11. Contact Information
If you have any questions or concerns about this GDPR policy or my data practices, please contact me at:
Miss Catherine Norris – Literacy/English Tutor
catherinenorris1982@yahoo.co.uk
07847343744
---
Effective Date: 3/7/2024
Review Date: 3/7/2026
By using my services, you acknowledge that you have read and understood this GDPR policy and agree to the collection, use, and storage of your personal data as described.