The Online Academy of Applied English (‘Applied English’, ‘the Company, ‘we’, ‘us’’) is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data in accordance with all of our legal obligations. We are committed to protecting and respecting your privacy and this Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Who we are
To the extent that we determine the manner and the purpose of processing, Applied English is a data Controller of your Personal Data and/or Special Categories of Personal Data (referred to in this policy as your ‘personal information’).
Why do we have this policy?
The General Data Protection Regulation (GDPR) is part of the EU data protection reform package through which the European Commission aims to strengthen the rights of individuals in the digital age and simplify the rules for businesses in the EU. It became directly applicable in all EU and EEA Member States as of 25 May 2018. Although Applied English’s current commercial activities are entirely focused on the Asia Pacific region, we recognise that our customers may include individuals and organisations whose headquarters are in the EU.
The GDPR significantly changes the EU data protection regulatory landscape, setting stricter requirements, reaching more companies, and imposing potentially higher penalties. For example, companies must:
- Implement programmatic measures to ensure and actively demonstrate compliance
- Demonstrate a commitment to accountability
- Have in place appropriate training and governance
- Implement appropriate technical and organisational measures to protect the rights of individuals when designing a processing system and processing data Conduct data protection impact assessments of high risk processing activities
- Implement privacy by design and by default
- Implement data breach notification procedures
This policy sets out how we seek to protect personal data and ensure that all visitors to our websites understand how we use their personal data, who we share it with and what individual rights you have in relation to your data. So that we can honour our commitment to be as transparent as possible, this policy explains:
- what information we might collect about you when you visit our websites or download our apps
- how we might use that information
- how we use information if you book tickets or buy things from us
- when we might use your details to contact you
- what information of yours we might share with others
- your choices about the personal information you give us
This policy applies to all visitors to our website www.appliedenglish.asia, who should make themselves familiar with this policy and its terms prior to providing us with personal data.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our websites you are accepting and consenting to the practices described in this policy.
Our appointed Data Protection Officer (DPO) has overall responsibility for this policy. For further information about this policy, please contact the DPO by email: firstname.lastname@example.org
Last updated: June 2018
1. WEBSITE VISITOR EXPERIENCE
We wish all visitors to our websites to have a personal experience with us. By delivering a customised service to our website visitors, it means that we are able show you information which is more relevant to your interests and ensure that we deal with your data in an appropriate manner considering your age. It also means that missing information can be highlighted to us, and lead us to create information to benefit other visitors in future.
All of our relationships (with customers, staff, agents and general public) are valued. We recognise your trust and personal data as important, and we are committed to ensuring that:
- we are open and transparent with our approach to personal data
- it is kept safe and secure
- we manage your or your family’s personal data in the way you want us to
2. INFORMATION WE MAY COLLECT
At any stage when we collect personal data on via our website we will notify you of this. We collect personal
data via the following methods:
- You may give us information about you by filling in forms including but not limited to; Contact Us,
- Newsletter Sign Up and Live Chat.
- Corresponding with us by phone, email, Live Chat, Social Media or otherwise
- When you register to use our website
- When you book one of our products
- If you place an order via our website
- When you participate in discussion boards or other social media functions on our site
- If you enter a competition, promotion or survey
- When you report a problem with our site
The information you give us may include your name, address, email address and phone number, financial and credit card information, personal description and copies of identification documents.
With regard to each of your visits to our site we may automatically collect the following information:
- Technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, browser language settings, time zone setting, browser plug-in types and versions, operating system and platform.
- Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouseovers), and methods used to browse away from the page and any phone number used to call our customer service number.
- Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
3. DATA USAGE
We have to have a valid reason to use your personal information. It’s called the “lawful basis for processing”. Sometimes we might ask your permission to do things, like when you subscribe to an email. Other times, when you’d reasonably expect us to use your personal information, we don’t ask your permission, but only when:
- we have a lawful basis to process it, and
- does not adversely infringe your rights
When we process your personal information for our business interests, we will carefully consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we are otherwise required or permitted to by law). We will periodically to check that the Personal Data we store for you is accurate.
We use the information you give to us:
- To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us.
- To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
- To provide you with information about goods or services we feel may interest you. If you are an existing or previous customer, we will only contact you by electronic means (email or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, we will contact you by electronic means only if you have consented to this. If you do not want us to use your data for marketing purposes, please tick the relevant box situated on the form on which we collect your data.
- To notify you about changes to our service.
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
We use the information we collect about you:
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To improve our site to ensure that content is presented in the most effective manner for you and for your
- To allow you to participate in interactive features of our service, when you choose to do so.
- As part of our efforts to keep our site safe and secure.
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
- To make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
We use information we receive from other sources.
- We may combine this information with information you give to us and information we collect about you.
- We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
In order to provide you with some of our services, we may need to collect personal data which is defined as ‘sensitive or ‘special’’, such as your medical data. We will ask you to signify your explicit consent to such information being processed by us whenever we collect such information from you and the provision of such information is voluntary. Usually we would only ask for this type of information if you had specific needs such as facilities that are wheelchair friendly etc., or to meet any other additional needs that you may have, such as special dietary requirements or if you may need to be provided with access to a place to worship. We don’t use this information for any other purpose, unless there is an exceptional circumstance (for example law enforcement), we just want to make sure that we are meeting your needs.
4. SHARING YOUR DATA
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries. However, we will never sell your personal information.
We may share your information with selected third parties including:
- Business partners, professional advisors, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Applied English Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- in order to enforce any contract with you
- to protect our rights, property, or the safety of our employees, clients, constituents or others. This includes exchanging information with other organisations and local authorities for the purposes of fraud, safeguarding and crime prevention.
Again, we will always undertake a balancing exercise when we undertake such sharing and ensure that third parties with whom we work respect your privacy too.
LINKS TO OTHER WEBSITES
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
5. MARKETING AND ADVERTISING USAGE
We’ll only send you marketing emails or contact you about our services and your feedback if you’ve agreed to this. We will give you the option of whether you wish to opt in to marketing activity at the point of data collection.
If you opt in, we might use information that we hold about you to show you relevant and “targeted advertising” through other companies’ sites, like Facebook, Google, Snapchat or Twitter for example. This could be showing you an advertising message where we know you have visited our website.
We will use your email address to send you email marketing (including our newsletter, information about new courses, rewards and competitions) where you have signed up to receive this from us.
If you opt out of email marketing, we will still need to send you service communications by email from time to time, such as information about changes to our services.
We carry out “data pairing” to help us to build a better picture of you and enable your advertising experience on our website to be as tailored and relevant to you as possible. To carry out this data pairing exercise, we use reputable third party data pairing providers such as Facebook and Google.
Data pairing works by sharing the personal data we hold about you with data pairing providers so that they can combine that with personal data that they hold about you. If there is a match, we collect and store additional Third Party Data (including, for example, information about your lifestyle and interests) and we use this to ensure that we serve you advertisements which are relevant to your interests.
The data pairing providers obtain personal data about you from publicly available sources and from other third parties who share your personal data on the basis of their legitimate interests or with your consent, in accordance with their own privacy policies and practices. We carry out vetting and ongoing monitoring of those data pairing providers to ensure that they comply with their data protection obligations and keep personal data secure.
If you no longer want to receive marketing or advertising, please see section 10 of this Policy.
Even if you do not enter any personal information via our website, we still collect information about how you use it, but it will be anonymous. For example, we’d be able to see that someone looked at a particular course we were offering on www.british-study.com but we wouldn’t be able to tell that it was you. We like to collect this information as it helps us know when you have not easily found the information you were looking for. In this case, we can create material and offer new courses depending on public interest and demand which improves our website visitors overall usage experience.
7. YOUR RIGHTS
We want you to be in control of your own personal information. With this in mind you have the right to:
- request a copy of your information
- not let robots make big decisions about you
- to ask us to correct information that’s wrong, to delete it or to request that we only use it for certain
- to change your mind, and ask us to stop using your information. For example, unsubscribing from any marketing emails or turning off personalisation
RIGHT OF ACCESS
You have the right to access information held about you, this is called a Subject Access Request. If you request to access your information, we must provide an individual with a copy of the information the request, free of charge. This must occur without delay, and within one month of receipt.
We endeavour to provide you access to your information in commonly used electronic formats, and where possible, provide direct access to the information through our website.
If complying with the request is complex or numerous, the deadline can be extended by two months, but we will notify you of this within one month.
We can refuse to respond to certain requests, and can, in circumstances of the request being manifestly unfounded or excessive, charge a fee. If the request is for a large quantity of data, we can request the individual specify the information they are requesting.
If an individual wishes to make a Subject Access Request the request should be made in writing to the DPO with the subject clearly stating ‘Subject Access Request’. If an individual struggles and finds it unreasonably difficult to make the request in writing then we will accept a verbal request in this scenario. Please also state if you require the response in another format such as Braille, large print, email or audio.
We may, where necessary, request information or evidence to verify the requestors identity, or request further detail about the data in order to locate the information which has been requested.
If the request is being made via a third party, we may require the written authority of the data subject to proceed with the request. Or if the request is being made on behalf of a child (being less than 12 years old) then a consideration will be made as to whether the child understands their rights before the information is shared.
Subject to applicable law, we will provide a copy of the information, the source of the data, description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people.
An individual can also request information about the reasoning behind any automated decisions (except where this information is a trade secret).
You also have some other rights:
- Right to withdraw consent: You may withdraw your consent to processing at any time, explaining why you wish to do so.
- Rectification: You may ask us to rectify inaccurate Personal Data held about you by providing the updated information.
- Erasure: You may ask us to delete your Personal Data, specifying why you would like us to delete your Personal Data.
- Portability: You may ask us to provide you with the Personal Data that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such Personal Data to another data controller.
- Right to object: You may object to our processing of your Personal Data by providing details of your objection.
8. STORING, ARCHIVING AND DESTRUCTION OF DATA
Where do we store your information?
How do we keep your data secure?
In order to ensure fair and transparent processing, we will, taking into account our processing activities, adopt appropriate procedures for the processing of Personal Data, which shall include implementing technical and organisational measures which take into account the harm that may be suffered, and correct inaccuracies identified in Personal Data processed, so that risk of errors are minimised and your Personal Data is processed in a fair and secure manner.
The data we collect from you is stored on secure servers. Any payment transactions will be encrypted using SSL technology.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
When you give us any personal information we’ll let you know how long we’ll hold it for. And always stick to these principles:
- we only hold your information for as long as we do the activities we told you about or have a valid reason to keep it
- we think about what type of information it is, the amount collected, how sensitive it might be and any
- legal requirements
- we design our services so that we don’t hold your information any longer than we have to we may close your My We account if you haven’t used it in the last year or if you are a past customer who has not engaged with us within the last year. We’ll send you an email to tell you that we plan to do this before we delete anything, so please check to see if we’ve sent you any emails about this.
How long do you store my personal information for?
Amending my preferences though the self-service (“My Account”) portal
If you wish to destroy/remove your data the option to do this will depend on the information you wish to remove. For example, any tests which you complete we may need to retain to your results as part of our service, to ensure that you are on the more suitable course level.
If you wish to amend or delete your account, you can do so at any time by clicking on the Contact button, alternatively you can email email@example.com, and we will respond to your request.
9. CONTACTING YOU AND CHANGING YOUR PREFERENCES
The provision of contact details for the purposes of direct marketing is voluntary and you do not need to provide such Personal Data in order to receive our services, but you may like to sign up so you get our newsletters and updates about our services its entirely up to you.
We will only contact you with regards to details of our services where you have indicated your express consent for us to do so by ticking the relevant boxes situated on our websites. If you are an existing subscriber we will continue to market to you unless you tell us otherwise, as the new laws regarding marketing require us to think carefully about whether we have your permission to market to you, you may receive, or may have already received an email asking you if you are still ok with us emailing you. We have sent this to make sure we don’t send you emails that you don’t want. If you don’t want to hear from us, please let us know and we will make sure you aren’t contacted again. We explain how to do this under ‘Changing your preferences’ below.
Changing your preferences
We will inform you, before collecting your data, how we intend to use it. You can exercise your right to prevent such processing by not checking certain boxes on the forms we use to collect your data (opting out). If you would like to change your preferences or amend your data, please contact the Head of Marketing. The request should be made in writing with the subject clearly stating ‘Data Amendment Request’. If an individual struggles and finds it unreasonably difficult to make the request in writing then we will accept a verbal request in this scenario. If there is any reason why we are unable to deal with your request we will let you know. Please note that some emails, we have to send to you, like confirmation of your orders, telling you about changes to our terms etc., cannot be opted out of as they are required in order for us to fulfil your order or to let you know about important changes to our terms.
We may, when necessary, request information or evidence to verify the requestors identity, or request further detail about the data in order to locate the information which has been requested to be amended.
If the request is being made via a third party, we will require the written authority of the data subject to proceed with the request. Or if the request is being made on behalf of a child (being 18 years old or younger) then a consideration will be made as to whether the child understands their rights before the information is changed.
Sometimes we might not be able to deal with your request for legal reasons, if there is any reason why we are unable to deal with your request we will let you know.
10. CONTACT US
If you have any concerns that your personal information has been put at risk, please get in touch with our DPO straight away and we will work with you to resolve the issue.