Privacy Policy

Effective date: June 07, 2020

Berkeley Guardians (“us”, “we”, or “our”) operates the www.berkeleyguardians.com website (the “Service”).

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

The policy sets out what processes are in place to ensure that personal data is obtained, handled, stored and destroyed in accordance with GDPR. It explains what is required of our staff to enable us to comply with applicable law.

In order to operate and carry out our services, Berkeley Guardians needs to collect, use and retain certain types of information about the people with whom it comes into contact. These include current, past and prospective employees, agents and service users and others with whom it communicates (who are all, Data Subjects). We take the issue of data protection very seriously and regard the lawful and correct treatment of personal data with the utmost importance to guarantee the successful operation of Berkeley Guardians and to maintain the confidence of those with whom we come into contact.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from www.ukintern.co.uk

Information Collection And Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

• Email address
• First name and last name
• Family information such as date-of-birth, proof of address, proof of ID
• Phone number, call messages
• Through social media and complaints
• Address, State, Province, ZIP/Postal code, City
• Cookies and Usage Dataata

We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

We will process personal data when we obtain, record, read, hold or use
personal data.

All of the following activities will constitute the processing of personal data (without limitation):

• Obtaining, filing, collecting, recording, organising, structuring or storing data;
• Adapting or altering data;
• Retrieving, consulting or using data;
• Consulting with someone on the content of data or otherwise using it;
• Disclosing data by transmitting it, disseminating it or otherwise making it available (including disclosures made to other employees or service users);
• Combining the data with other data or aligning data; and
• Restricting, erasing or destroying data

All personal data must be processed in accordance with the data protection principles. In particular:

• You must have a lawful basis for processing personal data
• Once you have collected personal data for a particular purpose, it must only be used for that purpose
• You cannot collect and process personal data unless it required as part of your job
• You must ensure that personal data is accurate and is kept up to date
• You should not keep personal data for longer than is reasonably necessary You must comply with requirements to ensure the security, integrity and confidentiality of personal data
• You should not transfer personal data outside the EEA without first contacting the Chief Officer or Operations Manager
• Data subjects have certain rights in relation to their personal data

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

• Session Cookies. We use Session Cookies to operate our Service.
• Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
• Security Cookies. We use Security Cookies for security purposes.

Personal Data Protection Principles

Personal data must be processed in accordance with seven enforceable principles to which all staff must make all reasonable efforts to adhere. The principles state that personal data must be:

• Processed fairly, lawfully and in a transparent manner (Lawfulness, Fairness and Transparency);
• Collected only for specified, explicit and legitimate purposes (Purpose Limitation);
• Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (Data Minimisation);
• Accurate and where necessary kept up to date (Accuracy);
• Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is processed (Storage Limitation);
• Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality);
• Not transferred to another country without appropriate safeguards in place (Transfer Limitation); and
• Made available to Data Subjects and allow Data Subjects to exercise certain rights in relation to their personal data (Data Subject’s Rights and Requests).

We are responsible for and must be able to demonstrate compliance with the data protection principles listed above, as well as ensuring we have adequate resources and controls in place to ensure and document GDPR compliance.

Use of Data

Berkeley Guardians uses the collected data for various purposes:

• To provide and maintain the Service
• To notify you about changes to our Service
• To allow you to participate in interactive features of our Service when you choose to do so
• To provide customer care and support
• To provide analysis or valuable information so that we can improve the Service
• To monitor the usage of the Service
• To detect, prevent and address technical issues
• To comply with Aegis accreditation process and maintenance

Transfer Of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Your information may also be transferred to Aegis office and lead and supporting inspectors for the purposes of a (re)accreditation inspection.

If you are located outside the United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United Kingdom and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Berkeley Guardians will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Storage  Limitation

• There are legal and regulatory requirements for us to retain certain data, usually for a specified amount of time. We also retain data to help our organisation operate and to have information available when we need it. However, we do not need to retain all data indefinitely, and retaining data can expose us to risk as well as be a cost to our organisation.
• We will not keep personal data in a form which permits the identification of the Data Subject for longer than needed for the purpose(s) for which we originally collected it including for the purpose of satisfying any legal, accounting or reporting requirements.
• The retention procedures set out below help to ensure personal data is deleted after a reasonable time for the purposes for which it was being held, unless a law requires that data to be kept for a minimum time.
• We will take all reasonable steps to destroy or erase from our systems all personal data that we no longer require in accordance with Appendix 2. This includes requiring third parties to delete that data where applicable.
• We will ensure Data Subjects are informed of the period for which data is stored and how that period is determined in any applicable privacy notice.

Data Retention

The principles of data minimisation and storage limitation (set out above) apply when
considering retention of personal data.

The Data Controller is responsible for identifying the data that we must or should retain, and determining the proper period of retention (seeking advice where required to do so). This person is also responsible for administering data management programmes and providing guidance to our staff on data retention and disposal.

Data should only be retained as long as it is needed for business purposes. Once it no longer has any business purpose or value it should be securely disposed of.

We are required to ensure that all personal data held by us is retained and destroyed securely. Compliance with the contents of this policy will help ensure compliance with our legal obligations.

This Policy applies to physical data such as hard copy documents, contracts, notebooks, letters and invoices. It also applies to electronic data such as emails, electronic documents, audio and video recordings

Disclosure Of Data

Legal Requirements

Berkeley Guardians may disclose your Personal Data in the good faith belief that such action is necessary to:

• To comply with a legal obligation
• To comply with the Aegis (re)accreditation process
• To protect and defend the rights or property of Berkeley Guardians
• To prevent or investigate possible wrongdoing in connection with the Service
• To protect the personal safety of users of the Service or the public
• To protect against legal liability

Security Of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Storage, Back-Up and Disposal of Data

Our data must be stored in a safe, secure, and accessible manner. Any documents and financial files that are essential to our business operations during an emergency must be duplicated and/or backed up regularly and maintained off site.

The Data Controller  is responsible for the continuing process of identifying the data that has met its required retention period and supervising its destruction. The destruction of confidential, financial, and employee-related hard copy data must be conducted by shredding if possible.

The destruction of data must stop immediately upon notification that preservation of documents for contemplated litigation is required (sometimes referred to as a litigation hold). This is because we may be involved in a legal claim or an official investigation and the data could be relevant. Destruction may begin again once this requirement for preservation is lifted.

Data  Subject’s Rights and Requests

Data Subjects have rights when it comes to how we handle their personal data. These
include rights to:

• withdraw consent to processing at any time;
• receive certain information about the Controller’s processing activities;
• request access to their personal data that we hold;
• prevent our use of their personal data for direct marketing purposes;
• ask us to erase personal data if it is no longer necessary in relation to the purposes for which it was collected or processed or to rectify inaccurate data or to complete incomplete data;
• challenge processing which has been justified on the basis of our legitimate interests or in the public interest;
• request a copy of an agreement under which personal data is transferred outside of the EEA;
• object to decisions based solely on automated processing, including profiling;
• prevent processing that is likely to cause damage or distress to the Data Subject or anyone else;
• be notified of a personal data breach which is likely to result in high risk to their rights and freedoms; and
• in limited circumstances, receive or ask for their personal data to be transferred to a third party in a structured, commonly used and machine-readable format.

A Data Subject may contact you to exercise one or more of these rights over the data we hold about them. You must verify the identity of an individual requesting data under any of the rights listed above (third parties may only make requests on behalf of a Data Subject with proper authorisation).

If you receive a Data Subject request you should forward this immediately to a Director.

Service Providers

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service Providers to monitor and analyse the use of our Service.

• Google Analytics – Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Children’s Privacy

At Berkeley Guardians, we understand all students, whether under or over 18, should primarily be treated like an adult would in terms of Data Protection. The only exceptions would be those with severe learning difficulties, school link students (those on roll with a school) and those who are otherwise unable to decide for themselves.

However, we are also keen to keep parents/carers/ agents informed and, whilst they are not automatically entitled to the information we seek consent from students to share information with them.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact:

Karen Pickles, a Berkeley Guardians Director. Karen can be contacted in office hours on 07565493818 or outside office hours via the emergency phone: 07565493818. Her email is karen@berkeleyguardians.com

APPENDIX 1

DATA RETENTION SCHEDULE

1. Set out below are our standard time periods for retention of data. If data is not covered in the retention table below it is likely that it should be treated as day to day disposable data. However, if you come across any situation not covered in this schedule which you think should be, or you are unsure about the classification of data in this schedule, you should contact our Data Controller Karen Pickles.
2. The retention periods below may be extended in the event that legal or regulatory proceedings are brought or an official investigation is launched. In these circumstances we will retain the data we consider relevant for as long as is necessary for the purposes of such proceedings.