Premier Education Group Privacy Statement
The Purpose of this privacy statement is to explain, in general terms, how Premier Education Group (PEG) processes your personal data from the moment it is collected to the point it is deleted or destroyed. It is written for anyone who is making an enquiry about one of PEG’s services or making a booking for a course. Other ‘specific to customer’ privacy notices will be provided when needed.
The Role of PEG in data protection terms is that of a data controller because we determine the purposes and the use of the personal data we collect. Once received it becomes the responsibility of the PEG Privacy Officer (PO) to ensure that it is processed in accordance with the latest relevant UK legislation. You can contact the PEG PO by email using [email protected] or by writing to: The Privacy Officer, Premier Education Group, Church Road, Shropham, Attleborough, NR17 1EJ
The personal data processed by PEG will only be basic contact information such as names, addresses, telephone numbers and an email address to be able to respond to your query. If you are booking a course for a child, PEG will need additional information about the child which will include health related data, sufficient to complete the booking. PEG will also collect minimal financial details for the purposes of recognising payments for activities.
The way we collect or receive your personal data is directly from you when you make your initial enquiry either through the web page contact form, a direct call, by email or the result of a visit to our premises.
PEG’s duty of confidentiality means that PEG staff will treat your personal data in confidence. PEG uses reasonable technical and organisational measures to ensure personal data is safe guarded. Access is strictly limited to those members of staff who need it. PEG expects the same duty of confidentiality of all third parties with whom we need to share your personal data for the purposes of fulfilling our contractual obligations to you. They are required to enter into a separate data processing agreement with us when they have the role of data processor unless the equivalent clauses are already included in our contract with them.
PEG will process personal data using a lawful basis; such instances are described below:
PEG will never sell your personal data and will only disclose it when it’s absolutely necessary, to some or all of the following third parties:
PEG will process your personal data at its UK premises and utilises Microsoft Azure cloud (UK) for back up services. This website is hosted at a UK based data centre. We use HubSpot purely for marketing purposes which is US based and this is subject to the equivalent data safeguarding measures as the former EU-US Privacy Shield Agreement.
PEG follows a retention schedule to determine the length of time it holds different types of personal data of the customer. The key points of the schedule are shown below:
By exception, documentation that includes your personal data may be retained by PEG beyond the schedule, but only for a specific purpose and only when PEG believes there is a legitimate interest or has a legal obligation to do so. None the above affects your rights stipulated under the UK GDPR (see below).
At the end of the retention schedule PEG will either return, destroy or delete/ anonymise your personal data and any associated emails or relevant documentation. If it is technically impractical to do so, we will put it beyond operational use. It allows up to 3 months after the retention criteria has expired to do this.
CCTV is in operation at PEG’s office premises primarily to safeguard the location but also for the safety and wellbeing of PEG staff, contractors and any other visitors.
The UK General Data Protection Regulation defines the rights that you have (although these do not apply in all situations). For convenience, these rights are shown below:
Further details on data subjects’ rights can be found on the Information Commissioner’s Office (ICO) website: https://ico.org.uk.
Exercising rights or making queries to PEG can be done by contacting the Privacy Officer. We will need to confirm your identity before proceeding with any request, therefore it may be necessary to ask you to provide documentation to verify your identity. If you have any concerns about the way we are processing your personal data, please contact the Privacy Officer in the first instance. Alternatively, you may also contact the ICO directly using the details found on the ICO website.
In the event of a takeover or acquisition, the personal data PEG holds will form part of the assets of the organisation to be taken over by the new company, but only used for the same or similar purpose. If this happens, we will notify you using the latest contact details held.
This privacy statement is subject to a routine review every 12 months or sooner if there are significant changes to UK/EU legislation.