Horner School of English Privacy Policy – GDPR
Our Address is:
40 Fitzwilliam Street Upper
Dublin 2
Ireland
Our phone numbers are:
Telephone:+353 (0)1 662 2911
We can be emailed at: admin@hornerschool.com; data@hornerschool.com
DATA PROTECTION POLICY OF THE HORNER SCHOOL OF ENGLISH
The General Data Protection Regulation (GDPR) comes into force on the 25th May 2018.
The GDPR emphasises transparency, security and accountability by data controllers, while at the same time standardising and strengthening the right of European citiziens to data privacy.
DATA means information in a form which can be processed. It includes automated data and manual data.
PERSONAL DATA means data relating to a living individual who is or can be identified from the data.
A DATA CONTROLLER is a person who solely or together with another person determines the purposes for which and the manner in which personal data is processed.
A DATA PROCESSOR is a person who processes personal data on behalf of the controller.
OUR POLICY
The Horner School of English controls and processes some Personal Data of Students, Host Families, Employees. Agents of the Horner School of English also control and/or process some Personal Data of Students and the host families.
It is the policy of the Horner School of English to build into our structures Privacy by Design. Practically this means:
To limit the amount of information collected to only the minimum required to complete the student, family, agent contract. To collect only the minimum required in order to provide the best learning and cultural experience/outcome for both student and their host family.
All data is collected lawfully using application forms or contracts.
All data is processed only for the purpose it is collected.
No Personal Data is sold or used for any Direct Marketing.
All data is held either electronically and / or on paper.
Paper data is filled safely and stored securely, access is limited to employees of the Horner School of English.
Clean Desk Policy – when away from the desk close files and shut down PC Screen.
A Shred-it Policy – shred documents to prevent unauthorised individuals or organisations from viewing anything personal.
We guarantee to train our staff regularly on data protection policies and key issues.
Electronic Data held on the company servers is protected from outside intrusions, protected by firewall security and malware protection software. PC’s and laptops on our network are password protected and protected using malware software protection.
Some of our processing is necessary for compliance with legal obligations and / or regulatory obligations.
How long do we keep Personal Data ?
Students – All paper files relating to a student enrolment are shredded one year after the end of the enrolment period. We hold digital data for 4 years maximum. Academic files including attendance records for ILEP students are held for 3 years in order to comply with government regulations.
Employees – Personal details are retained for the full period that the person is working with the Horner School of English and up to one year after finishing employment. Payroll details, Payslips and timetabling are retained for 6 years.
Host families – for the full period that the host family is hosting students from the Horner School of English.
Agents – for the period of time that the agent is actively working with the School and / or wishes to remain in contact for marketing purposes.
Exception on data storage is required for compliance with legal obligations such as Accounting and Revenue regulations and laws.
What are your rights ?
How do we handle access requests ?
If at any point you believe the information we process is not correct you can request to see this information, and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact us on the matter.
We guarantee to respond promptly and as per the GDPR within one month. Proof of identity will be required to deal with access requests.
To email the Data Protection Officer: data@hornerschool.com
If you are not satisfied with our response you can complain the to the national Data Protection Commissioners Office.
A full list of your rights under GDPR is as follows:
- The right to access the personal data we hold on you
- The right to correct and update the personal data we hold on you
- The right to have your personal data erased
- The right to object to processing of your personal data
- The right to data portability
How do we handle a data breach ?
All breaches must be reported to the Data Protection Officer typically within 72 hours, unless the data was anonymised or encrypted. Thereafter we need to establish what information was breached, how it was taken, these steps are necessary to re-evaluate and adjust structures and procedures.
Website Cookies:
We use cookies to record session information, specifically to track aggregate user statistics. No personally identifiable information is stored in cookies used on the site. Aggregate user statistics are collected via cookies placed by our Third Party Statistics provider – Google Analytics. An opt-in system for cookies is used on the website and asks all visitors for their permission to use cookies trackers etc. The information we collect is used to improve the content of our web pages and the general user experience of our customers. We do not share any statistics or user information with third parties.
Email Addresses:
We collect the e-mail addresses of those who communicate with us via e-mail, email addresses volunteered by the consumer, such as survey information and/or site registrations, and email addresses of online customers. If you do not want to receive e-mail from us in the future, please let us know by sending us e-mail at the above address with the subject line ‘Unsubscribe’.
Security:
With respect to security: When we transfer and receive certain types of sensitive information such as financial information, we redirect visitors to a secure server. Access to a secure server is notified in the user’s browser (e.g. via a padlock icon in the address bar). www.hornerschool.ie and www.hornerschool.com use industry standard 128bit SSL cert. Users can check the status of our SSL cert at any time by requesting the relevant function within their browser.
We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you.
Changes to this policy:
Horner School may make changes to the privacy policy described here.
From time to time, we may use customer information for new, unanticipated uses not previously disclosed in our privacy notice. If our information practices change at some time in the future we will contact you before we use your data for these new purposes to notify you of the policy change and to provide you with the ability to opt out of these new uses, we will post the policy changes to our Web site to notify you of these changes and provide you with the ability to opt out of these new uses.
Breaches:
If you feel that this site is not following its stated information policy, you may contact us at the above email address or phone number. You may also address any concerns related to breaches of the General Data Protection Regulation, to the Office of The Data Protection Commissioner – www.dataprotection.ie.