Academic Summer’s Privacy Notice
Academic Summer Ltd is a company incorporated in England and Wales under the company registration number 6729028. The registered office of Academic Summer is: 20 Rossiter Close, Bathpool, Taunton, TA2 8FN.
Our Privacy Notice covers all students, parents, staff and visitors to our website as well as enquiries received by email, telephone, live-chat and social media.
This notice explains your rights and how Academic Summer as the Data Controller collects, uses, protects and shares your personal data. You are encouraged to read this notice and to understand how we look after your personal data and the information you give us.
Anyone who works for Academic Summer are made aware of and must comply with our data protection policy to ensure we protect the data of our customers.
Why Academic Summer needs to process personal data
We need to process personal data about our students and their parents, our staff and other individuals connected to Academic Summer as part of our everyday operations. We process personal data in accordance with the Data Protection Act 1998 and the General Data Protection Regulations (GDPR).
Our data processing will be carried out as part of our legitimate business interests and to fulfil our legal duties and contractual obligations as an educational summer school provider.
What personal data is collected by Academic Summer?
We collect personal data relating to our students and their parents to provide them with an Academic Summer course. This includes the following:
• name and contact details such as address, email and telephone numbers
• date and country of birth
• photo of the student for our access cards and identification purposes during the courses
• passport or ID copies
• visa details as appropriate
• medical, dietary and special needs information
• emergency contact details
• parents’ contact details
• welfare concerns and behaviour information
• reports that are compiled by teachers
• flight details to provide transfers
• photographs and videos containing the student’s image but not revealing their identity
For our staff, we collect and process Information required for their employment with us. This may include the following:
• name and contact details
• date of birth
• emergency contact details
• photo for our access cards and CMS
• references from previous employers
• copies of qualifications
• bank details and National Insurance number
• passport copy / ID document
• DBS check
• health and dietary information
• photographs and videos that contain your image that are taken during the course
Staff should see our staff handbook that can be found on the staff area for more information.
Our host schools use CCTV cameras in various locations around the school/campus to ensure maximum security. All host centres must adhere to the ICO’s code of practice for the use of CCTV.
How we collect information from you
We normally receive information directly from you the individual on your application forms (in the case of students the information is received from their parents). This information comes through our website and contact with you by phone, email, live-chat, Skype, WhatsApp or social media.
Sometimes this information comes via an educational consultant that has been appointed by parents. We have a contract in place with our educational partners who send us students.
We collect and process the data through the following:
• Our website www.academicsummer.co.uk and supporting domains such as https://studies.academicsummer.co.uk/. Applications are normally made through our website so personal data is collected through this. All our data transmissions over the Internet are secured with data encryption and user areas are password protected.
• E-Newsletter. We use Mailigen to deliver our newsletters. The newsletter give essential information and news about the courses.
• Emails: We use Office 365 and we have policies in place to increase security of how we manage emails. We do not send attachments to you but we provide links to a SharePoint document or you can download important documents from our user area on the website.
How we use your personal information and our legal basis for this
The main use of the personal data we collect is to support the learning of our students during their time at Academic Summer, as well as looking after their wellbeing and safeguarding them. We ensure that the processing of your personal data is ‘necessary’.
We process your data to fulfil our contractual obligations with you in the delivery of our summer programme. This includes:
• answering enquiries and questions received about our summer courses.
• registering and processing student applications and for general administration including invoicing, offer letters, pre-arrival information and student reports.
• providing an academic summer course, including lessons, airport transfers, sports and the leisure programme.
• facilitating the efficient operation of Academic Summer.
• providing welfare and boarding for our students ensuring students are looked after safely and we meet all their needs. This includes the implementation of our rules and policies for students and staff
• dealing with any feedback or concerns that you have
• administration relating to staff recruitment and employment including processing DBS checks and the administration of payroll.
To comply with our legal obligations, we may use your personal data to:
• meet our compliance and regulatory obligations such as safeguarding and protecting students.
• assist with investigations by the police and other authorities.
We may also process your data:
• when it is necessary for medical or safety reasons
• to protect your vital interests, for example, if you are unconscious and you need emergency medical treatment
• where we have a legitimate business interest such as promoting our programmes on our website, social media and sending out regular newsletters to our students, educational consultants, staff and alumni.
• sharing photos and news from our courses so parents are receiving information about their child’s course.
Some of the personal data could be ‘sensitive personal data’ and could include information about race, religious beliefs and physical or mental health concerns. This type of data requires extra protection and will only accessed by individuals who need to know this information to provide the necessary support of the student.
Who we share your personal data with.
We may need to share your data with a third party and this could include to local authorities such as the Police, UK Border and HM Revenue and Customs. We do this because it is required by law or for contractual and legitimate interests, but if we need specific consent then we will tell you by email.
We share your information with those that are looking after our students, however, we only share with people as necessary to look after and keep them safe. These include:
• our boarding and leisure programme leaders
• our teachers
• our host schools as necessary (eg: catering department with dietary needs and the IT department for logins to their systems)
• our school nurse and / or a doctor if students are ill
• leisure programme providers if this is required for safety reasons for their risk assessments
• disclosures to the necessary authorities relating to safeguarding
• Endsleigh Insurance company as they provide the insurance for our students.
If you booked your child’s course through an educational consultant, then we communicate with them unless you request that we do not.
For staff, we share your data as necessary with:
• Atlantic Data to process staff DBS checks
• payroll manager (Shirley Webber) to process your PAYE
• our host schools as required to use the facilities within the school and issue you with IT login and access cards. Our host school monitors IT use and requires details of your DBS.
• our HR consultant as necessary
• local authorities if required
• with British Accreditation Council as part of the inspection process
When processing, using and transferring your personal data then we make sure we do this securely ensuring the necessary protection is in place.
How we protect your personal data and keep it secure
Academic Summer has taken technical and organisation steps to ensure the security of personal data. It is only accessed and processed as is necessary and we have policies in place regarding the use of personal devices and the use of our website. All staff are made aware of our policies and our duties under the data protection laws.
Our website data is located on secure servers and is protected by security and necessary access controls. All data transmissions over the Internet are secured with up to 265-bit data encryption enabled by a RapidSLL certificate. User areas are username and password protected.
Academic Summer will endeavour to ensure that all personal data and information held is up to date and as accurate as possible. We ask our educational partners, parents and staff to inform us of any changes to help us to do this.
All our data is hosted in the European Economic Area (EEA) and we do not transfer your data outside the EEA unless you request us to do so. For example, data could be transferred to your educational consultant that you have appointment if they are located outside the EEA.
We use the following system suppliers to assist us in processing your data and all of them are GDPR compliant and have systems in place to protect your data:
• Mailigen – this allows us to send out important information and general news. Your name and address is stored on their servers.
• Inline Marketing – we use them to send hard copies of our brochures to clients who request. We give names and addresses to do this.
• Kashflow - this is a cloud based accounting system for our accounting and invoicing and holds our financial information.
• Docusign - we use DocuSign to process your electronical signatures securely and safely.
• Pay to Study – you may choose to pay us through Pay to Study and you will need to register with them and give them your personal data to process your payment.
• Moneysoft Payroll Manager – to process staff pay for PAYE.
Keeping your personal data
We keep your personal information and data securely for as long as necessary and sometimes this period of time is a legal and regulatory requirement for the protection of children.
We will also keep an archive of information in order to respond to requests from authorities and for references, certifcates, reports and to have an historical record of our courses. The archive can only be accessed by a Company Director or the data protection officer.
Unless you withdraw your consent by emailing the data protection officer, we keep some of your data indefinitely so that we can comply with the law, investigate a complaint or provide you with a report, certificate or reference. After three years from your last course or your last period of employment we will delete any data that is no longer necessary like your contact details and bank details. Financial information is kept for seven years as this is a requirement. You can request a copy of our retention policy if you need more details.
Your consent and our marketing
Sometimes we need your consent to use your personal data (Eg: for a marketing reason). Where you have given us consent you have the right to withdraw it at any time.
We like to keep in touch with our current students, alumni, educational consultants and staff about our courses, to send information and news. We send regular newsletters through Mailigen and you can choose to opt out at the bottom of our newsletter. Please remember you could miss an important piece of information about your course if you are a current parent or member of staff if you choose to opt out.
For people who make an enquiry about Academic Summer we keep their name, email and details of their enquiry up to and during the summer they have enquired for. We then delete their personal data in September of that year unless they opt in to receive our regular newsletters. They can then opt out at any time.
Please note, we do take photos and videos during the courses for social media, our website and for brochures. Parents can see the photos and keep in touch with the news from the course.
Photos and videos may be taken and used as follows:
• group photos, class photos, and leisure programme activities (parents enjoy seeing the photos and students like have photos with their new friends)
• for our website, brochure and other published materials
• social media posts (Facebook, Instagram YouTube and Twitter)
• by our educational consultants for their website and brochure
• by other professional organisations such as Quality Education
We may continue to use these photos and videos in future years and keep them for historical reasons.
If a member of staff writes a profile or is interviewed on video for us, for promotional purposes, then we will ask them to give us consent.
We never reveal the identity of a student to protect and safeguard children. If we ask them to write a profile for us with a photo or is interviewed, then we will ask for consent from them and their parents. We will only use student’s first name and their home country in our publications.
You have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use.
• if information is incorrect you can ask us to correct it
• you can ask what information we hold about you, who we have shared it with and be provided with a copy (in electronic format).
• you can ask us to delete the information we hold about you in certain circumstances but we may need to keep some information (e.g. records of safeguarding concerns) for legal reasons.
In general, we assume that students’ consent is not required for ordinary disclosure of their personal data to their parents, for example, for the purposes of keeping parents informed about the student's activities, progress and behaviour, and in the interests of students’ welfare, unless, in our opinion, there is a good reason to do otherwise.
If you want to get in touch with our Data Protection Officer, the contact details are: Mrs Eleanor Jones. Email: email@example.com or firstname.lastname@example.org. The data protection officer will respond to your email within 30 days.
You also have the right to complain to The Information Commissioner’s Office (ICO) if you are not happy with our response. Our registration reference with the ICO is: Z198473X.
This policy is written by Helen Lami, Managing Director (email@example.com)