The General Data Protection Regulation (GDPR)

1 Our Privacy Policy

1.1 Fieldwork Education Limited (“FEL”) is committed to safeguarding Personal Data. This Privacy Policy is addressed to FEL customers and prospective customers. It explains how we collect and use your Personal Data during the course of our provision of educational and related services to you.

1.2 This Privacy Policy is intended to explain our privacy practices and covers the following areas:

  • Information we may collect about you and where we may collect it from;

  • How we use your Personal Data,;

  • Use of Criminal Conduct Data;

  • Transmission, storage and security of your Personal Data;

  • Your rights, relating to your Personal Data collected and processed by us;

  • Changes to our Privacy Policy or our Cookies Policy;

  • Lawful Bases;

  • Definitions; and

  • Contact Details.

1.3 By providing your information, (whether via our website, in person, in writing or over the phone) to us, you acknowledge the processing set out in this Privacy Policy. Further notices highlighting certain uses we wish to make of your Personal Data together with the ability to opt in or out of selected uses may also be provided to you when we collect Personal Data from you.

1.4 For the processing of your School’s or organisations personal data, when using our services, under this Privacy Policy, we are a Processor, while your School/organisation is a Controller. However, we are the sole responsible Controller for the processing of all of your personal data when you use our websites or otherwise interacting with us.

2 What Personal Data do we process?

2.1 We may collect and process the following Personal Data about you:

  • Biographical and identification information ► including name, nationality, date of birth, passport, criminal background checks and national identity information;

  • Contact information ► including address(es), telephone number(s), email address(es), emergency contacts;

  • Payment information ► including bank account and credit/debit card information;

  • Our correspondence ► where we are contacted by you. we will keep a record of that correspondence;

  • Website and communication usage ► details of visits to our websites and information collected through cookies and other tracking technologies including, but not limited to, IP address and domain name, browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that are accessed;

  • Information you have provided to us ► any additional information that you or may provide to us, such as through completing enquiry or feedback forms or the online Myfieldwork portal.

  

Where we collect Personal Data from

We may obtain Personal Data from you directly, or from third parties such as other educational or sporting institutions, sanctions and politically exposed persons screening lists, our business partners and public registers.

  

How we use your Personal Data

2.2 Your Personal Data will only be processed where we have a specific purpose, and a lawful basis, for doing so. For example, we may use your personal information:

(a) To provide you with the relevant fieldwork services through our site, this includes access to the Myfieldwork portal, access to the curriculums and additional training materials

  

Lawful bases: contract performance; legitimate interests (to enable us to perform our obligations and provide our services)

(b) To assess your suitability for consultancy roles involving the provision of training or visiting schools, where we undertake checks including criminal background checks in order to assess your suitability for that role, at the commencement of our relationship and every three years in relation to ongoing engagements. See Section 3 for more information.

  

Lawful bases: contract performance; legitimate interests (to enable us to perform our obligations and provide our services)
Where we process Criminal Conduct Data, we will rely on explicit consent.

(c) To process your online purchases and bookings;

  

Lawful bases: contract performance; legitimate interests (to enable us to perform our obligations and provide our services)

(d) To improve our services in order to better understand your requirements. This will assist us in tailoring and developing the services we offer

  

Lawful bases: legitimate interests (to ensure we provide the best possible service to you)

(e) To provide newsletters and marketing materials to provide you with updates and offers relating to our products and services, where you have chosen to receive these. Where required by law, we obtain consent to conduct this marketing activity. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us.

  

Lawful bases: legitimate interests (to ensure we provide the best possible service to you); and where obtained, explicit consent.

(f) To ensure that we are paid, where required, to recover any payments due to us and where necessary to enforce such recovery through the engagement of third party debt collection agencies or taking legal action.

  

Lawful bases: contract performance; legitimate interests (to ensure that we are paid for our services)

(g) To ensure any website content is relevant, to ensure that content from our websites and for our events are presented in the most effective manner for you.

  

Lawful bases: contract performance; legitimate interests (to allow us to provide the content and services on the website)

(h) To reorganise or make changes to our business, in the event that we are (i) subject to negotiations for the sale of our business or part thereof to a third party, (ii) is sold to a third party or 9iii) undergo a re-organisation, we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process or transferred to that re-organised entity or third party and used for the same purposes as set out in this Privacy Policy or for the purpose of analysing any proposed sale or re-organisation;

  

Lawful bases: legitimate interests (in order to allow us to change and develop our business)

(i) In connection with legal or regulatory obligations, We may process your personal Data to comply with our regulatory requirements or to engage in dialogue with regulators. This may include disclosing that Personal Data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so.

  

Lawful bases: legal obligations; legitimate interests (to cooperate with law enforcement and regulatory and public authorities).

(j) To manage our websites, we use cookies on our websites. To find out more about how we use cookies, please see our Cookies Policy.

2.3 We may also process personal data where necessary in relation to the establishment, exercise or defence of legal claims, on the basis that it is in our legitimate interests to do so.

  

Sharing Personal Data with other organisations

2.4 In order to provide our services effectively, we sometimes need to share information with other organisations. We share information with the following entities:

(a) NAE HK, NAELand our Regional Office Teams, which undertake management functions; and

(b) Our suppliers, who assist us in providing educational services. A list of our suppliers can be provided upon request by Contacting us.

2.5 Where these entities are outside of the EEA, we ensure that there are adequate safeguards in place to ensure the security of your Personal Data. See Export of data outside of the EEA for more information.

3 Use of Criminal Conduct Data

3.1 As a general rule, we do not process Special Categories of Personal Data or Criminal Conduct Data of customers. However, where your role would involve the provision of training or visiting schools as part of a consultancy role, we undertake Criminal Background Checks in order to assess your suitability for that role, at the commencement of our relationship and every three years in relation to ongoing engagements.

3.2 In addition to the usual appropriate technical and organisational measures we implement to ensure the security and integrity of the personal data processed by us, we may implement additional measures in relation to Criminal Conduct Personal Data, as appropriate. These may include segregation, pseudonymisation or restriction of access to the data.

3.3 Where we process Criminal Conduct Data, we will do so on the basis of explicit consent, which will be obtained prior to undertaking the criminal background check.. (see Lawful Bases for more information):

4 Transmission, storage and security of Personal Data

Security over the internet

4.1 No data transmission over the Internet or through a website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your Personal Detain accordance with data protection legislative requirements.

4.2 All information you are responsible for, provide to us is stored on our or our suppliers’ secure servers and accessed and used subject to our security policies and standards. We ask that you:

(a) Refrain from sharing any password providing access to certain parts of our websites, applications or systems with any other person

(b) Comply with any other security procedures that we may notify you of from time to time.

  

Export outside the EEA

4.3 Your Personal Data, may be transferred to, stored in or accessed by staff or suppliers in, a destination outside the European Economic Area (EEA). Regardless of location, we will impose the same data protection safeguards that we deploy inside the EEA.

4.4 Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Data to these jurisdictions. In countries which have not had these approvals, (see the full list here) we will transfer it subject to that impose equivalent data protection obligations directly on the recipient, unless we are permitted under applicable data protection law to make such transfers without such formalities.

4.5 Please contact us if you would like to see a copy of the specific safeguards applied to the export of your Personal Data.

  

Storage limits

4.6 We will retain your Personal Data for as long as is necessary for the processing purpose(s) for which they were collected and any other permitted linked purpose (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). So if Personal Data is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period one that period expires. We restrict access to Personal Data to those persons who need to use it for the relevant purpose(s).

4.7 Our retention periods are based on business needs and relevant laws. Records that are no longer needed are either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed.

5 Rights relating to Personal Data

Be aware of the rights that Data Subjects have in relation to their Personal Data

5.1 Data Subjects have a number of rights relating to how their personal data is used. Please be aware that certain exceptions apply to the exercise of these rights and so you will not be able to exercise them in all situations. In addition, these will vary slightly between EU member states. If you wish to exercise any of these rights we will check your entitlement and respond within a reasonable timescale.

5.2 Where applicable, you will have the following rights relating to your Personal Data:

  • Subject Access: ► Be provided access to any Personal Data held about you by NAE. This information will generally be provided within one month of us confirming your identity and understanding the scope of your request.

  • Rectification: ► Require to have inaccurate Personal Data amended.

  • Erasure: ► Require us to erase Personal Data in certain circumstances. If the Personal Data has been made public, reasonable steps will be taken to inform other controllers that are processing the data that you have requested the erasure of any links to, copies or replication of it.

  • Withdrawal of consent: ► Withdraw any consents to processing that you have given us or that have been given on your behalf and prevent further processing, if there is no other ground under which we can rely to process your Personal Data.

  • Restriction: ► Require certain Personal Data to be marked as restricted in some circumstances, for example, whilst we resolve any complaint we may have received. Restriction means that whilst we still store the data, we will not process it until such time as the restriction may be lifted.

  • Portability: ► Have a copy of any Personal Data you have provided to us returned to you, or transmitted to another controller in a commonly used, machine readable format.

  • Prevent processing: ► Require NAE to stop any processing based on the legitimate interests ground unless NAE’s reasons for undertaking that processing outweigh any prejudice to your data protection rights.

  • Marketing: ► Require NAE to prevent processing of your Personal Data for direct marketing purposes.

  • Raise a complaint ► Complain to your local Data Protection Authority about our processing of your Personal Data.

5.3 If you have any queries relating to your rights or exercise of your rights, please contact us.

6 Changes to our Privacy Policy and/or Cookies Policy

6.1 Our Privacy Policy and our Cookie Policy may change from time to time in the future. We therefore encourage you to review them when you visit the website from time to time to stay informed of how we are using Personal Data.

6.2 This Privacy Policy was last updated on 24 May 2018.