This privacy notice pertains to the information used by ELA Business and the website: www.elabusiness.training
Further information can be found in our Data Protection Policy and Policy on your Rights in Relation to your Data.
This privacy statement only pertains to information gathered by ELA Business.
This statement explains:
- The options you have in relation to the use of your data kept on file.
- Use, collection and sharing of information.
- Procedures which are in place a security against the misuse of your personal details and other information.
- The nature of the information collected from you via our forms, website and other communication tools.
- Procedure for the amendment of any incorrect information.
ELA Business are the sole owners of the information which has been uploaded or shared on our website.
The only information we have access to is that provided to us voluntarily by the person(s) concerned through direct correspondence. Such information will not be sold, rented or shared with any party outwith the company, or used in any way other than to fulfil the request of the person concerned. The information will be used to correspond with you directly for matters relating to the request.
Your control over the information stored
You are within your rights to decline any future contact from us at any time. To do this, you can contact us at email@example.com.
You can lodge any concerns you have regarding the use of your data, make amendments to your data, request copies of any data we are holding at that time or check the contents of said data.
Measures are in place to ensure the safety of your information. If you are required to submit personal or sensitive information via our website, it is protected against both online and offline abuse. Access to any information which can identify you individually will only be provided to employees who require this in order to fulfil their job responsibilities within the company. All records, both on computers and hard copies, are stored securely.
Should you have any reason to believe this policy is not being adhered to, you should contact us immediately: firstname.lastname@example.org
Information we collect and use
- At the time of booking an English course, it is necessary to obtain information about you. This will typically be name, nationality, date of birth, medical information and emergency contact, visa (if required), special dietary requirements (regarding your accommodation) and proof of identity such as passport.
- Photographs of students may be taken, especially during school excursions and we are entitled to use these on our social media profiles and marketing content.
- All personal information and photos will be kept securely and only used for bookings (accommodation and enrolment in our school), making payments, assistance in gaining visas and promotion/marketing for the school.
In order to use this information or any photographs of you, ELA Business requires permission. Such data can be removed upon request at any time, unless there is a specific legal reason for it to be kept on file. At the point of booking, we will enquire as to your acceptance of this policy. This acceptance can be revoked by you at any time.
For any queries, you can contact us:
71 George Street
Data Protection Statement
Why we use your information
The information we collect from you may be used for one of these purposes:
- To make your experience better targeted towards your individual needs. If we know more about you, we can attend to these needs more effectively.
- To address the feedback you give us, which will enable us to improve as a school. Information about you may be used as a rationale for developments made to our language programmes.
- To process payments
Regardless of whether it is public or private, your information will not be provided, sold, exchanged or transferred to any other company without your permission, except for the stated purpose of developing our language programmes, delivering a better personal experience to you or promoting ELA Business in an official capacity. It may also be done for emergency reasons, replying to emails or ensuring we have sufficient data for our health and safety records.
What is personal data?
Personal data is any which has the potential to identify you as an individual. ELA Business can manage the identification of an individual through the data at its disposal. Personal data processing is governed by the General Data Protection Regulations, GDPR.
ELA-Edinburgh may collect and store:
Date of birth; Telephone number, address, email address; nationality; gender, emergency telephone number; payment information; passport and visa details (if required); medical conditions, special educational needs, allergies, and any food requirements you state; test and exam results, school photos and videos.
Who we are
ELA-Edinburgh is the data controller, meaning ELA Business is in charge of the use and storage of your personal information and the reasons why it is used and stored.
How we process personal data
In alignment with GDPR, ELA Business must keep personal records updated. These must be kept and disposed of in a secure way, by refraining from holding surplus quantities of data, having security measures in place against the loss or abuse of data, restricting access to data and ensuring that data is secured by utilization of technical measures.
Reasons we use and share your personal data:
So that our booking team has all necessary information to enroll students on the correct language programme and can provide them with options for accommodation.
- Assisting our academic team in ascertaining an accurate impression of the students’ level.
- Processing payments.
- To keep up-to-date our records of employees, agents, students and host families.
- To keep health and safety records.
- To process and store our own financial and academic records.
- To meet the requirements set out by our accrediting bodies.
- To provide assistance in applying for student visas to non-EEA students
- To help students open UK bank accounts if necessary.
- To book medical insurance if necessary.
- To keep records of attendance for immigration authorities.
- In order to promote the school
- In order to communicate with students about upcoming events.
- To enrol students in exams.
The legal basis for processing of personal data (why performance?)
See article 6 or article 9 – dealt with separately below:
Article 6 of GDPR – Lawfulness of processing
- With the consent of the data subject
- Processing is necessary for the performance of (the implementation of?) a contract with the data subject or for taking steps to enter into a contract (see terms and conditions)
- Processing is necessary for compliance with a legal obligation (financial records are kept to meet our legal tax obligations, student records are kept for our accreditation requirements and immigration authorities)
- Processing is necessary to protect the vital interests of the data subject or another person (health and safety obligations)
- Processing is necessary for the legitimate interests of the data controller except where such interests are overridden by the interests, rights or freedom of the data subject (to promote the language school and communicate information to students)
Article 9 of GDPR- Processing of special categories of personal data
- Explicit consent of the data subject
- Processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity (visa applications and visa requirements for non-EU students)
- Processing is necessary for reasons of public interest on the basis of EU or Member State law (health and safety records, visa applications and visa requirements for non-EU students)
- Processing is necessary for the smooth operation of any student insurance policies
- Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes (enrolment information)
Sharing your personal data
Personal data will be stored and managed in strict confidence and will be shared only with staff of ELA-Edinburgh, and, if necessary, with partner organisations which provide related and relevant services such as social activities, medical care, insurance, visa application support, bank accounts, or immigration services. If it was to be shared with other third parties, we will ask your permission.
Length of time we maintain personal data
There is no specific deadline as to how long we keep your personal data on file. This can, however, be removed upon your request.
Your rights and your personal data
Unless subject to an exemption under GDPR, you have the following right to…
- Ask for a copy of any personal data relating to you which is held by ELA Business
- Amend any personal data if it is incorrect or not updated.
- Delete your personal data if there is no longer a reason for it to be kept by ELA Business.
- Revoke your previously given permission to data processing whenever you wish
- Ask to be provided with copies of the personal data which is held on you by the data controller and where applicable, to provide that data to another data controller (the right to data portability)
- Request a restriction of data processing in the event of a dispute regarding such processing or the accuracy of the data held on you.
- Contend the processing of personal data, except in circumstances where it is required by law or for legitimate reasons.
- Complain to the Data Protection Commissioner.
Transfer of Data Abroad
Your personal data can only be provided to foreign countries or non-EU territories with your consent.
If we intend to use your personal data for any purpose which has not been so far referred to in this Data Protection Statement, you will be given a new statement detailing the new use, prior to the processing taking place, which will state the purpose and conditions of the processing. We will seek your consent to the new processing if such processing is necessary.
To exercise the rights detailed, please contact our Principal, Olga Hutchins, at the first point of contact at:
71 George Street
The Information Commissioner’s Office
This Application collects some Personal Data from its Users.
Owner and Data Controller
71 George Street
Owner contact email: email@example.com
Types of Data collected
The application gathers, either by itself or via third parties: Cookies, first name, last name, country, email address, Usage Data, unique device identifiers for advertising (Google Advertiser ID or IDFA, for example) and phone numbers.
The user may provide personal data or it may be automatically gathered when using the application.
It is not possible to use the application without providing the data requested. At times, the application will state that the data are not mandatory. In these cases, failure to provide the data will not result in a failure to use the application or for the service to function.
The owner can be contacted by users if they are not certain about the status of any given personal data i.e. whether it is mandatory or not.
If users share the details of any third party on this application, it is the user’s responsibility to have the permission of this third party to do this,
How and Where data is processed
Security methods are undertaken by the owner in order to ensure that there is no unauthorized access, editing, modifying and destruction of the data
Whilst following procedures pertaining to the purposes described, computers and IT enabled tools are used to process the data. The data may, at times, be available to certain personnel responsible for the operation of this application (sales, system administration, marketing, legal) and sometimes third parties who provide technical services (IT companies, mail carriers, hosting providers, communications agencies etc.). These are appointed by the owner. You may request a list of these third parties from the owner at any time.
Legal basis of processing
The Owner has the right to process users’ Personal Data if one or more of the following circumstances prevails:
Consent has been granted by the user for a particular purpose. Please be aware that under some laws, the owner can process personal data without such consent until such time that the user chooses for this not to continue (“opt-out”). However, if the data is subject to European data protection law, this does not apply.
- It is necessary to fulfil an agreement made with the user, and the consolidation of any pre-contractual agreements thereof;
- If the user is subject to a legal requirement and the processing of data is required for this.
- It is in the public interest or within the remit of official authority to which the owner is obliged to adhere.
- Legitimate interests can be pursued on the part of the owner and/or a third party.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The owner’s offices of operation and any other premises where the parties are based.
Data may be transferred to a different country rather than that of the user, depending on the location of the user. More information about the processing place of such data in these circumstances can be found in the section pertaining to the details of the processing of personal data.
Users can learn about the legalities of the transnational transfer of data or the transfer of data outwith the European Union, international organisations governed by public international law or set up by two or more countries, and about the security measures taken by the Owner to safeguard their Data.
If such a transfer occurs, Users can research the terms of this in the relevant section of this document or by lodging an enquiry with the Owner by using the information provided in the contact section.
Personal Data shall be processed and stored as long as necessary for the original purpose for which they have been collected.
- Until the last function on the contract has been carried out, personal data for the purposes of this contract will remain on file.
- Regarding data intended to serve the owner’s legitimate interests, this shall be kept on file until such purposes have been carried out. Users may obtain information pertaining to these legitimate interests pursued by the Owner in the relevant sections of this document or through direct contact with the Owner.
Whenever the user has given consent, the owner may keep personal data for a prolonged period, until consent is revoked. Moreover, the holding of data may be necessary for legal obligations or upon the order of an authority.
Once period of holding expires, Personal Data will be deleted. Therefore, the right to access, erase, amend and the right to data portability cannot be enforced after this period expires.
The purposes of processing
The Data concerning the User is collected to allow the Owner to provide its Services, as well as for the following purposes: Traffic optimisation and distribution, Contacting the User, Analytics, Advertising, Remarketing and behavioral targeting, Interaction with external social networks and platforms, Displaying content from external platforms, SPAM protection, User database management, Managing contacts and sending messages, Interaction with live chat platforms, Interaction with online survey platforms, Platform services and hosting and Registration and authentication. (Are all those capital letters really necessary?)
Users can find further detailed information about such purposes of processing and about the specific Personal Data used for each purpose in the respective sections of this document.
Users have rights regarding their data processed by the owner which can be exercised.
Specifically, Users have the right to…
- Revoke their consent, even when they have previously given consent. This can be done upon request at any time.
- Object to the processing of their Data. If the processing is carried on a legal grounds rather than consent. More details of this are provided in the relevant section below.
- Access their Data. Users have a right to know whether or not their data is being processed at any given time, be informed as to particular aspects of this processing and obtain copies of the Data undergoing processing.
- Validate and request amendment. Users can validate their data with respect to the accuracy so that it can then be modified.
- Impose Limitations on the processing of their Data. When requested, the Owner will not process the user’s Data for any reason other than storage
- Delete their Personal Data under certain circumstances.
- Receive their Data and have it transferred to another controller. Users have the right to receive their data in a user-friendly, easy-to-read format, and have it transferred in full to a different controller. This is providing the processing is predicated on the user’s permission as part of a contract of which the user is part.
- Something missing here! their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual agreements.
- Lodge a complaint. Users can take a claim to their data protection authority.
The right to object to processing
Users can provide a basis to justify their objection to the processing of their data in a situation where the data is processed in the interests of the public, where the owner is carrying out duties required in adherence to an order from an official authority, or to legitimate the owner’s pursuit of legitimate interests.
Users do not have to justify, however, their objection to their personal data being used for marketing purposes. In order to ascertain whether or not the owner is processing the data for marketing purposes, users can check the relevant sections of this document.
How to exercise these rights
Requests to put these User rights into practice can be directed to the Owner via the contact details provided in this document. These requests are free of charge and will be addressed by the Owner as early as possible within one month.
In the case of the application or related services, the user’s personal data may be used in court by the owner, or in the early stages of legal action. The User declares their awareness that the Owner may be required to reveal personal data upon the request of public authorities.
Additional information about the User’s Personal Data
System logs and maintenance
This Application and services provided by a third party may collect files that record interaction with this Application (System logs) and use other Personal Data (such as the IP Address) for operation and maintenance purposes
Information not contained in this policy
More details pertaining to the gathering or processing of Personal Data may be requested from the Owner. The contact details appear at the beginning of this document.
This Application does not support “Do Not Track” requests.
To clarify whether any of the third-party services it uses adhere to the “Do Not Track” requests, please read the privacy policies of these third parties.
If processing activities are affected by amendments performed on the basis of the User’s consent, the Owner shall seek renewed consent from the User.
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Application as described in the relative terms (if available) and on this site/application.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Small pieces of data stored in the User’s device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
Latest update: 25 May 2018
If you have any questions about this policy, please contact us.