GDPR Legislation
On 25 May 2018 the General Data Protection Regulation comes into effect across the EU and on the same day, the UK’s Data Protection Bill will pass into law, as the Data Protection Act 2018, effectively implementing the GDPR into UK law.
GDPR and the Data Protection Act 2018 will expand the privacy rights granted to EU data subjects and place greater obligations on organisations who handle personal data of those individuals (data controllers and processors), wherever those organisations are based.

What we’re doing to comply with GDPR
As an organisation that handles personal data including personal sensitive data, City Tutors Online are committed to ensuring that we are compliant with GDPR.
Some of the steps we have taken and are taking include:
• Documenting data handled by us including:
• Identifying the personal and sensitive data held;
• Where the data is stored, how the data is used and with whom the data is shared;
• Establishing where the data came from and identifying the legal basis for holding and processing it; and
• Reviewing our standard retention periods.

Our platform
The personal data shared with us is held on our Platform. The Platform is designed, built and maintained in-house by our Product Development team. The Platform is hosted by BJ Computer services. Please contact BJ computer services for GDPR processes and compliance.
Under data protection law, individuals have a right to be informed about how organisations use any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.

This privacy notice explains how we collect, store and use personal data about pupils. We, City Tutors Online, are the ‘data controller’ for the purposes of data protection law.
The personal data we hold Personal data that we may collect, use, store and share (when appropriate) about pupils includes, but is not restricted to:
• Contact details, contact preferences, date of birth
• Results of internal assessments and externally set tests
• Pupil and curricular records
• Characteristics, such as ethnic background, eligibility for free school meals, or special educational needs
• Exclusion information
• Details of any medical conditions, including physical and mental health
• Attendance information
• Safeguarding information
• Details of any support received, including care packages, plans and support providers
• Video recordings captured in the virtual classroom. We may also hold data about pupils that we have received from other organisations, including other schools, local authorities and the Department for Education.

Why we use this data
We use this data to:
• Support pupil learning
• Monitor and report on pupil progress
• Assess the quality of our services
• Carry out research
• Comply with the law regarding data sharing

Parents and pupils’ rights regarding personal data
Individuals have a right to make a ‘subject access request’ to gain access to personal information that we hold about them. Version 1: 16/05/18 Parents/carers can make a request with respect to their child’s data where the child is not considered mature enough to understand their rights over their own data (usually under the age of 12), or where the child has provided consent.
Parents also have the right to make a subject access request with respect to any personal data the organisation holds about them. If you make a subject access request, and if we do hold information about you or your child, we will:
• Give you a description of it
• Tell you why we are holding and processing it, and how long we will keep it for
• Explain where we got it from, if not from you or your child
• Tell you who it has been, or will be, shared with
• Let you know whether any automated decision-making is being applied to the data, and any consequences of this
• Give you a copy of the information in an intelligible form
Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances. If you would like to make a request please contact us.
Parents/carers also have a legal right to access to their child’s educational record. To request access, please contact us.
Other rights Under data protection law
Individuals have certain rights regarding how their personal data is used and kept safe, including the right to:
• Object to the use of personal data if it would cause, or is causing, damage or distress.
. Prevent it being used to send direct marketing
• Object to decisions being taken by automated means (by a computer or machine, rather than by a person)
• In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict processing
• Claim compensation for damages caused by a breach of the data protection regulations
To exercise any of these rights, please contact us.
Complaints
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.
To make a complaint, please contact us.
Alternatively, you can make a complaint to the Information Commissioner’s Office: https://ico.org.uk/concerns/

Essential SSL