Collecting personal data
The personal data you provide to us, or collected about you, is collected for the following Purposes:
- the creation of accounts for fraud detection purposes;
- to limit access to the Site and Platform to legitimate subscribers;
- to track viewing and account history in order to enable teachers and educational institutions to observe the learning and behaviour of their students;
- to otherwise provide the functions and services offered on the Site and the Platform to you;
- to enhance your use and our provision of the Site and the Platform;
- to improve the Site and the Platform; and
- to keep you informed of our products and services that might be relevant to you.
The types of personal data we collect from you includes your contact details such as name, email address, phone number, job title, student or staff group, and institution name. We will generally collect personal data directly from you. We may collect your personal data in any of the following ways:
- when you log on and access the Platform;
- when you access our Site and provide your personal data;
- during conversations and/or correspondence between you and the ClickView team;
- when you complete a transaction with us;
- when you otherwise elect to provide personal data to us; or
- from third parties such as your institution.
If someone other than you provides us with personal data about you that we did not ask for, we will notify you, as soon as practicable that we have received this personal data. This notice will be given unless to do so would be in breach of an obligation of confidence. If we could not have collected this personal data, we will lawfully de-identify or destroy that personal data.
Processing personal data
For users of the Services, we generally process your personal data on the legal basis of legitimate interest. Our legitimate interest is our commercial provision of our educational services to you, including the use of the Platform, as set out in the Purposes above. In determining this legitimate interest, we have taken into account your age, where relevant, the educational purpose of the Platform, and the nature of the Services.
We may request your consent, or the consent of your educational institution or school, for us to process your personal data for the Purposes above or other purposes. We may also enter into a data processing agreement which your educational institution for the processing of personal data under the GDPR.
We may also process your data where we are required by law to protect our rights or property (or those of any third party), or to avoid injury to any person.
Recipients or categories of recipients of personal data
ClickView will be the primary recipient of your personal data.
We will comply with our obligations under the GDPR with respect to the technical and organisational security measures required to protect your personal data.
WWe may also disclose your personal data to third party sub-processors, including: Salesforce, Xero, Microsoft Corporation, Amazon Web Services and Keen.io, for the Purposes above. We will comply with our GDPR obligations when engaging sub-processors and we will ensure that all sub-processors comply with their GDPR obligations.
These recipients of your personal data may be located in countries in which the privacy or data protection laws differ from those of the European Union. In relation to recipients in:
- Australia, appropriate or suitable safeguards over your personal data have been put in place by virtue of standard data protection contract clauses approved by the European Commission; and
- the United States, a data protection adequacy decision has been made for organisations to which the Privacy Shield applies. All of the recipients of your personal data within the US are a part of this Privacy Shield.
How long we keep your personal data
We will store your personal data for as long as you engage with the Platform and for a period of time afterwards based on our document retention obligations imposed by law and to comply with audit and financial obligations.
Your rights under the GDPR
You have a number of rights under the GDPR. These include:
- to request access to, erasure of your personal data from us. You have a right to ask us to provide a copy or remove any of the personal data we hold about you. If you make this request, to your personal data we hold about you, you must do so in accordance with the DPA and the GDPR. We will respond to your request within a reasonable period of time and give access to the information in the manner you request or remove your personal data. If we no longer need your personal data, unless we are required under the GDPR, English law or a court or tribunal order to retain it, we will take reasonable steps to de-identify your personal data or destroy your personal data securely;
- to request that we correct your personal data. We take all reasonable steps to ensure that your personal data held by us is accurate and up-to-date. If you believe that any of your personal data is inaccurate, please contact us using the method set out below and we will take all reasonable steps to correct it within a reasonable time.
- to withdraw your consent for us to use your personal data;
- in some circumstances, to object to the use of your personal data by us and request that we restrict our use of your personal data;
- to receive your personal data held by us, in a commonly used electronic format, or to have us transfer such personal data to another service provider of your choosing;
- to lodge a complaint in relation to our processing of your personal data with a data protection supervisory authority under the GDPR; and
- to be informed generally about the collection and use of your personal data, including where we intend to further process your personal data for additional purposes other than as discussed above.
When you visit the Site we may attach a “cookie” called CVONLINE2 to your computer’s memory. This “cookie” is a small text file which assists us to store session information when you are logged into the Site and to facilitate seamless access between our different services.
If you choose to do so, you should be able to configure your computer so that it disables “cookies” or does not accept them, however, this may impact the functionality of the Site.
If we have obtained your personal data through your use of the Platform (for example, when you log-on to use the Platform) or from your institution in connection with your use of the Platform, we will not use your personal data for marketing purposes and your personal data will not be stored on our customer relationship management (CRM) system.
You can, at any time, opt out of receiving marketing material from us by contacting us using the method set out below or, where we have sent you electronic marketing materials, by using the unsubscribe link within the communication. You agree and acknowledge that even if you opt out of receiving marketing material, we will still send you essential information that we are required to send you relating to the services we provide. Once you opt out of receiving marketing material from us, you agree and acknowledge that this removal from our distribution lists may take several business days after the date of your request to be removed.
Storage and security
We will use all reasonable endeavours to keep your personal data in a secure environment, however, this security cannot be guaranteed. Our security measures include tiered access to the Platform, password access for administration accounts that are changed every 90 days, use of encryption software for traffic on the Site and the Platform, and recording systems of access to the Platform. These security measures are designed to ensure your personal data is not subjected to unauthorised access, loss or misuse. If you reasonably believe that there has been unauthorised use or disclosure of your personal data please contact us using the method set out below.
Variation and consent to variation
Contact with us
Fifth Floor, 4 Bath Place
London, EC2A 3DR
or sending an email to us at firstname.lastname@example.org
If you would like to make a complaint in relation to how we have handled your personal data, please include a written summary of your relevant complaint.
We will investigate your complaint and will endeavour to provide you with a written response within 30 days of receiving your complaint.