The personal data you provide to us, or collected about you, is collected for the following Purposes:
The types of personal data we collect from you includes your contact details such as name, email address, phone number, job title, student or staff group, and institution name. We will generally collect personal data directly from you. We may collect your personal data in any of the following ways:
If someone other than you provides us with personal data about you that we did not ask for, we will notify you, as soon as practicable that we have received this personal data. This notice will be given unless to do so would be in breach of an obligation of confidence. If we could not have collected this personal data, we will lawfully de-identify or destroy that personal data.
For users of the Services, we generally process your personal data on the legal basis of legitimate interest. Our legitimate interest is our commercial provision of our educational services to you, including the use of the Platform, as set out in the Purposes above. In determining this legitimate interest, we have taken into account your age, where relevant, the educational purpose of the Platform, and the nature of the Services.
We may request your consent, or the consent of your educational institution or school, for us to process your personal data for the Purposes above or other purposes. We may also enter into a data processing agreement which your educational institution for the processing of personal data under the GDPR.
We may also process your data where we are required by law to protect our rights or property (or those of any third party), or to avoid injury to any person.
ClickView will be the primary recipient of your personal data.
We will comply with our obligations under the GDPR with respect to the technical and organisational security measures required to protect your personal data.
We may also disclose your personal data to third party sub-processors, including: Salesforce, Marketo, Xero, Microsoft Corporation and Keen.io, for the Purposes above. We will comply with our GDPR obligations when engaging sub-processors and we will ensure that all sub-processors comply with their GDPR obligations.
These recipients of your personal data may be located in countries in which the privacy or data protection laws differ from those of the European Union. In relation to recipients in:
We will store your personal data for as long as you engage with the Platform and for a period of time afterwards based on our document retention obligations imposed by law and to comply with audit and financial obligations.
You have a number of rights under the GDPR. These include:
When you visit the Site we may attach a “cookie” called CVONLINE2 to your computer’s memory. This “cookie” is a small text file which assists us to store session information when you are logged into the Site and to facilitate seamless access between our different services.
If you choose to do so, you should be able to configure your computer so that it disables “cookies” or does not accept them, however, this may impact the functionality of the Site.
If we have obtained your personal data through your use of the Platform (for example, when you log-on to use the Platform) or from your institution in connection with your use of the Platform, we will not use your personal data for marketing purposes and your personal data will not be stored on our customer relationship management (CRM) system.
You can, at any time, opt out of receiving marketing material from us by contacting us using the method set out below or, where we have sent you electronic marketing materials, by using the unsubscribe link within the communication. You agree and acknowledge that even if you opt out of receiving marketing material, we will still send you essential information that we are required to send you relating to the services we provide. Once you opt out of receiving marketing material from us, you agree and acknowledge that this removal from our distribution lists may take several business days after the date of your request to be removed.
We will use all reasonable endeavours to keep your personal data in a secure environment, however, this security cannot be guaranteed. Our security measures include tiered access to the Platform, password access for administration accounts that are changed every 90 days, use of encryption software for traffic on the Site and the Platform, and recording systems of access to the Platform. These security measures are designed to ensure your personal data is not subjected to unauthorised access, loss or misuse. If you reasonably believe that there has been unauthorised use or disclosure of your personal data please contact us using the method set out below.
Fifth Floor, 4 Bath Place
London, EC2A 3DR
or sending an email to us at email@example.com
If you would like to make a complaint in relation to how we have handled your personal data, please include a written summary of your relevant complaint.
We will investigate your complaint and will endeavour to provide you with a written response within 30 days of receiving your complaint.