Effective Date: 01/11/2020
The following words have the meaning attached to them under this Policy:
- Personal Data: This is defined under the General Data Protection Regulation (“GDPR”) law as any information that relates to an identified or identifiable natural person. For example, a name, contact number, location and IP Address.
- Non-Personal Data: This refers to any information that is not related to an identified or identifiable person – for example, anonymised data.
- Processing: This refers to any activities SR Dempsey carries out in relation to your Personal Data, which may include collection, uses, disclosures, security, marketing, storage, transfer, etc.
- Services: Refers to the online education, coaching, and consulting services SR Dempsey provides to users (students, parents, educators) through the relevant Site and associated platforms.
- You/your/user: These refer to anyone accessing the Sites or using our Services. This may include the students, educators, Site visitors, and parents of students.
- We/our/us: These refer to SR Dempsey (its subsidiaries, parent company, or any affiliated company).
3. Our Principles for Processing Personal Data
Under Article 5 of the GDPR law, we are required to process Personal Data about you based on the below principles, which we will always adhere to.
- To process Personal Data lawfully, fairly and in a transparent way;
- To process Personal Data for the purposes listed under this Policy and not for any other purposes;
- To process and collect only the Personal Data we need to facilitate the Services;
- To process Personal Data accurately and update it where necessary to fulfil the purpose for which it was initially collected;
- To process Personal Data and protect it from unauthorised parties with any means necessary; and
To process Personal Data for no longer than we need it.
4. Personal Data Collection
When you access the Sites and use our Services, we require and obtain some Personal Data, which you either willingly submit to us or we automatically obtain through third party tools. This data may include your name, address, phone number and device information. We categorise this data below:
The Personal Data you submit to us
- Registration Data: In order to provide you with a member account, you may need to submit registration data, which may include your name and password.
- Contact Data: We may collect contact data, such as email address and phone number when you register an account or when you contact us through any of the forms on our Sites.
- Payment Data: In order to process your payments for our Services, we may require you to submit your payment method data, such as your credit/debit card payments.
- User-Generated Content Data: We may import your reviews about our Services from Trustpilot (a third party software) to certain parts of our Sites. These reviews may contain Personal Data about you, including your avatar, name, work title and other data attached to your review. Also, when you comment on any of our articles, videos or other content, your name and any Personal Data attached to such a comment will be available to other users and the public.
- Booking and Session Data: We may also collect certain data from when you book an appointment with us to enquire and find out more about our Services or receive our Services.
You are not obligated to provide us with the above Personal Data; however, without you providing this data, SR Dempsey may not be able to identify you to discuss how to provide you with the Services.
The Personal Data we automatically collect
When you access any of the Sites or interact with us – even as a visitor – we and third party content and analytics provider use certain tracking technologies, such as beacons and cookies, to obtain certain Personal Data and Non-Personal Data. This data may include the below:
- Analytics or Usage Data: This may include anonymous data, such as your use of the Sites, the part of the Sites you are, where you navigated to our Sites from, your content interactions, how long you stay on the Sites, and other statistical data. This data is collected using Google Analytics and Google Search Console.
- Geolocation Data: We do not have access to your location; however, we may be able to pin-point your region and country through Google Analytics when you access any of our Sites.
- Device Data: We automatically collect the details about the device you are browsing our Sites with. This data may include the device IP Address and other identifiers. Like other data above, this data is collected through Google Analytics and Google Search Console. To learn more about Google Analytics, see our Cookies Policy.
5. Cookies and Similar Technologies
Cookies are used for certain tasks, including to gather information about how you interact with our newsletters and other content and personalise pages to you; to identify you from other users and provide you with a member account; to make your experience on our Sites great; to enable you to navigate around secure areas of our Sites; to gather analytics for marketing and our Sites’ improvement; to make some Sites’ features available to you; to personalise adverts to you based on your preferences; among other uses.
For more about Cookies, including how long they stay on your device and how you can opt-out, please read our Cookies Policy.
6. The Uses of Your Personal Data
We collect Personal Data from you and use it to generally identify you and provide you with our Services. Other uses of your data include:
- To provide you with a member account and provide you with certain features on our Sites;
- To fulfill the contract between us;
- To respond to your questions, complaints and queries, and to otherwise contact you on administrative messages and marketing emails;
- To process your payments for engaging our Services;
- To gather analytics data and identify the areas on our Sites users often use, which then enables us to improve on these Sites;
- To identify the device you access any of our Sites with, thereby using it to remember you when you come back to any of our Sites;
- To enforce our Terms and Conditions and applicable laws;
- To gather data about your choices, preferences and interests in order to tailor content and market to you based on what we believe match your interest;
- To facilitate your navigations around our Sites and your interaction with our content; and
- To detect faulty features and provide upgrades where necessary.
7. The Disclosures of Your Data
We do not disclose or share your data unless as described under this Policy. We may disclose your Personal Data under the below circumstances:
- To Third Party Service Providers: Our third party service providers (such as our analytics, marketing, maintenance, payment processor, content, communication and site hosting providers) may have access to certain Personal Data about you due to the task we hire them to perform for us. For example, we use Stripe to process payments through our Sites. To process your payments, Stripe may have access to your Credit/Debit Card data shared by you when you initiate payments. However, we only share your data with third party service providers in accordance with GDPR law.
- To other Members and Site Visitors: If you leave any review on Trustpilot or comment on any of our content, the Personal Data attached to your review or comment will be available on the relevant Site, and other Site users and visitors will have access to such Personal Data.
- Under the Law: We may disclose Personal Data about you in response to a court order, subpoena or other legal summonses, as required by applicable law. We may disclose Personal Data about you in the event of an investigation by law enforcement. We may also disclose Personal Data about you if we believe such disclosure is able to protect a right or property. For example, if we are summoned by law enforcement agencies to provide any data about you, in response to a legal claim, we will have no option but to comply with the law.
- Under a Business Transfer: We may share your Personal Data with another organisation in the event of a merger, sale of assets, consolidation or acquisition. For example, if we are to merge with another organisation, we may have to share certain confidential information, including our customers’ list, with the organisation. Nevertheless, in the event of a business transfer, we will notify you, and you can withdraw your consent any time.
8. The Security of Your Personal Data
SR Dempsey cares about your privacy. We are also required by the GDPR law to provide sophisticated safeguards to ensure any Personal Data or communication you transmit through any of our Sites is protected from unauthorised third parties. Due to this, we have put in place both traditional and physical security measures to protect your Personal Data from theft or alteration.
For one, our Sites are protected by Google ReCaptcha v3, which helps us detect spam and abuses from unauthorised third parties. Secondly, any Personal Data you provide to us, including payment data, is encrypted using SSL Encryption. Furthermore, we have Cloudflare and firewalls in place to protect our Sites from threats, such as SQL Injection. Also, we do not share your Personal Data with third parties for their direct marketing purposes except as described above. Other security measures include using trusted third party software, such as Zoom, Skype, Bramble, Calendly, etc. for tasks such as video calling, appointment bookings, etc.
Notwithstanding the safeguards put in place to secure data, you acknowledge that it may never be enough to prevent your Personal Data from authorised access. The internet changes every day, and new technologies are developed. SR Dempsey does not warrant that your Personal Data is 100% secure. We will not be liable for any unauthorised access to your Personal Data by theft.
SR Dempsey engages in marketing activities in the form of newsletters and pop-up notifications when you interact with us via your email address and on our Sites. Marketing comes in the form of newsletters that contain offers, promotions and bonuses on new products and services, which we think may interest you. By interacting with us via your email address and our Sites, you are aware that we will send you marketing emails. However, you have the option of opting out of marketing via email by following the instructions for opting out in any marketing email you receive from SR Dempsey.
10. The Retention Period of Your Personal Data
As promised in our principle of data retention under section 2 above, we will only retain your Personal Data with us for as long as you have a member account with us. Upon your request for the deletion of your member account or opt-out of marketing emails, we will delete the relevant data about you to the extent permissible by law. The retention period of your Personal Data does not apply to the data we are required by law to keep for much longer.
11. The Transfer of Your Personal Data Outside the United Kingdom
SR Dempsey uses third party service providers outside of the United Kingdom (“UK”), and we may transfer Personal Data about you to them in their various countries of operation to provide certain tasks for us. For example, we may share your payment data with Stripe in the United States (“US”) to help process your payments for our Services. These countries may not have adequate data protection laws as the GDPR; however, we will only transfer Personal Data to them as defined under this Policy, including by ensuring such a country is determined by the GDPR to have adequate protection; or by transferring Personal Data using the approved standard contract clauses; or by sharing to multinational companies bound by corporate rules; and/or by ensuring we collect verifiable consent from you before such sharing.
12. Your Personal Data Rights
Under chapter 3 of the GDPR law, you have certain rights in relation to the Personal Data we hold and process about you. These rights include:
- The right to be informed: You have the right to be informed – through this Policy – about how we collect, use, share and process your Personal Data.
- The right of Access: You have the right to request to know the Personal Data we are processing about you. You may request access by sending your request to [email protected].
- The right of Rectification: As described under the principles in section 3 of this Policy, you have the right to request that SR Dempsey corrects any inaccurate Personal Data we hold about you. You may exercise this right by sending us a data rectification request to [email protected].
- The right to Erasure: You have the right to request for the deletion of certain Personal Data – but to the extent permissible by law. This means that this right is limited. For example, if the data you require us to delete is needed to fulfil our Services, we may not be able to grant this right.
- The right to restrict processing: Similar to the right of rectification, this right allows you to demand that we restrict processing certain data about you. Please, be aware that this right will be granted only to the extent permitted by law.
- The right to Data Portability: This right allows you to copy the Personal Data we hold about you and use it on other sites or services without altering the usefulness of the data. This right may only be exercised if we have obtained your consent to process your data or you have a contract with us.
- The right to Object: As described under the marketing section above, you have the right to opt-out of direct marketing. You may follow the instruction for opting out through any marketing emails sent to you.
Where how to exercise a specific right is not indicated in any of the rights above, please send your request to us at [email protected]. We will grant you such right to the extent permitted by applicable law.
13. Third Party and Affiliate Links
We may include affiliate links on our Sites and also attach links of third party sites on our blogs. Generally, our Sites may occasionally contain content and links that lead to these third parties and affiliates sites. This Policy does not cover any affiliate or third party sites. If you access any third party or affiliate site through our Sites, their policies will govern their use of your Personal Data. We implore you to read the policies of any affiliate or third party site you access through our Sites. We will not be responsible for any loss of privacy due to your access to any affiliate or third party site via any of our Sites.
14. Children Policy
Our Sites and Services are designed for and directed to persons of 14 years or above. SR Dempsey does not knowingly collect Personal Data from persons under 14 years of age. If you are below 14 years of age, you may only submit Personal Data to us or interact with SR Dempsey when supervised by a parent or legal guardian. By accessing and using any of our Sites or Services, you represent and warrant to SR Dempsey that you are 14 years or above and that you are able to form a legally binding agreement.
15. Updates to This Policy
SR Dempsey may review and update this Policy without liabilities or notices to you. We may update this Policy for certain reasons, such as changes in the way we collect or process your Personal Data; changes to certain features on any of our Sites; or changes to applicable laws. Any changes to this Policy shall be posted by changing the Effective Date at the top. We may also notify you of changes via any email address we hold about you at our discretion. If you continue accessing our Sites or use our Services after any changes, it will represent your intent to be bound by such changes.
16. For Enquiries and Complaints
If you have any enquiries, questions, and complaints regarding this Policy and how we process any Personal Data, please reach out to us via the company contact data below:
Dr S R Dempsey