1. Who we are?
For the purpose of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (PECR) the data controller is Learning Without Borders. Learning Without Borders is a registered data controller with the Information Commissioner’s Office (ICO) under registration number ZB006640.
We may collect the following categories of personal data about you:
- Communication Data that includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance, or defence of legal claims.
- Prospect Data that includes data relating to enquires or scheduled appointments, meetings, and calls, which did not result in a sale of goods and/or services such as your name, email address, and phone number. We process this data to schedule a meeting and/or to respond to and manage a project enquiry.
- Customer Data that includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions.
- Participant and Student Data that includes data relating to any purchases made via the Social Impact Game App and services such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. We process this data to provide the services you have purchased and to keep records of such transactions. As well as the data you have generated so that we can provide feedback and monitor your progress.
- User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain backups of our website and/or databases and to enable publication and administration of our website, other online services and business.
- Technical Data that includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising.
We do not collect any Sensitive Data about you. Sensitive data refers to personal data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you do not provide us with the requested data, we may have to cancel a project or service you have ordered but if we do, we will notify you at the time.
We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at email@example.com.
In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
We do not carry out automated decision making or any type of automated profiling.
You directly provide us with most of the personal data we collect. We may collect and process your personal data when you:
- Complete opt-in forms on our website
- Send us emails directly
- Schedule an appointment via the telephone or place an order for any of our services
- Use or view our website via your browser’s cookies.
- Register and/or pay to participate in the Social Impact Game App and extra-curricular modular project.
We may also receive your personal data indirectly from the following sources:
- Third parties such as analytics providers Google based outside the UK, providers of technical, payment and delivery services, such as data brokers or aggregators.
- We may also receive data from publicly availably sources such as Companies House and the Electoral Register based inside the UK.
We will use the personal data you provide in a manner compatible with the UK GDPR, and to carry out one or more of the following to:
- Process your order, manage your account
- Log and monitor security of the Social Impact Game App
- Attendance and progression in the Social Impact Game App
- Email you with special offers on other products and services we think you might like
- Respond to any general enquiries you may have made to us via email, telephone, or any other method of communication. We will use this data to follow-up your enquiry
- Carry out administrative and management of our business agreement
- Personalise your repeat visits to our website
We will not sell or share your personal data with any 3rd party organisation for market research or marketing purposes without specific consent from you.
We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal data unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct.
Examples of third parties we may share your personal data with, to provide services are as follows:
- Service providers who provide IT and system administration services
- Professional advisers including lawyers, bankers, auditors, and insurers
- Government bodies that require us to report processing activities.
Listed below are the key service providers we use to provider elements of our service.
We may rely on one or more of the following legal grounds to process your personal data:
- Contract: This relates to the processing necessary in the performance of a contract or to take steps at your request, before entering a contract. We will use if you become a customer or participant.
- Legal Obligation: This relates to processing necessary for compliance with a legal obligation to which we must comply with. For example, financial data for accounting purposes, and health and safety.
- Legitimate Interests: This relates to our legitimate interests pursued by us or by a third party (such as company partners), except where such interests or your fundamental rights and freedoms which require protection of your personal data. Examples of our legitimate interests are as follows:
- Reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
- Communicating with our customers, participants and prospects to introduce them to services, or market similar services that would be of interest and benefit to them.
- Promotion and publicity (e.g. using photographs and video footage of projects to promote and grow our business).
- Enable us to properly administer our website, App and our business and to grow our business and to decide our marketing strategy.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
The UK GDPR protects your personal data. Where we transfer your data to third parties outside of the UK, we will ensure that certain safeguards are in place to ensure a similar degree of security for your personal data. Such as:
- We may transfer your personal data to countries that the UK have approved as providing an adequate level of protection for personal data by; or
- If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place; or
- Where we use certain service providers who are established outside of the UK, we may use specific contracts or codes of conduct or certification mechanisms approved by the UK which give personal data the same protection it has in the UK.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Transmitting data over the internet is generally not completely secure. We have procedures and security in place to keep personal data secure once it is in our systems. All personal data is stored securely in accordance with the principles of the UK GDPR.
Any personal data collected in paper form are securely filed at our office and site locations in London. All access to your personal data is highly restricted for approved business purposes only.
Your rights are as follows:
- You have the right to ask for a copy of your personal data.
- You have the right to have your personal data rectified. If you find your personal data, we hold is inaccurate or incomplete, you can request to see this data, rectified.
- You have the right to have your personal data deleted. Though it should be noted this is not an absolute right.
- You have the right to demand the restriction of the data processing of your personal data. This may include, but not limited to the use of data for direct marketing purposes.
- You have the right to receive your personal data in a structured, commonly used and machine-readable format (e.g. PDF or CSV) and to request the transmittance of your data to another controller;
- You have the right to object to the data processing. This is not an absolute right and only applies under certain circumstances;
- You have the right to withdraw a given consent at any time to stop a data processing that is based on your consent.
You may make any of the requests outlined above by contacting us by email: firstname.lastname@example.org or in writing marked for the attention of our Data Compliance Lead at the following address Learning Without Borders, Suite 7, 22 Northumberland Ave, London, WC2N 5AP, United Kingdom.
If you wish to complain about how we have handled your personal data, please contact our Customer Service Manager by email at email@example.com.
Our Customer Service Manager will then investigate your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Information Commissioner’s Office in the UK here: https://ico.org.uk/concerns/ and file a complaint with them.
Learning Without Borders may sometimes expand or reduce its business, this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties.
Data provided by Users will be transferred along with that division and the new owner or newly controlling party (if necessary to that division) will, under the terms of this Policy, be permitted to use the Data for the purposes for which it was supplied by you.
In the event that any personal data submitted by prospects or customers will be transferred in such a manner, you will not be contacted about this in advance or then after by us.
Our service does not address and is not directed towards anyone under the age of 13. We do not knowingly collect personal data from anyone under the age of 13.
If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that data from our systems.