Cyber Coach’s Privacy Policy

Cyber Coach’s Privacy Policy

Online safety is of paramount importance to Cyber Coach. We take pride in how we deal with the data we hold and make sure we comply with the General Data Protection Regulation (GDPR).

We take seriously the privacy of all who visit our website, including visitors, registrants, school subscribers, subscriber’s students, and home users.

We are especially conscious of the need to protect all information concerning children using our services.

We are committed to safeguarding the privacy of students while providing personalised and valuable services.

If there are any requests concerning personal information or any queries with regard to these practices please contact our Privacy Officer by e-mail at Privacy@Emile-education.com.

Our site(s) contain(s) links to third party sites which are not subject to this privacy policy. We recommend that you read the privacy policy of any such sites that you visit.

References to Terms and Conditions are to the terms and conditions applicable to subscribers, subscriber’s students and home users.

Information Collected Personal information is collected by Cyber Coach which is registered with the UK’s Information Commission as a Data Controller in accordance with the Data Protection Act 1998.

Company’s Registered Address: Education House, Unit 14 Britannia Way, Bolton, Lancashire, BL2 2HH

Registered Number: 08445095

ICO Number: CSN4459631

Cyber Coach collects the following Personally Identifiable Data
We provide a personalised experience and as such we collect personally identifiable information about visitors to our websites, including registrants, subscribers, subscriber’s students and home users (“Data”) through:

  • the use of enquiry and registration forms;
  • the request for a trial or the purchase any of our products or services; and
  • the provision of details to us either online or offline.

Emile Education uses of Personally Identifiable Data
The elements of Data that we collect may include:

  • Name;
  • School address and phone number;
  • The provision of details to us either online or offline;
  • Mobile telephone number;
  • E-mail address;
  • Payment details such as credit card information and bank account information;
  • Market research data such as school information;
  • The name and date of birth of subscriber’s students; and
  • Indications of ability of a user including the time and duration of all visits to our websites, student’ scores in exercises, and the time taken to achieve the scores.

We also collect information automatically about visits by subscriber’s students whether at home or at school to Emile via Cookies.

Updating Your Information
You can update your account information by contacting the office on 01204 224 296 or emailing Privacy@Emile-education.com.

Data kept for marketing purposes can be changed at any time by clicking on the unsubscribe link on any email from us. From this link, you will be able to access the marketing preferences linked to your email address, meaning you can limit contact to free resources, product updates, events and training, free trials and/or special offers, or deselect yourself
from all non-account based emails entirely. Alternatively, you can email Privacy@Emile-education.com to update your information.

Your Access to Personally Identifiable Data

The General Data Protection Regulation gives you the right to access information held about you.
Your right of access can be exercised in accordance with the regulations. Please make such a request
in writing to privacy@Emile-education.co.uk.

Cyber Coach Employees

To ensure that the user receives the best customer care, Cyber Coach’s staff have access to user data
(dependent upon their role). Staff access is controlled via documented System Access Requests and is only
granted on a need-to-know basis.

Disclosure of Personal Identifiable Data to third parties

Cyber Coach has a policy of not sharing any Personal Identifiable Data about visitors, registrants,
school subscribers, subscriber’s students, and home users with anyone outside the organisation.
(Please note that the usernames/passwords are controlled by the users themselves.)

Who We Share data with

We do not sell or share your data without your consent, other than those processors we use for our business operations under our control:

  • Blue Wren – backend support work;
  • Trello – online project management systems;
  • Microsoft – office & email systems;
  • Google – office & email systems;
  • Dropbox – software storage;
  • SendInBlue – email marketing campaigns; and
  • Manchester Metropolitan University – educational input into product development

In all cases the servers where your personal data is stored and processed are located in the European Economic Area or other areas where adequate standards of protection are in place in line with EU law.

Legal requirements

We may also disclose Data to third party suppliers if we are otherwise required to do so by law. Security and Protection of Personal Identifiable Data All remote access to Cyber Coach web applications are conducted over HTTPS, an encrypted web link secured with a Secure Sockets Layer (SSL). This is the same method used by banks and commercial entities to secure sensitive data from interception.

External Storage of Personal Identifiable Data

Emile Education stores data on secure database servers – Amazon Webservers.

Amazon Webservers are housed in secure data centres, trusted and used by many of the country’s leading organisations.

Transfer of Personal Identifiable Data Outside of the European Economic Area
All data entered and saved on Cyber Coach products is stored and backed up on secure database servers within the UK. Any email communication with us will go through our email systems (Microsoft Office 365 & Google Mail) which is held on Privacy Shield compliant servers held in the USA – the US Privacy Shield policy is available to view on request. Wherever possible we request our customers to upload their data directly to Cyber Coach products rather than emailing it to us.

Use of Personal Identifiable Data
By accepting the Terms and Conditions all home users and school subscribers consent to Emile Education’s use and/or disclosure of the home user’s, schools and the subscriber’s students’ Data for purposes which may include:

  • providing home users or subscriber’s students with a personalised service;
  • providing feedback about use of Emile;
  • processing orders, registrations, changes to registrations and enquiries;
  • disclosing certain personal details including account details to a bank, credit card operator or other payment processor for the purposes of setting up a continuous payment authority and/or collecting direct debits;
  • conducting market research surveys;
  • running competitions;
  • providing information about other products and services from Emile Education; and
  • consolidating anonymised Data

Data Retention Schedule

Data Held

Cyber Coach holds data on suppliers, potential customers (schools), customers (schools), teachers, students, home users and employees.

Data may be held electronically on our email systems, payroll, CRM systems, and access control systems.

Please note that our accounts software holds no personal data

Our working email servers (Office 365) have a 6-month retention policy.

Our back up email servers (Gmail) have a 36-month retention policy.

Payroll will be cleansed in August every year. The cleansing will be the removal of data relating to employees who terminated employment more than 6 years previous.

Customers and potential customers in our CRM and access control system are deleted 5 years from the last active service.

Breach Notification Procedure
Outline Procedure

Any potential Data Protection Breach (DPB) is notified to the Privacy Officer (PO). The PO will open an incident log and make an initial assessment of the breach’s severity.

The PO will conduct a detailed assessment and investigation of the DPB. The PO will establish a likelihood and severity of a resulting risk to people’s rights and freedoms.

If there is a risk, the ICO will be notified within 72 hours of the notification.

If there is no risk, a documented decision will be made available to the ICO (although the ICO will not be notified).

If a DPB is likely to result in a high risk to the rights and freedoms of individuals, the PO will inform those concerned directly and without undue delay.

Any DPB will be documented and reviewed to ascertain if lessons can be learned.

X

Please note that we never sell your data and treat it with the upmost of respect. To see our full data protection policy click here.