Privacy Policy
This Privacy Policy outlines how Newham School 21 (“we”, “us”, or “our”) collects, uses, and protects your personal information when you visit or interact with our website located at newhamschool21.com (the “Website”). We are fully committed to protecting the privacy and personal data of all users and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Our Commitment to Privacy and Data Protection
At Newham School 21, we recognize that privacy is fundamental to trust. We are dedicated to safeguarding the data entrusted to us and to ensuring that your personal information is processed lawfully, transparently, and responsibly. We aim to provide you with clarity and control over your data, and we uphold the highest standards in our compliance practices.
2. Scope of This Policy and Our Role as Data Controller
This Privacy Policy applies to all visitors and users of the Website, including prospective students, parents, partners, and other stakeholders who interact with our digital services. For the purposes of applicable data protection laws, Newham School 21 is the “Data Controller” responsible for your personal data processed via newhamschool21.com.
If you have any questions or concerns about how we process your data, you may contact us at [email protected].
3. Categories of Personal Data We Process
We collect and process the following categories of personal data, either directly from you or generated through your use of the Website:
a. Usage Data:
– IP address
– Browser type and version
– Device type
– Geographic location
– Access times and dates
– Referring or exit pages
– Website interactions and session data
b. Account Data:
– Full name
– Email address
– Mailing address
– Contact number
– Unique user credentials (if applicable)
c. Profile Data:
– Personal preferences
– Behavioral trends on the Website
– Past interactions and interests
– Service history
d. Communication Data:
– Correspondence records (e.g., emails, contact form submissions)
– Support inquiries and resolutions
– Feedback and survey responses
e. Technical Data:
– Device and operating system identifiers
– Network and connection data
– System configuration details
f. Transaction Data:
– Billing and payment records
– Delivery and purchase history
– Payment method (limited to non-sensitive details unless otherwise required)
g. Preference Data:
– Marketing communication consents
– Event or product preferences
– Newsletter subscriptions and opt-ins
4. Legal Bases for Processing Personal Data
We process your data under one or more of the following legal bases:
– Consent: Where you have explicitly given us permission to process your personal data (e.g., email communications).
– Contractual Necessity: Where processing is required to fulfill a contract with you or to take steps at your request before entering a contract.
– Legal Obligation: Where we are required to process your data to comply with a legal duty.
– Legitimate Interests: Where processing is necessary for our legitimate business interests—such as improving the Website, ensuring security, or responding to user inquiries—provided those interests are not overridden by your fundamental rights and freedoms.
5. Your Data Protection Rights
Subject to applicable data protection laws, you have the following rights regarding your personal data:
– Right to Access: You may request a copy of your personal data held by us.
– Right to Rectification: You may request corrections to your personal data to ensure accuracy and completeness.
– Right to Erasure: You may request that we delete your personal data, subject to legal or contractual retention obligations.
– Right to Restriction: You may request that we limit the processing of your data under certain conditions.
– Right to Data Portability: You may request that your data be transferred to another service provider in a structured, commonly used format.
– Right to Object: You may object to our processing of your personal data on grounds relating to your particular situation.
– Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw it at any time, without affecting the lawfulness of prior processing.
You may exercise any of these rights by contacting us at [email protected].
6. Security Measures
We implement and maintain robust security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction, which include but are not limited to:
– Data encryption in storage and transit
– Role-based access controls with strong authentication
– Regular data backups and encrypted storage
– Staff training and awareness on data privacy and security
– Monitoring systems to detect unauthorized access or activity
7. International Data Transfers
Where necessary, we may transfer your data to third-party service providers or partners operating outside the United Kingdom or the European Economic Area (EEA). Any such transfers are made in accordance with applicable data protection law through one or more of the following measures:
– Standard Contractual Clauses (SCCs) approved by the European Commission
– Adequacy decisions for countries deemed to have appropriate data protection levels
– Binding Corporate Rules (BCRs) and intra-group safeguards
8. Data Retention
We retain personal data only for as long as is necessary for the purposes set out in this Privacy Policy. Retention periods may vary depending on the type and sensitivity of data and the purposes for which we process it:
– Usage Data: Retained for up to 12 months for analytics and performance improvement
– Account and Profile Data: Retained for the duration of your engagement or account status
– Communication Data: Retained for up to 3 years post-resolution
– Technical Data: Retained for up to 12 months
– Transaction Data: Retained for 7 years to comply with financial and legal obligations
– Preference Data: Retained until you revoke your consent or unsubscribe
Upon expiry of these periods, your data will be permanently deleted or anonymized.
9. Cookie Policy
Our Website uses cookies and similar technologies to enhance user experience and collect analytics. The types of cookies employed on newhamschool21.com include:
– Essential Cookies: Necessary for enabling basic website functions such as page navigation and access control.
– Functional Cookies: Enable enhanced features such as remembering user preferences and saved settings.
– Analytics Cookies: Allow us to understand user behavior through aggregated reports (e.g., Google Analytics).
– Performance Cookies: Measure website performance, such as load times and responsiveness across devices.
10. Cookie Management and Regulatory Compliance
When you first visit newhamschool21.com, you are presented with a cookie consent banner that allows you to accept or manage your preferences in accordance with GDPR and CCPA requirements. You may withdraw or modify your consent at any time using our Cookie Settings manager accessible on the Website footer.
Additionally, you have the capability to manage cookies at the browser level, including blocking or deleting existing cookies through your settings.
You have the right, subject to applicable law, to opt out of the “sale” or “sharing” of personal information under CCPA definitions. We do not sell personal data as defined under CCPA.
11. Children’s Privacy
Our services and Website are not intended for use by children under the age of 13. We do not knowingly collect personal information from users under the age of 13. If we learn that personal data from a child has been collected without parental consent, we will take steps to securely delete such information.
If you believe a child under the age of 13 has provided us with personal data, please contact us at [email protected].
12. Policy Updates
We reserve the right to update this Privacy Policy at our discretion, in order to reflect changes in operational, legal, or regulatory requirements. We will notify you of any material revisions through the Website, and where required by law, will seek additional consent for significant changes that affect your rights.
We encourage you to review this policy periodically to remain informed about how we protect your personal information.
13. Contacting Us
If you have any questions, concerns, or complaints regarding this Privacy Policy or how we handle your data, please contact our Data Protection Officer at:
Email: [email protected]
We are committed to ensuring full compliance with the GDPR, CCPA, and relevant UK data protection laws. Your privacy is at the heart of everything we do. Please don’t hesitate to reach out if you need further information or want to exercise your rights.