nolan education

GDPR Policy

Nolan Education GDPR Policy

Introduction

Nolan Education is committed to protecting and respecting your privacy. This policy outlines how we collect, use, store, and protect personal data in accordance with the General Data Protection Regulation (GDPR).

Key Principles

Nolan Education adheres to the following key principles of GDPR:

  1. Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner.
  2. Purpose limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it further in ways incompatible with those purposes.
  3. Data minimisation: We collect only the personal data that is adequate, relevant, and necessary for the purposes of processing.
  4. Accuracy: We take reasonable steps to ensure personal data is accurate and kept up-to-date.
  5. Storage limitation: We retain personal data only for as long as necessary for the purposes for which it is processed.
  6. Integrity and confidentiality: We process personal data securely, protecting it against unauthorized or unlawful processing, and accidental loss, destruction, or damage.
  7. Accountability: We comply with these principles and are responsible for our data processing activities.

Data Collection

What Data We Collect

Nolan Education may collect and process the following types of personal data:

  • Contact Information: Names, addresses, phone numbers, and email addresses of students and their parents or guardians.
  • Student Information: Date of birth, gender, academic records, attendance records, and progress reports.
  • Payment Information: Bank account details and payment history.
  • Communications: Records of communications between Nolan Education and students, parents, or guardians.

How We Collect Data

We collect personal data through various means, including:

  • Registration forms
  • Email and phone communications
  • In-person meetings
  • Online forms and interactions during online classes

Data Usage

We use personal data for the following purposes:

  • To provide and manage educational services.
  • To communicate with parents or guardians.
  • To maintain accurate records of students’ progress and attendance.
  • To process payments and manage financial records.
  • To comply with legal obligations and regulatory requirements.

Data Storage and Security

Data Storage

Personal data is stored securely in electronic and physical formats. Electronic data is stored on secure servers, and physical data is stored in locked filing cabinets.

Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

  • Secure passwords and access controls
  • Encryption of sensitive data
  • Regular data backups
  • Staff training on data protection and security

Data Sharing

We do not share personal data with third parties except in the following circumstances:

  • With the explicit consent of the student or their parent/guardian.
  • When required by law or regulatory authorities.
  • When necessary to protect the vital interests of the data subject or another person.
  • With service providers who perform functions on our behalf (e.g., payment processing), provided they comply with data protection laws and only use the data for the specified purposes.

Data Subject Rights

Under GDPR, individuals have the following rights regarding their personal data:

  1. Right to Access: Individuals can request access to their personal data and obtain information about how we process it.
  2. Right to Rectification: Individuals can request correction of inaccurate or incomplete personal data.
  3. Right to Erasure: Individuals can request the deletion of their personal data, subject to certain conditions.
  4. Right to Restrict Processing: Individuals can request that we limit the processing of their personal data in certain circumstances.
  5. Right to Data Portability: Individuals can request a copy of their personal data in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller.
  6. Right to Object: Individuals can object to the processing of their personal data in certain circumstances.
  7. Rights Related to Automated Decision-Making and Profiling: Individuals have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

Exercising Your Rights

To exercise any of these rights, please contact Rachel Nolan via email at mrsrachelnolan@gmail.com. We will respond to your request within one month.

Data Breaches

In the event of a data breach, we will take immediate steps to mitigate the breach and prevent further unauthorised access. We will notify the affected individuals and the relevant supervisory authority (the Information Commissioner’s Office) within 72 hours if the breach poses a risk to individuals’ rights and freedoms.

Policy Review

This policy will be reviewed annually to ensure it remains up-to-date with legal requirements and best practices. The next review date is set for July 2025.

Nolan Education

www.nolaneducation.com