what we do to ensure that your information is kept safe and secure. This policy is intended to meet the requirements of applicable data protection laws including the General Data Protection Regulation 2016/679 and the UK Data Protection Act 2018 (‘Data Protection Laws’).
- About Reallyenglish
- How we collect and process personal data
- Our language learning platform
- Recipients of personal data
- How long we store personal data for
- How we keep personal data safe
- International transfers
- Your rights as a data subject
- Updates to this policy
1. ABOUT REALLYENGLISH
We are Reallyenglish.com (‘we’, ‘us’ or ‘our’), an online language learning service provider. We are a private limited company with company number 03895911, having our registered office at 85 Great Portland Street, London, England, W1W 7LT.
We are a controller of personal data and are regulated by Data Protection Laws. This means we are responsible for deciding how and why we use personal data and for keeping it safe. We are registered as a data controller with the Information Commissioner’s Office with registration number ZA530952.
If you have questions about this policy or your personal data, please email email@example.com with the subject line ‘Data Protection’.
2. HOW WE COLLECT AND PROCESS PERSONAL DATA
We process personal data about the following categories of persons:
(a) Individuals we deal with when doing business.
(b) Website visitors and individuals who contact us.
(c) People who work with us, including contractors and job applicants.
Further information on each category of individuals can be found below.
Individuals we deal with when doing business: We collect, store and use personal data about individuals who we do business with, such as individual representatives of suppliers, customers, agents, resellers, contacts at education institutions and professional advisers. The information we collect typically includes an individual’s name, email address and contact information, employer, job title and professional expertise. This information is typically provided to us by the individual, his or her employer or a third-party business contact who has referred that person to us.
We use this information for the purpose of operating our business and dealing with customers, suppliers and advisers because it is in our legitimate interests to do so. This information is usually retained for the duration of our ongoing relationship with an individual. Where we have entered into a contract with an individual or their employer, we may retain that person’s personal data for longer as part of our contract, management and accounting records.
Website visitors and individuals who contact us.
We do not actively collect personal data about visitors to our website unless they choose to provide such information, such as by using a website form to contact us or making use of our webchat widget. Any information that you provide (for example your name or email address) when contacting us will be used on the basis that it is in our legitimate interests to process this data to correspond with you.
If you choose to subscribe to our newsletter, your contact data will be used for marketing purposes on the basis you have provided your consent to receive news and updates.
We may also collect anonymous information about website users in order to optimise and improve the website. This might include IP addresses, browser or device details and the connection type or the internet service provider used. However, none of this information will by itself directly identify any particular user. We use this information to track visits and pages used on the platform. For more information on this, please see our Platform Cookies Policy which can be found here.
People who work with us, including contractors and job applicants
The information we collect about applicants may include information which:
- You provide to us (such as in CVs, application forms, and through correspondence);
- You provide during an interview;
- We obtain from previous employers and referees; or
- Is provided to us by recruitment agencies.
We may also ask for references, which will be collected at the last stage of the recruitment process. In the event that we need to carry out background checks we will notify you of this in advance and provide you with details of the checks and why they are being carried out.
We use the personal data we collect about you to:
- Assess your skills, qualifications, and suitability for a role;
- Communicate with you about your application;
- Keep records related to our hiring process; and
- Comply with legal requirements.
We do all of this because it is either a necessary part of entering into a contract of employment with you or because we have a legitimate interest in ensuring that you are suitable for a particular role. If you fail to provide personal data which is necessary for us to consider your application (such as evidence of qualifications or work history) we will not be able to process your application successfully.
If we need to process sensitive personal data about a job applicant, for example, disability information in order to consider whether we need to provide appropriate adjustments during the recruitment process, we will ask for explicit consent to do this at the time at which we request the personal data or ensure that we satisfy another condition under Data Protection Laws for lawfully processing such personal data.
We normally retain personal data about unsuccessful job applicants for no more than six months from the time we inform them of our hiring decision. We retain personal data for this period so that we can demonstrate, in the event of a legal claim, that we have not discriminated against an applicant and that the recruitment process was fair and transparent. After this period, we will securely destroy the applicant’s personal data. If we wish to retain personal data on file in case future opportunities arise, we will contact the applicant and ask for his or her consent to do so.
If your application is successful, the personal data you provided in the application process will be stored as part of your personnel file.
3. OUR LANGUAGE LEARNING PLATFORM
We collect personal data relating to individuals who use our online learning platform for language learning and educational purposes. This information is typically:
- Provided to us by end users when they use our website or create an account on, or log in to, the online platform; or
- Collected during the course of using our online platform.
4. RECIPIENTS OF PERSONAL DATA
Personal data you provide to us will kept private and confidential in accordance with our obligations under Data Protection Laws. We will only disclose or share personal data with other data controllers where this is required:
- In connection with our business of providing language learning services and where it is in the legitimate interests of ourselves or related third parties to do so. For example, if a customer is referred to us by an agent, we may inform the customer of who referred them to us.
- By law, such as where we are required to comply with a court order or other legal requirement;
- Where we have satisfied ourselves that we have another lawful basis for sharing your personal data; or
- In connection with a business reorganisation, merger, acquisition or other corporate transaction, in order to allow the parties to evaluate the transaction and to ensure that the users of our services continue to receive the language learning services without interruption.
Your personal data will also be shared with some of the third parties who provide services to our business. This includes software providers, cloud service providers and IT support services. However, these third parties will only process personal data (which may include your information) on our behalf for specified purposes and in accordance with our strict instructions pursuant to a written contract.
5. HOW LONG WE STORE PERSONAL DATA FOR
We only retain personal data for as long as is necessary for the specific purposes it was collected for (or for related compatible purposes such as complying with applicable legal, accounting or record-keeping requirements).
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from its unauthorised use of disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you have any questions regarding the storage of your personal data, please contact us using the details set out in section 8 of this policy.
6. HOW WE KEEP PERSONAL DATA SAFE
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an authorised way, damaged or destroyed, altered or disclosed.
These measures include information security measures such as encryption, antivirus and multi-factor authentication and organisational measures (such as internal training, policies and procedures relating to information security, data breaches and disaster recovery).
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to legal and contractual confidentiality obligations.
We have put in place reporting procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of a breach when we are legally required to do so.
7. INTERNATIONAL TRANSFERS
We normally only store personal data within the UK or European Economic Area. However, as a global software business we may from time to time need to transfer data outside these jurisdictions. In addition, some of the technology and support services we use are provided by companies that are based in other countries. Before using such service providers, we take steps to make sure that any personal data they process is adequately protected and transferred in accordance with Data Protection Laws, usually by one or more of the following methods:
- ensuring the recipient is in a country that has been approved in accordance with Data Protection Laws as providing adequate protection for personal data;
- implementing appropriate safeguards such as requiring the recipient to enter into Standard Contractual Clauses approved in accordance with Data Protection Laws; or
- Data Protection Laws otherwise permit use to make the transfer.
If you would like more detailed information on the measures and safeguards that we implement for such data transfers, then please contact us using the details set out in section 1 above.
8. YOUR RIGHTS AS A DATA SUBJECT
Data Protection Laws provide you with certain rights in relation to your personal data. These are as follows:
- The right to access your personal data. This gives you the right to receive a copy of the personal data we hold about you subject to certain exemptions.
- The right to request correction or completion of personal data. This gives you the right to have any incomplete or inaccurate personal data corrected.
- The right to request erasure of your personal data. This allows you to request us to delete or remove personal data. You also have the right to request us to delete or remove your personal data where you have exercised your right to object to processing (see below). In certain circumstances, this right may not apply, such as where we have a good, lawful reason to continue using the information in question and, if this is the case, we shall inform you of such reasons at the relevant time.
- The right to object to processing of your personal data. You can object to us processing your personal data for legitimate interests purposes or for direct marketing. We must then stop processing your data unless we have a strong reason to continue that overrides your objection. If your objection is to direct marketing, we must always stop.
- The right to restrict how your personal data is used. You can limit how we use your personal data in certain circumstances. Where this applies, any processing of your personal data (other than storing it) will only be lawful with your consent or where required for legal claims, protecting certain rights or important public interest reasons.
- The right to have a portable copy or to transfer your personal data. You can request that we provide you, or (where technically feasible) a third party, with a copy of your personal data in a structured, commonly used, machine-readable format. Note that this only applies to personal data that we obtain from you and, using automated means, process on the basis of your consent or in order to perform a contract.
- The right to withdraw consentIf we are relying on consent to process your personal data, then you have the right to withdraw that consent at any time.
RespondingWe try to respond to all personal data requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. Please also bear in mind that there are exceptions to the rights above and some situations where they do not apply.
We may need to request additional information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you to clarify your request.
Fees for making a request: You will not normally have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in such circumstances.
How to make a request: If you want to exercise any of the rights described above, please email firstname.lastname@example.org or write to Data Protection Requests, Reallyenglish.com Limited, 85 Great Portland Street, London, England, W1W 7LT.
Your right to complain to a supervisory authority You have the right to complain to the Information Commissioner’s Office if you are not satisfied with our response to a data protection request or if you think your personal data has been mishandled. For further information on how to make a complaint, please visit: https://ico.org.uk.
9. UPDATES TO THIS POLICY
We will update this policy from time to time. The current version will always be posted on our website. This policy was last updated in November 2020.