Review date: June 2021
The Exams Office, TEO Education and/or Exams Training (“us”, “we” or “our”) are committed to respecting your privacy and to complying with all applicable data protection and privacy laws.
If you, or anyone on your behalf, submits personal information to us for any reason, for example, but not limited to, those outlined below you can be assured that we will use your personal information only for the reason you supplied it to us and to support your continuing relationship with our businesses as outlined here.
We wish to help you make informed decisions, so please take a few moments to read the sections below and learn how we may use your personal information.
Our contact details
Name: Nicholas Marr – Head of Operations and Governance
Address: The Exams Office, 44 Holly Walk, Leamington Spa, CV32 4HY
Phone Number: 0333 7000 755
The type of personal information we collect
We only collect and use your personal information with your knowledge and consent and typically when you, or your representative:
- Order and/or subsequently use our products and services
- Make general enquiries
- Register for information
- Request product or service details
- Submit online applications for any reason (e.g. job applications)
- When you respond to communications from us (such as questionnaires or surveys),
- Attend our training events or annual conferences
- Or, in any way requiring us to do so to serve you as a paid member of The Exams Office or any of our membership businesses
The type of personal information we collect is kept to the absolute minimum for us to communicate and supply you with the information or services for which you allowed us your details.
We typically only collect your name, email, and professional telephone number as personal identifiable fields but it may be that we also need to capture further details such as, but not limited to:
- Educational establishment details, including, postal address, telephone number, email address
- and other key contact information to help us communicate with you or your representatives or organisation(s)
Any interactions with us, and our group of businesses, will always make clear the information we are collecting and the reason for which you, or your representatives, are being asked to submit this to us.
We understand that much of the data for which we are entrusted has a cross-over with personal and professional contact information, so we treat any, and all, data captured in the same way: as personally identifiable data.
If you, or your representative, choose to provide us with information it will only be used in support of the intended purposes stated at the time at which it was collected.
Non-personal identifying information
We may also, on occasion, collect non-personally identifying information about your interaction with our online access areas using digital cookies.
Some of this information is required for the functioning of the online elements of our business (namely the websites and online tools) and these must be allowed to access the requested online service(s).
Other information may include the pages you browse, and products and services requested but, where possible, we keep non-essential data to an absolute minimum and entirely optional.
We may also use ASP.Net session cookies to enhance your browsing experience and allow our website to function.
How we get the personal information and why we have it
We only use your information for the purpose in which you gave it to us which will be clear at the time this is supplied.
We never share your personal data with any third-party organisation(s) without your express permission.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You can remove your consent at any time. You can do this by contacting us at firstname.lastname@example.org or via the contact details outlined in this statement
(b) We have a contractual obligation
(c) We have a legal obligation
(d) We have a vital interest
(e) We need it to perform a public task
(f) We have a legitimate interest
How we store your personal information
We recognise that it is important to protect personal information from misuse and abuse and about data privacy in general. We are constantly reviewing and enhancing our technical, physical, managerial, working procedures and rules to protect all personal data and keep it safe from unauthorised access, accidental loss and/or destruction.
We use industry standard practices throughout the business and secure encryption of data in transit and storage where possible and applicable. For example, all access to the online tools, services and websites are covered by secure, encrypted connections.
Please be aware that communications over the Internet, especially as emails, are not always secure unless they have been encrypted in the way all our online communication channels are. Encryption to the point of data leaving your control is your responsibility and we can only accept responsibility for your data once it is in our control and is received by our secure channels (secure website access and secure email data for example).
We do not accept responsibility for any unauthorised access or loss of personal information at a point that is external to our business or systems and beyond our control, for example unencrypted emails sent or received by local devices before or after data has entered or left our secure network connections (unprotected Wi-Fi channels or potentially insecure email connections).
How long we keep your information for
To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we need it for the purposes we acquired it, which will be/was made clear at the time this is/was submitted.
In most cases, this means we will keep your information for as long as you are an active member of one of our businesses and/or continue to use our services, and for a reasonable period afterwards.
When no longer required we delete all personal data, other than where we lawfully need to keep this (for example, seven years for accounting records and VAT reporting). This is all subject to an individual’s right to unsubscribe or be forgotten at any time.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances
- Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you as outlined below.
Access to your information
You can write to us at any time to obtain details of the personal information we may hold about you, request amendments or remove data where we have no legal or contractual obligation to store such information.
Please write to, via recorded delivery: Nicholas Marr (DPO), The Exams Office, 44 Holly Walk, Leamington Spa, CV32 4HY or email email@example.com ensuring you receive a receipt of acknowledgement.
Please quote your full name and address together with a preferred contact method (e.g. telephone number or email).
With proof of delivery or acknowledgment of receipt we will respond to any requests no later than we are legally required to do so: This is the nearest subsequent business day on the equivalent date of the day after receiving the initial enquiry in the following Calender month or, where there isn’t such a date, the nearest subsequent business day according to the last day of the following month.
Any changes or deletions will also be handled within the same timescale of receiving and acknowledging the request.
This is usually within 28 days of receiving proof of delivery or acknowledgment of receipt of the initial request.
We will take all reasonable steps to confirm your identity before acting upon any reasonable request as outlined above.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at:
The Exams Office, 44 Holly Walk, Leamington Spa, CV32 4HY or email firstname.lastname@example.org.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk