GDPR Statement - Cambridge Online Tutors

Introduction

On 25 May 2018, the General Data Protection Regulation (GDPR) became effective. The GDPR aims to protect the right to privacy of every EU resident giving them a greater say over how their personal data is used. Furthermore, it details how EU personal data laws are applied outside the EU. The GDPR, therefore, has important implications for how organisations handle confidential data.

TauRho Tutors Limited (Trading Name: Cambridge Online Tutors) is classified under GDPR as a data controller, we have always complied rigorously with the Data Protection Act (DPA, 2018). We have taken every step to ensure that we are also compliant with the new legislation under the GDPR.

Our Commitment

TauRho Tutors Limited is registered with the Information Commissioners Office (ICO) and we honour our clients’ right to data privacy and protection in accordance with the guidance provided by the ICO. TauRho Tutors Limited does not use its clients’ personal information beyond what is required for the functioning of its services.

Our commitment to data privacy and protection is evident in the following policies we follow:

TauRho operates a secure connection to communicate between our website and browsers
The TauRho portal is protected by User-defined Password and SSL Certified encrypted connection.
Files are stored with our hosting provider, who in turn, are both bound by the DPA and GDPR for information security management.
Our tutors have signed a full and comprehensive confidentiality agreement and have had their ID, nationality, and immigration status verified and hold valid DBS certificates. In instances where clients would gain further peace of mind, we are happy to sign any further confidentiality agreements or NDAs offered by you, subject to review.
Each member of the tutoring teams adheres to this level of security:
Minimum Standard 128 bit encryption
Certified, Secure Malware and Anti-virus protection
All members of our team are required to delete personal information held locally after one month. A data deletion confirmation clause exists within our confidentiality agreement and a data deletion confirmation statement is signed by each team member on a monthly basis for any data accessed in the previous month.
We act in accordance with the Tutors Association and abide by their code of conduct.

How are TauRho Tutors prepared for GDPR?

As a data controller, we understand our obligation to our clients and their personal data. We have thoroughly analysed the GDPR requirements and are working through several initiatives to ensure that we are only holding the minimum information required to provide the contracted services to our clients, that we allow clients to manage the data that is held and easily be able to provide access to the data and removal wherever possible.

These include but are not limited to:

Data Audit Trail

All client information is stored securely within our portal. Any access to this information is logged and recorded. If you would like to view our GDPR audit map which maps the trail by which personal data is collected, stored and held until purging, please get in touch with 'info@cambridgeonlinetutors.co.uk'

Data Retention

All intellectual property or personal information belonging to the client are purged following a period of inactivity of one year. This does not includes recordings of online lessons which are deleted every 90 days unless a legal issue has arisen. After a period of inactivity of one year, all personal contact information stored on the portal will also be purged. These timeframes can be altered by client request. Currently, this is an automated process to ensure negligence is removed from the data purging process.

Identifying personal data

TauRho has undertaken a systematic review of all personal data that is being stored, managed, retained, collected, processed and disposed of across our systems. Assessment of this data will review flow pathways, in relation to lawfulness, purpose, minimisation, accuracy, limitation, consent, integrity and confidentiality, record keeping and accountability. Visibility and transparency

The most important aspect of GDPR is how the collected data is used. As a data controller, we are committed to allowing clients to manage their personal data. Some of these details do filter through to TauRho backend processes which are not publicly visible such as billing or support. At any point, the client is able to request access to any personal data held. Other than if disrupting a currently provided service, the client can request this data is deleted immediately.

Transferability of data

GDPR gives end users the right to receive all the data provided and processed by the controller or transfer it to another control. To ensure the technical feasibility of these processes, TauRho has outlined the pathways in our new record keeping system which auto-logs access to any personal information on our systems. This will help navigate our system for any data transfers, improving the efficiency of the data exporting process. Training and Awareness

TauRho Tutors undertakes internal GDPR training on a quarterly basis for all members of the team and when taking on new team members. Additionally, GDPR assessments are provided for the team when policies and procedures are updated. Supplier & Partner relationships

TauRho Tutors monitors all supplier protocols and server hosts to ensure they are GDPR-compliant.

FAQ

Can we search our personal data on your systems?

Your personal data that you have provided to TauRho Tutors can be found and edited by you alone in your online portal area. If you have not logged in for a while, please contact us for a new login.

Can we delete our personal data from your systems?

You can update, edit or close your account. Your personal data will then be automatically purged from our systems within 24 months. If you would like data removed more promptly, please get in touch with our compliance team at info@cambridgeonlinetutors.co.uk. Any data removal requests can only be removed once payment has been received and after the first day of the month preceding your project completion.