Bringing the classroom to you
On 25 May 2018, the General Data Protection Regulation (GDPR) became effective. The GDPR aims to protect the right to privacy of every EU resident giving them a greater say over how their personal data is used. Furthermore, it details how EU personal data laws are applied outside the EU. The GDPR, therefore, has important implications for how organisations handle confidential data.
TauRho Tutors Limited (Trading Name: Cambridge Online Tutors) is classified under GDPR as a data controller, we have always complied rigorously with the Data Protection Act (DPA, 2018). We have taken every step to ensure that we are also compliant with the new legislation under the GDPR.
TauRho Tutors Limited is registered with the Information Commissioners Office (ICO) and we honour our clients’ right to data privacy and protection in accordance with the guidance provided by the ICO. TauRho Tutors Limited does not use its clients’ personal information beyond what is required for the functioning of its services.
Our commitment to data privacy and protection is evident in the following policies we follow:
As a data controller, we understand our obligation to our clients and their personal data. We have thoroughly analysed the GDPR requirements and are working through several initiatives to ensure that we are only holding the minimum information required to provide the contracted services to our clients, that we allow clients to manage the data that is held and easily be able to provide access to the data and removal wherever possible.
These include but are not limited to:
All client information is stored securely within our portal. Any access to this information is logged and recorded. If you would like to view our GDPR audit map which maps the trail by which personal data is collected, stored and held until purging, please get in touch with 'firstname.lastname@example.org'
All intellectual property or personal information belonging to the client are purged following a period of inactivity of one year. This does not includes recordings of online lessons which are deleted every 90 days unless a legal issue has arisen. After a period of inactivity of one year, all personal contact information stored on the portal will also be purged. These timeframes can be altered by client request. Currently, this is an automated process to ensure negligence is removed from the data purging process.
TauRho has undertaken a systematic review of all personal data that is being stored, managed, retained, collected, processed and disposed of across our systems. Assessment of this data will review flow pathways, in relation to lawfulness, purpose, minimisation, accuracy, limitation, consent, integrity and confidentiality, record keeping and accountability. Visibility and transparency
The most important aspect of GDPR is how the collected data is used. As a data controller, we are committed to allowing clients to manage their personal data. Some of these details do filter through to TauRho backend processes which are not publicly visible such as billing or support. At any point, the client is able to request access to any personal data held. Other than if disrupting a currently provided service, the client can request this data is deleted immediately.
TauRho Tutors undertakes internal GDPR training on a quarterly basis for all members of the team and when taking on new team members. Additionally, GDPR assessments are provided for the team when policies and procedures are updated. Supplier & Partner relationships
TauRho Tutors monitors all supplier protocols and server hosts to ensure they are GDPR-compliant.
Your personal data that you have provided to TauRho Tutors can be found and edited by you alone in your online portal area. If you have not logged in for a while, please contact us for a new login.
You can update, edit or close your account. Your personal data will then be automatically purged from our systems within 24 months. If you would like data removed more promptly, please get in touch with our compliance team at email@example.com. Any data removal requests can only be removed once payment has been received and after the first day of the month preceding your project completion.