Privacy Policy
Effective date: June 07, 2020
Berkeley Guardians (“us”, “we”, or “our”) operates the www.berkeleyguardians.com website (the “Service”).
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.
The policy sets out what processes are in place to ensure that personal data is obtained, handled, stored and destroyed in accordance with GDPR. It explains what is required of our staff to enable us to comply with applicable law.
In order to operate and carry out our services, Berkeley Guardians needs to collect, use and retain certain types of information about the people with whom it comes into contact. These include current, past and prospective employees, agents and service users and others with whom it communicates (who are all, Data Subjects). We take the issue of data protection very seriously and regard the lawful and correct treatment of personal data with the utmost importance to guarantee the successful operation of Berkeley Guardians and to maintain the confidence of those with whom we come into contact.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from www.ukintern.co.uk
Information Collection And Use
We collect several different types of information for various purposes to provide and improve our Service to you.
Types of Data Collected
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Family information such as date-of-birth, proof of address, proof of ID
- Phone number, call messages
- Through social media and complaints
- Address, State, Province, ZIP/Postal code, City
- Cookies and Usage Dataata
We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
We
will process personal data when we obtain, record, read, hold or use
personal data.
All of the following activities will constitute the processing of personal data (without limitation):
- Obtaining, filing, collecting, recording, organising, structuring or storing data;
- Adapting or altering data;
- Retrieving, consulting or using data;
- Consulting with someone on the content of data or otherwise using it;
- Disclosing data by transmitting it, disseminating it or otherwise making it available (including disclosures made to other employees or service users);
- Combining the data with other data or aligning data; and
- Restricting, erasing or destroying data
All personal data must be processed in accordance with the data protection principles. In particular:
- You must have a lawful basis for processing personal data
- Once you have collected personal data for a particular purpose, it must only be used for that purpose
- You cannot collect and process personal data unless it required as part of your job
- You must ensure that personal data is accurate and is kept up to date
- You should not keep personal data for longer than is reasonably necessary You must comply with requirements to ensure the security, integrity and confidentiality of personal data
- You should not transfer personal data outside the EEA without first contacting the Chief Officer or Operations Manager
- Data subjects have certain rights in relation to their personal data
We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Service.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
Personal Data Protection Principles
Personal data must be processed in accordance with seven enforceable principles to which all staff must make all reasonable efforts to adhere. The principles state that personal data must be:
- Processed fairly, lawfully and in a transparent manner (Lawfulness, Fairness and Transparency);
- Collected only for specified, explicit and legitimate purposes (Purpose Limitation);
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (Data Minimisation);
- Accurate and where necessary kept up to date (Accuracy);
- Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is processed (Storage Limitation);
- Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality);
- Not transferred to another country without appropriate safeguards in place (Transfer Limitation); and
- Made available to Data Subjects and allow Data Subjects to exercise certain rights in relation to their personal data (Data Subject’s Rights and Requests).
We are responsible for and must be able to demonstrate compliance with the data protection principles listed above, as well as ensuring we have adequate resources and controls in place to ensure and document GDPR compliance.
Use of Data
Berkeley Guardians uses the collected data for various purposes:
- To provide and maintain the Service
- To notify you about changes to our Service
- To allow you to participate in interactive features of our Service when you choose to do so
- To provide customer care and support
- To provide analysis or valuable information so that we can improve the Service
- To monitor the usage of the Service
- To detect, prevent and address technical issues
- To comply with Aegis accreditation process and maintenance
Transfer Of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
Your information may also be transferred to Aegis office and lead and supporting inspectors for the purposes of a (re)accreditation inspection.
If you are located outside the United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United Kingdom and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
Berkeley Guardians will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
Storage Limitation
- There are legal and regulatory requirements for us to retain certain data, usually for a specified amount of time. We also retain data to help our organisation operate and to have information available when we need it. However, we do not need to retain all data indefinitely, and retaining data can expose us to risk as well as be a cost to our organisation.
- We will not keep personal data in a form which permits the identification of the Data Subject for longer than needed for the purpose(s) for which we originally collected it including for the purpose of satisfying any legal, accounting or reporting requirements.
- The retention procedures set out below help to ensure personal data is deleted after a reasonable time for the purposes for which it was being held, unless a law requires that data to be kept for a minimum time.
- We will take all reasonable steps to destroy or erase from our systems all personal data that we no longer require in accordance with Appendix 2. This includes requiring third parties to delete that data where applicable.
- We will ensure Data Subjects are informed of the period for which data is stored and how that period is determined in any applicable privacy notice.
Data Retention
The
principles of data minimisation and storage limitation (set out above) apply
when
considering retention of personal data.
The Data Controller is responsible for identifying the data that we must or should retain, and determining the proper period of retention (seeking advice where required to do so). This person is also responsible for administering data management programmes and providing guidance to our staff on data retention and disposal.
Data should only be retained as long as it is needed for business purposes. Once it no longer has any business purpose or value it should be securely disposed of.
We are required to ensure that all personal data held by us is retained and destroyed securely. Compliance with the contents of this policy will help ensure compliance with our legal obligations.
This Policy applies to physical data such as hard copy documents, contracts, notebooks, letters and invoices. It also applies to electronic data such as emails, electronic documents, audio and video recordings
Disclosure Of Data
Legal Requirements
Berkeley Guardians may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To comply with the Aegis (re)accreditation process
- To protect and defend the rights or property of Berkeley Guardians
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
Security Of Data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Storage, Back-Up and Disposal of Data
Our data must be stored in a safe, secure, and accessible manner. Any documents and financial files that are essential to our business operations during an emergency must be duplicated and/or backed up regularly and maintained off site.
The Data Controller is responsible for the continuing process of identifying the data that has met its required retention period and supervising its destruction. The destruction of confidential, financial, and employee-related hard copy data must be conducted by shredding if possible.
The destruction of data must stop immediately upon notification that preservation of documents for contemplated litigation is required (sometimes referred to as a litigation hold). This is because we may be involved in a legal claim or an official investigation and the data could be relevant. Destruction may begin again once this requirement for preservation is lifted.
Data Subject’s Rights and Requests
Data
Subjects have rights when it comes to how we handle their personal data. These
include rights to:
- withdraw consent to processing at any time;
- receive certain information about the Controller’s processing activities;
- request access to their personal data that we hold;
- prevent our use of their personal data for direct marketing purposes;
- ask us to erase personal data if it is no longer necessary in relation to the purposes for which it was collected or processed or to rectify inaccurate data or to complete incomplete data;
- challenge processing which has been justified on the basis of our legitimate interests or in the public interest;
- request a copy of an agreement under which personal data is transferred outside of the EEA;
- object to decisions based solely on automated processing, including profiling;
- prevent processing that is likely to cause damage or distress to the Data Subject or anyone else;
- be notified of a personal data breach which is likely to result in high risk to their rights and freedoms; and
- in limited circumstances, receive or ask for their personal data to be transferred to a third party in a structured, commonly used and machine-readable format.
A Data Subject may contact you to exercise one or more of these rights over the data we hold about them. You must verify the identity of an individual requesting data under any of the rights listed above (third parties may only make requests on behalf of a Data Subject with proper authorisation).
If you receive a Data Subject request you should forward this immediately to a Director.
Service Providers
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Analytics
We may use third-party Service Providers to monitor and analyse the use of our Service.
- Google Analytics – Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
Links To Other Sites
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Children’s Privacy
At Berkeley Guardians, we understand all students, whether under or over 18, should primarily be treated like an adult would in terms of Data Protection. The only exceptions would be those with severe learning difficulties, school link students (those on roll with a school) and those who are otherwise unable to decide for themselves.
However, we are also keen to keep parents/carers/ agents informed and, whilst they are not automatically entitled to the information we seek consent from students to share information with them.
Changes To This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact:
Karen Pickles, a Berkeley Guardians Director. Karen can be contacted in office hours on 07565493818 or outside office hours via the emergency phone: 07565493818. Her email is karen@berkeleyguardians.com
APPENDIX 1
DATA RETENTION SCHEDULE
- Set out below are our standard time periods for retention of data. If data is not covered in the retention table below it is likely that it should be treated as day to day disposable data. However, if you come across any situation not covered in this schedule which you think should be, or you are unsure about the classification of data in this schedule, you should contact our Data Controller Karen Pickles.
- The retention periods below may be extended in the event that legal or regulatory proceedings are brought or an official investigation is launched. In these circumstances we will retain the data we consider relevant for as long as is necessary for the purposes of such proceedings.
Data Type (in general) | Maximum Retention period | Reason/Comments |
Employee records (including host families) | ||
Staff bank details | Record deleted immediately following cessation of employment (or immediately following final salary or other payment due, if later). | Necessary for us to fulfil our contractual obligations. |
Proof of identification and proof of right to work (including visas) | Record kept for no longer than 36 months following cessation of employment, unless there is a statutory or other legal requirement to keep any such record for longer. | Necessary for us to fulfil our obligations as employer. |
Equal opportunities monitoring data | Records kept for three years following cessation of employment. | Necessary for us to fulfil our obligations as employer. |
Other Staff data | Records kept for duration of employment or engagement with us and for a period of seven years from the date your employment or engagement with us ends (and will be reviewed during that time to ensure its continued accuracy). | Necessary for us to fulfil our obligations as employer. |
Other former staff data | Records kept for seven years following cessation of employment | Necessary for provision of references, forwarding of |
Data Type (in general) | Maximum Retention period | Reason/Comments |
or engagement with us and will be reviewed during that time to ensure its continued accuracy. | information and other requirements ancillary to their past employment. Key records required as breach of contract claims may be brought for up to six years after cessation of employment or engagement. A grace period is required in the event that a claim is brought at the end of the limitation period or the limitation period is extended. | |
Third party records | ||
Staff next of kin details | Records kept for the duration of employee’s employment or engagement or, for so long as that individual remains the employee’s next of kin contact, whichever is the earliest. | Necessary to help ensure the safety and wellbeing of an employee in an emergency. |
Job applicant records | ||
Job applicants (unsuccessful) | Records of unsuccessful applicants kept for seven months after we have communicated to the relevant applicant the decision not to take their application forward unless otherwise agreed with the applicant to retain for a longer period. | Necessary to respond to and defend any claim made by job applicants and to demonstrate that the recruitment exercise has been conducted in a fair and transparent way and in accordance with our procedures. Where an extension to the seven month retention period is agreed, this will be in circumstances where we believe a future opportunity may arise for which we may wish to consider the applicant. A grace period is required in the event that a claim is brought at the end of the limitation period or the limitation period is extended. |
Job applicants (successful) | Personal data obtained during the recruitment process will be transferred to the individual’s personnel file and held for the period(s) set out above. | Retained during employment and the post-employment period noted above |
Data Type (in general) | Maximum Retention period | Reason/Comments |
Student/child (young person) records | ||
Young person contact details | Records kept for duration of being in our care and for 7 years following cessation or for such longer period as required by local authorities or other agencies. | Necessary to comply with legal obligations |
Young person accident records | Records kept for duration of being in our care and until young person reaches 21 years and 3 months, or for such longer period as required by local authorities or other agencies. | Necessary for us to administer our services and is necessary to comply with our legal obligations |
Young person safeguarding reports | Records kept for the duration of being in our care and until the young person reaches 25 years or for such longer period as required by local authorities or other agencies. | Necessary for us to administer our services and is necessary to comply with our legal obligations |
Data Type (in general) | Maximum Retention period | Reason/Comments |
Complaints records | Records kept for seven years following the last action in relation to the complaint | Necessary in the event of any claim or litigation brought. A grace period is required in the event that a claim is brought at the end of the limitation period or the limitation period is extended. |
Agent records | ||
Agent contracts | Records kept for seven years following cessation of contract where those contracts are executed as simple contracts, or 13 years where those contracts are executed as deeds. | Necessary as breach of contract claims may be brought for up to six years after cessation of services where the contract is executed as a simple contract, or 12 years where the contract is executed as a deed. A grace period is required in the event that a claim is brought at the end of the limitation period or the limitation period is extended. |
Agent contact details | Records kept for seven years following cessation of contract where those contracts are executed as simple contracts, or 13 years where those contracts are executed as deeds. | Necessary as breach of contract claims may be brought for up to six years after cessation of services where the contract is executed as a simple contract, or 12 years where the contract is executed as a deed. A grace period is required in the event that a claim is brought at the end of the limitation period or the limitation period is extended. |
Data Type (in general) | Maximum Retention period | Reason/Comments |
Financial and insurance records | ||
Accounting records | Records kept for three years from the date made. | Necessary to ensure compliance with the Companies Act 2006. |
Insurance certificates | Records kept for 21 years. | Necessary to ensure records held if claim required to be brought in relation to that period of insurance. |