learnspanishwithcaramba

This is the general privacy policy for  Caramba Spanish Lessons and for the range of products and services that we provide.

Our principles

• To comply with our obligations under the General Data Protection Act and any other relevant legislation.
• To keep your personal information and the business you do with us in strict confidence.
• To obtain your personal information lawfully and fairly.
• To maintain appropriate procedures to ensure that personal information in our possession is accurate and, where necessary, kept up-to-date.
• Where we choose to have certain services, such as data processing, provided by third parties we do so in accordance with applicable law and take all reasonable precautions regarding the practices employed by the service provider to protect personal information.
• To maintain appropriate technical and organisational safeguards to protect personal information against loss, theft, unauthorised access, disclosure, copying, use or modification.
• Not to sell your personal information.

1- Who we are

Caramba  is a company by guarantee, registered in England  with company House.

When you join us, use our websites and social media pages or when registering for any of our events, training or services, you are consenting to this privacy policy and the ways in which we use your personal data as outlined in this policy.

Our primary websites is LearnSpanishwithCaramba.com

2- What is personal data?

Personal data is defined by the General Data Protection Regulations as:

 “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

3- Legal bases for processing your data

We use different legal bases for processing data that you provide us:

• Contract: when you use and participate our events, training or services
• Legitimate interest: where you have previously used our services or attended our events or training.
• Consent: where any processing or secondary processing of your personal data is shared with third parties or where you agree to the specific use of your personal data as per the terms and conditions of the event, training or other service you are registering for.

4- Personal data we collect, why we collect it and who we share it with

We collect personal data as set out below in order to promote and provide our services.

Students

We collect student data in order to facilitate our teaching activities including monitoring, achievement, progression and feedback.   We also use this data to inform students or past students about courses and events that we believe may be of interest to them.

When collecting data for students, we may occasionally collect personal data for children. This information is normally provided to us by the parents, the centre where they are studying or by agents.

For children younger than 16 years old, the use of any of our services is only allowed with the valid consent of a parent or a guardian. In limited cases as part of a reservation, purchase or travel-related services, or in exceptional other circumstances, we may collect and use information of children only as provided by the parent or guardian or with their consent. If we become aware that we process information of a child under 16 years old without the valid consent of a parent or guardian, we reserve the right to delete it.

Agents

We collect limited personal data from our agents to enable us to keep in contact about opportunities for their clients to use our services. We also provide agents with data about their clients’ participation of our programme.

Course Applicants (including in person/telephone enquiries)

We collect Course Applicant data in order to ensure smooth conversion of this data once the application has been processed. We also use this data to inform course applicants about courses and events that we believe may be of interest to them. We collect limited personal data from enquirers to enable us to provide our prospective clients with accurate and useful information regarding our services.

Website visitors

We use cookies on our websites for two reasons:

• Statistical: anonymous information about how many users we have, how often they visit, which pages are visited most frequently, and by what types of users, in what countries.
• Technical: personal information to remember a visitor within the same browsing session and to ensure that the interface is adapted to their device (e.g. when you click ‘remember me’)

To access the statistical insights we use Google Analytics as a third-party supplier, which also stores cookies when these websites are visited. View the Google privacy policy and the cookies used.

You can turn off cookies, but if you do, you may not be able to use all the features on our websites and we may not be able to store your preferences (such as whether you have accepted cookies). This will not prevent other cookies being placed on your device unless you adjust your settings.

For more information about the cookies we use and how to manage them, including how to turn them off, please view our cookie policy.

By using our websites, you are agreeing to the use of cookies as described.

Employees 

How we collect and use data relating to our employers is covered by a separate Privacy Policy.

5- How we collect this information about you:

We collect the information listed through different channels:

• Digital / online forms e.g. for event participation
• Phone calls and correspondence
• Visiting our websites and/ or social media pages
• Our participation at UK and international education events.

7- How long we keep your personal data

We only keep your information for as long as we need it to provide you with the services or information you have requested, to administer your relationship with us, to comply with the law, or to ensure we do not communicate with those that have asked us not to.

Our general retention period is five years after a record has ceased to be active.

8- Where we store your personal data

We store your data on two different platforms:

• on-premises server
• public cloud-based storage

We use appropriate business systems and procedures to protect and safeguard the personal data you give us. We also use security procedures and technical and physical restrictions for accessing and using the personal data on our servers. Only authorized personnel are permitted to access personal data in the course of their work.

Any payment transactions will be encrypted using SSL technology (SSL stands for ‘Secure Sockets Layer’ and creates encrypted connections).

Unfortunately, the transmission of information via the internet is not completely secure. We cannot guarantee the safety of your data during transmission, but once we receive your data it will be used and stored securely.

9- Access to your information

We allow our staff to access and use your information for the purposes for which you have provided it to us. For added security we require all staff with medium-high data access levels to utilise multi-factor authentication via our Cloud systems and storage.

Any third-party agencies engaged by us to carry out our services are carefully selected and required to demonstrate compliance to UK data protection legislation.

We will only share your personal information with third parties where it is directly relevant to the services you have requested. We require third parties to treat your data with the same level of care as if we were handling it directly.

We may also disclose your personal information to third parties if we are under a duty to disclose or share it in order to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property or safety of International House Trust or others.

10- Your consent

While we will seek consent at the point of collecting your data, in some cases we may process data without consent when we are legally allowed to do so and where it is in our legitimate interests.

You can withdraw your consent at any time – please see section 12

If you request not to receive any further contact from us, we will keep a record so we know not to contact you in the future. This will include your name, organisation and preference not to be contacted

11- Your rights

We understand that privacy and data are sensitive and important. You have a number of rights in relation to your data. These are:

• The right to be informed: this privacy policy details how and why we collect, store and use your personal data
• The right of access: you have the right to access the data and information we hold about you. Please see below for details on how to request this information
• The right to rectification: we want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by contacting us using the contact details below
• The right to erasure: you can request that we delete the information we hold on you by contacting us using the contact details below.
• The right to restrict processing: you can let us know how you want us to use your data by getting in touch with us using the contact details below.
• The right to data portability: you have the right to request your data be provided in an easy to use format to another supplier.
• The right to object: you can opt out of hearing from us at any point by contacting us using the contact details below.

12- Legal information and how to contact us

The controller of personal data is the company that determines the purpose and means of processing your personal data. The controller of your personal data for marketing purposes is Caramba.

You have a right to access the personal information we hold about you and in certain circumstances to be provided with a copy of that information. You can request this by using the contact details below.

If at any time you do not wish to receive further information about us and our services, or you wish to change your contact details or preferences, please contact us using the details below. Please note that we will keep some basic contact information to ensure we don’t contact you again in the future. If we completely erased your records then we wouldn’t be able to ensure we don’t contact you again in the future.