List of active policies
This policy tells you what we use your information for and how we keep it safe and comply with the law.
Why we collect your data
In order for us to provide you with our services we need to collect your personal data. We ensure that the information we collect and use is confined to this purpose. We always process your personal data for specific purposes, with the nature of the data collected depending on your interaction with us. We are committed to transparency in this.
Our legal bases for controlling or processing personal data are:
- Article 6.1(a) GDPR (Consent): You provide informed consent to us or have a reasonable expectation that we will use your information in a certain way – for example, to engage in our community discussions, or to hear about new services or offers. You can withdraw your consent at any time either by selecting ‘delete my data’ within the specific service or by request to email@example.com.
- Article 6.1(b) GDPR (Contract): Providing our services and fulfilling our obligations to you, usually relating to a terms of service or partnership agreement;
- Article 6.1(c) GDPR (Legal Obligation): The necessity to meet compliance with our legal obligations; and/or
- Article 6.1(f) GDPR (Legitimate Interest): Where it is in our legitimate interests to do so. We only rely on ‘legitimate interests’ as the legal basis for processing by us, or third parties we use, for these purposes:
- recruitment and induction of new employees, contractors and other people who work with us;
- emergency contacts for people who work with us, such as employees and contractors for health and safety purposes;
- business development; or
- providing login systems to users via their existing social media accounts.
Where we rely on a specific basis for processing your information and you wish to object to that processing, you must be aware that it might not be possible for you to continue using our services.
The special categories of personal data (Article 9 of GDPR) we process are:
- Audio and video recording by us. We will never record you without your explicit consent, except under very particular circumstances such as a safeguarding situation developing during the course of a remote lesson.
- Audio and video recording by you. You can record yourself in course tools such as note-taker, journal and assignment. We provide this facility to make our courses more accessible. If you choose to record yourself we undertake to keep your recording secure. If it constitutes evidence for your qualification we may share this with the relevant Awarding Body (see Article 9 of GDPR), however we will only do that in accordance with the legal bases under Article 6 of GDPR as outlined above.
How we collect your personal data
Moodle collects personal data from you when you interact with us. This can be through our websites, over the phone, in person, including, without limitation, when you:
- create an individual or corporate user account;
- request support;
- register for or participate in an online class, exam, certification, training, webcast or other event;
- request information or materials;
- participate in surveys or evaluations;
- participate in promotions, contests or giveaways;
- make a purchase through our shop or register products;
- apply for employment;
- submit questions or comments; or
- submit content or posts on our forums or other interactive webpages.
How we use your personal data
We may need to pass your personal data on to third-party service providers contracted to Nacro in the course of dealing with you. We do this because there are services, such as our Google Meet and Microsoft Teams remote teaching facilities, which will not work unless we are able to make these transfers. Any third parties we share your data with are obliged to keep your personal data secure and use it only for necessary service delivery. When your data is no longer required to fulfil the service, those third parties will be directed to dispose of your data in accordance with our standard procedures.
How we store data
We will process (collect, store and use) the information you provide in a manner compatible with GDPR. We maintain physical, organisational and technical safeguards for all personal data we hold. We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept are governed by specific business sector requirements and agreed practices. Personal data can be held in addition to these periods depending on individual business needs.
We will process different forms of personal data for as long as it is necessary and proportionate for the purpose for which it has been supplied and we will store the personal data for the shortest amount of time possible, taking into account legal and service requirements.
MarketingWe have no interest in collecting any data beyond that needed to ensure our services work for you. If you are going to be contacted by us for marketing purposes, we will not rely solely on this privacy notice. We will endeavour to seek your consent appropriately. Nacro does not sell data, and has no intentions in doing so in the future.
Your rights under GDPR
At any point while we are in possession of or we process your personal data, you have the following rights:
- (GDPR) right of access – you have the right to request a copy of the information that we hold about you;
- (GDPR) right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete;
- (GDPR) right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records;
- (GDPR) right to restriction of processing – where certain conditions apply to have a right to restrict the processing;
- (GDPR) right of portability – you have the right to have the data we hold about you transferred to another organisation;
- (GDPR) right to object – you have the right to object to certain types of processing such as direct marketing;
- (GDPR) right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling;
- (GDPR) right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below;
- (CCPA) right to deletion - you have the right to delete personal information collected from you (with some exceptions);
- (CCPA) right to opt out of sales - we do not sell your data;
- (CCPA) right to be free of discrimination - if you exercise your rights we will not discriminate against you; and/or
- (CCPA) right to know - you have the right to know:
- the categories of personal information collected;
- specific pieces of personal information collected;
- the categories of sources from which we collect personal information;
- the purposes for which we use your personal information;
- the categories of third parties with whom we share your personal information; and/or
- the categories of information that we disclose to third parties.
Please make your request directly to the a site admin e.g. firstname.lastname@example.org.
Links to other sites
Where we believe it to be in your interests, we provide links to other websites. Please be aware that when you click on a link to another website, we cannot regulate it and we encourage you to read their privacy notice.
Nacro Education updates our privacy notice when necessary or in response to:
- feedback from our community, customers, relevant authority, industry or other stakeholders;
- changes in our products or services; and/or
- data processing or policy changes.
The “last updated” date at the top of this privacy notice reflects when the most recent changes were made. We encourage you to periodically review this privacy notice for any amendments.