SE Privacy Note
Our contact details
Name: Sutherland Education
Address: 392-394 Ewell Road
Phone Number: 020 3808 3800
Sutherland Education Ltd understands that your privacy is important to you and that you care about how your information is used and shared. We respect and value the privacy of everyone who shares their private information with us. We will only collect and use information in ways that are useful to you and in a manner consistent with your rights and our obligations under the law.
The type of personal information we collect
We currently collect and process the following information:
- students’, parents’, homestays’ names
- students’ gender, nationality, education details
- date of birth
- DBS reference number
- copies of students’ passport
- copies of homestays passports and driving licences
- students medical record
- students’ and homestays’ photos
- job title
- students’, parents’, homestays’ postal and email addresses and telephones
- school names and personnel names
- students’ year group
- students’ and homestay’s feedback forms
- IP address (automatically collected)
- web browser type and version (automatically collected)
- operating system (automatically collected)
How we get the personal information and why we have it
Information is given by parents, students, educational agencies, guardian homestays in an application form and further details are provided during the guardianship services via emails, telephone or in person.
We use the information that you have given us in order to enable us to provide our guardianship services. We only share this information with relevant parties in relation to hosting students such as: students, guardian homestays, parents and schools only.
In processing guardian homestay application and as part of our Safer Recruitment policy we will need to share information with a third party agency called uCheck who does undertake a DBS checks. The information uCheck gather is also handled in accordance with the Data Protection Act 2018.
We also share contact details with AEGIS (Association for the Education and Guardianship of International Students) and their inspectors. We permit them to process the data only for specified purposes and in accordance with GDPR.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting on firstname.lastname@example.org
(b) Our contractual obligation.
(c) The generic legal obligation applying to GDPR
How we store your personal information
Your information is securely stored. Any physical documents that arrive are input into our system and filed.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
When not required, the paper or files should be kept in a locked drawer or filing cabinet.
- Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
- Data printouts should be shredded and disposed of securely when no longer required.
- When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts.
- Data should be protected by strong passwords that are changed regularly and never shared between employees.
- If data is stored on removable media, e.g., CD or DVD, these should be kept locked away securely when not being used.
- Data should only be stored on designated drivers and servers and should only be uploaded to an approved cloud computing service.
- Servers containing personal data should be sited in a secure location, away from general office space.
- Data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures.
- Data should never be saved directly to laptops or other mobile devices like tablets or smartphones.
- All servers and computers containing data should be protected by approved security software and a firewall.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
If you wish to make a request, please contact us:
392-394 Ewell Road
KT6 7BB Surbiton
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk