Privacy notice – Student Privacy Notice

1.   Who we are

1.1.  Riyadh-ul-Jannah Academy is the data controller in relation to the processing activities described below. This means that the Riyadh-ul-Jannah Academy decides why and how your personal information is processed.

1.2.  Where this policy refers to “we”, “our” or “us” below, unless it mentions otherwise, it is referring to the Riyadh-ul-Jannah Academy.

2.   What information do we collect about you, and how do we collect it?

Information that you give to us:

2.1.  As soon as you contact us, we create a record in your name. To that record we add information that you give us when reserving, registering or enrolling and throughout your studies, including emails and webchat between you and the Riyadh-ul-Jannah Academy. We keep records of your participation in learning activities and your use of other services we offer.

2.2.  We hold general information about you, such as your name, address, modules and qualifications studied and fee payments, as well as data relating to examinations, assessments and course results.

Information that we automatically collect:

2.3.  We will automatically collect information about your participation in online learning and assessment activities, your use of module and related websites, and all forms of assessment activities.

2.4.  We may automatically collect technical information when you browse our website.

2.5.  We may track if you open emails from us or click links within them.

3.   How do we use your personal information?

3.1.  We collect and process a broad range of personal data about you in order to deliver our services and support you, to manage our operations effectively, and to meet our legal requirements.

3.2.  If you do not provide some of the information we need at registration then we may not be able to effectively provide administration or support services to enable you to succeed in your study.

3.3.  We are committed to the data protection principles of good practice for handling information. All personal information is held securely and we will only transfer data within Riyadh-ul-Jannah Academy on a ‘need-to-know’ basis so that we can support our academic and other services to you.

Managing unwanted communications:

3.4.  We will contact you in connection with your studies or for administration or support purposes. We may also send you marketing information or invite you to take part in research to improve our services. If you do not wish to receive these communications, you can change your communications preferences by using the information in Section 9.

4.   Who do we share your information with?

Our suppliers and service providers

4.1.  We use third party suppliers and service providers for a number of activities, from sending bulk text messages to providing IT systems.

4.2.  When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

Other ways we may share your personal information

4.3.  We may transfer your personal information to a successor body if the Riyadh-ul-Jannah Academy ceases to exist. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our enquirers, visitors and students. However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.

5.   Where we store your personal information

5.1.  Generally, information you provide on cloud-based systems which are located within the European Economic Area.

5.2.  If we transfer your information outside of the EEA, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. For example, we would ensure that a US based supplier has signed up to “Privacy Shield”.

6.   How long we keep your personal information for

6.1.  If we collect your personal information, the length of time we keep it for is determined by a number of factors including our purpose for using the information and our legal obligations.

6.2.  We have a retention schedule for information and keep identifiable records only for as long as they have a legal or business purpose:

·         We keep some information relating to the module or qualification, and related queries and communications, for six years after you have completed the module or qualification, in order to inform our ongoing relationship with you, and in case it is necessary to establish, bring or defend legal claims.

·         We destroy some information within three years, where it does not have a longer term impact, and is not required for business purposes. For example, we will destroy some data that is relevant to exams and assessment shortly after the result is decided, and we will only keep the result itself.

7.   Students’ use of personal data

7.1.  Students are not usually expected to collect or use personal data as part of their studies, but if you need to do so you must get the agreement of your tutor or supervisor that the processing is necessary, for example for your assignment or research, and you must follow any instructions given on how to process personal data. You must also immediately tell our Data Protection Officer, using the contact details in Section 9 of this document.

7.2.  If you do need to process personal data, Riyadh-ul-Jannah Academy will be the data controller for these activities as long as you have followed the advice in Section 7.1 above. Otherwise, you will be the data controller for the personal data you process, and will be fully responsible for it. See the Information Commissioner’s Office website for more information.

8.   Your rights

8.1.  You have a number of rights in relation to your personal information, which apply in certain circumstances. In order to exercise any of these rights, please contact us using the details in section 9 of this document.

8.2.  You have the right to:

·         access the personal information that we hold about you

·         correct inaccuracies in the personal information that we hold about you

·         request that we stop sending you direct marketing communications.

In certain circumstances, you have the right to

·         have your details removed from systems that we use to process your personal data

·         restrict the processing of your personal data in certain ways

·         obtain a copy of your personal data in a structured electronic data file

·         object to certain processing of your personal data by us

·         not be subject to an automated decision

In the limited areas where we process your data via consent, you have the right to withdraw consent.

If you are concerned about the way we have processed your personal information, you can complain to the Information Commissioner’s Office (ICO). Please visit the ICO’s website www.ico.org.uk for further details.

9.   Contact us

9.1.  Our Data Protection Officer is Bilal Patel. Please direct any queries about this policy or about the way we process your personal information using the contact details below.

·          Email mudassir.iqbal@zeptosystems.com

·         Telephone: +447543974023

·         By post: The Data Protection Officer, 61 Humphrey Road, Old Trafford Manchester, M16 9DD

You can update your contact preferences by contacting us.

Glossary

Personal data

According to the General Data Protection Regulation, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Cookies

A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer or mobile phone browser from a website’s computer and is stored on your computer’s or mobile phone’s hard drive. Each website can send its own cookie to your browser if your browser’s preferences allow it, which the site can then access when you visit it again to track online traffic flows, for example. A website cannot access cookies sent by other websites.

Data Controller

A data controller determines the purposes for which and the manner in which any personal data are processed. In essence, this means that the data controller decides how and why personal data are processed.