Kip McGrath Education Centres is a global brand delivering bespoke educational tutoring programmes to individuals (Students) through a franchise model worldwide. The Franchisor is Kip McGrath Education Centres Ltd, an Australian company, 73 003 415 889, of Level 3, 6 Newcomen Street, Newcastle, NSW 2300 (KMEC). This website www.kipmcgrath.co.uk (“this site“) is operated by Kip McGrath Education Centres Ltd (the KMEC UK Head Office).
The KMEC group of companies (the KMEC Group) includes Kip McGrath Education Australia Centres Ltd and the KMEC UK Head Office and their respective holding companies and subsidiaries from time to time (including Kip McGrath Global Pty Limited and Kip McGrath Direct Pty Limited).
By using this site, we may collect, use, store and transfer different kinds of personal data about you. In respect of all users of this site, the personal data we may collect includes information you send to us when making an enquiry, booking a free assessment and reserving a place at one of our franchise information sessions. We may also collect electronic data which is processed when accessing or browsing this site. Similarly, we may also collect personal information from you, such as your name, age, date of birth and contact details.
How to contact us
Kip McGrath Education Centres UK Head Office
You can also telephone us on 01452 382282
Our privacy promise
- To keep your data safe and private.
- Not to sell your data.
The data we collect about you
Personal data, or personal information, means any information relating to an identifiable individual. It does not include any data or information which relates to a person that cannot be identified or where the person’s identity has been removed (i.e. anonymous data). It also does not include information relating solely to a business or other organisation, rather than to a person.
By using this site, we may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
|Type of personal data||Description|
|Identity Data||Data which identifies you (including name, username, title, school year, date of birth and gender)|
|Contact Data||Contact details (including postal address, telephone number and email address)|
|Marketing and Communications Data||Data which we capture when you sign up to newsletters, including your communications preferences|
|Usage Data||Information about how you use this site and our services, including how you navigate this site and if you encounter any problems|
|Educational Data||Information about you or your child’s education history and academic cycle that you submit on this site when you book a free assessment or which you may provide to us when you make an enquiry|
|Social Media Data||When you connect with us or like or follow our social media accounts we may have access to your personal data through the social media platform, including your social media handle, photograph, date of birth, location, occupation, interests and other information and content you make available via your social media accounts|
|Technical Data||Electronic information which is automatically logged/stored by processing equipment, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this site.|
How we collect personal data
- Direct interactions
The majority of the personal data we hold about you is collected when you correspond or interact with us directly, complete online application forms, (via social media, by post, phone, email, telephone or otherwise).
This includes personal data you provide when you:
- make an enquiry;
- book a free assessment;
- subscribe to receiving marketing communications;
- reserve a place at one of our franchise information sessions;
- complete a survey;
- connect with us, follow us or ‘like’ us on social media;
The categories of personal data we collect in this way include Identity, Contact, Profile, Social Media, Usage, Educational and Marketing and Communications Data.
- Automated technologies or interactions
When you interact with this site, our systems will automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. We do this to find out things such as the number of visitors to the various parts of this site. Please see our Cookies Policy on our website www.kipmcgrath.co.uk and the section headed “Cookies” below.
- Third parties www.kipmcgrath.co.uk/disclaimer
We may also receive personal data about you from various third parties as set out below:
- Social Media Data from the operators of social media platforms, including Facebook, Instagram, LinkedIn, Twitter and Google+ who are based inside and outside of the EU.
- Technical Data from the following parties:
- Analytics providers, such as Google Analytics and Facebook pixel tag
- Advertising networks
- Search information providers
How and why we use personal data
We will only collect and process your personal data where we have a legal basis to do so. This legal basis will vary depending on the manner and purpose for which we are collecting your personal information. The circumstances in which we may use your personal data are as follows:
- Where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
- Where it is necessary to comply with a legal or regulatory obligation that we are subject to;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- Where we have your consent to do so, subject to your right to withdraw consent (further details provided in the section headed “Your rights” below).
We have set out in the table below a description of all the ways we plan to use your personal data, and which of the above legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you require further detail about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|What we use your personal information for||Type of data||Lawful basis for processing||Basis of legitimate interest (where applicable)|
||To conduct our business and to keep our records updated|
|To administer and protect our business and this site, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data||
||For running of our business, provision of administration and IT services, network security and to prevent fraud|
|To set up, manage access to, and maintain the security of, your online account for the Student Portal||
||To conduct our business – to be able to perform our contracts with students and conduct our business|
|To deliver relevant website content and advertisements to you based upon your preferences.||
||To develop our services and grow our business|
|To use data analytics to improve this site and our services, marketing, customer relationships and experiences||
||To define our customer base, to keep this site updated and relevant, to develop our business and to inform our marketing strategy|
|To deal with and respond to queries submitted to us via this site, social media accounts, by post, email or by telephone||
||To conduct our business and improve our services and keep our records up-to-date|
Marketing communications from us: We may send you marketing communications if you:
- are a student or a student’s parent/guardian and you have not opted out of receiving marketing communications from us;
- have booked a free assessment and you have consented to receive marketing communications from us; or
- have otherwise consented to receive marketing communications from us.
Third party marketing: We will only share your personal data with another company for marketing purposes if you have expressly consented to us doing so.
Opting out: You can ask us and our franchisees to stop sending you marketing communications at any time, by:
- clicking the unsubscribe link in the footer of any marketing email from us;
- contacting us at ukandIrelandheadoffice@kip-mcgrath.co.uk.
Change of purpose
We will only use your personal data for the purposes for which we originally collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we wish to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If you fail to provide personal data
Where we need to collect personal data from you in order to comply with our legal obligations or to perform a contract we have with you and you fail to provide that data when requested, we may not be able to perform the relevant contract (for example, to provide you with services). In this case, we may have to cancel the relevant contract.
We use Google Analytics to help analyse use of our Website. This analytical tool uses “Cookies” which are small text files placed on your computer to collect standard internet log information and visitor behaviour information. You can find out more about the way cookies work and Google Analytics on www.cookiecentral.com and or www.allaboutcookies.org and www.google.com/analytics.
We may have to share your personal data with third parties, including third party service providers and other group companies.
We require third parties to respect the security of your data, keep it confidential, and to treat it in accordance with the law.
We will share your personal information with third parties where required by law, where it is necessary to perform a contract with you (if you are a student or a franchisee) or where we have another legitimate interest in doing so.
We may share your personal data with the third parties set out below:
- Franchisees who operate the Kip McGrath Education Centres, hire personnel and provide tuition services to students subject to a written franchise agreement. We will share this data in order to perform a contract with you, to comply with a legal obligation and/or in our legitimate interests of maintaining a viable franchise network.
- Third party service providers, including hosting providers, IT support providers, analytics and search engine providers, social media platform providers. These third party service providers are only permitted to process personal data for specified purposes and, where they are processing data on our behalf, in accordance with our instructions.
- Other group companies as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce any agreements, or to protect the rights, property or safety of the KMEC group, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction, with HM Revenue & Customs, regulators and other authorities where we are required to do so by law.
- Professional advisers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
We require all our data processors to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions as set out in our data sharing agreements.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”).
Whenever we transfer your personal data out of the EEA, we shall ensure a similar degree of protection is afforded to your personal data by ensuring at least one of the following safeguards is implemented:
- Where we need to transfer your personal data intra-group transfers, we may put in place binding corporate rules which shall ensure that your personal data is afforded the same level of protection as it has within the EEA. For further details, see European Commission: Binding Corporate Rules.
- We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- In some instances, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the EEA. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the EEA and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the EEA.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (including appropriate firewalls, encryption technology such as HTTPS, and passwords). Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to this site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
In addition, the personal information you provide to us is only available to authorised personnel of the KMEC group who need access to the information in order to fulfil their duties. They will only process your personal information on our instructions and they shall be subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Once we no longer require your personal information, we will take reasonable steps to destroy it in a secure manner.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) in order to develop our business methods and strategy or for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you have registered to use the Student Portal, we will typically retain your personal data for the duration of your academic cycle (i.e. for so long as you remain in education). We will keep this under review and may periodically delete some of your personal data which we no longer require for the purposes set out in the table above.
In some circumstances we may be entitled to retain your data for a longer period in order to respond to you questions or complaints, to demonstrate we treated you fairly, to maintain records according to rules which apply to us and/or where we are under a legal obligation to do so, for example in the event of a legal dispute. We will also need to keep a record of your contact details if you have opted-out of receiving marketing communications from us to ensure we do not send these to you in future.
We shall have no liability to you for any deletion of your personal data in accordance with our retention policy.
You have the following rights in respect of the personal data that we process about you (where we determine the purpose and means for which that personal data shall be processed):
- the right to request access to your personal data that we hold and to receive certain information relating to that data;
- the right to ask us to rectify inaccurate data or to complete incomplete data;
- a right to receive or ask for your personal data to be transferred to a third party(note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you);
- the right to request the erasure of personal data where there is no good reason for us continuing to process it (note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request);
- the right to object to how we process your personal data where we believe we have a legitimate interest in processing it (as explained above) (note that in some cases we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms);
- the right to restrict processing of your personal data in certain scenarios, for example if you want us to establish the accuracy of the data or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it (note that when processing is restricted, we are allowed to retain sufficient information about you to ensure that the restriction is respected in future; and
- where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. If you withdraw your consent, we may not be able to provide certain services to you.
If you wish to make a subject access request please email us at ukandIrelandhedaoffice@kip-mcgrath.co.uk or write to us at the following address:
Designated Subject Access Request, Kip McGrath, Railway House, Bruton Way GL1 1DG.
If you wish to exercise any of the other rights set out above, please contact us at ukandIrelandhedaoffice@kip-mcgrath.co.uk
We may ask you to verify your identity if you make a request to us to exercise any of the rights set out above. We may also contact you to ask you for further information in relation to your request to speed up our response. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
How to complain
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
Please let us know if you are unhappy with how we have used your personal information. You may contact us using our secure online contact form on this site www.kipmcgrath.co.uk
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance and we shall endeavour to resolve your complaint.
Changes to your data
The KMEC group makes every effort to ensure information collected is accurate and up-to-date. We encourage you to help us by telling us promptly if you change your contact details. You have the right to question any information we hold about you that you think is wrong or incomplete. Please contact us if you want to do this. If you do, we will take reasonable steps to check its accuracy and correct it.
We will also send reminders to you on a termly basis (if you are a student) to check the information we hold about you and to remind you to update us of any changes to your personal data that you have provided to us.