Understanding how and why we use cookies

This website, [www.kipmcgrath.co.uk] (our site) uses cookies to distinguish you from other users of our site. This helps us to give you the best possible experience on our site, and also allows us to improve our content, products and services. 

To find out more about how we use cookies and what benefits they bring, please take a few moments to read this Cookie Policy.

What are cookies?

Cookies are small text files that are stored on your computer, smartphone or other electronic device when you visit our site. 

At Kip McGrath, we use cookies for the reasons set out below, such as to determine your preferences, let you navigate between the pages on our site efficiently and carry out security checks. Some of the functions that cookies perform can also be achieved using similar technologies. This Policy refers to ‘cookies’ throughout, however it also covers these alternate mechanisms.

The information we obtain from our use of cookies may include information about your computer (or other electronic device) such as your IP address, your browser and other internet log information, and personal information about you, for example when you fill in a form on our site.

More information about cookies can be found at www.allaboutcookies.org.

The types of cookies we use

We use the following cookies: 

• Strictly necessary cookies. These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to submit online application forms securely, and cookies which enhance your security by prompting you to end (or automatically ending) your secure session if you leave a secure session window open when logged in to our site. 
• Targeting cookies. These cookies record your visit to our site, the individual pages you have visited and the links you have followed. We will use this information to tailor the content of our site to suit your interests, for example, by displaying promotional messages about other services and products you may be interested in.
• Analytical/performance cookies. These types of cookies allow us to analyse how visitors use our site and to detect problems encountered by visitors of our site. This helps us make our site better by improving the way it works, for example, by ensuring that users are able to easily find what they are looking for.
• Functionality cookies. These are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Cookies that allow us to identify you will be considered to be personal data. The use of cookies and personal data in the UK is regulated by the Privacy and Electronic Communications Regulations (PECR), the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We will only use these cookies which capture your personal data where we have a legal basis to do so. 

In respect of strictly necessary cookies, the legal basis for processing your personal data is that it is necessary for our legitimate interests (in order to operate our website and run our business, provide administration and IT services, to secure our network and prevent and detect fraud).

In respect of all other cookies, we will rely on your consent. Your consent for these purposes may be implied by your continued use of our site following a prominent notice to you (in the form of a banner on our site’s homepage) which informs you of this Policy and the fact we are using cookies.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below: 

We do not use information derived from cookies to contact you by email, telephone or post. Our cookies do not typically store this type of personal information.

Third party websites

When we include links on our site to other websites, please bear in mind that these third party websites will have their own privacy and cookie policies that will govern the use of any information you submit on those websites. We recommend you read their policies as we are not responsible or liable for the privacy practices of third parties.

Third party cookies on our site

We only use third party cookies from our trusted partners, who provide important functionality to our site, such as our live chat service, and who help us improve our site, such as [Google Analytics], who provide statistics about which pages are visited most frequently. 

You can withdraw your consent to our use of third party cookies at any time. You can also opt-out of [Google Analytics] by following the instructions provided by [Google] here [https://support.google.com/analytics/answer/181881?hl=en] 

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control and which we cannot block. These cookies are likely to be analytical/performance cookies or targeting cookies. If you want to block these external cookies, you would would need to do so at the original source or through your web browser settings (see ‘How you can manage your cookies‘ below).

We will only permit Kip McGrath branded advertisements on our site. We will not permit third party advertisements on our site. Of course, you may see Kip McGrath branded advertisements when browsing other websites too. Some of these may be tailored to your interests based upon your previous browsing activity on our site. These can be easily identified as they feature a small blue AdChoices icon in the corner of the advert. 

To disable targeted adverts, please visit Your Online Choices where you will be able to opt out of receiving targeted advertisements from other third party networks. Please note, that by opting out of receiving advertisements from a network, this will disable targeted adverts for all companies that use this network (and not only Kip McGrath). For further information, please visit Your Ad Choices.

How you can manage your cookies

The browsers of most computers, smartphones and other electronic devices are typically set up to accept cookies. If you wish to amend your cookie preferences and block cookies for our site or any other website, you can do this through your browser settings. Your browser’s ‘help’ function will tell you how to do this.

However, please remember that cookies are often used to enable and improve the functionality of our site. If you choose to switch off strictly necessary/essential cookies, you may not be able to access all or certain parts of our site. For example, if your browser is set to disable ‘session’ cookies, although you will still be able to view our public site, you will not be able to log on to the Student Portal.

More information about how to disable cookies can be found at www.allaboutcookies.org 

Emails

We use email analytics and reporting tools to see how many of our emails are opened and which links receive the most clicks. This informs us which articles and topics our customers like and don’t like, which helps us to improve our content and make our emails more relevant to our customers.

For more information about marketing emails, please refer to our Privacy Policy . 

Security

Our cookies do not compromise your security. In fact, many of our cookies are used purely to provide important security features, such as protecting the data you store within the Student Portal and preventing unauthorised access to our systems.

Our cookies will leave a record on your computer, smartphone, tablet or other device that someone has accessed our site from that device, but nothing further. Our cookies do not enable us to access any other content stored on your device, such as emails, contacts, photos or documents, other than technical data (such as your IP address and our cookies) as described above.

More about your privacy

The personal data we obtain from the use of cookies will be used by us in accordance with our Privacy Policy. We do not share your personal data with other third parties except to the extent set out in our Privacy Policy. For example, we do share your data with our group companies and franchisees in order to conduct our business and perform a contract with you. Third parties may also process your personal data on our behalf and in accordance with our instructions to provide services to us (such as hosted IT systems and data analytics). To find out more about how we protect your privacy when using our website, please refer to our Privacy Policy and Website Terms of Use. http://kipmcgrath.co.uk/privacy-policy/

May 2018

About Us

Kip McGrath Education Centres is a global brand delivering bespoke educational tutoring programmes to individuals (Students) through a franchise model worldwide.  The Franchisor is Kip McGrath Education Australia Centres Ltd, an Australian company, 73 003 415 889 of 7 Bond St, Newcastle East NSW 2300.  

References in this Privacy Policy to the “KMEC group”, “we”, “us” and “our” are to Kip McGrath Education Australia Centres Ltd, Kip McGrath Education UK Ltd (the Kip McGrath Education Centres UK Head Office), Kip McGrath franchisees (a Kip McGrath Centre) and other members of the Kip McGrath group of companies (which includes their respective holding companies and subsidiaries from time to time).

We are delighted you have decided to enrol on one of our tutoring programmes (Tutoring Programme) or attend a free academic assessment. This Privacy Policy is designed to give you, as a Student (or prospective Student) on one of our Tutoring Programmes (or a Student’s parent or guardian acting on a Student’s behalf), information about how we obtain and process personal data in connection with the services we provide to you. 

We are a “data controller” for the purposes of data protection legislation. This means that we are responsible for deciding how we hold and use personal information about you. 

When you attend a free academic assessment or otherwise enrol on a Tutoring Programme, we shall collect, use, store and transfer different kinds of personal data about you. The personal data we may collect includes information you include on your enrolment form, information you may send to us by email, information disclosed during the course of delivering the Tutoring Programme to you and information about you recorded by our tutors, including test results, reports and course feedback. If you use the student portal on our website, we may also collect personal data about you through that portal (please refer to our Website Privacy Policy and Cookies Policy for further information please visit www.kipmcgrath.co.uk 

Please read this Privacy Policy carefully. From time to time we may also issue other privacy or fair processing notices to you relating to the way in which we collect personal data about you which we will bring to your attention.

If you are a parent or guardian of a child who you wish to enrol as a Student, please make them aware that you will be sharing their personal data with us, the nature of that personal data and the reasons for sharing that data with us as outlined in this Privacy Policy. If your child has any questions which you are unable to answer from the information contained in this Privacy Policy, please raise such questions with the Kip McGrath Centre which you attend, or contact us on the details set out below.

How to contact us

This Privacy Policy was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. For Students based in the UK, the controller of your personal data will usually be Kip McGrath Education UK Limited. If you have any requests or concerns about any information contained within our Privacy Policy, please email us at ukandirelandheadoffice@kip-mcgrath.co.uk or write to:

Kip McGrath Education Centres UK Head Office

Railway House

Bruton Way

Gloucester

GL1 1DG

You can also telephone us on 01452 382282

Our privacy promise 

We promise:

1. To keep your data safe and private.
2. Not to sell your data. 

The data we collect about you

Personal data, or personal information, means any information relating to an identifiable individual. It does not include any data or information which relates to a person that cannot be identified or where the person’s identity has been removed (i.e. anonymous data). It also does not include information relating solely to a business or other organisation, rather than to a person. 

We may collect, use, store and transfer different kinds of personal data about you in connection with the provision (or prospective provision) of the Tutoring Programmes to you, which we have grouped together as follows:

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate test results to assess the success rate of a particular Tuition Programme. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy. 

Aside from the Medical Data listed above, we do not collect special categories of personal data about Students or their parents/guardians in connection with the provision of Tuition Programmes. Special category data includes details about a person’s race or ethnicity, religious or philosophical beliefs, political opinions, information about your health and genetic and biometric data. Nor do we collect any information about criminal convictions and offences. 

How we collect personal data

• Direct interactions

The majority of the personal data we hold about Students and their parents/guardians is collected when we correspond or interact directly with Students or their parents/guardians (by post, phone, email, telephone or otherwise). 

This includes personal data you provide when you:

• make an enquiry;
• complete an enrolment form;
• subscribe to receiving marketing communications;
• attend a Tuition Programme or taster session and submit homework/coursework or complete assessments; 
• complete a survey;
• make a payment.

The categories of personal data we collect in this way include Identity, Contact, Profile, Tuition, Parent/Guardian, Educational, Assessment and Attainment and Marketing and Communications, Ancillary, Medical, Financial and Safeguarding Data.

• Third parties 

We may also receive personal data about you from various third parties as set out below:

• Educational Data from your school or other academic institution.
• Safeguarding authorities from local authorities, police and other agencies and public bodies where applicable.

How and why we use personal data

We will only collect and process your personal data where we have a legal basis to do so. This legal basis will vary depending on the manner and purpose for which we are collecting your personal information. The circumstances in which we may use your personal data are as follows:

• Where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
• Where it is necessary to comply with a legal or regulatory obligation that we are subject to;
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
• Where we have your consent to do so, subject to your right to withdraw consent (further details provided in the section headed “Your rights” below).

We have set out in the table below a description of all the ways we plan to use your personal data, and which of the above legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you require further detail about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Marketing 

Marketing communications from us: We may send you marketing communications if you:

• are a Student or a parent/guardian of a Student and you have not opted out of receiving marketing communications from us; or
• have otherwise consented to receive marketing communications from us. 

Opting out: You can ask us [and/or the Kip McGrath Centre which you attend] to stop sending you marketing communications at any time, by:

• clicking on the unsubscribe button in the footer of any marketing email from us;
• contacting us at ukandIreland@kipmcgrath.co.uk 

Change of purpose

We will only use your personal data for the purposes for which we originally collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we wish to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.  

We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. 

If you fail to provide personal data

Where we need to collect personal data from you in order to comply with our legal obligations or to perform a contract we have with you and you fail to provide that data when requested, we may not be able to perform the relevant contract (for example, to provide you with services). In this case, we may have to cancel the relevant contract. 

Disclosure

We may have to share your personal data with third parties, including third party service providers and other group companies. 

We require third parties to respect the security of your data, keep it confidential, and to treat it in accordance with the law. 

We will share your personal information with third parties where required by law, where it is necessary to perform a contract with you or where we have another legitimate interest in doing so. 

We may share your personal data with the third parties set out below:

• Our group companies who assist with the operation and administration of the Kip McGrath franchise and the delivery of Tuition Programmes (including as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data).
• Franchisees who operate the Kip McGrath Centres who provide the Tuition Programmes to Students in accordance with our standards, policies and requirements and subject to a written franchise agreement.
• Third party service providers, including hosting providers, IT support providers, analytics and search engine providers. These third party service providers are only permitted to process personal data for specified purposes and, where they are processing data on our behalf, in accordance with our instructions.
• Third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce any agreements, or to protect the rights, property or safety of the KMEC group, Students or other third parties. This includes exchanging information with other companies and organisations for the purposes of child protection, fraud protection and credit risk reduction, with Social Services, the Police, the NHS, HM Revenue & Customs, regulators and other authorities where we are required to do so by law.
• Professional advisers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

We require all our data processors to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions as set out in our data sharing agreements. 

In some instances where we share data with third parties, such as Government departments and public bodies, those third parties will also be controllers of your data. We shall not be responsible or liable for the way in which other data controllers hold or process your personal data. Please contact those third parties for further information regarding how they will use your data. We shall only share your personal data with third parties in accordance with this privacy policy. 

International transfers

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). 

Whenever we transfer your personal data out of the EEA, we shall ensure a similar degree of protection is afforded to your personal data by ensuring at least one of the following safeguards is implemented:

• Where we need to transfer your personal data intra-group transfers, we may put in place binding corporate rules which shall ensure that your personal data is afforded the same level of protection as it has within the EEA. For further details, see European Commission: Binding Corporate Rules. 
• We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
• In some instances, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the EEA. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the EEA and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the EEA. 

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (including appropriate firewalls, encryption technology such as HTTPS, and passwords). 

The transmission of information via the internet is not completely secure. We cannot guarantee the security of any data you send to us via email or via our website; any transmission is at your own risk so please take care before sending us any sensitive information in this way. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

In addition, the personal information you provide to us is only available to authorised personnel of the KMEC group who need access to the information in order to fulfil their duties. They will only process your personal information on our instructions and they shall be subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. 

Once we no longer require your personal information, we will take reasonable steps to destroy it in a secure manner. 

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) in order to develop our business methods and strategy or for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

We will typically retain your personal data so long as you (or your child, if you are a parent/guardian) are enrolled on one of our Tuition Programmes. We will also keep some of your data on file for a period afterwards (usually the duration of your academic cycle (ie for so long as you remain in education) or two years, if longer) in case you wish to re-enroll on a Tuition Programme or access your records (including your Contact, Identity, Profile, Education, Assessment and Attainment and Tuition Data). We will keep this under review and may periodically delete some of your personal data which we no longer require for the purposes set out in the table above. 

In some circumstances we may be entitled to retain your data for a longer period in order to respond to you questions or complaints, to demonstrate we treated you fairly, to maintain records according to rules which apply to us and/or where we are under a legal obligation to do so, for example in the event of a legal dispute. 

If you are under the age of 18 at the time of attending a Tutoring Programme, we may keep certain personal data relating to you until you reach the age of 24. This is because the period in which legal claims can be brought is longer for children than for adults. The type of information we would keep for this long for the purpose of establishing, exercising or defending legal claims will be limited, but would include your identity and contact data, together with attendance registers and accident records. 

We will also need to keep a record of your contact details if you have opted-out of receiving marketing communications from us to ensure we do not send these to you in future. 

We shall have no liability to you for any deletion of your personal data in accordance with our retention policy.

Your rights 

You have the following rights in respect of the personal data that we process about you (where we determine the purpose and means for which that personal data shall be processed):

• the right to request access to your personal data that we hold and to receive certain information relating to that data; 

• the right to ask us to rectify inaccurate data or to complete incomplete data;

• a right to receive or ask for your personal data to be transferred to a third party (note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you);

• the right to request the erasure of personal data where there is no good reason for us continuing to process it (note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request); 

• the right to object to how we process your personal data where we believe we have a legitimate interest in processing it (as explained above) (note that in some cases we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms);

• the right to restrict processing of your personal data in certain scenarios, for example if you want us to establish the accuracy of the data or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it (note that when processing is restricted, we are allowed to retain sufficient information about you to ensure that the restriction is respected in future; and

• where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. If you withdraw your consent, we may not be able to provide certain services to you. 

If you wish to make a subject access request please email us at ukandIreland@kipmcgrath.co.uk or write to us at the following address:

Designated Subject Access Request, Kip McGrath, Railway House, Bruton Way GL1 1DG. 

If you wish to exercise any of the other rights set out above, please contact us at ukandireland@kipmcgrath.co.uk 

We may ask you to verify your identity if you make a request to us to exercise any of the rights set out above. We may also contact you to ask you for further information in relation to your request to speed up our response. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

How to complain

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

Please let us know if you are unhappy with how we have used your personal information. You may contact us using our secure online contact form on our website 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance and we shall endeavour to resolve your complaint. 

Changes to your data

The KMEC group makes every effort to ensure information collected is accurate and up-to-date. We encourage you to help us by telling us promptly if you change your contact details. You have the right to question any information we hold about you that you think is wrong or incomplete. Please contact us if you want to do this. If you do, we will take reasonable steps to check its accuracy and correct it. 

We will also send reminders to you on a termly basis to check the information we hold about you and to remind you to update us of any changes to your personal data that you have provided to us.

This Privacy Policy was last updated in May 2018.