Skip to main content

Privacy Policy

  1. WEBSITE PRIVACY POLICY 

Introduction 

The Education Company Ltd is committed to protecting the privacy and security of visitors to our website. This policy explains how we collect, use, store, and protect personal information when individuals use our website or interact with us online. 

We process personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws 

 

Purpose 

This policy aims to: 

  • Explain what information we collect and how we use it 
  • Clarify the rights of individuals regarding their personal data 
  • Ensure transparency and compliance with UK data protection laws 
  • Promote trust and accountability in how we manage online information 

Scope 

This policy applies to: 

  • All visitors to The Education Company Ltd’s website 
  • All online interactions, including forms, subscriptions, and cookies 
  • Personal information collected through our website or related online services 

It does not cover employee data (which is governed by the company’s internal Privacy Policy) 

 

Information We Collect 

When you use our website, we may collect the following types of personal data: 

  • Contact information (e.g. name, email address, telephone number) 
  • Business details (e.g. job title, company name) 
  • Technical data (e.g. IP address, browser type, operating system) 
  • Usage data (e.g. pages visited, time spent on the website, referring website) 
  • Marketing preferences (where you have opted in to receive updates) 

We do not intentionally collect special category data (e.g. health information, religious beliefs) through our website. 

 

How We Use Personal Data 

We use personal data for the following purposes: 

  • To respond to enquiries and provide requested services 
  • To manage subscriptions to newsletters or marketing communications 
  • To analyse website usage and improve performance 
  • To maintain website security and prevent misuse 
  • To comply with legal or regulatory requirements 

 

Legal Basis for Processing 

We process personal data on the following legal bases: 

  • Consent – where you have opted in (e.g. to receive marketing emails) 
  • Contract – where processing is necessary to fulfil a service request 
  • Legitimate interests – for business purposes such as improving services, ensuring security, or communicating relevant updates 
  • Legal obligation – where we must process data to comply with UK law 

 

Cookies 

Our website uses cookies and similar technologies to: 

  • Improve website functionality and performance 
  • Analyse user behaviour for insights and improvements 
  • Remember user preferences 
  • Deliver relevant advertising where applicable 

Visitors can control or disable cookies through their browser settings. For more information, see our Cookie Policy. 

 

Sharing of Personal Data 

We will never sell personal data. We may share data with: 

  1. Service providers (e.g. IT support, analytics, email marketing platforms) 
  1. Legal or regulatory authorities where required by law 
  1. Business partners only where necessary to deliver requested services 

All third parties must comply with UK data protection laws and act only under our instructions. 

 

International Transfers 

Where personal data is transferred outside the UK, we ensure that: 

  • Adequate safeguards are in place (e.g. UK-approved Standard Contractual Clauses) 
  • The transfer complies with UK data protection legislation 

 

Data Retention 

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including: 

  • Responding to enquiries and providing services 
  • Meeting legal, accounting, or reporting requirements 

After this period, data will be securely deleted or anonymised. 

 

Data Security 

We take appropriate technical and organisational measures to protect personal data, including: 

  • Encryption of data where appropriate 
  • Secure servers and firewalls 
  • Regular monitoring and access controls 
  • Staff training on data protection and cybersecurity 

 

Your Rights 

Under UK GDPR, individuals have the right to: 

  • Access their personal data 
  • Request correction of inaccurate or incomplete data 
  • Request erasure of personal data where lawful 
  • Restrict or object to certain types of processing 
  • Request transfer of their data (data portability) 
  • Withdraw consent (where consent is the legal basis for processing) 

Requests can be made by contacting us at: [email protected]

If you are dissatisfied, you also have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk. 

 

Changes to This Policy 

We may update this policy from time to time to reflect changes in law, technology, or business practices. The latest version will always be available on our website 

 

Contact Us 

For questions or requests regarding this policy, please contact us: 

The Education Company Ltd 
Denne Court, Hengist Field, Borden, Sittingbourne, Kent, ME9 8LT 
Email: [email protected] 
Telephone: 01634 766920 

 

  1. COOKIE POLICY 

 

Introduction 

The Education Company Ltd uses cookies and similar technologies on its website to improve functionality, enhance user experience, and help us understand how our website is used. 

This policy explains what cookies are, how we use them, and the choices you have in managing them. 

 

Purpose 

This policy aims to: 

  • Provide clear information about the cookies we use and why 
  • Ensure transparency and compliance with the UK GDPR and Privacy and Electronic Communications Regulations (PECR) 
  • Help visitors make informed decisions about their cookie preferences 

 

What Are Cookies? 

Cookies are small text files that are stored on your device when you visit a website. They allow websites to recognise your device and store certain information about your preferences or actions. 

Cookies may be: 

  • Session cookies – temporary and deleted when you close your browser 
  • Persistent cookies – remain on your device until they expire or are deleted 

They can also be categorised as: 

  • First-party cookies – set by our website 
  • Third-party cookies – set by other websites/services (e.g. analytics or social media platforms) 

 

Types of Cookies We Use 

The Education Company Ltd uses the following categories of cookies: 

1. Strictly Necessary Cookies 

  • Essential for website functionality and security 
  • Enable you to navigate the website and use key features 
  • Cannot be disabled via our cookie settings, but can be blocked in your browser (which may affect functionality) 

2. Performance & Analytics Cookies 

  • Collect information about how visitors use our website (e.g. pages visited, errors encountered) 
  • Help us improve performance and usability 
  • Data is aggregated and anonymous 

3. Functionality Cookies 

  • Remember preferences such as language, location, or login details 
  • Provide a more personalised browsing experience 

4. Targeting & Advertising Cookies 

  • Used to deliver relevant advertising and measure its effectiveness 
  • May be set by third-party providers such as Google or social media platforms 

 

Managing Cookies 

When you visit our website for the first time, you will be presented with a cookie consent banner. This allows you to: 

  • Accept all cookies 
  • Reject non-essential cookies 
  • Manage preferences for different cookie categories 

You can also manage cookies at any time by adjusting your browser settings, including: 

  • Blocking all cookies 
  • Deleting cookies from your device 
  • Allowing only first-party cookies 

Please note: disabling certain cookies may affect website functionality or limit your experience. 

 

Third-Party Cookies 

Some cookies may be set by third parties providing services to our website, including: 

  • Google Analytics (to help us understand visitor behaviour) 
  • Social media platforms (e.g. LinkedIn, Twitter, Facebook plugins) 
  • Advertising networks 

We recommend reviewing the privacy and cookie policies of third-party providers for more details. 

 

Data Protection and Privacy 

Information collected through cookies may, in some cases, constitute personal data. Where this applies, we process such data in accordance with our Website Privacy Policy, which outlines your rights and how to exercise them. 

Changes to This Policy 

We may update this Cookie Policy from time to time to reflect changes in law, technology, or our practices. The latest version will always be available on our website. 

Contact Us 

If you have any questions about this Cookie Policy or how we use cookies, please contact: 

The Education Company Ltd 
Denne Court, Hengist Field, Borden, Sittingbourne, Kent, ME9 8LT 
Email: [email protected] 
Telephone: 01634 766920 

 

  1. BREACH RESPONSE POLICY 

Introduction 

The Education Company Ltd is committed to protecting the confidentiality, integrity, and availability of all personal and business information it holds. Despite preventative measures, data breaches and security incidents may occur. This policy sets out the process for detecting, reporting, and responding to such incidents, ensuring compliance with UK legislation and minimising potential harm to individuals, the company, and its stakeholders. 

 

Purpose 

This policy aims to: 

  • Ensure prompt identification, containment, and resolution of information security breaches 
  • Comply with legal and regulatory obligations, including reporting to the Information Commissioner’s Office (ICO) within 72 hours where required 
  • Protect the rights and freedoms of individuals affected by a breach 
  • Minimise reputational and financial damage to the company 
  • Support continuous improvement in information security and risk management 

 

Scope 

This policy applies to: 

  • All employees, contractors, agency staff, and third parties handling company information 
  • All information held in digital, cloud-based, or physical format 
  • All breaches involving personal data, commercially sensitive information, or IT systems 

Definitions 

  • Security Incident: Any event that may compromise the confidentiality, integrity, or availability of company information or systems. 
  • Data Breach: A security incident that results in the unauthorised access, disclosure, alteration, or loss of personal or sensitive information. 
  • Personal Data Breach: As defined under UK GDPR, a breach leading to the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of, or access to, personal data. 

 

Roles and Responsibilities 

Incident Response Team (IRT): Coordinates the breach response process. 

  • Board of Directors – Ensure resources and oversight for effective breach response. 
  • Technical Team (IT/Security) – Detect, contain, investigate, and remediate breaches. 
  • Administration Team – Manage personnel-related issues and ensure employee compliance. 
  • Board of Directors – Manage external communications, including required notifications to affected individuals. 
  • All Employees – Report suspected breaches immediately and cooperate fully with investigations. 

Incident Detection and Reporting 

  • All employees must report suspected or confirmed breaches immediately to the Technical Team or their line manager. 
  • The Technical Team is responsible for monitoring and analysing system logs, alerts, and reports to detect potential breaches. 
  • Failure to report a breach may be treated as misconduct under the company’s Disciplinary Policy. 

Incident Response Procedure 

The company maintains an Incident Response Plan which includes: 

  1. Identification & Validation – Confirm that a breach has occurred. 
  1. Containment – Prevent further data loss or unauthorised access and preserve evidence. 
  1. Assessment – Determine the scope, nature, and impact of the breach. 
  1. Notification – Report to the ICO within 72 hours if the breach is likely to risk the rights and freedoms of individuals; notify affected individuals promptly where required. 
  1. Remediation – Implement corrective measures to resolve vulnerabilities and mitigate harm. 
  1. Recovery – Restore systems and processes to normal operation. 
  1. Post-Incident Review – Analyse causes, evaluate response effectiveness, and implement improvements.
     

Communication and Notification 

  • Internal Communication – The Technical Team will coordinate communication across relevant teams and senior management. 
  • External Communication – Affected individuals will be notified without undue delay, where required, with clear information on the breach and steps they can take. 
  • Regulatory Notification – The ICO and, where applicable, other regulators will be informed in compliance with legal obligations. 

Post-Incident Analysis and Remediation 

Following a breach, the Incident Response Team will conduct a formal review to: 

  • Identify the root cause and contributing factors 
  • Assess the adequacy of the breach response 
  • Recommend and implement improvements to prevent recurrence 

Management will ensure that corrective actions are implemented promptly. 

 

Compliance and Enforcement 

  • Compliance with this policy is mandatory for all employees and third parties handling company information. 
  • Breaches of this policy may result in disciplinary action, up to and including dismissal, and may also lead to civil or criminal liability. 

Review and Updates 

This policy will be reviewed every 2 years or sooner if required by legal, operational, or regulatory changes.