Worcester Learning Zone Ltd (hereinafter referred to as "the Company") is committed to protecting the privacy and confidentiality of personal data entrusted to it. This Data Protection Policy outlines the principles and guidelines that the Company follows to ensure compliance with the applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) in the United Kingdom.
This policy applies to all personal data processed by the Company, regardless of the format or medium in which it is collected or stored. It encompasses personal data of employees, clients, customers, suppliers, and any other individuals whose data the Company processes.
The Company adheres to the following principles when processing personal data:
Personal data is processed lawfully, fairly, and in a transparent manner. Individuals are provided with information about the processing of their personal data in a clear and concise manner.
Personal data is collected for specified, explicit, and legitimate purposes. It is not further processed in a manner incompatible with those purposes.
The Company ensures that personal data processed is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
Reasonable steps are taken to ensure that personal data is accurate, complete, and up to date. Inaccurate or incomplete data is rectified or erased without undue delay.
Personal data is kept in a form that permits identification of individuals for no longer than necessary for the purposes for which it is processed. The Company establishes retention periods based on legal requirements and business needs.
Appropriate technical and organisational measures are implemented to ensure the security of personal data and to protect it against unauthorised or unlawful processing, accidental loss, destruction, or damage.
The Company is responsible for complying with the principles of data protection and demonstrates compliance by maintaining documentation of processing activities and implementing appropriate policies and procedures.
The Company, as the data controller, is responsible for determining the purposes and means of processing personal data and ensuring compliance with data protection laws.
The Company has appointed a Data Protection Officer to oversee data protection matters and act as a point of contact for individuals and regulatory authorities.
All employees have a responsibility to handle personal data in accordance with this policy and to report any data protection concerns to the DPO.
Personal data is processed based on one of the lawful bases outlined in the GDPR, such as the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, or legitimate interests pursued by the Company.
The Company respects the rights of data subjects, including the right to access, rectify, erase, restrict processing, object to processing, and data portability. Requests from data subjects regarding their rights are handled promptly and in compliance with the law.
When transferring personal data to third parties or outside the European Economic Area (EEA), appropriate safeguards are implemented to ensure an adequate level of protection for the data.
In the event of a personal data breach, the Company follows a predefined incident response plan, which includes assessing the risk to individuals, notifying the appropriate supervisory authority, and communicating with affected individuals when necessary.
The Company provides regular training to employees to raise awareness of data protection laws, this policy, and the importance of data protection. Training includes guidance on handling personal data, recognising data protection risks, and reporting incidents or concerns.
This Data Protection Policy is regularly reviewed to ensure its ongoing relevance and compliance with legal and regulatory requirements. Any updates or revisions to the policy are communicated to employees and made available to relevant stakeholders.
For inquiries or concerns about this Data Protection Policy or the Company's data protection practices, please contact the Data Protection Officer at the following address:
Data Protection Officer
Worcester Learning Zone Ltd
6 Sansome Lodge,
Sansome Walk,
Worcester,
WR1 1LH
Email: dpo@wlz-tutors.co.uk
Phone: 01905 780480
Signed: Natasha Stolt - Director, Co-owner
Policy last reviewed 2023-06-15
Policy next review 2026-10-01