Tutorfair Foundation Website Privacy Policy

1. Introduction

1.1.This is the privacy and cookies policy for the Tutorfair Foundation, operating across the domains www.tutorfair.com, foundation.tutorfair.com and on-demand.tutorfair.com (The Websites). The operation of these Websites is overseen by Tutorfair Foundation (we, us and our); we are a company limited by guarantee with a registered address at Suite 3B2, Northside House, Mount Pleasant, Cockfosters, Herts, EN4 9EB. Company Number is 8087597 and we are registered charity number 1157781.

1.2.The privacy policy should be read in conjunction with Tutorfair Ltd's Privacy Policy. Together they set out the basis on which any personal data which we collect from users, or that users provide to us, will be processed.

1.3.We are committed to protecting your privacy online. We appreciate that you do not want the personal information you provide to us distributed indiscriminately and here we explain how we collect information, what we do with it and what controls you have.

1.4.By using these Websites, you consent to the collection and processing of information in accordance with this privacy policy.

1.5.If you are providing personal information on behalf of someone else you need to obtain consent from the individual to do so.

1.6.We reserve the right to change this privacy policy from time to time by changing it on the Website. This privacy policy was last updated on 13 June 2018.

2. Information we may collect from you

2.1.We may collect and process the following personal information:

2.1.1."On-demand invitee data"
when as a school or partner to our On Demand service you provide contact details of potential beneficiaries, we will collect, name, email address, school year, class code (maths), predicted grades.

2.1.2."Registration Data"
when as a student you activate your on demand service or when you register as a volunteer tutor or when as a tutor on Tutorfair you sign up to volunteering, you create an account with the Foundation, we may collect your login and password details, name, mobile phone number, email address and address;

2.1.3."On Demand Impact assessment data"
when activating your Tutorfair On-Demand account we will collect data related to your ethnicity and gender, alongside your responses to our self-efficacy survey. We will collect answers to a second self-efficacy survey after your 5th tutorial. You are under no obligation to provide any such information. However, if you should choose to withhold requested information, we may not be able to provide you with certain services.

2.1.4."Message Content"
when you contact other users on the Websites those messages (and their replies) are stored including any attachments and flags, and are also visible to site administrators to ensure that the rules of the site are observed, and to assist in the event of a dispute;

2.1.5."Lesson Details"
when you arrange either paid for or voluntary tuition, we record details of all tutor session booking requests, cancellations, or other agreements made between you and other users;

2.1.6."Tutor Profile Details"
if you are a tutor, we may access your details on the Tutorfair website or you may add to your profile by completing forms on the Website, this information is saved, such as; photo, date of birth, academic history, education and work history, proof of qualifications, details of a proof of identity, whether you have a Disclosure and Barring Service certificate, its date etc., bank details (account number and sort code);

2.1.7."Service Correspondence"
when you communicate with us about the service, for example to report a problem or to submit queries, concerns or comments regarding the Website, whether by email, instant messaging or phone, these are saved;

2.1.8."User Generated Content"
information from surveys, promotions and competitions that we may, from time to time, run on the Website, if you choose to respond to, or participate in, them, or any material you upload or submit via the Website, or any requests for information, are saved;

2.1.9."Visitor Data"
when you are searching on the Website, or taking other actions on the Website these are saved, for example if you search tutors with an expertise in a particular area;

3. Additional information

3.1.When you visit the Website, we may automatically collect additional information about you, such as the type of internet browser or mobile device you use, any website from which you have come to the Website, your IP address (the unique address which identifies your device on the internet) and your operating system, which are automatically recognised by our web server. You cannot be identified from this information and it is only used to assist us in providing an effective service on the Website and to collect broad demographic information for aggregate use.

4. Uses made of your information

4.1.When the data you provide us is personally identifiable, we process it on two legal bases:

(a)Consent: you give clear consent for us to process your personal data for a specific purpose.

(b)Legitimate interest: the processing is necessary for your legitimate interests or the legitimate interests of a third party.

4.2.The purpose and legal basis for processing each of the categories of data in paragraph 2 is as follows:

4.2.1.On-demand invitee data is held by us as data processor for the party providing it, who is the data controller, and subject to a Data Processing Agreement which is set out in Appendix 2;

4.2.2.Registration Data is used to identify you when you sign-in to your account and:

4.2.2.1. to send you information we think you may find useful or which you have requested from us, including details of opportunities for tutoring and marketing communications such as our periodic email newsletter which you may opt out of at any time (consent);

4.2.2.2. is necessary to make arrangements with other users using your account (legitimate interest);

4.2.3.On Demand Impact assessment data is held by us for the purpose of measuring the social impact of our services, (legitimate interest); any such analysis will not identify any individual without their specific consent;

4.2.4.Message Content is held to enable you to communicate with other users to arrange or provide tuition, subject to the terms and conditions of the site, and to assist in resolving any disputes that may arise regarding these arrangements (legitimate interests);

4.2.5.Lesson Details are processed to enable us to provide a record of all bookings you make through the Website and provide you with the services and information offered through the Website which you request, to verify and carry out financial transactions in relation to payments you make online, and to assist in resolving any disputes (contract);

4.2.6.Tutor Profile Details enable you to offer your services as a tutor to be booked on our site and to safeguard the interests of students and partner organisations (legitimate interest);

4.2.7.Service Correspondence is processed to enable us to answer your questions and resolve issues you may have with the site or other users (consent);

4.2.8.User Generated Content is collected on the basis that you are prepared to share it with other users and the general public, and should not contain personally identifiable information (not personally identifiable);

4.2.9.Visitor Data is collected on the basis of consent to the cookie notice. This data is not personally identifying and is processed for the purpose of analysing the use of the Website and the people visiting in order to improve our content and services including research into our users’ demographics. We may use data on Website behaviour to infer your requirements of a tutor or your suitability as a tutor for different clients (not personally identifiable).

4.3.You can tell us not to contact you with information regarding our products and services either at the point such information is collected on the Website (by checking or the relevant option) or, where you do not wish us to continue to use your information in this way, by following the unsubscribe instructions on any communications sent to you. You can also exercise this right at any time by opting out on the "edit account" page, or by contacting us using the contacting us details at the end of this privacy policy.

5. Retention and Anonymisation

5.1.We will remove the personal information we hold about you, by anonymisation:

5.1.1.within 1 month if you request your personal data to be removed and you have not had any contact with other users, or as soon as practicable if your request is particularly complex;

5.1.2.15 months after the last activity on the account if you request your personal data to be removed and you have contacted other users who may have a legitimate interest to query the agreements or representations you have made;

5.1.3.2 years after uploading in the case of on demand invitee if you do not request it to be removed;

5.1.4.after 5 years of inactivity, if you do not request your data removed.

5.2.In anonymisation we remove any information that could allow us to identify you as an individual. This includes names, addresses, phone numbers, and email addresses, dates of birth, and bank details. We permanently delete all scans of documents, photos and DBS information on our databases and those of third party processors. Once anonymised, an account cannot be reactivated.

5.3.For the prevention of abuse and fraud we retain indefinitely some one-way encoded data which will show a match between new accounts and old accounts, but cannot be used to identify any individual in absence of attempting to set up a new account.

6. Cookies and similar technology

6.1.The Website uses cookies or similar technology to collect information about your access to and use of the Website. Details of the cookies we use, their purpose and duration are contained in the Appendix to this policy.

6.2.We also use iframes on the Website to embed certain third party content from YouTube and Jumio on certain pages of the Website. As a result, cookies from these third parties may be dropped on to your browser. Please refer to the relevant third party privacy policies for further information.

7. Information sharing

7.1.We may disclose aggregate statistics about visitors to the Websites, in order to describe our services to prospective partners and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.

7.2.We may disclose your personal information to any of our affiliates, or to our agents or contractors who assist us in providing the services we offer through the Website, processing transactions, fulfilling requests for information, receiving and sending communications, updating marketing lists, analysing data, providing support services or in other tasks from time to time. Our agents and contractors will only use your information to the extent necessary to perform their functions.

7.3.When you arrange tutoring with other users certain of your details (your name, the address specified for the lesson, your mobile phone number, and your DBS number) will be shared with the user you are contracting with.

7.4.When you volunteer as a tutor, information about the volunteering is passed to Tutorfair Ltd and may be added to your profile.

7.5.In the event that we undergo re-organisation or are sold to a third party, you agree that any personal information we hold about you may be transferred to that re-organised entity or third party.

7.6.We may disclose your personal information if legally entitled or required to do so (for example if required by law or by a Court order or if we believe that such action is necessary to prevent fraud or cyber crime or to protect the Website or the rights, property or personal safety of any person).

8. Public forums

The website may, from time to time, make comment sections, email messaging and/or other public forums available to its users. Any information that is disclosed in these areas becomes public information and you should exercise caution when using these and never disclose your personal information.

9. Child safety

Protecting the safety of children when they use the internet is very important to us. We have specific features in place to safeguard all users, especially those under 18, while engaging with other individuals via Tutorfair On-Demand. We recommend that children under the age of 18 do not use any other aspect of the Tutorfair websites. Further information can be found in our Child Protection Policy, available on request.

The Website contains links to external sites. If you follow a link to any third party website, note that they have their own privacy policies and that Tutorfair does not accept any responsibility or liability for their policies or processing of users’ personal information by such third parties.

11. Security

12.1.We place great importance on the security of all personally identifiable information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal information. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

12.2.You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via the Website whilst it is in transit over the internet and any such submission is at your own risk.

12.3.It is advisable to close your browser when you have finished your user session to help ensure others do not access your personal information if you use a shared computer or a computer in a public place.

12. Data storage and international transfers

12.1.Information that you submit via the Website is sent to and stored on secure servers located within the European Economic Area and managed by Amazon Web Services (Europe) cloud servers.

12.2.Information may be transferred for further processing inside or outside the EEA to third parties who have certified their compliance to GDPR or under a compliant Data Processing Agreement (DPA). By submitting information via the Website, you agree to this storing, processing and/or transfer.

12.3.If you use our services while you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.

13. Your rights

13.1.As mentioned above, you have a right to prevent the use of your personal information for direct marketing purposes.

13.2.You have a legal right under the Data Protection Act 1998 to a copy of all the personal information about you held by us. On request, we will provide you with a copy of this information subject to a fee not exceeding the prescribed fee permitted by law. You also have a right to correct any errors in that information.

13.3.You have a right to be forgotten and to have your personal data deleted, which you may exercise by contacting us using the contacting us details at the end of this privacy policy. If you exercise this right we will respond within 1 month, and will arrange anonymisation at the appropriate time as set out in paragraph 5.

14. Contacting us

Please submit any questions, concerns or comments you have about this privacy policy or any requests concerning your personal data by email to foundation@tutorfair.com or via the Contact Us page of the Website.

Appendix 1 - Policy on Cookies

1.Cookies are pieces of information that include a unique reference code that a website transfers to your device to store and sometimes track information about you. A number of cookies that we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the Website and will last for longer. The cookies mentioned below are those unique to the Tutorfair Foundation from the websites foundation.tutorfair.com and on-demand.tutorfair.com. Users interacting with tutorfair.com in any capacity should reference the Tutorfair privacy policy for the full list of cookies. We use cookies to:

1.1.We use cookies to:

1.1.1.remember that you have used the Website before. This means we can identify the number of unique visitors we receive and allows us to make sure that we have enough capacity for the number of users we get;

1.1.2.allow you to navigate the Website more quickly and easily;

1.1.3.remember your login session so you can move from one page to another within the Website;

1.1.4.store your preferences;

1.1.5.customise elements of the layout and/or content of the pages of the Website for you;

1.1.6.collect statistical information about how you use the Website so that we can improve the Website;

1.2.Some of the cookies used on our Website are set by us and some are set by third parties who are delivering services on our behalf.

1.2.1.Most computer and some mobile web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser. Please note however, that by blocking or deleting cookies you may not be able to take full advantage of the Website.

1.2.2.All cookies unique to the Tutorfair Foundation are listed in the table below.

2. The cookies we use are:

Cookie name Website Purpose Type and Duration
ss_cid foundation.tutorfair.com Identifies unique visitors and tracks a visitor’s sessions on a site 2 years
ss_cpvisit foundation.tutorfair.com Identifies unique visitors and tracks a visitor’s sessions on a site 2 years
ss_cvisit foundation.tutorfair.com Identifies unique visitors and tracks a visitor’s sessions on a site 30 mins
ss_cvr foundation.tutorfair.com Identifies unique visitors and tracks a visitor’s sessions on a site 2 years
ss_cvt foundation.tutorfair.com Identifies unique visitors and tracks a visitor’s sessions on a site 30 mins
rc_token on-demand.tutorfair.com To identify and continue your session for Tutorfair on-demand Expires at end of session
rc_uid on-demand.tutorfair.com To identify and continue your session for Tutorfair on-demand Expires at end of session

Appendix 2 - Data Processing Agreement for on demand invitees' data

1.This agreement
sets out the basis on which the Tutorfair Foundation holds data on invitees for the on demand service; the Data Provider remains the controller of the data and Tutorfair Foundation will process it under the conditions set out below.

2.The parties to this agreement are:

a. Tutorfair Foundation registered address: Suite 3B2, Northside House, Mount Pleasant, Cockfosters, Herts, EN4 9EB. company number:
charity number:
8087597
1157781
and,

b."the Data Provider"
___________________________________ of: ___________________________________
___________________________________
___________________________________

3.Scope of data
- the Data Provider provides data on invitees for the on demand service to the Tutorfair Foundation:

a.The data subjects include students nominated for invitation to the on demand service and members of staff at the school.

b.The data include name, email address, school name, school year and set and predicted grades.

c.The purpose of sharing this data is so that the data subjects can be invited to use the Foundation’s On Demand service and the service can be evaluated.

d.The processing required includes storage and other processing necessary: to invite the data subjects to register for the service; to provide customer and technical support for registration; to enable evaluation of the efficacy of the service; and to make any disclosures in accordance with the Agreement, as compelled by law.

e.When the invitees register for the on demand service they create an account with the Foundation under the control of the Foundation governed by the Foundation’s Privacy Policy.

4.Rights and obligations of the Data Provider

a.The Data Provider remains the data contoller of the data on invitees.

b.The Data Provider agrees they are legally entitled to provide the data for this purpose.

c.The Data Provider is responsible for accuracy and quality of the data.

5.Conditions of Processing - Tutorfair Foundation will process it on their behalf and subject to the following conditions:

a.Tutorfair Foundation will not process the data without written instructions from the Data Provider;

b.by this agreement the Data Provider gives written instructions to Tutorfair Foundation to process the data for the purpose of inviting the data subjects to benefit from on demand tuition;

c.Tutorfair Foundation will take all reasonable and relevant technical and organisation measures to ensure the security of data processing and protect the data from loss or unauthorised access;

d.Tutorfair Foundation will provide access to the Data Provider and any users they nominate to view their data and see the usage made of the on demand service by the data subjects;

e.Tutorfair Foundation will not disclose the data to any third parties apart from its employees acting under a duty of confidentiality or agents and sub-processors acting under a GDPR compliant Data Processing Agreement;

f.Tutorfair Foundation will provide reasonable assistance to the Data Provider in the event of any data breach in meeting their GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments;

g.Tutorfair Foundation will inform the Data Provider in the event of any data breach affecting the data; or any data subject requests;

h.Tutorfair Foundation will delete the data within 1 month if requested by the Data Provider, at any point until tuition has been commenced;

i.Tutorfair Foundation will delete / anonymise the data after 2 years without any further request by the Data Processor;

j.Tutorfair Foundation, subject to the confidentiality obligations in this agreement, will make available to the Data Provider, information regarding compliance with the obligations set forth in this DPA in the form of the third-party certifications and audits. The Data Provider may contact the Tutorfair Foundation to request an on-site audit of procedures relevant to the protection of Personal Data, but only to the extent required under applicable Data Protection Law. The Data Provider shall reimburse Tutorfair Foundation for any time expended for any such on-site audit at rates, which shall be made available upon request. Before any such on-site audit, the parties shall mutually agree upon the scope, timing, and duration of the audit, in addition to the reimbursement rate for which Data Provider will be responsible. All reimbursement rates shall be reasonable, taking into account the resources required. The Data Provider will promptly notify Tutorfair with information regarding any non-compliance discovered during the course of an audit, and Tutorfair Foundation will use commercially reasonable efforts to address any confirmed non-compliance.

k.Tutorfair Foundation will inform the Data Processor immediately if it is asked to do something infringing the GDPR or other relevant data protection law.

6.Sub-processors - the Data Provider agrees that Tutorfair Foundation may appoint sub-processors to process the data.

a.The Data Provider approves as sub-processors, Salesforce EMEA Ltd, AWS (Europe) Ltd and Tutorfair Ltd.

b.Tutorfair Foundation will ensure that all such processing is done subject to a Data Processing Agreement meeting the requirements of data protection law.

c.The Data Provider agrees that new sub-processors may be appointed by Tutorfair Foundation, provided that Data Provider has been notified in advance. Should the Data Provider have reasonable grounds to object to the new sub-processor, and Tutorfair Foundation is not reasonably able to change the processing proposed, then the on demand service will cease within 30 days.

d.Tutorfair Foundation will provide a list of sub-processors on request by email.

7.Agreed on behalf of the parties by:

Peter Kirby

Director, acting for Tutorfair Foundation
5 June 2018

name:

title:

______________________________

______________________________
acting for the Data Provider on ______________________________