This document outlines how Roots Tutor complies with the new European General Data Protection Regulation (GDPR).The parties acknowledge that for the purposes of the Data Protection Legislation, the Client and teacher’s is the data controller and the Company is the data processor (where Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation).

Privacy and GDPR policy

The Company shall, in relation to any Personal Data (as defined in the Data Protection Legislation) processed in connection with the performance by the Company of its obligations under this agreement:

1. process that Personal Data only on the written instructions of the Client for the purposes of carrying out a tutor search in accordance with the terms of this agreement unless the Agent is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Agent to process Personal Data (Applicable Laws). Where the Agent is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, the Agent shall promptly notify the Client of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Agent from so notifying the Client;

2. ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);

3. ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential;

4. assist the Client in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

5. notify the Client without undue delay on becoming aware of a Personal Data breach;

6. at the written direction of the Client, delete or return Personal Data and copies thereof to the Client on termination of the agreement unless required by Applicable Law to store the Personal Data.

1.Obtaining and processing information fairly

1. We obtain information about our teachers and clients by asking them to provide the minimum amount of private details that we will need to deal with their enquiries and to allow contact between the client and teacher

This means we ask for their:

• name

• email address

• telephone number

• Personal identification documents

• Photographic ID

• home address

• hourly rate information

• List tutoring subjects available

• Enhanced DBS certificate

• profile picture

• degree certificate and or post graduate certificate

1. Keeping information only for one or more specified, explicit and lawful purposes

For the purposes of our e commerce site we keep the personal information provided by our clients and teachers solely for the purposes of allowing maintaining initial contact between parties to allow them to work on a freelance basis..

We provide the following details to our clients:- Teacher name

Telephone number Email address

Roots Tutor take the privacy of all its clients and teachers very seriously and never share documents, contract details or home address details with either parties when exchanging details.

2.Sharing your Information.

We treat your Data with strict confidentiality in accordance with applicable law. However, we may reveal your Data or other information about you to unaffiliated third parties: (1) if you request or authorise it; (2) if the information is provided to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas (provided that we will notify you of any such communication of your Data to the extent legally permissible), to enforce our Terms of Service or other agreements, or to protect our rights, property or safety or the rights, property or safety of our users or others; a.) if the disclosure is done as part of a purchase, transfer or sale of services or assets (e.g., in the event that substantially all of our assets are acquired by another party, your Data may be one of the transferred assets) b.) if the information is provided to our agents, outside vendors or service providers to perform functions on our behalf (e.g., analyzing data, providing customer service, processing orders, etc.); or c.) as otherwise described in this. We will only share your Data with a third-party if such third-party is obligated to protect your Data to the same extent we protect it under the terms of this Privacy Policy. We will never sell or rent your Data to third parties or augment, extend or combine your Data with data received from third party sources.

Your Data will never be publicly displayed in any way by Roots Tutor or any person or entity acting on The company’s behalf. Using and disclosing information only in ways compatible with these purposes .We only use the information provided by our clients and teachers solely to -a.) allow both parties to maintain initial contact and to conduct business between them on defined projects. We do not engage in direct sales or marketing.

We respect the confidentiality of our clients and teachers and do not disclose either parties information to anyone without the completion of a privacy consent form on both sides.

3.Keeping information safe and secure

General security: when working on a project with a client, various documents are generated. These can include:

• emails

• letters

• invoices

We take all reasonable steps to protect the security of clients’ personal information and documents on our computers and devices by:

• working from a secure premises

• working on a computers, smart phones and tablet devices that have secure passwords

• running up-to-date software, including anti-virus and malware protection software

• erasing all information from all old devices before disposing of them

Also, please note that our website links to other websites, which will have their own privacy policies.

4.Ensuring that information is adequate, relevant and not excessive

Roots Tutor obtain and keep the minimum amount of personal details about their clients and teachers. Teacher me only seek the contact details and documents relevant to the completion of defined teaching projects.

5.Retaining information for no longer than is necessary for the purpose or purposes

We keep all documents relating to our clients’ business (see first bullet list in point 4) for at least three years. This is because we may need them for reference purposes or in case a dispute should arise over a completed project. After this period, we delete such documents.

We are obliged by HMRC to keep relevant records of business transactions (invoices, receipts, etc.) for six years, for auditing purposes. If we do not conduct any further business with clients beyond this time frame, we will delete all emails and other documents relating to our work together.

​

6.Giving a copy of their personal data to individuals, on request

It is the right of our clients to know what information we hold about them in our general records and

/or to request a copy of that information. All such requests will be dealt with promptly and in accordance with the current European Data Protection Legislation. If you wish to see the information we have on you, please contact us: sarah@rootstutor.com

If you have any further queries about this privacy policy, please contact us.

This policy has been drawn up on the basis of legislation, policy and guidance that seeks to protect children in the United Kingdom. A summary of the key legislation is available from nspcc.org.uk/learning.

We believe that:

• children and young people should never experience abuse of any kind

• safeguarding and the protection and welfare of children and young people is the responsibility of all.

We recognise that:

• the welfare of children is paramount in all the work we do and in all the decisions we take

• all children, regardless of age, disability, gender reassignment, race, religion or belief, sex, or sexual orientation have an equal right to protection from all types of harm or abuse

• some children are additionally vulnerable because of the impact of previous experiences, their level of dependency, communication needs or other issues

• working in partnership with children, young people, their parents, carers and other agencies is essential in promoting young people’s welfare.

• ​

We will seek to keep children and young people safe by:

General:

• making sure that children, young people and their families know where to go for help if they have a concern

• ensuring that any concerns are escalated to the appropriate authorities

• valuing, listening to and respecting children

• appointing a nominated child protection lead for children

• adopting child protection and safeguarding best practice through our policies, procedures and code of conduct for employees

• developing and implementing an effective online safety policy and related procedures