GDPR Data Controller and Data Processor
In European data protection law (GDPR), a Data Controller is the entity that collects your information and makes decisions on how it is used. A good example of this is school which is the Data Controller for information regarding its students. A Data Processor is a 3rd party that performs duties on behalf of the Data Controller. A good example of this is a payment processor that might process school fee payments from parents on behalf of the school.
Where we act as a Data Processor, our activities will be strictly limited to what we’re asked to do by the Data Controller. Typically, this would include activities such as onboarding new customers and helping to convert their existing data, as well as providing remote support.
What personal data do we collect and why?
In short: We will collect the minimum amount of personal data required to fulfil our obligations to you and our customers.
Depending on the nature of your relationship with us, the types of personal data which Education Horizons collects will typically include information such as an individual’s name, phone number, email address, postal address, nationality, educational qualifications, date of birth, and job title.
If you apply for a job with us, then in addition you will typically provide your employment history and any such information that might appear on your CV / application. Employees will also be expected to provide reference information, financial information such as bank details and tax identifiers, and sensitive information such as criminal record history, race or ethnicity and health information.
If you are a myEdOnline customer, then the following personal information is automatically collected as part of the integration with SEQTA for staff and students: First name, surname, preferred name, salutation and email address.
Personal data will be collected by Education Horizons for a variety of reasons, including when an individual:
- requests to download a document, product trial or video from Education Horizons;
- makes an enquiry through our website or online enquiry service;
- lodges a support request regarding an Education Horizons product or service;
- subscribes for a newsletter;
- attends, or registers to attend, a seminar or other event (such as a webinar or training event);
- enters a competition;
- applies for or enters employment with us, including short term or consulting work; or
- otherwise interacts with any entity within Education Horizons.
If you have a significant role at an established international school then your contact details may have been passed to us from a market intelligence partner such as ISC Research. If you have any questions on this, please reach out to our Privacy Officer who’s details can be found in the ‘Contact Us’ section below.
We will also handle large datasets from customers as part of the onboarding process when they adopt one of our products. Such datasets are always transferred safely using our secure data transfer system which has strict retention policies and full auditing capability.
How do we use your personal data?
In short: We process your information for many purposes such as providing products and services to our customers.
Education Horizons will use your personal data for a variety of purposes. Typically, these purposes include:
- administering and providing our products and services to you and your organisation;
- sending customers informational notifications and alerts;
- responding to enquiries;
- marketing Education Horizons products and services;
- hiring and managing employees and contractors;
- managing training and events;
- evaluating and improving Education Horizons products and services.
We will only use sensitive information we collect from our staff to help with employment processes such as recruitment, sickness management, equal opportunities reporting, disciplinary proceedings, or making reasonable adjustments in the workplace.
GDPR – Lawful basis
Put simply, under the GDPR, a company must have a valid lawful basis wherever they process personal data. This means that for each processing activity, the company must determine at least one lawful basis to use.
At Education Horizons, we typically rely on one of the following lawful bases:
- Legitimate interests: where the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
- Contract: where the processing is necessary for a contract a company has with an individual, or because they have asked the company to take specific steps before entering into a contract
- Legal obligation: where the processing is necessary for a company to comply with the law
- Vital interests: where the processing is necessary to protect someone’s life
- Consent: where the individual has given clear consent for a company to process their personal data for a specific purpose. Note that consent is only used in limited circumstances and you have the right withdraw your consent at any time.
We will send marketing emails to you where we believe they will be of interest and you haven’t previously opted-out. You can opt-out at any time.
If you no longer wish to receive any communications, please follow the unsubscribe link contained in the relevant electronic communication, or our Privacy Officer at firstname.lastname@example.org.
Who do we disclose your personal data to?
In short: We may share your information amongst Education Horizons entities for the purposes outlined above. We also make use of Cloud Services. Where information is shared outside of your country, we will ensure adequate safeguards are in place to remain compliant with data protection law.
Personal data which is collected by one department or team of Education Horizons may be used by and disclosed to other areas of Education Horizons (including to majority shareholder Potentia Capital Pty Ltd), for the purposes described in this policy.
As Education Horizons is an international group of companies, some information (for example, lead prospects, employee or candidate information) may be transferred outside of the source country, for example from Australia to the UK and vice-versa. Education Horizons has data sharing agreements in place, and has a comprehensive security program to ensure that all information is kept confidential and secure.
Education Horizons uses cloud services such as Amazon Web Services and Microsoft to store and process personal data. Sometimes this information may be stored outside of your home country. Where we use cloud services, we will ensure that we maintain effective control of your information at all times and ensure that we can enforce the relevant data protection law.
Where we transfer personal data outside of the source country, we will ensure that we have the necessary safeguards in place to protect your information. Occasionally, we may rely on your consent to use Cloud Services, and when its required your consent will be opt-in and freely given.
As well as cloud service providers, Education Horizons make use of other companies and services to help us operate our business. Collectively, we refer to these companies and cloud service providers as sub-processors. From time-to-time we will change sub-processors may be required to let you know. When we do, we will contact you via email detailing the change.
The key cloud-based services and other sub-processors that Education Horizons uses to process personal data can be found here
Education Horizons will not disclose personal data to third parties for marketing purposes without the relevant individual’s consent.
Under no circumstances will Education Horizons sell (or otherwise receive payment for licensing or disclosure of) your personal data.
The myEdOnline product is designed to foster communities of practice within the Education industry. A teacher’s personal data, for example their name and photo, will be visible to other users of myEdOnline if they decide to share content outside of their organisation.
Website Data Collection
When you visit an Education Horizons website or use a product or service hosted by Education Horizons, the following information will normally be collected about you:
- the unique identifier from an Education Horizons cookie (necessary cookies only unless others are consented to);
- the date and time of your visit;
- the pages, documents and files you requested and when;
- the address of the resource which provided the link followed, if any, to an Education Horizons website;
- the type of browser and, in some cases, the operating system used.
If you later decide to register with us, the above information will be matched with your registered information to enable a more personalised profile. This information is only available to a limited number of Education Horizons staff.
Google Analytics and Web Beacons
Another tool we use to help us improve our sites and understand how they are used is Google Analytics. For more information on how Google Analytics collects and processes data, please see https://policies.google.com/technologies/partner-sites.
You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, available here: https://tools.google.com/dlpage/gaoptout.
We also sometimes use ‘web beacons’. Web beacons are tiny transparent graphical images, that are sometimes embedded in our notification and marketing emails. They allow us to understand when an email has been opened and help us gauge the effectiveness of our customer communications. You can block web beacons by preventing pictures from automatically downloading in your email client. This is normally found in the settings.
At Education Horizons, we are committed to only keeping personal data for as long as is necessary. Once data has come to the end of its useful purpose or lawful retention period, we will securely erase or anonymise the data.
Anonymity and pseudonymity
When you interact with us, you have the option of not identifying yourself (anonymity; or being anonymous), as well as the option to use a false name (a pseudonym). We are happy to help you unless its impractical to do so without knowing who you really are. We also will have to identify you if the law or a court order requires us to.
Can I correct and have access to my personal data?
Education Horizons takes reasonable steps to ensure that the personal data it stores is accurate, complete and up to date. You have the right to ask us to correct your information, which we will happily facilitate at no cost to yourself.
You also have the right to request access to your personal data held by Education Horizons. We will aim to provide you with an appropriate means of accessing your data, normally by a secure email or registered post. In some jurisdictions such as Australia, we reserve the right to charge reasonable costs in providing the requested information to you. However, we will not charge for simply making the request.
Sometimes it’s not possible to give you access to the personal data we hold. An example of where this might happen is where granting access may impact the privacy of others or if the information may cause significant harm or distress. We will give you written reasons for any refusal.
Your rights under GDPR
UK & EU residents have the following additional rights:
- The right to be informed – that’s why we have this document. We will also provide you information at the point that we collect data from you.
- The right to rectification – You are able to ask us to correct your data, as per the section above.
- The right to erasure – You have the right to ask us to delete your data under certain circumstances, unless we have a valid and lawful reason to keep it.
- The right to restrict processing – You are able to ask us to limit any further use of your data
- The right to data portability – You have the right to ask us to provide you with access to your data in a common, machine readable format such as a CSV file.
- The right to object – You can object to us processing your data if you wish, for example if you don’t want your information to be used for direct marketing.
To exercise any of these rights, please contact our Privacy Officer at email@example.com.
Our main offices are in Australia and the UK. We do have customers globally, and if you would like to talk to us about compliance or your rights under any other jurisdiction, please get in contact with firstname.lastname@example.org.
Education Horizons has a Privacy Officer who oversees company activities to ensure that personal data is handled lawfully and in line with legal obligations wherever we operate. You can contact the Privacy Officer using the details below.
- By Post: Education Horizons Ltd, Suite 1.01, 109 Burwood Rd, Hawthorn, VIC, 3122, Australia
- By telephone: (03) 8594 3400 (Monday to Friday, 8.30am to 4.30pm AEST)
- By email: email@example.com
Education Horizons also has a representative in Europe who can be contacted directly at firstname.lastname@example.org.
To make a complaint in regards to privacy, we would urge you in the first instance to always contact our Privacy Officer at email@example.com. If you have spoken to us but would still like to take the matter further, then you have the right to make a complaint to the relevant supervisory authority, as per the below:
- Australia: Office of the Australian Information Commissioner (OAIC)
- Website: https://www.oaic.gov.au/privacy/privacy-complaints/
- Phone: 1300 363 992
- UK: Information Commissioner’s Office (ICO)
- Website: https://ico.org.uk/make-a-complaint/
- Phone: 0303 123 1113
Changes to this notice
This notice was last updated on 8th February 2022.