1. Personal information we collect
Personal data and information means information about a person or entity that can be identified and does not include data where the identity as been removed (anonymous or anonimised data).
We collect, use, store and transfer different types of data about an individual or entity. This data can be grouped together into different classifications as follows:
- Identity Data – includes title, first name, maiden name, last name, username, company name, date of birth, sex (gender) and nationality
- Contact Data – includes billing address, postal address, email address, telephone numbers
- Financial Data – includes bank accounts or payment card details
- Transaction Data – includes details about payments you made to us, refunds we provided to you
- Technical Data – includes IP addresses you used to access our services, browser type, OS and Geographical location, timezone settings, browser plugins and versions, platform used and other technical information on the technology used on devices to access our services including our websites
- Profile Data – includes your username and password, application forms, reference ID, courses you have taken, educational history, future study plans, your interests, preferences, feedback and survey responses
- Usage Data – includes information on how you use our websites, online course materials, and any our services we provide to you
- Marketing and Communications Data – includes your preferences about receiving information from us, our third parties and your communication method preferences
We do not collect any data about an individuals religious or philosophical beliefs, sex life, sexual orientation, trade union membership, health or biometric data, criminal convictions, offences committed, or political opinions.
If you fail to provide personal data or decide to remove your consent for us to hold your personal data, we may not be able to perform the agreement we have together or are seeking to enter into together (for example, to provide an AAT course to you). In this case, we may have to cancel your studies with us, but we would notify you about this at the time.
2. How we collect this personal information
We use different methods to collect data.
- When you contact us directly: online (for example, by filling out our general contact and request more information forms, social media interactions) and by email (and by attaching documents), and by phone, and in writing
- When you enrol
- When you subscribe to a service or publication
- When you create an online learning account
- When you request marketing, accounting, AAT courses info and updates be sent to you
- When you complete a survey
- When you enter a competition or event signup
- When you give feedback
Additionally we may receive personal data about you from our third party service providers (see paragraph 4 below) and Contact Data from other publicly available sources (Companies House and the Electoral Register, both based within the UK).
3. The lawful basis for processing
We have set out below the purposes we have for using personal data:
To provide classroom based educational AAT courses, and online learning AAT courses
TYPE OF DATA: Identity, Contact, Financial, Transaction, Profile, Usage, Technical, Marketing and Communications
BASIS: Performance of a contract, Necessary for our legitimate interests (to provide services)
To enrol a student with McArthur Morgan
TYPE OF DATA: Identity, Contact, Profile
BASIS: Performance of a contract
To process enrolment including managing payments, or to recover money owed
TYPE OF DATA: Identity, Contact, Financial, Transaction, Marketing and Communications
BASIS: Performance of a contract, Necessary for our legitimate interests (to recover debts)
TYPE OF DATA: Identity, Contact, Profile, Usage, Marketing and Communications
BASIS: Performance of a contract, Legal compliance, GDPR compliance, Necessary for our legitimate interests (learn how we can improve how students use/access our services)
To troubleshooting, secure, test, analyse, maintain the system, support, report and maintain data, on all aspects of our IT including this website
TYPE OF DATA: Identity, Contact, Technical, Usage
BASIS: Necessary for our legitimate interests (to help prevent fraud, to run our business, IT security, To comply with legal obligations including GDPR
To deliver relevant online content, advertisements, promotions and understand their effectiveness
TYPE OF DATA: Identity, Contact, Profile, Usage, Marketing and Communications
BASIS: Necessary for our legitimate interests (to learn how our students and potential students access or are interested in our services, to develop and grow our business and to continually improve and make our courses relevant)
To use analytics to improve our services (including our websites), courses, online courses, student relationships with us and their experiences
TYPE OF DATA: Technical, Profile, Usage
BASIS: Necessary for our legitimate interests (to understand our student and company audiences so as to provide only relevant content, to improve the relevance of our business to them, and to improve the relevance of our business growth activities)
To make suggestions and recommendations about services and courses that may be relevant
TYPE OF DATA: Identity, Contact, Technical, Usage, Profile
BASIS: Necessary for our legitimate interests (to develop and grow our services, courses and business)
4. Sharing your information
We maintain a strict “No Spam” policy that means we do not intend to sell, rent, or otherwise give your e-mail address to a third-party without your consent unless we are required to do so by law. Your personal information will not be transferred outside of the European Economic Area (EEA).
In addition, McArthurMorgan will not send you e-mails that you have not agreed to receive. If you are a member of our Mailing List, you will be contacted with announcements, news, additions, and new products or services. You have the option of “Unsubscribing” from our Mailing List at any time, thereby disabling any further such e-mail communication from being sent to you.
We may share your personal data with the parties set out below for the purposes set out in paragraph 3.
- Service providers acting as processors based in England & Wales who provide IT and system administration and processing services including the following:
- Royal Mail
- Parcel Force
- Fed Ex
- Google (based outside the EU for analytics provision)
- Amazon AWS
- Sticky New Media
- Sticky Design & Digital
- United Hosting
- Campaign Monitor
- Professional advisers acting as processors or joint controllers including solicitors, bankers, auditors, HR advisers and insurers.
- HM Revenue & Customs, regulators and other authorities acting as processors or join controllers based in the UK who require reporting and processing activities.
We require all third parties to respect the security of your personal data in compliance with the law. We do not allow third party service providers to use your data for their own purposes but only in accordance with the purposes set out and with our instructions.
5. How we maintain your information
If you do not register for one of our courses we will delete your personal information within 1 year. If you become one of our students then your information will be kept within our system for the duration of the contract. Once your contract has ended we will archive your information hold it for a minimum of 6 years for tax and legal purposes. Twelve months later it will be permanently erased (anonymised).
To ensure that your information remains secure, McArthurMorgan uses appropriate precautions and has suitable security measures in place to keep the information you have disclosed to us secure.
McArthurMorgan reserves the right to transfer information in connection with the sale of all or part of McArthurMorgan to any third party, specifically for the purpose of maintaining any contractual obligations. Furthermore, we are not responsible for any breach of security or for any actions of any third parties that receive the information.
We have processes in place to help prevent you data becoming accidentally lost, used or accessed in an unauthorised way, altered or exposed. We limit access to those staff, tutors, third party contractors and others who have a legitimate task to perform and they themselves are subject to GDPR compliance and a duty of case.
In the event of any breach we will notify you and an appropriate regulator and comply with the law.
6. Controlling your personal information
In some circumstances you may choose to Request Erasure of your personal information. We will comply unless there is a legal reason whey we may not.
We will not provide your personal information to any third parties, except those set out in paragraph 4, unless we are required, by law, to do so.
You may request details of personal information which we hold about you by emailing us at firstname.lastname@example.org You will not have to pay a fee to access your personal data (or to exercise any other legal rights), however we reserve the right to charge a reasonable fee if we receive a request which is clearly unfounded, repetitive or excessive, or we may refuse to comply with your request under these conditions.
We may request specific information from you to help us validate your identity and ensure that you have the right to access the personal data you request. This is a security measure to help prevent fraud and identity theft. We may also contact you to request further information in relation to your request.
We try to respond swiftly to all valid and legitimate requests within 30 days. Occasionally it may take longer if your request if complex or if you have made multiple requests. In this case we will notify you.
If you believe that any information we are holding about you is incorrect or incomplete, please email us as soon as possible at email@example.com
7. International data transfers
We do not transfer your data outside of the EU.
Cookies are small pieces of data that are transferred to your computer through your Web browser from our Web Server. A cookie cannot read data from your computer or read cookie data that may have been created from other sites
You can choose whether to accept cookies by changing the settings of your browser. Typically, by accessing the browser’s help feature you can obtain information on how to prevent your browser from accepting all cookies or to notify you when a cookie is being sent. If you choose not to accept these cookies, your experience at our website and other websites may be diminished and some features may not work as intended.
9. Links to other websites