General
This policy explains what information we gather when you visit the NRCSE’s website, or enter into communication with us via other means, and explains how that information is used.
It is important for you to understand that the website provides links to other independent sites. This policy applies only to direct accesses to the NRCSE’s website. You will need to consult the appropriate information on other sites for information on their policies.
Changes to this statement
The NRCSE will occasionally update this privacy statement. When we do, we will also revise the ‘last updated’ date at the bottom of the statement.
Data collected
In common with most websites, this site automatically logs certain information about every request made (see below for more details). This information is used for system administration, for bug tracking, and for producing usage statistics. The logged information may be kept indefinitely.
Relevant subsets of this data may be passed to computer security teams as part of investigations of computer misuse involving this site or other computing equipment at the NRCSE. Data may be passed to the administrators of other computer systems to enable them to investigate problems over access to this site or of system mis-configurations. Data may incidentally be included in information passed to computer maintenance organisations working for the NRCSE, in which case it will be covered by appropriate non-disclosure agreements. Otherwise the logged information is not passed to any third party unless this is required by law. Summary statistics are extracted from this data and some of these may be made publicly available, but those that are do not include information from which individuals could be identified.
(You should appreciate that a log is a record of what a server sees, not necessarily what was initially sent. If a request is sent via a proxy the log file will show the proxy’s address. If someone has forged your address the log file will show your address.)
A number of online forms are provided on this site. The pages containing these forms include information on how data submitted on them will be processed and used.
Logged data
The following pieces of data are automatically logged for each request:
-
the name or network address of the computer making the request. Note that under some (but not all) circumstances it may be possible to infer from this the identity of the person making the request. Note also that the data recorded may be that of a web proxy rather than that of the originating client
-
the username, when known during authenticated (logged in) access to the site
-
the date and time of connection
-
the HTTPS request, which contains the identification of the document requested
-
the status code of the request (success or failure, for example)
-
the number of data bytes sent in response
-
the contents of the HTTPS referrer header supplied by the browser
-
the content of the HTTPS user-agent header supplied by the browser
-
logging of additional data may be enabled temporarily from time to time for specific purposes. In addition, the computers on which the website is hosted keep records of attempts (authorised and unauthorised) to use them for purposes other than access to the web server. This data typically includes the date and time of the attempt, the service to which access was attempted, the name or network address of the computer making the connection. It may include details of what was done or was attempted to be done.
Access to personal data
For the purpose of the GDPR, the ‘Data Controller’ for the processing of data collected by this site is the NRCSE, and the point of contact for subject access requests is Pascale Vassie.
At the NRCSE, we are committed to protecting your privacy. You can travel through most of our site without giving us any information about yourself. But sometimes we do need information to provide services that you request, and this statement of privacy explains data collection and use in those situations.
Links to other sites
This site may contain links to other websites on the Internet that are owned and operated by third parties. The information practices of those websites are not covered by this privacy policy, but by their own terms and policies, which you should read carefully. These other sites may send their own cookies to users collect data or solicit personal information. This privacy policy only applies to the www.supplementaryeducation.org.uk website. It is not intended to apply to other websites, which may have different privacy policies.
Collecting your personal information
We will ask you when we need information that personally identifies you (personal information) or allows us to contact you. Generally, this information is requested when you are asked to register to create a login account, or before sending an online feedback form or an online application form. When you provide your personal information, a profile is created. If you ever want to review or update your profile, simply visit the NRCSE’s website and edit your personal information. To enter the subscriber pages of the website you will enter your user ID and password. We will never ask you verbally to disclose your password so only you can access your profile. The NRCSE’s website assigns a personal identification number and sends it to your computer in the form of a small text file, called a ‘cookie’. The use of this cookie allows you to visit other password-restricted portions of the NRCSE’s website – for which you have security access – without having to sign in again.
Use of your personal information
We use your personal information for these primary purposes:
-
to register for a login account
-
to complete our feedback form
-
to complete our online application forms
- to respond to any message you send us
- to send email alerts to users who request them
- to allow access to NRCSE services and guidance
- to provide information about help and services if you want it
Control of your personal information
When you register, or otherwise give us personal information, the NRCSE will not share that information with third parties without your permission, unless we are legally obliged to do so. The NRCSE may send out periodic e-mails. You will be able to choose to unsubscribe from these mailings.
Access to your personal information
We will provide you with the means to ensure that your personal information is correct and current. You may review and update this information at any time on www.supplementaryeducation.org.uk by logging in and going to ‘My Account’ to view and edit the personal information you have already given us.
Security of your personal information
The NRCSE strictly protects the security of your personal information and your choices for its intended use. We carefully protect your data from loss, misuse, unauthorised access or disclosure, alteration or destruction. The website is on a secure server and encrypted for secure communication using HTTP Secure (https). Your personal information is never shared outside the NRCSE without your permission, except under conditions explained above. Inside the website’s database, data is stored in password-controlled servers with limited access. You also have a significant role in protecting your information. No one can see or edit your personal information without knowing your user ID and password, so do not share these with others.
Use of cookies
To ensure that we are publishing content that customers need and want, the NRCSE collects aggregated site-visitation statistics using cookies. When someone visits the site, a cookie is placed on the customer’s machine (if the customer accepts cookies) or is read if the customer has visited the site previously. If you choose to not have your browser accept cookies from the NRCSE’s website, you will need to re-enter your personal information each time that you attempt to access information.
We invite you to contact us if you have questions about our privacy policy. You may contact us by mail at the following address: nrc@nrcse.org.uk
Last updated: 25 May 2018
