stem4 (“stem4” or “we” or “us” or “our“) is a charity registered in England and Wales under registered charity number 1144506 and have our registered office at 51 St George’s Road, Wimbledon, London SW19 4EA, UK. We are responsible for your personal information and we take our data protection and privacy responsibilities seriously.
This privacy notice explains how we collect, use and share personal information, including:
- What personal information we collect and when and why we use it.
- How we share personal information with our service providers, regulators and other third parties
- Explaining more about Profiling
- Transferring personal information globally
- How we protect and store personal information
- Legal rights available to help manage your privacy
- How you can contact us for more support
We may amend this privacy notice from time to time to keep it up to date with legal requirements and the way we operate our business, and will place any updates on this webpage. This privacy notice was last updated on 14th May 2018. Please regularly check these pages for the latest version of this notice. If we make fundamental changes to this privacy notice, we will seek to inform you by notice on our website or email.
Third Party Websites
You might find external links to third party websites on our website. This privacy notice does not apply to your use of a third party site.
WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT
When we collect information
We collect information about you if you register with our website (“Website“).
Personal information we collect and use if you use our website
In order to access certain material on our Website, you may be asked to register for a username and password, and may be asked to provide the following personal data to us:
- your name;
- your email address;
- the name of your school;
- your school’s address; and
- the type of school you attend.
In addition, we may collect certain data in relation to your use of our Website and materials through the following third party sources:
- where you pay for access to certain materials on our Website, the third party payment provider PayPal;
- Google Analytics.
Legal basis for using your personal information
We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. This may be because:
- we need to use your personal information to register your access to certain materials we provide on our Website. For example, we use the information provided by our third party payment provider to confirm payment has been made for your registration; and/or
- we use your personal information on an anonymised basis to for research, and to make the website easier to use, and to ensure you are directed to the resources in the country in which you are accessing the Website.
In all such cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in our Legal Rights section and Annex (both below).
SHARING PERSONAL INFORMATION OTHERS
We share your personal information in the manner and for the purposes described below:
- with third parties who help manage our organisation and deliver services. These third parties have agreed to confidentiality restrictions and use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us. These include IT service providers who help manage our IT and back office systems;
- with government organisations and agencies, law enforcement, regulators, which may include the Information Commissioner’s Office, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies;
- with financial institutions and PayPal to authorize and complete payments; and
- we may share in aggregate, statistical form, non‑personal information regarding the visitors to our website, traffic patterns, and website usage with our partners, affiliates or advertisers.
If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or assets.
We do not sell or pass your Personal Information to third parties for their own marketing purposes.
EXPLAINING MORE ABOUT PROFILING
How you can manage your preferences
To protect privacy rights and to ensure you have control over how we manage our communications with you:
- we will take steps to only send you communications which we believe may be of interest or relevance to you;
- at any time you can update or correct your personal profile, or change your preferences for the way in which you would like us to communicate with you, including how you receive news updates from us;
- if you have a user account with us, the easiest way to change your personal details is to log onto your account. You can also click the “unsubscribe” link that you find on any online newsletters you receive or contact us by email at firstname.lastname@example.org ;
- you can change the way your browser manages cookies by following the settings on your browser as explained above.
We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.
When and how we undertake profiling and analytics
We will monitor the country from which you access the Website so that we can direct you to the appropriate resources available within that country. For more information about the cookies that we use as part of this monitoring, please see our cookies policy
HOW WE PROTECT AND STORE YOUR INFORMATION
We have implemented and maintain appropriate technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.
Measures we take include:
- placing confidentiality requirements on our staff members and service providers;
- destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected;
- following strict security procedures in the storage and disclosure of your personal information to prevent unauthorised access to it; and
- using secure communication transmission software (known as “secure sockets layer” or “SSL”) that encrypts all information you input on our website before it is sent to us. SSL is an industry standard encryption protocol and this ensure that the information is reasonably protected against unauthorized interception.
As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect usernames and passwords, please take appropriate measures to protect this information.
Storing your personal information
We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy notice. Where your information is no longer needed, we will ensure that it is disposed of in a secure manner. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements. We retain such information for a period of 7 years.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
A cookie is a small text file containing small amounts of information which is downloaded to or stored on your computer (or other internet enabled devices, such as a smartphone or tablet) when you visit a website.
LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. Click on the links below to learn more about each right you may have:
- To access personal information
- To rectify / erase personal information
- To restrict the processing of your personal information
- To transfer your personal information
- To object to the processing of personal information
- To obtain a copy of personal information safeguards used for transfers outside your jurisdiction
- To lodge a complaint with your local supervisory authority
If you wish to access any of the above mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us by email at email@example.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to access personal information
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
Right to rectify or erase personal information
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.
You can also request that we erase your personal information in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object (see right to object [insert link]); or
- it has been processed unlawfully; or
- to comply with a legal obligation to which we are subject.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims;
Right to restrict the processing of your personal information
You can ask us to restrict your personal information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where:
- we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
Right to transfer your personal information
You can ask us to provide your personal information to you in a structured, commonly used, machine‑readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
Right to object to the processing of your personal information
You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
We may redact data transfer agreements to protect commercial terms.
Right to lodge a complaint with your local supervisory authority
You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
The primary point of contact for all issues arising from this privacy notice is our Data Protection Officer. The Data Protection Officer can be contacted by email at firstname.lastname@example.org
If you have any questions, concerns or complaints regarding our compliance with this privacy notice, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact our Data Protection Officer or email us at email@example.com. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.
To contact your data protection supervisory authority
You have a right to lodge a complaint with your local data protection supervisory authority (ie your place of habitual residence, place or work or place of alleged infringement), which in the UK is the Information Commissioner’s Office at any time. We ask that you please attempt to resolve any issues with us before your local supervisory authority.
Issue Date of Privacy Notice: 14th May 2018