This statement is provided with the intention to comply with your right to be informed under the General Data Protection Regulation. We have also considered your rights under the Privacy and Electronic Communications Regulations.

Who is Roxinford Education Group?

Roxinford Education Group Ltd. is a provider of education services. We are a registered company in England, with company number: 626086. Our head office is at 103 -105 Greenford Road, London, HA1 3QF, United Kingdoms. You can email our Data Protection Officer at dpo@roxinford.com.

How we have collected data about you?

We may collect personal data from you when you:

  • use our products or services (i.e. booking a course);
  • use our website;
  • use of our e-Learning platform;
  • interact with us through social media, email, post, text or phone, or use one of our cookies.

In addition, we will also collect personal data from job applicants, employees, ex-employees, associates, members, contractors and temporary employees during their recruitment screening and throughout the tenure of their employment with us.

What data we may hold about you?

We will only collect data from you when if it is necessary for us to do so and we will only collect data that is relevent for the date processing activity. Below is a list of data which we may collect from you:

  • Identity Data such as your first name, last name, title, date of birth, gender, nationality, passport or ID number;
  • Contact Data such as your e-mail address, address, and telephone number; we may also keep the name, relationship and phone number for your next of kin for emergency contact;
  • Academic Data such as your academic qualifications and English language qualifications;
  • Visa Data such as passport expire date, visa expiry date, country of birth, place of birth;
  • Health Data such as your dietary and medical requirements
  • Financial Data such as your bank account details;
  • Transaction Data such as details of products and services you have obtained from us and payments made to/from us;
  • Technical Data such as your internet protocol (IP) address, login data, operating system and platform;
  • Marketing Data such as your marketing and communication preferences in receiving communications from us and our third parties, the technologies used, and any related correspondence;
  • Usage Data such as your use of our website, performance and other communication data;
  • Survey Data such as your comments and opinions provided in response to a survey.

In addition, we may collect the following additional groups of data with respect to job applicants, employees or ex-employees, contractors, and temporary employees:

  • Identity Data such as proof of your identity (e.g. passport, valid driving licence or birth certificate);
  • Contact Data such as information about your marital status, next of kin, dependants, personal and emergency contacts details to be used in the event of an emergency;
  • Recruitment Data such as details of your education, qualifications, occupation, work history, experience, referees, training and skills development; nationality, entitlement to work in the UK, criminal record (if your role requires this) and equal opportunities monitoring information;
  • Employment Data such as the terms and conditions of your employment, salary or fee payments, benefits, work patterns, NI number, attendance, holidays, sickness, disciplinary or grievance issues, medical or health conditions, disabilities (for which Roxinford Education Group needs to make reasonable adjustments); and information about your vehicle, driving licence, MOT and insurance documents if you drive on company business;
  • Performance Data such as performance reviews and ratings, performance development plans and related correspondence; and timesheet information;
  • Activity Data such as the websites our employees visit while using an company computer or company network, and the activity logs held within company systems and databases;
  • Communications Data such as the emails you send or receive via the company email system

Why are we able to process your data (lawful basis)?

  • Consent – you have given consent to us for the processing of your personal data for one or more specific purposes.
  • Contract – processing is necessary for the performance of a contract which you have entered with Roxinford Education Group. This could either be that we are provide a product or service to you, or to receive something from you. Examples include: employment contracts; and agreements for the provision of our products or services. We are also acting under the performance of contract if we collect or process your data for the purposes of entering into a contract, if you have expressed an interest in working with us.
  • Legal obligation – we may be legally obliged to process certain data about you, for example to maintain student data for immigration compliance. In some cases, we are obliged to share personal data with third parties, such as UKVI and HMRC.
  • Vital interests – processing is necessary to protect your vital interests. For example medical and dietary details.
  • Public task – processing is necessary to perform a task in the public interest with clear basis in law.
  • Legitimate interest – processing is necessary for the our legitimate interests, or the legitimate interests of a third party, as long as it does not conflict with your interests or fundamental rights and freedoms. We will always balance our legitimate interest with yours before using legitimate interest as lawful basis of processing your data.

Why are we processing your data?

Your personal data is used by us to support a range of different purposes and activities. These are listed in the table below together with the types of data used and the lawful base(s) we rely on when processing them, including where appropriate, our legitimate interests. Please be aware that we may process your personal data using more than one lawful basis, depending on the specific activity involved. Please contact us if you need details about the specific lawful basis we are relying on to process your personal data where more than one basis is set out below.

Purpose / Activity Lawful Basis
To provide the products and services you required

Contract

Legal obligation

Vital interests

Public task

Internal administrative purposes – such as our accounting and records

Contract

Legal obligation

Public task

To send marketing communications 

Legitimate interest

Consent

For statistical purposes such as analysing the performance of our product and services

Legitimate interest

To respond to your queries and to resolve complaints. Legitimate interest

Consent

To comply with applicable laws and regulations. Legal obligation

Public task

For job applicants, employees, ex-employees, contractors and temporary employees only:

Purpose / Activity Lawful Basis
To recruit the right people for our business, and manage their working relationship with us, including job role and responsibilities, salary or fee payments, progression, training, performance management and disciplinary or grievance procedures. Contract

Legal obligation

Legitimate interest

To recruit the right people on behalf of another business. Contract

Legal obligation

Legitimate interest

How are we keeping your data safe?

Roxinford Education Group takes security measures in line with data protection regulations. We have security measures in place designed to prevent data loss, to preserve data integrity, and to regulate access to the data. Most data are stored with reputable specialized cloud-based third-party database and data storage providers, with state of the art security and reliable and multiple secure backups. Only authorised Roxinford Education Group employees and contractors have access to your personal data. In addition, contracts are in place with such third-party service providers acting as data processors for Roxinford Education Group that have access to your personal data, to ensure that the level of security required in your jurisdiction is in place, and that your personal data is processed only as instructed by Roxinford Education Group.

How long do we keep your personal data?

Roxinford Education Group will keep your personal data for only as long as we need to or as required by law. The exact time period for which we retain your personal data will depend on the purpose of which the data was collected. If you have an account with us, then we will hold your data until you wish to cancel your account.

Who else may we share your personal data with?

We may disclose and share your personal data with the parties set out below:

  • The companies and divisions of Roxinford Education Group
  • Government agencies, their partners and other third parties to comply with our legal obligation or public interest responsibilities (such as UKVI, Ofqual, DfE, HMRC, Magistrates Courts, Employment Tribunals and Local Authorities)
  • Third-party vendors, business partners or other third parties that we use to support the operation of our business. For example, to: carry out criminal or credit checks; provide IT systems and software, internet access, website or hosting solutions; organise events or provide marketing and advertising services; provide training and development services; deliver employee benefits, run our payroll, and provide employee assistance;
  • Suppliers such as hotel, airline, academic and activity providers. Please note that these suppliers are independent data controllers and we encourage you to review the privacy notice of any third-party supplier whose products you purchase or booked through Roxinford Education Group. Suppliers may also contact you as necessary to obtain additional information about you in order to provide the required services.
  • Our professional advisers including auditors, lawyers, bankers and insurers who provide professional advice, accounting, banking, legal, insurance, and pension services, or to meet our audit responsibilities;
  • Where you have consented for us to do so.

We require all third parties who are processing data on our behalf to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

Where data is transferred outside of the EEA, we will take steps to ensure that appropriate measures and controls are in place to protect that data in accordance with relevant data protection laws and regulations. In each case, such transfers are made in accordance with the requirements of the General Data Protection Regulations or “GDPR”.

What are your rights?

You have the right to be informed of fair processing information with a view to transparency of data. This policy notice is intended to fulfil that right.

You have the right to access the information we hold. You should make such a request in writing to our Data Protection Officer using the above contact information. We shall provide the data within 1 month. In exceptional cases we may extend this to 3 months. You will be notified within 1 month when we believe this to be an exceptional case requiring a longer period of compliance. Where a request is manifestly unfounded or excessive we may charge a reasonable fee or refuse the request. In the event of a fee or refusal, you will be advised of this and your further rights relating to the fee or refusal.

You have the right to request the information we hold is rectified if it is inaccurate or incomplete. You should contact our Data Protection Officer using the above contact information and provide him with the details of any inaccurate or incomplete data. We will then ensure that this is amended within one month. We may, in complex cases, extend this period to two months.

You have the right to erasure in the form of deletion or removal of personal data where there is no compelling reason for its continued processing. We have the right to refuse to erase data where this is necessary in the right of freedom of expression and information, to comply with a legal obligation for the performance of a public interest task, exercise of an official authority, for public health purposes in the public interest, for archiving purposes in the public interest, scientific research, historical research, statistical purposes or the exercise or defence of legal claims. You will be advised of the grounds of our refusal should any such request be refused.

You have the right to restrict our processing of your data where you contest the accuracy of the data until the accuracy is verified. You have the right to restrict our processing of your data where you object to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your interests. You have the right to restrict our processing of your data when processing is unlawful and you oppose erasure and request restriction instead. You have the right to restrict our processing of your data where we no longer need the data and you require the data to establish, exercise or defend a legal claim. You will be advised when we lift a restriction on processing.

You have the right to data portability in that you may obtain and reuse your data for your own purposes across different services, from one IT environment to another in a safe and secure way, without hindrance to usability. The exact method will change from time to time. You will be informed of the mechanism that may be in place should you choose to exercise this right.

You have the right to object to the following:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • direct marketing (including profiling); and
  • processing for purposes of scientific/historical research and statistics

You have the right to withdraw your consent at any time.

You have the right to lodge a complaint with a supervisory authority such as the Information Commissioner’s Office or any other of our regulators or accreditors that may regulate or provide accreditations to us from time to time. We advise that you exhaust our internal complaints procedure prior to referring the matter to any supervisory, regulatory or accrediting body. A copy of our complaints process is available from our Data Protection Officer at the contact information above.