OOSA may change this policy by updating this page. You should check this page regularly to ensure that you are happy with any changes, and each time before you submit your personal information.
What information do we collect?
You may browse the Out of School Alliance website without telling us who you are or revealing any personal data. The only information we gather during general browsing is from standard server logs. These include your IP address, domain name, browser type, operating system, and information such as the web site that referred you to us, the files you downloaded, the pages you visit, and the dates/times of those visits. This information is not used to develop a personal profile of you and is only recorded for the purpose of statistical analysis and to monitor website security. The log files are regularly purged.
You may however choose to provide us with your personal data, for example, if you register for a newsletter, subscribe to our member services, order a product from our shop, complete a survey or request information. In circumstances such as these we will collect personal data from you to help process this request. You may be asked for:
- occupational details
- contact information including email address
- demographic information such as postcode, preferences and interests
- other information relevant to customer surveys and/or offers
- payment details (such as debit or credit card details) if purchasing a product.
What do we use personal data for?
OOSA will use personal data collected through its website, through order forms, or through email or telephone conversations with you, to answer enquiries and / or provide materials / services as requested.
If you opt in to receive our newsletter and other occasional mailings, we will send the newsletter to you every month. (You can unsubscribe at any time.) Our occasional mailings will relate to new products, special offers or other information which is immediately relevant to our membership.
We will never sell your data to a third party.
Lawful basis for processing your personal data
Under GDPR, our lawful basis for processing your personal data when you make a purchase from us or join us as a member or make an enquiry, is performance of a contract with you.
Our lawful basis for processing any personal data that we collect as a result of a survey or competition is that it is necessary for our legitimate interests as a business (eg to survey how our customers or members use our services or to develop new products or services).
Our lawful basis for using log file and tracking data collected from our website, including via cookies, is that this is necessary for our legitimate interests as a business (ie to help keep our website up to date and secure, to improve the visitor experience on our website, and to develop our business and marketing strategy).
How long do we keep your personal data for?
This means that we keep your membership account details for as long as you are member of the Out of School Alliance and for up to five years afterwards. We then keep a simplified record of the dates of your membership with us on an ongoing basis.
Who do we share your personal data with?
We will only disclose personal data to government bodies and law enforcement agencies as required by law, successors in title to our business and suppliers whom we engage to process data on our behalf.
We use RomanCart to manage our online ordering system, and SagePay to process online card purchases; both of these organisations are based in the EEA and are GDPR compliant. Our website and mail servers are hosted by MediaTemple, and our mailshots are managed by MailChimp, both of which are located in the USA and are compliant with the equivalent US regulation known as the EU-US Privacy Shield Framework.
Where we have a partnership arrangement with another organisation to offer special deals to our members, these organisations sometimes need to verify that someone claiming a discount or special deal is a current OOSA member. In this situation we will share your name and/or email address with the partner organisation, solely for the purposes of verifying your membership status. We will always ensure that the partner organisation is GDPR compliant before sharing your data in this fashion.
Your rights to your personal data under GDPR
Subject Access Requests: You have the right to request a copy of the personal data that we hold about you; this is known as a Subject Access Request or SAR. Please send your SAR, or any of the other requests listed below, in writing to:
The Data Protection Officer
Out of School Alliance LLP
35 Tothill Road
Cambridge CB25 0JX
Or via email to firstname.lastname@example.org.
We will respond within one month of receiving your request.
Right to rectification: If you believe that the data we hold about you is incorrect you can request that we correct it.
Right to erasure: You have the right to request that your personal data be erased. Note that in certain circumstances we will not be able to erase all of your data immediately because we need to retain certain types of data for minimum periods to satisfy legal requirements. Note also that we cannot maintain your membership of the Out of School Alliance without holding certain personal data about you so deleting all your personal data may result in the termination of your membership.
Right to restriction: You can ask us to restrict our use of your personal data if you believe that it is not accurate, or has been used unlawfully, or is no longer relevant, but you don’t want us to delete it.
Right to object: You have the right to object to us using your personal data for our legitimate interests.
Right to data portability: You have the right to ask us to provide the data that we hold about you in a commonly used format, eg as an Excel spreadsheet.
If you have a complaint about how we have kept your information secure, or how we have responded to a request to access, update, restrict or erase your data, you can refer us to the Information Commissioner’s Office (ICO).
We make all reasonable efforts to maintain security of your personal data. All of our computers are password protected and only accessible to authorised staff. Any paper records are only accessible to authorised staff.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being visited. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the web site.