Privacy Notice
LCATE Ltd (LCATE)
Trading also as ‘Law School Online/London Law Centre/LCATE
‘Please scroll down and make sure you have read all the contents’
We want to bring you to notice of this Privacy Notice prior to us collecting any of your personal data ('PD') from you.
You must be 18 years or over to use this service.
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers’.
Purpose of this Privacy Notice
This is Privacy Notice is aimed at ensuring that we are in compliance with the General Data Protection Regulations (GDPR) with regards to any information which relates to your personal data including any sensitive data.
Please read and acknowledge the following policy related to your personal data
The Privacy Notice relates to information you need to know regarding your personal data before you enrol on:
• any short online courses with LCATE (free or paid); and or
• any online accredited online courses with LCATE;
• any onsite courses; or
• if you are making an enquiry about any of our courses and we need to liaise with you in order to deal with your queries.
Products & Services LCATE Provides
Our organisation is involved in the delivery of online and onsite educational courses and providing you with automated certificates.
Responsibilities
The Controller will be responsible for ensuring that you are bought to notice of this
Privacy Notice - Contact Details
You can contact the Contollervia the following modes of
communication:
Controller: Yasmine Lupin
Email: [email protected]
Mobile: 0044(0) 0795797760
Details of any Contacts
The organisation accountable for processing your personal data is LCATE Ltd.
The Controller is Yasmine Lupin
Disclosure of your Personal Data to third parties
If you are enrolled on an online course accredited by ATHE Ltd we will be transferring your personal data to them for educational compliance reasons.
The legitimate reason to disclose personal data to ATHE Ltd or any other third party would be for:
• our legal compliance purposes with ATHE Ltd or a similar third party;
• to ensure that you are registered with ATHE Ltd or a similar third party;
• in order that ATHE Ltd or any other third party can assess your studies and provide you with your certification;
• to ensure that we fulfil our legal obligations with you under our contract of services with you.
ATHE Ltd or any other third party will ensure that your personal data they hold is kept secure in compliance with GDPR and also will ensure that that it will be destroyed in compliance with their legal compliance procedures.
We will be disclosing your personal data to third parties such as the following:
• Accountant: Pollock Accounting Ltd
The legitimate reasons are for legal and tax compliance purposes. As we are a limited liability company we have a requirement to:
• file annual returns; and
• file supporting documents which comprise your personal data i.e. invoices or expenses incurred.
Your details may also be disclosed to further third parties such as the HMRC via disclosed third parties for legal compliance & tax purposes. There will be legitimate reason for the HMRC to view your personal data for the purposes of ensuring legal and tax compliance.
LCATE is not responsible for any business or legal purpose as to why your personal data will be processed or retained for legal compliance & tax purposes carried out by tax, legal or governmental bodies.
We also will be transferring your personal data to Accredible an organisation that ensures that your certificate is duly processed upon your completion.
Disclosure to you of individuals & organisations who have provided us with your personal data
We will disclose to you the individuals & organisations who have provided us with your personal data.
Principle 1 - Lawful Purpose (Article 5 of the GDPR)
We will be processing your personal data for legitimate purposes. In order to ensure that we can:
a) fulfil our obligations with you and provide you with our online educational services;
b) update you on the progress of your course;
c) answer any of your queries;
d) to provide you with your certificate;
e) or anything else specifically related to the enrolment of that course or other courses.
Principle 2 - Specific Purpose & Limited (Articles 5 & 6 of the GDPR)
We will be processing your personal data as follows:
a) your email;
b) your mobile number;
c) you full name.
Additional information will be required if you enrol on an accredited course. We require this information in order to fulfil our compliance obligations with ATHE LTD or any other third party and fulfil our contractual obligations with you.
We will require:
a) proof of your ID;
b) your address;
c) your ethnicity details (Please refer to ‘Sensitive Data’ – legitimate interests);
d) your date of birth;
e) your sexual orientation;
f) your signature;
g) any certificates relating to your previous qualifications;
h) in some circumstances a medical records if you are requesting a deferment on an accredited course;
i) any supporting third party letters supporting your eligibility for enrolment on the accredited course
Some of the above information constitutes ‘Sensitive Data’ please refer to ‘Legitimate Reason for Processing your Personal Data’ – page 4
Principle 3 - Adequate, Relevant & Limited
We only want to keep your personal data or sensitive data which is:
adequate and relevant.
We aim to limit the amount of personal data and sensitive data we process on your behalf.
Retention Policy
If you have enrolled on a short online course then our aim is delete any record of your
personal data after 12 months from the date of enrolment of your online course, unless you have clearly opted into any marketing material that you would like to receive from us. However, this will be limited to your name and your email address only.
If you enrol on an accredited course we are under a legal obligation to maintain
your records for a period of 4 years after the completion of your course. After this
period your personal data will be automatically deleted.
However we may need to retain some personal data regarding your enrolment for audit, legal compliance and tax purposes.
When your personal data is examined by tax or governmental departments, the length of retention of personal data with them, will depend upon their legal requirements and practice. We are not accountable for the retention period of your documents with them.
Principle 4 & 5 - Accuracy of your Personal Data - Principle 4 & 5 (Article 5 of
the GDPR)
We want to ensure that your personal data is kept up to date and therefore if any of
your personal data changes please kindly update us by contacting the Controller.
We will not be responsible in any way for your failure to notify of us of any changes
to your personal data.
Principe 6 - Ensuring Security
We have received assurances from this platform provider that the processing of your personal data on this platform is secure from any damage, accidental loss and if there are any risks the risks are low and that the platform provider will do everything to rectify any security breaches related to the processing of your personal data.
Consent
We only require your explicit consent to process personal data which amounts to the following:
1. the transfer of personal data overseas;
2. profiling
3. marketing
4. automated decision making
Sensitive data – Special Categories of data
The below mentioned list provides you with a list of personal data which is considered ‘sensitive data’ or falls within the ‘Special Categories’ list under the GDPR:
• Racial
• Ethnic Origin
• Political Opinions
• Religious Beliefs
• Philosophical Beliefs
• Trade Union Membership
• Genetic Data
• Biometric Data
• Health Data
• Health concerning a natural person’s sex life
• Sexual Orientation
We will not be requiring your consent for the use of your ‘sensitive data’ as we will be exercising the exception of ‘Legitimate Reasons’ as more detailed below.
It is unlikely that if you enrol on a short online course that is not accredited by a third party that we will require such sensitve data.
If we do request personal data we may need the following forms of sensitive data from you:
1. details of your ethnicity in order that we are in compliance with our ‘Equal Opportunities Policy’ which is further a requirement for accredited courses regulated by ATHE Ltd;
2. a copy of your any form of your identification confirming your identity and date of birth;
3. details of your date of birth which is a requirement to understand your eligibility for enrolment on an accredited course;
4. medical details if you are requesting a deferment regarding your course;
5. your signature to sign any data policies including your application form etc; and
6. your sexual orientation: i.e. you are a female or male for identification purposes only.
We require this ‘sensitive data’ in order to be able to fully fulfil our obligations with you under our contract of services with you. We also have a legitimate reason to acquire the sensitive data to ensure that we meet our legal compliance obligations with third party organisations such as ATHE Ltd which require this sensitive data to ensure that we are in compliance with UK governmental educational regulatory laws.
We will be complying with the principles regarding your sensitive data as mentioned in this Privacy Notice.
Your Rights
While we keep your personal data you have the following rights:
• Right to be informed about how your personal data will be processed
• Right to request access to your personal data, know as a ‘Subject Access Request’ (SAR) and to a judicial review in the event that we do not provide you with your SAR
• Right to rectification of your personal data in certain circumstances
• Right to restriction of processing of your personal data – you have the right to correct any of your personal data
• Right to request your personal data to be transferred to another organisation (right to data portability)
• Right to object the processing of your personal data (see ‘Right to object form’) Examples: automated processing, profiling and marketing
• Right to erasure of your personal data
• Right to make a complaint to the Information Commissioner’s Office (ICO) in the event you feel your complaint has not be handled by LCATE correctly
You have the right to first make a complaint directly to us via [email protected] The Controller will deal with your complaint.
If your matter is not resolved you also have the right to make a complaint to the ICO directly.
Please note we do not have a data portability system in place
Subject Access Request requirements
We can only deal with your ‘SAR’ if you following the following procedure:
a) You will need to request a SAR form from the DPO via [email protected];
b) You will need to first submit a completed SAR document before we can process your SAR; please request this from the DPO via [email protected];
c) You will also need to provide a form of your ID, a 3 months utility bill in order for us to verify that the personal data relates to you; and
d) Attend the office in person to collect your file.
Subject Access Requests – Time-scale
We aim to process the SAR within 1 month free of charge; however we have
the right to charge you if your file has been retained by a third party organisation and a charge is involved in requesting such file.
Subject Access Request Details
PD – shall mean ‘Personal Data’
You can request the following information from the Controller regarding your file:
• The name of the organisation that has been processing your personal data including names of the controller and DPO
• A list of personal data & sensitive data which has been processed by the controller
• If the PD was obtained by a third party; details of such third party
• Details of any recipients including third country details
• The reasons why these forms of personal data have been processed (lawful reasons etc & compliance with key principles)
• Sensitive data – consent – if not legitimate reasons for processing
• Where the personal data has been located (third party/controller’s platform/computer system) including security
• Retention Periods – the length of time your personal data will be processed
• Compliance with the key principles which are disclosed in this privacy document
• If your personal data has been processed outside the EU, details of any representative(s)
• Your rights (object, restrict, erasure etc) which are listed in this privacy document
• Your right to make a complaint to the Information Commissioner’s Office
RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA
You have the right to object to certain types of processing of personal data such as:
• processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
• direct marketing (including profiling);
• processing personal data by automated decision making means; and
• processing for purposes of scientific/historical research and statistics.
In the above cases, your explicit consent would be required by us before we can actually process your personal data.
This right to object does not apply if:
1. we need to enter into a contract with you
2. it is sanctioned by law (tax evasion or fraud)
3. the agreement does not have a legal or equally important impact
4. it is based around explicit consent and you have provided us with explicit consent
Please contact the Controller via [email protected]
CONSENT FORM
We need your explicit consent in order that we can lawfully process any personal data which relates to:
- any marketing;
- any profiling;
- any automated decision making processing we carry out;
- the transfer of personal data to third countries;
- processing of personal data for children under the age of 16 years
We want you to provide your consent freely and you have the right to withdraw such consent at any time. Please contact the Controller via [INSERT DETAILS] in order to withdraw your consent.
You are providing explicit consent to the processing of your personal data by signing by the relevant sections below:
PECR - Soft-option Opt-in
If you have already purchased We will however, from time to time send you products similar in nature to those you have purchased from us. We will ensure that you have the choice to unsubscribe to such products.
The above will not apply for 'solicited' emails, which means emails which you have created requesting information regarding products and or services.
REVIEWS
As part of the services we provide we would be grateful if you could kindly rate the course. By rating the course this helps is improve our product. When you complete your review, your name will appear on the website. This is however an option and you can choose to write a review or decline. You have the right to object and withdraw consent at anytime. This is even if you have initially provided a review, you can later contact us via [email protected] requesting that we remove your name and review.
We aim to limit the processing of any personal data to sending you emails only.
In all cases we will ensure that we meet the key principles under the GDPR:
1. Transparency & legitimacy;
2. Adequacy;
3. Relevancy & Minimisation;
4. Retention; integrity; confidentiality; and
5. Security measures are appropriate and adequate to the risks involved as detailed in the Privacy Policy within this document.
Complaints
You have the right to raise a complaint directly with the Controller
Controller: Yasmine Lupin
Email: [email protected]
You also have the right to make a complaint with the ICO
ICO: 0303 123 1113