Yipiyap’s Privacy Policy
Our contact details
Name:
Yipiyap (Yipiyap Ltd., and our franchises, Yipiyap Franchise Ltd., White Rabbit Learning Ltd.)
Address:
Yipiyap, The Warrant House,
1 High Street
Altrincham, Cheshire
WA14 1PZ
Phone Number:
01619145522
E-mail:
gdpr@yipiyap.co.uk
What personal information do we collect and use?
The amount and types of personal information we gather will vary depending on your relationship with Yipiyap. For example, if you are a visitor our website or a contact at a prospective partner school, the information we gather will be minimal; or, if you are applying to work with us, we will need to ask a little more about you. We only ever collect information with a good reason, having balanced the benefits against the risks to your personal freedoms – our default option is always to gather no data at all.
· Information you provide us
Usually, if we are processing your information, it’s because you’ve agreed to give it to us. Most of the personal information we process is provided to us directly by you for one of the following reasons:
o Collaborating with our partner schools and colleges to deliver support
o Recruiting new Yipiyaps
o Supporting you if you’re a member of our team
o Responding to an enquiry you’ve made, some feedback you’ve left, or a suggestion you’ve made
o Finding new schools and colleges to work with, or keeping in touch with schools or colleges who might want to work with us
o Keeping in touch with you if you’re a Yipiyap alumni
o Communicating with you if you’ve engaged us for private support
· Information provided by a third party
Sometimes, somebody else will put us in touch with you.
o An applicant to work at Yipiyap may put you down as their referee
o If you are a member of staff at one of our partner schools or colleges, being able to contact you will likely be key to supporting your students
o If you are a student taking part in the Yipiyap Upgrade programme, your college may have told us what we need to know to deliver your support: who you are, how to contact you, and what you’ve been studying
· Publicly available information
From time to time, we make contact with institutions who might be interested in working with Yipiyap, using publicly available contact details. This might be to deliver support to their students, or to find opportunities at Yipiyap for their Key Stage 5 leavers.
· Information we get from your use of our website
We keep an anonymous record of how our website is used, to help us improve our services. We do this through the use of cookies. Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
Some of our cookies are essential to operating the website and therefore cannot be disabled. Our analytics cookies are disabled until you agree to their use.
We will only ever process personal data where we have a legal basis under the General Data Protection Regulation (GDPR). For Yipiyap, these bases are:
(a) We have your consent. You are able to remove your consent at any time. You can do this by contacting gpdr@yipiyap.co.uk.
(b) We need your data to fulfil a contractual obligation we’ve made with you.
(c) We have a legal obligation – for example, where we follow laws requiring taxes, pensions, employment, immigration, or any other requirements we have as a company.
(d) We have a legitimate interest in doing so, or we believe you have a legitimate interest in us doing so. We always balance the benefits of processing data in this way against the risks to your rights as an individual, and will only ever do so if we believe it to be reasonable.
Who do we share your information with?
Yipiyap engages third party processors to help deliver our services: this usually means a digital service provider, such as our cloud storage processors or our website host. These processors handle your data only under the explicit instruction of the company, and we have contracts in place with them to ensure your data is safeguarded.
Some of these processors are outside of the UK or the EEA. Where this is the case, our contracts ensure your data is handled with a level of protection equivalent to a processor within the UK or the EEA, through the use of Standard Contractual Clauses.
How do we store your personal information?
Your information is securely stored in the cloud, by one of our providers. We also have an on-site backup, kept securely on our premises.
We keep your personal information only for as long as it is necessary to achieve the specific purpose for which we collected it. Some laws require us to keep different data for different periods of time; for example, we keep data regarding our employees for as long as is required by HM Revenues and Custom.
For each type of data, we process it only for the period set out in our retention policy. After that, we will either delete or anonymise your data so it can no longer be traced back to you, or seek your permission to retain it for longer if there is a good reason to do so.
Your data protection rights
Under data protection law, you have rights including:
· Your right of access - You have the right to ask us for copies of your personal information.
· Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
· Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
· Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
· Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
· Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us by one of the following methods if you wish to make a request:
By e-mail:
By phone:
01619145522
By post:
Yipiyap, The Warrant House,
1 High Street
Altrincham, Cheshire
WA14 1PZ
Data security
The security of your personal data is paramount, and we take our duty to protect it seriously. We partly do this by minimising the amount of data we ask you for – we only ever ask for what is needed. We have policies in place to make sure your data is not lost, accidentally destroyed, misused, or disclosed, and to ensure it is only ever accessed by our employees in the performance of their duties or other authorised parties.
We have the following measures in place to help protect your data:
Confidentiality
“Confidentiality means that personal data is protected against unauthorized disclosure.”
Physical Security
· Physical access control systems in place
· Surveillance systems including alarms and, as appropriate, CCTV monitoring
· Clean desk policies and controls in place (Locking of unattended computers, locked cabinets etc.)
· Destruction of data on physical media and documents
Access Control & Prevention of Unauthorized Access
· User access restrictions applied and role-based access permissions provided/reviewed based on segregation of duties principle
· Strong authentication and authorisation methods
· Centralized password management and strong/complex password policies (minimum length, complexity of characters, expiration of passwords etc.)
Encryption
· Encryption of cloud storage at rest and during communication via strong cryptographic protocols
Data Minimisation
· Pseudonymisation of personal data to prevent directly identification of an individual wherever suitable
· Segregation of databases by function
· Logical segregation of databases by role-based access rights
· Defined data retention periods for personal data
Integrity
“Integrity refers to ensuring the correctness (intactness) of data and the correct functioning of systems. When the term integrity is used in connection with the term "data", it expresses that the data is complete and unchanged.”
Logging & Monitoring
· Logging of access and changes on data
Availability
“The availability of services and IT systems, IT applications, and IT network functions or of information is guaranteed, if the users are able to use them at all times as intended.”
· Critical data either replicated or backed up (Cloud Backups/Hard Disks/Database replication etc.)
· Planned software, infrastructure and security maintenance in place (Software updates, security patches etc.)
· Alarm, security systems in place
· Physical Protection measures in place for critical sites (e.g. fire and/or smoke detectors)
Data Processing Instructions
"Data Processing Instructions refers to ensuring that personal data will only be processed in accordance with the instructions of the data controller and the related company measures"
· Privacy and confidentiality terms in place within employee contracts
· Regular data privacy and security trainings for employees
· Appropriate contractual provisions to the agreements with sub-contractors to maintain instructional control rights
· Regular security audits
Complaints or queries
If you have any concerns about our use of your personal information, you can make a complaint to us by one of the following methods:
By e-mail:
By phone:
01619145522
By post:
Yipiyap, The Warrant House,
1 High Street
Altrincham, Cheshire
WA14 1PZ
The Information Commissioner’s Office (the ICO) is the UK’s regulatory body for information. If you wish to lodge a complaint about this privacy notice, the procedures set out within it, or how we handle your data, you can contact the ICO at:
By post:
Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
Helpline number:
0303 123 111
ICO website:
https://www.ico.org.uk