- Home » Privacy Policy
Privacy Policy
To view our Children’s Privacy Policy, please click here.
This privacy notice is a document that explains how International Dyslexia Learning Solutions collects, uses, stores, and protects personal information. It informs individuals about the types of data collected, the purposes for collecting it, and how it is used.
This notice outlines data storage and security measures, individual rights, the use of cookies or tracking technologies, and the legal basis for processing data.
Reading this privacy notice is important because it allows individuals to understand how their personal information is collected, used, and protected by IDL.
It also helps individuals to make informed choices, ensure compliance with regulations, and stay aware of security measures implemented by International Dyslexia Learning Solutions.
Get in touch using our website, or alternatively, use the below information:
General Company Information:
Organisation Name: | International Dyslexia Learning Solutions (IDL) |
Mailing Address: | Ascentis House, Lancaster Business Park, 3 Mannin Way, Lancaster, LA1 3SW |
Data Email Address: | [email protected] |
Legal Email Address: | [email protected] |
Phone Number: | +44 1524 580 665 |
Website: | https://idlsgroup.com/eu |
ICO Registration Number: | ZA761340 |
Data Protection Officer Information:
Organisation Name: | The DPO Centre Ltd |
Mailing Address: | 50 Liverpool St, London EC2M 7PY |
Contract Email Address: | [email protected] |
Phone Number: | +44 20 3797 1289 |
Website: | https://www.dpocentre.com/ |
ICO Registration Number: | ZA761340 |
We collect, use, store and/or transfer various categories of personal data about you depending on our relationship with you:
We use the information you provide when placing an order to complete that order and to service your account. We do not share this information with outside parties except: 1. to the extent necessary to complete that order or to provide you with services by way of our service providers or contracted partners (e.g., payment processing, customer support); or 2. to successors in title to our business; or 3. in accordance with legal and regulatory requirements or to respond to a government request; or 4. as necessary, in IDL’ sole discretion, to protect the perceived rights, safety and property of IDL, users of our websites or services, and the public.
Do you use personal information about Children?
We will only process personal information regarding children, such as names provided by the teacher so they can identify students, (although we recommend alias names are used), DOB for test results by age as required by teachers, and gender as required by schools to compare results and effectiveness between gender groups.
In the event we learn that we collected personal information from anyone under the age of sixteen beyond the above scope, and do not have a teacher, parent, or guardian’s consent, we will delete that information as quickly as possible. This is because the school or parent/guardian function as the ‘controller’ of learner data, by providing the login details and access to the product. Please refer to the EULA for further details.
The information we require/gather about you will differ depending on our relationship with you:
IDL software user information:
Types of data: | Data collection point: | Category of data: | Purpose: | Primary Lawful basis: | Retention period: |
Pupil full name, username, address | Registering onto IDL software. | Personal, may include child data if provided by the school | Provision of services (Inclusive of issuing progress reports) | Contractual obligation | Upon receipt of deletion request from license administrator or individual data subject or 30 days following the due date of your latest renewal invoice (if we are in receipt of a cancellation request from yourselves from our services) |
Reporting Update:
As part of IDL’s software, we are aware that teachers need to produce reports for both individual and groups of pupils. These reports chart the progress of pupils through their enrolled programs and highlight improvements in ability by interpreting the results of periodic tests.
This update provides a mechanism for reports to be generated and saved on a cloud-based server.
Teachers will be able to download any reports they have generated for a period of 30 days from the generation date, after which time they will be automatically deleted.
What personal information is included in this update?
The full name and date of birth of each learner will be included in these reports.
This will be linked to test results that could potentially highlight a specific learning difficulty.
Supplier information:
Types of data: | Data collection point: | Category of data: | Purpose: | Primary Lawful basis: | Retention period: |
Business contact name, email, phone number | CRM Software | Personal | Provision of business | Contractual obligation/Publicly available information | 6 years following termination of contract |
Centre Tutor/Teacher information:
Types of data: | Data collection point: | Category of data: | Purpose: | Primary Lawful basis: | Retention period: |
Staff members’ fullname, username, , email, phone number | Registering on IDL software | Personal | Provision of business | Contractual obligation | Upon receipt of deletion request from license administrator or individual data subject or 30 days following the due date of your latest renewal invoice (if we are in receipt of a cancellation request from yourselves from our services) |
Job applicants:
Types of data: | Data collection point: | Category of data: | Purpose: | Primary Lawful basis: | Retention period: |
Please refer to recruitment privacy notice | Upon receipt of CV/job application | Personal | Please refer to recruitment privacy notice | Contractual obligation | Please refer to recruitment privacy notice |
IDL premises visitor information:
Types of data: | Data collection point: | Category of data: | Purpose: | Primary Lawful basis: | Retention period: |
CCTV recording | Arrival on IDL company premises | Personal | Security – Maintains log of entrances and exits of the IDL building | Legitimate interests | 2 weeks |
Full name, workplace, contact number, address, face photograph | Upon registering arrival on tablet in reception | Personal | Security – Maintains log of entrances and exits of the IDL building – Logged on software ‘Inventry’ | Legitimate interests | Deleted 90 days after visit/td> |
Information we collect about you from other sources
We collect information about you from other sources, and may include:
- information from the learning centre that you have enrolled with provide us with all the personal information we may require to process and complete your enrolment and/or certification.
- Publicly available information, from sources such as Companies House, County Court Judgements this may include details about your financial situation and debts; and
- Information from third party databases or data suppliers, such as credit reference agencies, including details about your creditworthiness.
Information we receive about you from other sources
When you engage to enter into a course at a learning centre for which we are the relevant qualification awarding body they will share your personal data with us so that we can award your qualification and certify that you have met the relevant criteria. We may also process your data to assess the learning centre that you are enrolled in and benchmark them against other learning centres.
Sometimes you will have given your consent for other websites, services or third parties to provide information to us. This could include information we receive about you if you use any of the other websites we operate or the other services we provide, in which case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data.
It could also include information from third parties that we work with to provide our products and services, such as payment processors, delivery companies, technical support companies and advertising companies. Whenever we receive information about you from these third parties, we will let you know what information we have received and how and why we intend to use it.
The International Dyslexia Learning Solutions website uses “cookies” to help you personalise your online experience
A cookie is a piece of information that is held on the hard drive of your computer which records how you have used a website. Cookies allow website operators to accumulate useful information, such as whether the computer (and sometimes its user) has visited the site before. This is done on a repeat visit by checking to see, and finding, the cookie left there on the last visit. For more information, see our Cookies Policy here.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to award your qualification or provide you with copies of any certificates you request). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.
Storing your information
All information you provide to us is stored on secure servers in the UK. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Protecting your information
International Dyslexia Learning Solutions has a range of other technical and organisational measures in place to protect your personal data including being Cyber Essentials certified, two-factor authentication, access controls to restrict access on a need-to-know basis, uniquely identifying users to monitor and review access attempts, and physical security. Personal data is never disclosed or shared with unauthorised people. International Dyslexia Learning Solutions has internal policies and controls in place to protect personal data against loss, accidental destruction, misuse, or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties.
We also have procedures in place to deal with any suspected data security breach. This applies to a security breach leading to the accidental loss, damage, destruction or unlawful access or disclosure to your personal data. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so and report any substantial risk to the rights and freedoms of individuals within any period applicable by law.
However, it would not be considered a breach if the personal data were received unknowingly or unintentionally and then erased in line with data minimisation policies. For example, if you sent us personal information that we did not require or request, we shall delete this as soon as possible and ask you to refrain from sending any unnecessary personal or special data again.
In certain circumstances, the GDPR allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances, International Dyslexia Learning Solutions will disclose the requested data. However, we will ensure the request is legitimate, following any relevant policies and protocols.
How long do we keep your data for?
Where we are relying on your consent or our legitimate interests to process your data then we will keep your personal data until you withdraw your consent for us to use it, or object to the processing in our legitimate interests and we agree with your objection.
A school can request that we delete the personal data of school users at any time, and in the absence of any specific request from the school we will retain user’s personal data for as long as is reasonably needed to perform our contractual obligations to you.
We will also retain your personal data according to other applicable UK laws and regulations, depending upon the nature of the services we have provided to you.
How we adopt Data Protection by Design
International Dyslexia Learning Solutions have adopted the principle of Data Protection by Design and Default.
This means that at the beginning and continuing through any new project or system, we keep the safety and security of everyone’s personal data at the forefront and implement whatever measures are necessary to comply with data protection laws.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this notice. We try to ensure that all information you provide to us is transferred securely via the website. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
What are your rights?
The GDPR grants individuals several data protection rights, including the right to access their personal data, request its correction or deletion, restrict its processing, and obtain a copy of it in a portable format.
Individuals also have the right to object to the processing of their data, withdraw consent, and lodge complaints with data protection authorities.
These rights promote transparency, control, and privacy in the handling of personal data, giving individuals the ability to manage their information and ensuring organizations adhere to responsible data practices.
More information can be found on the ICO Website:
Data Subject Right: | Explanation: |
The right to be informed | This right ensures that individuals have access to clear and transparent information about the processing of their personal data.
It requires organisation to provide concise and easily accessible details about the purposes of processing, the data recipients, the retention period, and other relevant information. This right empowers individuals to make informed decisions, exercise their data subject rights, and fosters trust and transparency in data processing practices. |
The right of access | This right grants individuals the right to request and obtain confirmation of whether their personal data is being processed by an organisation.
If the data is being processed, individuals have the right to access and obtain a copy of their personal data. Organisations are required to provide relevant information, respond to requests in a timely manner, and generally do so free of charge. This right empowers individuals to be aware of and verify the processing of their data, ensuring transparency, accuracy, and the ability to exercise other data subject rights. |
The right to rectification | This right gives individuals the right to request the correction or updating of their inaccurate or incomplete personal data held by organisations.
Individuals can submit requests to Organisations, which are then responsible for verifying the accuracy of the data and making necessary corrections promptly. If the incorrect data has been shared with third parties, the organization must inform them about the rectification. This right allows individuals to ensure the accuracy and completeness of their personal data, promoting transparency and control over their information. |
The right to erasure/be forgotten | This right grants individuals the right to request the deletion or removal of their personal data held by Organisations. This right can be exercised when the data is no longer necessary, consent is withdrawn, processing is unlawful, or there is a legal obligation to erase the data.Organisations must comply with erasure requests and inform third parties about the request, if applicable.However, certain exceptions may apply, such as when the right to freedom of expression or legal obligations are involved. The right to erasure empowers individuals to have control over their personal data and promotes privacy and data autonomy. |
The right to restrict processing | This right allows individuals to request limitations on the processing of their personal data by Organisations.
This right can be exercised in situations where the accuracy of the data is disputed, processing is unlawful, data is no longer needed but required for legal claims, or an objection to processing is pending verification. When processing is restricted, Organisations can only store the data and must refrain from further processing unless with the individual’s consent or for specific legal purposes. The right to restrict processing gives individuals control over their data and promotes privacy, accuracy, and individual autonomy in data processing. |
The right to data portability | This right gives individuals the ability to request and receive their personal data from an organization in a machine-readable format.
This data can then be transferred to another organization of the individual’s choice. The right applies to personal data provided by the individual and processed based on consent or contract. Organisations must facilitate the direct transfer of the data or transmit it to the requested organization. While technical feasibility and data security are considerations, the right to data portability aims to empower individuals by promoting data control, facilitating data transfers, and encouraging competition and interoperability among service providers. |
The right to object | This right gives individuals the power to object to the processing of their personal data by Organisations. This right applies to processing based on legitimate interests or for direct marketing purposes.
Individuals must be provided with clear notice of this right and have the ability to object before or at the time of processing. Organisations must respect the objection unless they can demonstrate compelling legitimate grounds for continued processing that outweigh the individual’s interests. The right to object empowers individuals to have control over their personal data, protect their privacy, and influence how their data is used. |
Rights relating to automated decision making and profiling | This right provides individuals with safeguards against potentially negative effects of automated decisions and profiling processes.
Individuals have the right to receive an explanation when automated decisions significantly affect them. They also have the right not to be subject to solely automated decisions with legal or similarly significant consequences unless there is human intervention or explicit consent. Profiling, which involves automated processing to evaluate aspects of individuals, is subject to transparency, fairness, and the individual’s explicit consent |
How do I utilise my data protection rights?
If you wish to utilise any of the above rights, please contact our Legal, Risk, and Data Protection Department using the below email:
Company: | Data Email: |
International Dyslexia Learning Solutions | [email protected] |
Sharing your information within our company and group
We share the information that you provide to us with our staff so that we can provide our products and services to you. We sometimes share your personal information with other specified organisations, including those who provide us with assistance in delivering our products or services or, where applicable, regulate our provision of such products or services.
We may share the information that you provide to us with the Ascentis group and other websites that we operate.
Sharing your information with third parties
We will not sell or rent your data to third parties.
We will not share your data with third parties for marketing purposes.
From time to time, we may need to share your information with selected third-party business partners, suppliers, and sub-contractors for the performance of a contract we have with them. In such circumstances, we only share the data necessary for them to deliver the service and have in place a contract or data sharing and usage agreement that requires them to keep your data secure and not to use it for their own marketing purposes.
Third-party organisations that provide services to us (including providing IT services and assisting us with carrying out marketing activities):
- Hilton Baird – Debt Collectors
- Lawyers (various)
- Royal Bank of Scotland – payments to suppliers
- Microsoft
- Inventry – visitor and employee record of visit
- QuestionMark – online assessments
- BTL – online assessments
- ProctorExam – online assessment remote invigilation
- Portico – learner systems
- Amazon Web Services
- FCS Protect – Backups and business continuity
- Eventbrite
- SurveyMonkey
- PayPal
- Stripe
- RBS Credit card services
- TNT
- Royal Mail
- Click dimensions
- Veremark – Right to work checks
- Team Tailor – Applicant tracking system
Third-party organisations that collect data relating to examination results:
- Quality Assurance Agency for Higher Education (QAA)
- Ofqual
- UCAS
- Bath Data (SERAP)
- Learning Records Service (LRS)
- Third-party organisations that collect data relating to training and CPD
- We provide personal data to the CPD Certification Service for attendees to gain
recognised CPD certificates for many of our training events.
For you to attend some of our events, we may use Eventbrite for customers to gain admission, you will be asked for your full name and email address when signing up to these events using Eventbrite in order to attend the International Dyslexia Learning Solutions event.
We may also share your name, email address, unique identifier (such as a username), captured facial photograph, captured identification, recorded video stream and other technical details such as IP address and location when your learners are using the proctored exam service with ProctorExam for the purposes of remote invigilation to satisfy our regulatory obligations. This data is forwarded onto our quality assurance department for them to assess the examination and its candidates for cases of malpractice. Information gathered will be processed in the Frankfurt region of Germany and therefore will NOT be processed by ProctorExam outside of the EEA as per clause 16.5 of our contract for supply of assessment software and services.
There may be certain exceptional circumstances in which we may disclose your information to third parties
This would be where we believe that the disclosure is:
-
- Required by police, law enforcement agencies and regulatory bodies for the purpose of preventing and detecting fraud, crime, and criminal activity.
- Required by the law, or in order to comply with judicial proceedings, court orders or legal or regulatory proceedings
- Necessary to protect the safety of our employees, our property, or the public
- Necessary for the prevention or detection of crime, including exchanging information with other companies or organisations for the purposes of fraud protection and credit risk reduction.
- Proportionate as part of a merger, business or asset purchase or sale, in the event
that this happens we will share your information with the prospective seller or buyer involved
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and lawful bases.
International Dyslexia Learning Solutions will not sell, rent, or lease your personal data to any third party.
International Transfers
On the 28 June 2021, the UK was granted ‘adequacy’ by the European Commission in General Data Protection Regulations (GDPR) terms.
International transfers to the UK and International Dyslexia Learning Solutions from the European Economic Area (EEA) and other adequate countries can continue to take place with no additional safeguards.
We do not currently transfer any of your data outside the EEA unless that is where you are located.
You have the right to make a complaint at any time to us using the email, website, or address above if you have any concerns about our use of your personal information.
If you would like to provide us with feedback, a query, or make a complaint about the usage of your information, please utilise our Customer Feedback Form which is located here.
The Information Commissioner’s Office:
You can also complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues if you are unhappy with how we have used your data or how we have handled your complaint.
The ICO’s complaints page is as follows: https://ico.org.uk/make-a-complaint/. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Changes to this Privacy Notice
We reserve the right to make changes to this Privacy Notice from time to time. If you have any questions or queries about the changes that we make from time to time, please tell us via the contact details provided below in this Privacy Notice.
International Dyslexia Learning Solutions will review and update this Privacy Notice to reflect company and customer feedback and changes to laws and regulations. International Dyslexia Learning Solutions encourages you to periodically review this notice to be informed of how International Dyslexia Learning Solutions is protecting your information.
Cookies
We use a variety cookies to provide data about how our website is being used and to improve the advertising.
If you want to disable cookies, you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use.
You can find more information about out cookie usage within our Cookie Policy.