Privacy Policy

Learn English in London

We have to collect and use information about our students, staff and business partners and providers.  This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means.

We regard the lawful and correct treatment of personal information as very important to our successful operation and to maintaining confidence between us and those with whom we carry out business. We will ensure that we treat personal information lawfully and correctly.

To this end we fully endorse and adhere to the principles of the General Data Protection Regulation (GDPR).

Our Privacy Policy governs any kind of processing where we are acting as a data controller or co-controller (including collection, use, transfer, storage and deletion) of personally identifiable information. This policy applies to our processing of data collected through any means, actively as well as passively, from persons located anywhere in the world. Any question regarding our processing of personal data may be directed to principal@ttischool.com.

Please read the following policy carefully to understand what information we may collect from you, how we may use it, and your rights in respect of our use.

We will be guided by the following principles when processing data:

  • We will only collect data for specific and specified purposes; we will make it clear at the point when we request your information, what we are collecting it for and how we are going to use it.
  • We will not collect data beyond what is necessary to accomplish those purposes; we will minimise the amount of information we collect from you to what we need to deliver the services required.
  • We will collect and use your personal information only if we have sensible business reasons for doing so, such as managing a booking or gathering necessary information about a new member of staff or ETO.
  • We will not use data for purposes other than that for which the data was collected, except as stated, or with prior consent;
  • We will seek to verify and/or update data periodically, and we will accept requests for amendments of personal data;
  • We will apply high technical standards to make our processing of data secure;
  • Except when stated, we will not store data in identifiable form longer than is necessary to accomplish its purpose, or as is required by law.

Information Collected

We collect information on you:

  • When you apply to join a course or programme at the school
  • When you contact us for information, via our website, by email, by phone, in person or via social media channels.
  • When you work with us in a commercial capacity (for example as an ETO or partner)
  • When you apply to work at TopUp Learning London (Tti), and when you are subsequently employed by TopUp Learning London (Tti)
  • If you post on our social media channels or on our website or blog

Our students

What personal data do we need from you?

Before you start and during your relationship with us we will collect, store and process the following personal data:

  • Full Name
  • Address
  • Contact telephone numbers o Contact email address o Date of birth o Passport number
  • Photo
  • Next of kin contact details
  • Emergency contact details
  • Course and language capability details
  • Medical details

Permission to collect and store data of students under the age of 18 is obtained directly from the child’s parents or legal guardian through our Parental Agreement Letter.

Who has access to your personal data?

We are committed to restricting access to personal data to just those individuals who may need it to meet their or the school’s obligation. The specific data each individual has access to is limited to only that which is necessary for them to be able to carry out their function. For us this means the following may have access to some or all of your data:

  • The Directors
  • The Principal
  • Members of the Administration Team
  • Academic Team

Who do we share your personal data with outside of the school?

In order to fulfil our regulatory and contractual obligations we will need to share your personal data with third parties outside of the school. We have also chosen to outsource some of our operational requirements and our outsourced suppliers also need access to your personal data. In all cases we have committed to limiting the personal data that we share to only that which is necessary for them to be able to carry out the function we have contracted with them to perform. However, we take your privacy seriously and will therefore, never sell your personal data to anyone and will take precautions to keep it secure. Your data may be shared with:

  • Education Travel Organisations (Agents) Quality Standard Inspectorates e.g. the British Council
  • Our accommodation providers, Student residences and host families as appropriate
  • Government Enforcement Agencies e.g. the Home Office; Immigration; the Health & Safety Executive, the Police
  • Taxi & airport transfer providers o Work Experience providers

How long do we retain your personal data?

We will retain all your personal data for the duration of your contract and then for a further 5 years to enable us to meet our regulatory and legal obligations; to ease administration should you wish to return to undertake further studies; and to keep you up to date with news from TopUp Learning London (Tti) which may be of interest to you. After 5 years all records will be deleted.

Our employees

What personal data do we need from you?

Before you start  working for us and during your period of employment with us we will collect, store and process the following personal data. We keep this data in a personnel file relating to each employee and we also hold the data within our computer systems, for example, our holiday booking system.

Specifically, we hold the following types of data:

  • personal details such as name, address, phone numbers
  • information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter, references from former employers, details on your education and employment history etc
  • details relating to pay administration such as National Insurance numbers, bank account details and tax codes
  • medical or health information
  • information relating to your employment with us, including:
  • job title and job descriptions
  • your salary
  • your wider terms and conditions of employment
  • details of formal and informal proceedings involving you such as letters of concern, disciplinary and grievance proceedings, your annual leave records, appraisal and performance information
  • internal and external training modules undertaken

Who has access to your personal data?

We are committed to restricting access to personal data to just those individuals who may need it to meet their or the school’s obligation. The specific data each individual has access to is limited to only that which is necessary for them to be able to carry out their function. For us this means the following may have access to some or all of your data:

  • The Directors
  • The Principal
  • The Director of Studies

Who do we share your personal data with outside of the school?

In order to fulfil our regulatory and contractual obligations we will need to share your personal data with third parties outside of the school. We have also chosen to outsource some of our operational requirements and our outsourced suppliers also need access to your personal data. In all cases we have committed to limiting the personal data that we share to only that which is necessary for them to be able to carry out the function we have contracted with them to perform. However, we take your privacy seriously and will therefore, never sell your personal data to anyone and will take precautions to keep it secure. Your data may be shared with:

  • Education Travel Organisations (Agents) Quality Standard Inspectorates e.g. the British Council
  • Payroll processer
  • Government Enforcement Agencies e.g. the Home Office; Immigration; the Health & Safety Executive, the Police

How long do we retain your personal data?

We will retain all your personal data for the duration of your contract and then for a further 5 years to enable us to meet our regulatory and legal obligations; to ease administration should you wish to return to undertake further studies; and to keep you up to date with news from TopUp Learning London (Tti) which may be of interest to you. After 5 years all records will be deleted.

Our Educational Travel Operators

What personal data do we need from you?

Before you start and during your relationship with us we will collect, store and process the following personal data:

o Full Name

o Company Address

o Contact telephone numbers

o Contact email address

o Bank details

Who has access to your personal data?

We are committed to restricting access to personal data to just those individuals who may need it to meet their or the school’s obligation. The specific data each individual has access to is limited to only that which is necessary for them to be able to carry out their function. For us this means the following may have access to some or all of your data:

  • The Directors
  • The Principal
  • Members of the Administration Team
  • Academic Team

Who do we share your personal data with outside of the school?

In order to fulfil our regulatory and contractual obligations we will need to share your personal data with third parties outside of the school. We have also chosen to outsource some of our operational requirements and our outsourced suppliers also need access to your personal data. In all cases we have committed to limiting the personal data that we share to only that which is necessary for them to be able to carry out the function we have contracted with them to perform. However, we take your privacy seriously and will therefore, never sell your personal data to anyone and will take precautions to keep it secure. Your data may be shared with:

  • Quality Standard Inspectorates e.g. British Council
  • Government Enforcement Agencies e.g. the Home Office; Immigration; the Health & Safety Executive, the Police

How long do we retain your personal data?

We will retain all your personal data for the duration of your contract and then for a further 5 years to enable us to meet our regulatory and legal obligations. After 5 years all records will be deleted.

Legal bases for processing your data

The General Data Protection Regulation (GDPR) establishes 6 legal bases on which we can process your data: these are Consent, Contract, Legal Obligation, Vital Interests, Public Task and Legitimate Interests. For further information about these legal bases and fuller definitions, please refer to the ICO website

We use different legal bases for processing your data depending on the purpose for collecting your data in the first instance:

  • For all data collected as part of the process of enquiring about, applying for and booking a course or for any other related service (e.g. homestay, airport transfer, social programme, access to our online study portal e-learning, managed via Guided e-Learning), or where you give us feedback about aspects of this provision, we process using Contract or Legitimate Interests, namely the fulfilment of the booking. This may include sending of your data to our partners such as Educational Tour Operators (ETOs), Government Agencies or Schools. Where required by law to do so, we may also process your data under Legal Obligation.
  • Any processing of customer data not directly related to the fulfilment of a booking or related services, such as signing up for newsletters or free lessons on our website, or sending messages to you on behalf of third parties, is managed under Consent. From time to time, we may use elements of the data you supply to target the messages we send to you. For example, we may use your location to send you information about an event or opportunity happening in your area. During your stay at TopUp Learning London (Tti), we may take photographs or videos of you, and the use and processing of these is also managed through Consent.
  • For all data collected as part of managing our relationship with commercial partners, such as ETOs, Government Agencies and Schools, we process using Contract, Legitimate Interest and Legal Obligation, namely the maintenance of the commercial relationship. As newsletters to commercial partners are an important part of how we communicate with them, these are managed under Legitimate Interest.
  • For all data collected as part of the process of employing and managing staff, we process using Contract, Legal Obligation and Legitimate Interests, namely the employment of the employee. This will include data required for HMRC, pensions and insurance. In the event of our sending newsletters to our staff, these will be managed under Legitimate Interest.
  • We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is Legitimate Interest, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
  • We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is Legitimate Interest, namely the proper protection of our business against risks.

We will make it as easy as we can for you to opt out of unwanted processing under Consent, providing it does not restrict our ability to provide you with the primary service you have requested.

We collect data for a wide range of purposes. Data is managed to ensure that it is either erased from our system when it is no longer required for the purpose for which it was collected, retained for legal reasons, or minimised and retained.

We are co-processors of information relating to marketing and booking clients with partners overseas (for example ETOs, schools, government and national sponsors). As such, we may transfer some data outside of the EU, but this will be limited to data necessary for the performance of a contract made in the interests of the individual (which is an exemption to the

8th principle of the GDPR legislation). We remain responsible for the data held, processed or sent via our systems. We are not responsible for the security and processing of data which is held, processed or sent via our partners’ systems. However, we require all of our partners overseas to confirm that they will process data securely in line with the requirements of GDPR or the equivalent in their country. We do not sell your data at any time.

Special Category Data/Criminal Record Data

We may request health data from potential students and employees. This data has special protection under the GDPR under the specific conditions listed in Article 9 (2) of the GDPR that processing is necessary either to protect the vital interests of the data subject, (or of another natural person where the data subject is physically or legally incapable of giving consent), or where processing is necessary for the purposes of preventive or occupational medicine or the assessment of the working capacity of an employee.

The school has safeguarding responsibilities and carries out DBS checks on all staff and other people who are likely to have direct supervisory responsibility for or unsupervised contact with young people under the age of 18. We may process and record securely risk assessments of these DBS checks where the disclosure is not clear. These risk assessments will be disposed of securely when that person no longer has supervisory responsibility or unsupervised contact with young people under the age of 18 on behalf of the school.

Children under 18

We collect or store personal information about children under the age of 18 in the context of managing bookings and directly related products, and for safeguarding purposes. Permission is obtained directly from a legal adult guardian to collect this information through our Parental Agreement Letter As part of this process, we request special category data relating to the health of the child, which we manage through Vital Interest. We also gain consent from parents for the use of photos or video taken during their child’s stay at TopUp Learning London (Tti) through the Parental Agreement Letter.

Information collected via our website

How we will use information collected by our website We may use information held about you in the following ways:

  • To process a booking for one of our courses or products o To manage an application to work for the school
  • To create a profile for you to help us provide a more personalised service which is suited to meet your preferences.
  • To ensure that content from our site is presented in the most effective manner for you and your computer.
  • To send you our newsletters or provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • To allow you to participate in interactive features of our service, when you choose to do so. o To notify you about changes to our service.

Links from our website

Our website contains links to and from websites operated by individuals and companies over which we have no direct control. If you follow a link to any of these websites, please note that these websites have their own privacy and terms of use policies and that we do not accept any responsibility or liability for these policies. We advise you to check these policies before you submit any personal data to these websites.

Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. We use a single cookie, “sessionid”, to identify you when you visit our website, keep you logged in as you navigate our website, and store temporary information during the course application process. This functional cookie does not identify any individual, and is required for the correct operation of our website.

Our service providers use cookies and those cookies may be stored on your computer when you visit our website. These cookies do not contain any information that is personally identifiable to you.

  • Google Analytics – used to analyse the usage of our website. o Google Translate – provides a translation service to our website visitors. o Facebook – used to offer “like” and “share” buttons to like/share pages from our website on Facebook.
  • Twitter – used to offer “follow” buttons to follow TopUp Learning London (Tti) on Twitter.
  • LinkedIn – used to offer “follow” buttons to follow TopUp Learning London (Tti) on LinkedIn. o YouTube – used to embed videos on our website.

Our website users are able to change their cookie preferences using the link at the bottom of our website which prevents Google Analytics cookies from being stored on your computer.

Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.

What to do if you believe that the information we have collected and are using is incorrect?

It is important for both you and us that we hold up to date and accurate information and that the accuracy is maintained during your relationship with us. For this reason we shall be conducting annual internal audits of the data we hold .

If you become aware of any inaccuracies or you change address, telephone number, email, etc., it is your responsibility to bring this to our attention as quickly as possible. Please inform us as soon of any changes by emailing principal@ttischool.com

You also have the right to withdraw consent to the processing of information for which you have previously given consent.

You may also request access to the data we hold on you. Everyone has a right to access the personal data that we hold on them. To exercise this right, you should make a Subject Access Request. We will comply with the request without delay, and within one month unless, in accordance with legislation, we decide that an extension is required. Those who make a request will be kept fully informed of any decision to extend the time limit.

No charge will be made for complying with a request unless the request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies to be provided to parties other than the student or employee making the request. In these circumstances, a reasonable charge will be applied.

Further information on making a subject access request is contained in our Subject Access Request policy.

We may withhold personal information that you request to the extent permitted by the law.

To make any of these requests relating to your personal data, please contact us +44 20 74192300

What to do if you have a concern or complaint about how we store, use or share your personal data?

Initially, we would encourage you to raise this with us and we should be able to resolve the matter informally. If following this you do not believe that your concern has been adequately addressed, than you should raise your complaint in writing to our Principal at TopUp Learning London (Tti) 148-150 Camden High Street, London NW1 0NE.

In the unlikely event that we have been unable to address your concern internally, you may call the Information Commissioner’s Office helpline on 0303 123 1113.

Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on our website in this document. Please check from time to time to ensure that you are aware of any changes to our Privacy Policy.

Policy preparation and review

The policy was prepared by the Principal after consultation with associated outside agencies and staff and in March 2018.

The policy will be reviewed after 12 months or earlier if there are changes in relevant legislation or in response to any significant incidents or changes in circumstance.

Next review: January 2022

Scroll to Top