Privacy Policy
Stonehedge QA T/A Oxford School of Business respects the privacy of our users (“you”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.oxfordschoolofbusiness.co.uk [and our mobile application], including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively, the “Site”). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.
We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Privacy Policy. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on the Site, and you waive the right to receive specific notice of each such change or modification. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Site after the date such revised Privacy Policy is posted.
Privacy Policy
This privacy policy applies between you, the user of this website, and Stonehedge QA T/A Oxford School of Business, the owner and provider of this website. Stonehedge QA T/A Oxford School of Business the privacy of your information very seriously. This privacy policy applies to our use of any and all data collected by us or provided by you in relation to your use of the website. Please read the privacy policy carefully.
Definitions and interpretations
1. In this privacy policy, the following definitions are used:
a) Data: collectively all the information that you submit to Stonehedge QA T/A Oxford School of Business via this website. This definition incorporates, where applicable, the definitions provided in the Data Protection Laws.
We may collect information about you in a variety of ways. The information we may collect on the Site includes:
Personal Data
Personally identifiable information, such as your name, shipping address, email address, and telephone number, and demographic information, such as your age, gender, hometown, and interests, that you voluntarily give to us [when you register with the Site [or our mobile application,] or when you choose to participate in various activities related to the Site [and our mobile application], such as online chat and message boards. You are under no obligation to provide us with personal information of any kind, however, your refusal to do so may prevent you from using certain features of the Site [and our mobile application].
Derivative Data
The information our servers automatically collect when you access the Site, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site. [If you are using our mobile application, this information may also include your device name and type, your operating system, your phone number, your country, your likes and replies to a post, and other interactions with the application and other users via server log files, as well as any other information you choose to provide.]
Financial Data
Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Site [or our mobile application]. [We store only very limited, if any, financial information that we collect. Otherwise, all financial information is stored by our payment processor, [Amazon Payments,] [Authornize.Net,] [Braintree Payments,] [Chargify,] [Dwolla,]
[Google Checkout,] [Paypal,] [SafeCharge,] [Stripe,] [WePay,] [2Checkout,] [other], and you are encouraged to review their privacy policy and contact them directly for responses to your questions.]
Facebook Permissions
The Site [and our mobile application] may by default access your Facebook basic account information, including your name, email, gender, birthday, current city, and profile picture URL, as well as other information that you choose to make public. We may also request access to other permissions related to your accounts, such as friends, check-ins, and likes, and you may choose to grant or deny us access to each individual permission. For more information regarding Facebook permissions, refer to the Facebook Permissions Reference page.
Data From Social Networks
User information from social networking sites, such as [Apple’s Game Center, Facebook, Google+, Instagram, Pinterest, Twitter], including your name, your social network username, location, gender, birth date, email address, profile picture, and public data for contacts, if you connect your account to such social networks. [If you are using our mobile application, this information may also include the contact information of anyone you invite to use and/or join our mobile application.]
Mobile Device Data
Device information, such as your mobile device ID, model, and manufacturer, and information about the location of your device, if you access the Site from a mobile device.
Third-Party Data
Information from third parties, such as personal information or network friends, if you connect your account to the third party and grant the Site permission to access this information.
Data From Contests, Giveaways, and Surveys
Personal and other information you may provide when entering contests or giveaways and/or responding to surveys.
Mobile Application Information
If you connect using our mobile application:
- Geo-Location Information. We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using our mobile application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
- Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device’s [bluetooth, calendar, camera, contacts, microphone, reminders, sensors, SMS messages, social media accounts, storage,] and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
- Mobile Device Data. We may collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information, and IP address.
- Push Notifications. We may request to send you push notifications regarding your account or the Application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.
b) Cookies: a small text file placed on your computer by this website when you visit certain parts of the website and/or when you use certain features of this website. Details of the cookies used by this website are set out in the clause below – (Cookies)
Cookies and Web Beacons
We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Site and our mobile application to help customize the Site and our mobile application and improve your experience. When you access the Site or our mobile application, your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Site or our mobile application. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.
We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Site and our mobile application to help customize the Site and our mobile application and improve your experience. For more information on how we use cookies, please refer to our Cookie Policy posted on the Site, which is incorporated into this Privacy Policy. By using the Site, you agree to be bound by our Cookie Policy
c) Data Protection Laws: Directive 96/46/EC (Data Protection Directive); GDPR – the General Date Protection Regulation (EU) 2016/679; Data Protection Act 1998
d) UK and EU Cookie Law: The Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011;
e) Oxford School of Business, we, us or our: Stonehenge QA T/A Oxford School of Business Ltd, a company incorporated in England and Wales with registered number 10241076, whose registered office is at John Eccles House, Science Park, Robert Robinson Avenue, Oxford, England, OX4 4GP.
f) Website: The website that you are currently using, https://www.oxfordschoolofbusiness.co.uk and any sub-domains of this site unless expressly excluded by their own terms and conditions.
2. In this privacy policy, unless the context requires a different interpretation:
a) the singular includes the plural and vice versa;
b) references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this privacy policy;
c) a reference to a person includes firms, companies, government entities, trusts and partnerships;
d) “including” is understood to mean “including without limitation”;
e) reference to any statutory provision includes any modification or amendment of it;
f) the headings and sub-headings do not form part of this privacy policy.
Scope of this privacy policy
3. This privacy policy applies only to the actions of Stonehedge QA T/A Oxford School of Business and users with respect to this website. It does not extend to any websites that can be accessed from this website including, but not limited to, any links we may provide to social media websites.
4. For the purposes of the applicable Data Protection Laws, Stonehedge QA T/A Oxford School of Business is the “data controller”. This means that’s Stonehedge QA T/A Oxford School of Business determines the purposes for which, and the manner in which, your data is processed.
Data collected
5. We may collect the following data, which includes personal data, from you:
- Name and title
- Contact information including email address
- Demographic information such as postcode, preferences and interests
- Other information relevant to customer surveys and/or offers
We will ask you for your permission to contact you. If you give us permission, we will use email to communicate items that we feel may be of interest to you, including education industry and company information, updates and offers. If you do not wish to receive these communications, you will be given the opportunity to unsubscribe, by clicking on the unsubscribe link at the bottom of each email.
How we collect data
6. Stonehedge QA T/A Oxford School of Business will collect your data in a number of ways, for example:
a) when you contact us through the website, by telephone, post, e-mail or through any other means;
b) when you make payment to us through this website or otherwise
c) when you use our services.
In each case, in accordance with this privacy policy.
Our use of data
7. We will retain any data you submit for but not limited to 24 months.
8. Unless we are obliged or permitted by law to do so, and subject to any third party disclosures specifically set out in this policy, your data will not be disclosed to third parties.
9. All personal data is stored securely in accordance with the principles of the Data Protection Act 1998. For more details on security see the clause below (Security).
10. Any or all of the above data may be required by us from time to time in order to provide you with the best possible service and experience when using our website. Specifically, data may be used by us for the following reasons:
a) internal record keeping;
b) improvement of our products / services;
c) transmission by e-mail of promotional materials that may be of interest to you;
d) contact for market research purposes which may be done using e-mail, telephone, fax or mail. Such information may be used to customise or update the Website.
In each case, in accordance with this privacy policy.
Third party websites and services
11. Stonehedge QA T/A Oxford School of Business may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the website. The providers of such services do not have access to certain personal data provided by users of this website.
Links to other websites
12. This website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them. Changes of business ownership and control
13. Stonehedge QA T/A Oxford School of Business may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of Stonehedge QA T/A Oxford School of Business. Data provided by users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the data for the purposes for which it was originally supplied to us.
14. We may also disclose data to a prospective purchaser of our business or any part of it.
In the above instances, we will take steps with the aim of ensuring your privacy is protected.
Controlling use of your data
15. Wherever you are required to submit data, you will be given options to restrict our use of that data. This may include, for example, the use of data for direct marketing purposes.
Functionality of the website
16. To use all features and functions available on the website, you may be required to submit certain Data.
17. You may restrict your internet browser’s use of cookies. For more information see the clause below (Cookies).
Your rights
18. You have the following rights in relation to your data:
a) the right of access – the right to request a copies of the information we hold about you at any time without charge; unless your request is ‘manifestly unfounded or excessive’.
b) the right to rectification – the right to have any information rectified if it is inaccurate or incomplete.
c) the right to erasure – the right to request that we delete or remove your information from our system.
d) the right to restrict – the right block or restrict the way we use your data.
e) the right to data portability – the right to request that we move, copy or transfer your data.
f) the right to object – the right to object to our use of your data, including where we use it for legitimate reasons.
19. To make enquiries, exercise any of your rights set out above, or withdraw your consent to the use of your data (where consent is our legal basis for its use), please contact us at this e-mail address: info@oxfordschoolofbusiness.co.uk
20. If you are not satisfied with the way a complaint you make in relation to your data is handled by us, you may be able to refer your complain to the relevant data protection authority. In the UK this is the Information Commissioner’s Office (ICO). The ICO’s contact details can be found on their website at https://ico.org.uk/
Security
21. Data security is of great importance to Stonehedge QA T/A Oxford School of Business and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected via this website.
22. If password access is required for certain parts of the website, you are responsible for keeping this password confidential.
23. We endeavour to do our best to protect your personal data. However, transmission of information over the internet is not entirely secure and is done at your own risk. We cannot ensure the security of your data transmitted to the website.
Cookies
24. This website may place and access certain cookies on your computer. Stonehedge QA T/A Oxford School of Business uses cookies to improve your experience of using the website. Stonehedge QA T/A Oxford School of Business has carefully chosen these cookies and has taken steps to ensure that your privacy is protected and respected at all times.
25. All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.
26. This Website may place the following Cookies:
a) Strictly necessary cookies: these are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
b) Analytical / Performance cookies: they allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
c) Functional cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you.
27. You can choose to enable or disable cookies in your internet browser. By default, most internet browsers accept cookies but this can be changed. For further details, please consult the help menu in your internet browser.
28. You can choose to delete cookies at any time; however you may lose any information that enables you to access the website more quickly and efficiently including, but not limited to, personalisation settings.
29. It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
General
30. You may not transfer any of your rights under this privacy policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected.
31. If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.
32. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
33. This policy constitutes an agreement between Stonehedge QA T/A Oxford School of Business and the user and as such will be governed by and interpreted according to the law of England and Wales. All disputes arising under the agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.
Changes to this privacy policy
34. Stonehedge QA T/A Oxford School of Business reserves the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the privacy policy on your first use of the Website following the alterations.
General Data Protection Regulation (GDPR)
At Stonehedge QA T/A Oxford School of Business, we recognise that the privacy and security of your data are of paramount importance to you, and rest assured that it is to us as well. In addition to complying with applicable EU and national data privacy and protection laws, we have furthered our commitment to the EU data protection regime by investing in hosting facilities within the EU. However, due to the nature of our global platform, personal data may be transmitted and processed within data facilities located outside of the EEA. Stonehedge QA T/A Oxford School of Business utilises the European Commission’s Standard Contractual Clauses (also known as “model clauses”) as a lawful method to transfer personal data outside the EEA. By incorporating these model clauses into our Data Processing Addendum (“DPA”), both data controllers (our EU-based customers) and data processors are contractually obligated to certain technical and organisational safeguards relating to the privacy and fundamental rights of data subjects (our EU-based customers’ end users).
The legal bases for processing data are as follows –
(a) Consent: the student/centre has given clear consent for Stonehedge QA T/A Oxford School of Business to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for the centre contract or student placement contract.
(c) Legal obligation: the processing is necessary for Stonehedge QA T/A Oxford School of Business to comply with the law (not including contractual obligations)
The members of staff responsible for data protection are mainly Ahmed Abdelfateh (CEO) and Mohamed Idris (Manager).
However, all must treat all student and centre information in a confidential manner and follow the guidelines as set out in this document.
Oxford School of Business is also committed to ensuring that its staff are aware of data protection policies, legal requirements and adequate training is provided to them.
The requirements of this policy are mandatory for all staff employed by the Stonehedge QA T/A Oxford School of Business and any third party contracted to provide services within the awarding organization.
Notification
Our data processing activities will be registered with the Information Commissioner’s Office (ICO) as required of a recognised Data Controller. Details are available from the
ICO: https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/
Changes to the type of data processing activities being undertaken shall be notified to the ICO and details amended in the register.
Breaches of personal or sensitive data shall be notified within 72 hours to the individual(s) concerned and the ICO.
Personal and Sensitive Data
All data within Stonehedge QA T/A Oxford School of Business’s control shall be identified as personal, sensitive or both to ensure that it is handled in compliance with legal requirements and access to it does not breach the rights of the individuals to whom it relates.
The definitions of personal and sensitive data shall be as those published by the ICO for guidance: https://ico.org.uk/for-organisations/guide-to-data-protection/keydefinitions/
The principles of the Data Protection Act shall be applied to all data processed:
- Ensure that data is fairly and lawfully processed
- Process data only for limited purposes
- Ensure that all data processed is adequate, relevant and not excessive
- Ensure that data processed is accurate
- Not keep data longer than is necessary
- Process the data in accordance with the data subject’s rights
- Ensure that data is secure
- Ensure that data is not transferred to other countries without adequate protection.
Data Security
In order to assure the protection of all data being processed and inform decisions on processing activities, we shall undertake an assessment of the associated risks of proposed processing and equally the impact on an individual’s privacy in holding data related to them.
Risk and impact assessments shall be conducted in accordance with guidance given by the ICO:
https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/
https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2014/02/privacyimpact-assessments-code-published/
Security of data shall be achieved through the implementation of proportionate physical and technical measures. Nominated staff shall be responsible for the effectiveness of the controls implemented and reporting of their performance.
The security arrangements of any organisation with which data is shared shall also be considered and where required these organisations shall provide evidence of the competence in the security of shared data.
Data Access Requests (Subject Access Requests)
All individuals whose data is held by us, has a legal right to request access to such data or information about what is held. We shall respond to such requests within one month and they should be made in writing. No charge will be applied to process the request.
Personal data about students will not be disclosed to third parties without the consent of the student , unless it is obliged by law.
Location of information and data
Hard copy data, records, and personal information are stored out of sight and in a locked cupboard. Sensitive or personal information and data should not be removed from the Stonehedge QA T/A Oxford School of Business site, however Stonehedge QA T/A Oxford School of Business acknowledges that some staff may need to transport data between the office and their home in order to access it for work in the evenings and at weekends.
The following guidelines are in place for staff in order to reduce the risk of personal data being compromised:
Paper copies of data or personal information should not be taken off the college site. If these are misplaced they are easily accessed. If there is no way to avoid taking a paper copy of data off the Stonehedge QA T/A Oxford School of Business site, the information should not be on view in public places, or left unattended under any circumstances.
Unwanted paper copies of data, sensitive information or student files should be shredded. This also applies to handwritten notes if the notes reference any other staff member or student by name.
Care must be taken to ensure that printouts of any personal or sensitive information are not left in printer trays or photocopiers.
If information is being viewed on a PC, staff must ensure that the window and documents are properly shut down before leaving the computer unattended. Sensitive information should not be viewed on public computers.
If it is necessary to transport data away from the site, it should be accessed via the Cloud. Work should be edited from the Cloud, and saved onto this only.
These guidelines are clearly communicated to all Stonehedge QA T/A Oxford School of Business staff, and any person who is found to be intentionally breaching this conduct will be disciplined in line with the seriousness of their misconduct.
Data Disposal
Stonehedge QA T/A Oxford School of Business recognises that the secure disposal of redundant data is an integral element to compliance with legal requirements and an area of increased risk.
All data held in any form of media (paper, tape, electronic) shall only be passed to a disposal partner with demonstrable competence in providing secure disposal services.
All data shall be destroyed or eradicated to agreed levels meeting recognised national standards, with confirmation at completion of the disposal process. Disposal of IT assets holding data shall be in compliance with ICO guidance:
https://ico.org.uk/media/fororganisations/documents/1570/it_asset_disposal_for_organisations.pdf
Attribution
35. This privacy policy was created by Stonehedge QA T/A Oxford School of Business on 5th February 2022.