Oxford Guardians undertakes to comply with applicable data protection legislation as part of its everyday working responsibilities.
Oxford Guardians is fully committed to full compliance with the requirements of the General Data Protection Regulation and any complimentary national legislation.
OXFORD GUARDIANS – PRIVACY NOTICE
Changes to this privacy notice
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website.
Data Protection Officer, Data Controllers and Data Processors
We are Oxford Guardians and a data controller of your personal data. Our data processor is inlocoparentis.org. The Person responsible for data control in Oxford Guardians is Kevin Bacon who can be contacted at
Northamptonshire, NN7 3EY
+44 (0)1604 859331:
What kinds of personal information about you do we process?
Personal information that we’ll process in connection with our guardian services, includes:
Personal details, such as title, full name, contact details, date of birth, gender, nationality etc
Visa, Biometric Residence Permit and passport details
Personal images for identification
Other files relevant to the provision of our service for example boarding cards for flights, summary information for homestays, family members and other contact information relevant to the supply of guardian services
On the smartphone app, details such as the student’s mobile phone location data, battery charge status, IP address and MAC address Financial details as it relates to the provision of our service
What is the source of your personal information?
We collect all personal information from you directly, from the student’s school and from the providers of the guardian services
What do we use your personal data for?
- We use your personal data, to provide and manage the guardian services that the contract between us describes.
- Updating your records, tracing the student’s whereabouts during transit
- Providing information to other parties about events and arrival times of the student
- To perform and/or test the performance of our services and internal processes
- To improve the operation of our business and that of our data processor
- To comply with legal and regulatory obligations, requirements and to follow guidance and best practice following changes to rules of governmental and regulatory bodies
- For management and auditing of our business operations including accounting.
- To monitor and to keep records of our communications with you, our staff and our service providers
- For market research and analysis and developing statistics
- To send you personalised information by SMS, email, phone or post about the provision of our service. For example, information about forthcoming school events relevant to the student or reporting information (if applicable) about periods when the student stays with one of our service providers.
- To share information, as needed, with schools and our service providers
When do we share your personal information with other organisations?
We do not share information with third parties except to comply with legal and regulatory obligations
How and when can you withdraw your consent?
Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting the Responsible person using the details above.
Is your personal information transferred outside the UK or the EU and how is personal data protected?
We’re based in the UK and the servers provided by our data processor are situated within the EU. Data is transferred between the client web browsers or mobile apps and the servers using SSL encryption. We use strong ciphers and flag all authentication cookies as secure. Identifiable personal data at rest is stored on our servers using 256-bit Advanced Encryption Standard (AES) encryption. Data backups and incremental backups of stored data are performed hourly. Our data processor also maintains a reliable service and in the rare event that a server is not available to access we can switch to a duplicate backup server to restore the service. In the unlikely event of a breach, we will send you a breach notification as required by applicable law. We maintain incident response policies and procedures, including a breach notification process, which enables us to notify affected customers as needed.
What should you do if your personal information changes?
You should tell us so that we can update our records using the website or by contacting us at the address above. We’ll then update your records if we can.
Do you have to provide your personal information to us?
We may be unable to provide you with our services if you do not provide certain information to us.
Do we do any monitoring or automated decision-making involving processing of your personal information?
We do not.
For how long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information for as long as we have reasonable business needs to do so such as providing our services to you and managing our operations. Thereafter, we will retain information for as long as someone could bring a claim against us; and/or for retention periods in line with legal and regulatory requirements or guidance.
What are your rights under data protection laws?
You have the following rights. Please contact our DPO if you wish to use any of them.
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information (“data portability”)
- You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details above.
Kevin Bacon OBE
Director and Data Controller